Cisco Catalyst 3550 plays several important roles in our voice home lab. Firstly, it is responsible for routing between virtual machines connected to Open vSwitch switchports. Secondly, it connects a hardware Cisco IP phone to the network and supplies power to the phone. And finally it connects our voice home network to Belkin N+ Wireless router.
A network topology diagram is shown here.
Belkin N+ router connects our home network to the Internet. According to the Cisco three-layer hierarchical design model it represents a core switch. Similarly, Catalyst 3550 would represent a distribution switch if they were no Cisco IP phones connected to its switchports. An access switch that is represented by Open vSwitch connects virtual machines to the network.
The tutorial shows configuration of Cisco Catalyst 3550. We are going to enable IP routing, create VLANs, configure trunk ports, access ports and routed ports. Services such as DHCP, NTP will be enabled in order to support IP telephony in our network.
In the end, Belkin N+ Wireless router will be configured with static default routes that are pointing to VLAN subnets to make the subnets reachable from the subnet 172.18.0.0/16.
Cisco Catalyst 3550 Configuration
1. Restore Catalyst 3550 Switch to Factory Default Settings
Start terminal emulation program - Minicom
$ sudo minicom
a) Erase startup-configuration file
Switch>en
Switch#erase startup-config
b) Delete VLANs
Switch#delete flash:vlan.dat
c) Reboot Catalyst 3550 switch
Switch#reload
2. Secure Switch Management
As we configure a switch that is part of our home lab network, the default username and passwords are used. Likewise, we will set session timeout 0 for console port and vty lines so timeout never expires.
a) Configure the hostname, enable secret password and create a new user
Switch>en
Switch#conf t
Switch(config)#hostname 3550-I
3550-I(config)#enable secret cisco
3550-I(config)#username admin secret cisco
b) Restrict access to console port
3550-I(config)#line console 0
3550-I(config-line)#login local
3550-I(config-line)#exec-timeout 0
c) Configure ssh version 2 and generate RSA public and private keys
3550-I(config)#ip ssh version 2
3550-I(config)#ip domain-name homelab.net
3550-I(config)#crypto key generate rsa
d) Configure secure access to vty lines
3550-I(config)#line vty 0 15
3550-I(config-line)#login local
3550-I(config-line)#transport input ssh
3550-I(config-line)#exec-timeout 0
3. VLANs, Trunk, Access Port and SVI Ports
a) Create VLANs 10,11 and 100
3550-I(config)#vlan 10
3550-I(config-vlan)#name Voice
3550-I(config-vlan)#vlan 11
3550-I(config-vlan)#name Data
3550-I(config-vlan)#vlan 100
3550-I(config-vlan)#name Management
b) Configure trunk port
3550-I(config)#interface fastEthernet 0/1
3550-I(config-if)#description Link to Open vSwitch
3550-I(config-if)#switchport trunk allowed vlan 10,11,100
3550-I(config-if)#switchport trunk encapsulation dot1q
3550-I(config-if)#switchport mode trunk
3550-I(config-if)#no shutdown
c) Configure Access port to connect Cisco IP phone 7961
3550-I(config)#interface FastEthernet 0/3
3550-I(config-if)#description IP phone 7961
550-I(config-if)#switchport mode access
3550-I(config-if)#switchport access vlan 11
3550-I(config-if)#switchport voice vlan 10
550-I(config-if)#spanning-tree portfast
3550-I(config-if)#no shutdown
d) Assign IP addresses to SVI ports
3550-I(config)#interface vlan 10
3550-I(config-if)#ip address 192.168.10.254 255.255.255.0
3550-I(config-if)#no shutdown
3550-I(config)#interface vlan 11
3550-I(config-if)#ip address 192.168.11.254 255.255.255.0
3550-I(config-if)#no shutdown
3550-I(config)#interface vlan 100
3550-I(config-if)#ip address 192.168.100.254 255.255.255.0
