Let’s start a new serie about layer 2 technologies.
In this first post I will have a look at as some L2 basics such as vlans, access and trunk ports…
L2 technologies – VLANs & Trunking configuration – Physical network diagram
L2 technologies – VLANs & Trunking configuration – Vlans configuration:
In the network diagram, you can see that we will use 3 different vlans.
Those have to be configured on all the switches in the L2 domain.
Let’s configure it on SW10.
SW10(config)#vlan 10 SW10(config-vlan)#name ? LINE The ascii name for the VLAN SW10(config-vlan)#vlan 11 SW10(config-vlan)#vlan 12
A name is also usually configure in order to recognize the different vlans.
Here is the command to verify the vlan database.
SW10#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Et0/0, Et0/3, Et1/2, Et1/3 10 VLAN0010 active 11 VLAN0011 active 12 VLAN0012 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Note that vlans 1002 to 1005 are already there by default.
Extended vlans are vlan number between 1006 to 4094.
They work the same but there is some difference when using some switch features such as VTP or pruning.
Nothing fancy here, I will create the same vlans on all the switches.
L2 technologies – VLANs & Trunking configuration – Access ports configuration:
In order for end host to communicate on the network, they should be place in a vlan.
The switch port to the end host is consider as an access port.
Let’s configure our access port on switches SW12, SW13 and SW14.
SW12(config)#int eth 1/0 SW12(config-if)#switchport mode access SW12(config-if)#switchport access vlan 10 SW12(config-if)#int eth 1/0 SW12(config-if)#swi mode acc SW12(config-if)#swi acc vlan 12
We first specify that the port is an access port and then we specify the vlan number.
I will do the same for the other interfaces.
You can see which vlan is configure under an interface with the command “sh int status”.
Otherwise, the vlan database will also list interfaces assigned to a specific vlan.
SW13#sh int status Port Name Status Vlan Duplex Speed Type Et1/0 connected 10 auto auto unknown Et1/1 connected 11 auto auto unknown SW13#sh vlan VLAN Name Status Ports 10 VLAN0010 active Et1/0 11 VLAN0011 active Et1/1 12 VLAN0012 active
L2 technologies – VLANs & Trunking configuration – Trunk ports configuration:
Now if we want to carry more than one vlan between switches, we need to enable trunk port.
Let’s configure a trunk between SW11 and SW14.
SW11(config)#int eth 1/1 SW11(config-if)#switchport trunk encapsulation dot1q SW11(config-if)#switchport mode trunk SW14(config)#int Eth 0/0 SW14(config-if)#swi tru enca do SW14(config-if)#swi mode trunk
By issuing the “show interface trunk” command, you can see if trunking is enable on a port.
This command also tells the mode and the vlans allowed in the trunk.
SW14#sh int trunk Port Mode Encapsulation Status Native vlan Et0/0 on 802.1q trunking 1 Port Vlans allowed on trunk Et0/0 1-4094 Port Vlans allowed and active in management domain Et0/0 1,10-12 Port Vlans in spanning tree forwarding state and not pruned Et0/0 1,10-12
There is way to automate the creation of trunk, that’s DTP (dynamic trunking protocol).
I never used it and I always turned off DTP by issuing the command “switchport nonegociate”.
However it’s in the blueprint so…
Here are the DTP rules:
dynamic auto + dynamic auto = access dynamic auto + dynamic desirable = trunk dynamic desirable + dynamic desirable = trunk dynamic auto or dynamic desirable + trunk = trunk dynamic auto or dynamic desirable + access = access
Let’s try to use it to form the trunk between SW11 and SW12.
SW11(config-if)#switchport mode ? access Set trunking mode to ACCESS unconditionally dot1q-tunnel set trunking mode to TUNNEL unconditionally private-vlan Set private-vlan mode trunk Set trunking mode to TRUNK unconditionally
Actually I can’t because my IOS doesn’t have the switchport mode dynamic command …
L2 technologies – VLANs & Trunking configuration – Native vlan:
Now let’s talk about the native vlan.
It’s is set by default to vlan 1.
SW11#sh int Eth1/0 switchport Name: Et1/0 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled
It is good practice to change it to another vlan.
So I created a new vlan, and then we use it as native vlan on the trunk between SW11 and SW12.
SW11(config)#vlan 999 SW11(config-vlan)#name NATIVE SW11(config-vlan)#int eth 1/0 SW11(config-if)#switchport trunk native vlan 999
This new vlan should be created on all the switches.
The native vlan command should be configured on both side of each trunks.
Otherwise you will receive such syslog message.
*Aug 2 20:33:45.700: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet0/1 (1), with SW11 Ethernet1/0 (999).
SW11#sh int eth1/0 switchport Name: Et1/0 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 999 (NATIVE)
L2 technologies – VLANs & Trunking configuration – Trunking Allowed List:
Another good practice is to allow on a trunk only the vlans that are suppose go over this trunk.
If we refer to the physical diagram, you will see that on SW12, only vlan 11 and 12 are used.
This means we can allow only those two vlans on the trunk.
SW11(config)#int eth 1/0 SW11(config-if)#switchport trunk allowed vlan 11,12
If you need to add a new vlan into this trunk don’t forget to use the add command.
SW12(config-if)#switchport trunk allowed vlan ? add add VLANs to the current list all all VLANs except all VLANs except the following remove remove VLANs from the current list
Well that’s all for this first post about VLANs & Trunking.
In the next post, I will review VTP and cover in detail VTP version 3.
Thank you for reading.
L2 technologies – VLANs & Trunking configuration