Categories R&S

L2 technologies – VLANs & Trunking configuration

Let’s start a new serie about layer 2 technologies.

In this first post I will have a look at as some L2 basics such as vlans, access and trunk ports…

 

L2 technologies – VLANs & Trunking configuration – Physical network diagram

L2 technologies - VLANs & Trunking configuration

 

L2 technologies – VLANs & Trunking configuration – Vlans configuration:

In the network diagram, you can see that we will use 3 different vlans.

Those have to be configured on all the switches in the L2 domain.

 

Let’s configure it on SW10.

SW10(config)#vlan 10
SW10(config-vlan)#name ?
  LINE  The ascii name for the VLAN
SW10(config-vlan)#vlan 11
SW10(config-vlan)#vlan 12

 

A name is also usually configure in order to recognize the different vlans.

 

Here is the command to verify the vlan database.

SW10#sh vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/3, Et1/2, Et1/3
10   VLAN0010                         active
11   VLAN0011                         active
12   VLAN0012                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

 

Note that vlans 1002 to 1005 are already there by default.

 

Extended vlans are vlan number between 1006 to 4094.

They work the same but there is some difference when using some switch features such as VTP or pruning.

 

Nothing fancy here, I will create the same vlans on all the switches.

 

L2 technologies – VLANs & Trunking configuration – Access ports configuration:

In order for end host to communicate on the network, they should be place in a vlan.

The switch port to the end host is consider as an access port.

 

Let’s configure our access port on switches SW12, SW13 and SW14.

SW12(config)#int eth 1/0
SW12(config-if)#switchport mode access
SW12(config-if)#switchport access vlan 10

SW12(config-if)#int eth 1/0
SW12(config-if)#swi mode acc
SW12(config-if)#swi acc vlan 12

 

We first specify that the port is an access port and then we specify the vlan number.

 

I will do the same for the other interfaces.

 

You can see which vlan is configure under an interface with the command “sh int status”.

Otherwise, the vlan database will also list interfaces assigned to a specific vlan.

SW13#sh int status
Port      Name               Status       Vlan       Duplex  Speed Type
Et1/0                        connected    10           auto   auto unknown
Et1/1                        connected    11           auto   auto unknown

SW13#sh vlan
VLAN Name                             Status    Ports
10   VLAN0010                         active    Et1/0
11   VLAN0011                         active    Et1/1
12   VLAN0012                         active

 

 

L2 technologies – VLANs & Trunking configuration – Trunk ports configuration:

Now if we want to carry more than one vlan between switches, we need to enable trunk port.

 

Let’s configure a trunk between SW11 and SW14.

SW11(config)#int eth 1/1
SW11(config-if)#switchport trunk encapsulation dot1q
SW11(config-if)#switchport mode trunk

SW14(config)#int Eth 0/0
SW14(config-if)#swi tru enca do
SW14(config-if)#swi mode trunk

 

By issuing the “show interface trunk” command, you can see if trunking is enable on a port.

This command also tells the mode and the vlans allowed in the trunk.

SW14#sh int trunk
Port        Mode             Encapsulation  Status        Native vlan
Et0/0       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Et0/0       1-4094

Port        Vlans allowed and active in management domain
Et0/0       1,10-12

Port        Vlans in spanning tree forwarding state and not pruned
Et0/0       1,10-12

 

There is way to automate the creation of trunk, that’s DTP (dynamic trunking protocol).

I never used it and I always turned off DTP by issuing the command “switchport nonegociate”.

 

However it’s in the blueprint so…

Here are the DTP rules:

dynamic auto + dynamic auto = access
dynamic auto + dynamic desirable = trunk
dynamic desirable + dynamic desirable = trunk
dynamic auto or dynamic desirable + trunk = trunk
dynamic auto or dynamic desirable + access = access

Let’s try to use it to form the trunk between SW11 and SW12.

SW11(config-if)#switchport mode ?
  access        Set trunking mode to ACCESS unconditionally
  dot1q-tunnel  set trunking mode to TUNNEL unconditionally
  private-vlan  Set private-vlan mode
  trunk         Set trunking mode to TRUNK unconditionally

 

Actually I can’t because my IOS doesn’t have the switchport mode dynamic command …

 

 

L2 technologies – VLANs & Trunking configuration – Native vlan:

Now let’s talk about the native vlan.

It’s is set by default to vlan 1.

SW11#sh int Eth1/0 switchport
Name: Et1/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled

 

It is good practice to change it to another vlan.

So I created a new vlan, and then we use it as native vlan on the trunk between SW11 and SW12.

SW11(config)#vlan 999
SW11(config-vlan)#name NATIVE

SW11(config-vlan)#int eth 1/0
SW11(config-if)#switchport trunk native vlan 999

 

This new vlan should be created on all the switches.

The native vlan command should be configured on both side of each trunks.

Otherwise you will receive such syslog message.

*Aug  2 20:33:45.700: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet0/1 (1), with SW11 Ethernet1/0 (999).
SW11#sh int eth1/0 switchport
Name: Et1/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 999 (NATIVE)

 

 

L2 technologies – VLANs & Trunking configuration – Trunking Allowed List:

Another good practice is to allow on a trunk only the vlans that are suppose go over this trunk.

If we refer to the physical diagram, you will see that on SW12, only vlan 11 and 12 are used.

This means we can allow only those two vlans on the trunk.

SW11(config)#int eth 1/0
SW11(config-if)#switchport trunk allowed vlan 11,12

 

If you need to add a new vlan into this trunk don’t forget to use the add command.

SW12(config-if)#switchport trunk allowed vlan ?
  add     add VLANs to the current list
  all     all VLANs
  except  all VLANs except the following
  remove  remove VLANs from the current list

 

 

Well that’s all for this first post about VLANs & Trunking.

In the next post, I will review VTP and cover in detail VTP version 3.

 

Thank you for reading.

 

 

L2 technologies – VLANs & Trunking configuration

Leave a Reply

Your email address will not be published.