3550-I(config-if)#no shutdown
4. IP routing, Routed Port, Static Default route, DNS and NTP server
a) Enable IP routing
3550-I(config)#ip routing
b) Configure switchport Fa 0/24 to become a routed port
3550-I(config)#interface fastEthernet 0/24
3550-I(config-if)#description Link to Belkin
3550-I(config-if)#no switchport
3550-I(config-if)#ip address 172.18.100.150 255.255.0.0
3550-I(config-if)#no shutdown
c) Add a static default route to Catalyst 3550 routing table
3550-I(config)#ip route 0.0.0.0 0.0.0.0 172.18.100.1
d) Configure Catalyst to use Belkin router as DNS server
3550-I(config)#ip name-server 172.18.100.1
e) Configure Catalyst to obtain time settings from a public NTP server
3550-I(config)#ntp server 0.sk.pool.ntp.org
f) Create new timezone and configure time offset
3550-I(config)#clock timezone UTC+1 -23
5. DHCP server
a) Configure DHCP pool for voice subnet
3550-I(config)#ip dhcp pool Voice
3550-I(dhcp-config)#network 192.168.10.0 /24
3550-I(dhcp-config)#default-router 192.168.10.254
3550-I(dhcp-config)#dns-server 172.18.100.1
3550-I(dhcp-config)#option 150 ip 192.168.100.252
Note Option 150 must be configured in Voice pool to inform Cisco IP phones about the IP address of TFTP server. Cisco phones use TFTP server for downloading the list of Cisco Unified Communications and other parameters.
b) Configure DHCP pool for data subnet
3550-I(config)#ip dhcp pool Data
3550-I(dhcp-config)#network 192.168.11.0 /24
3550-I(dhcp-config)#default-router 192.168.11.254
3550-I(dhcp-config)#dns-server 172.18.100.1
c) Configure DHCP pool for management subnet
3550-I(config)#ip dhcp pool Management
3550-I(dhcp-config)#network 192.168.100.0 /24
3550-I(dhcp-config)#default-router 192.168.100.254
3550-I(dhcp-config)#dns-server 172.18.100.1
d) Configure IP address excluded ranges
The following IP address ranges will not be offered by DHCP server.
3550-I(config)#ip dhcp excluded-address 192.168.10.240 192.168.10.254
3550-I(config)#ip dhcp excluded-address 192.168.11.240 192.168.11.254
3550-I(config)#ip dhcp excluded-address 192.168.100.240 192.168.100.254
3550-I(config)#do write
Belkin N+ Configuration
To make Branch subnets 192.168.10.0/24, 192.168.11.0/25 and 192.168.100.0/24 reachable from the subnet 172.18.0.0/16, static default routes pointing to these subnets must be added to Belkin routing table. Routes will be reachable via IP address 172.18.100.150/16 configured on interface FastEthernet 0/24 Catalyst 3550 switch.
Adding another three static routes to the Belkin routing table that are pointing to Headquarters subnets is shown here.
Picture 1 - Static Routes Defined on Belkin Router
Note: After some time spent with static routes troubleshooting that are configured on Belkin N+ F5D8235-4 v2000 router I found out that Belkin allows to add only 6 static routes to its routing table. The seventh route is rejected. This should be okay as we only need to add 6 static routes in to Belkin routing table. Unfortunately the 6th route was not working even it is properly installed. To overcome this issue we can take benefit of routes summarization and create one subnet 192.168.10.0/23. This subnet covers subnets 192.168.10.0/24 and 192.168.11.0/24.
Picture 2 - Static Routes Summarization Defined on Belkin Router
Hi dear Publisher,
I just wanted to tank you so much for a great and understandable explanation , I loved to read and followed whole the way, you know what, I attended VOIP traning from Harith Karipper and paid a lot of money for a while ago, But I think yours is much better and complete solution, honestly.
He is #1 guy in Cisco VOICE, Security, RS, collaboration.
Thanks again for your effort, help and generosity, GOD BLESS and Good Luck.
Mike Hayden TORONTO/ Canada