Chapter 11
Configuring Inter-VLAN routing example
The configuration of a switch: 2960#config t 2960(config)#int fa0/1 2960(config-if)#switchport mode trunk 2960(config-if)#int fa0/2 2960(config-if)#switchport mode access vlan 2 2960(config-if)#int fa0/3 2960(config-if)#switchport mode access vlan 2 2960(config-if)#int fa0/4 2960(config-if)#switchport access vlan 3 2960(config-if)#inf fa0/5 2960(config-if)#switchport access vlan 3 2960(config-if)#int fa0/6 2960(config-if)#switchport access vlan 4
Configuring Inter-VLAN routing exmaple (Cont)
The configuration of the router: ISR#config t ISR(config)#int fa0/0 ISR(config-if)#ip address 192.168.10.1 255.255.255.240 IISR(config-if)#no shutdown ISR(config-if)#int fa0/0.2 ISR(config-subif)#encapsulation dot1q 2 ISR(config-subif)#ip address 192.168.10.17 255.255.255.240 ISR(config-subif)#int fa0/0.3 ISR(config-subif)#encapsulation dot1q 3 ISR(config-subif)#ip address 192.168.10.33 255.255.255.240 ISR(config-subif)#int fa0/0.4 ISR(config-subif)#encapsulation dot1q 4 ISR(config-subif)#ip address 192.168.10.49 255.255.255.240
Understand the 802.1q VLAN identification method
This is a non-proprietary IEEE method of frame tagging. If you're trunking between a Cisco switched link and a different brand of switch, you have to use 802.1q for the trunk to work
Remember how to set a trunk port on 2960 switch.
To set a port to trunking on a 2960, use the switchport mode trunk command.
Remember how to provide inter-VLAN routing with a layer 3 switch.
You can use a layer 3 (multilayer) switch to privde IVR just as with a router on a stick, but using a layer 3 switch is more efficient and faster. First you start the routing process with the command ip routing, then create a virtual interface for each VLAN using the commnad interface vlan vlan, and then apply the IP address for that VLAN under that logical interface.
Short list of ways VLANs simplify network management
• Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN. • A group of users that need an unusually high level of security can be put into its own VLAN so taht users outside of that VLAN can't communicate with the group's users • As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations • VLANs greatly enhance network security if implemented correctly. • VLANs increase the number of broadcast domains while decreasing their size.
802.1q IEEE
- 802.1q inserts an 802.1q field along with tag control information. For the Cisco exam objectives, it's only the 12-bit VLAN ID that matters. This fields identifies the VLAN and can be 2 to the 12th, minus 2 for the 0 and 4,095 reserved VLANs, which means an 8021.q tagged frame can carry information for 4,094 VLANs.
Trunk link
- A trunk link is a 100, 1000, or 10,000 Mbps point-to-point link between two switches, between a switch and router, or even between a switch and server, and it carries the traffic of multiple VLANs- from 1 to 4094 VLANs at a time. But the amount is really only up to 1,001 unless you're going with extended VLANs.
Frame Tagging process
- If the frame reaches a switch that another trunked link, the frame will be forwarded out of the trunk-link port. - Once the frame reaches an exit that's determined by the forward/filter table to be an access link matching the frame's VLAN ID, the switch will remove the VLAN identifier. This is so the destination device can receive the frames without being required to understand their VLAN identification information.
What is a Voice port?
- Nowadays, most switches will allow you to add a second VLAN to an access port on a switch port for your traffic, called voice VLAN. The voice VLAN used to be called the auxiliary VLAN, which allowed it to be overlaid on top of the data VLAN, enabling both types of traffic to travel through the same port. This allows you to connect both a phone and a PC device to one switch port but still have each device in a separate VLAN.
What does switchport nonegotiate do?
- Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.
What are Trunk ports?
- The term trunk port was inspired by the telephone system trunks, which carry multiple telephone conversations at a time. So it follows that trunks ports can similarly carry multiple VLANs ata time as well.
What is upstream routing?
- This is a term used to define the router on a stick. This router will provide inter-VLAN routing, but it can also be used to forward traffic upstream from the switched network to other parts of the corporate network or Internet.
What does switchport mode dynamic auto do?
- This mode makes the interface able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode.
Configuring Trunk Ports
- To configure trunking on a FastEthernet port, use the interface command switchport mode trunk. Example: S1(config)#int range fa0/15-18 S1(config-if-range)#switchport trunk encapsulation dot1q S1(config-if-range)#switchport mode trunk - If you have a switch that only runs the 802.1q encapsulation method, then you would not use the encapsulation command.
How to remove VLANs
- To remove a range of VLANs, just use the hyphen: S1(config-if)#switchport trunk allowed vlan remove 4-8 - If by chance someone has removed some VLANs from a trunk link and you want to set the trunk back to default, just use this command: S1(config-if)#switchport trunk allowed vlan all
Configuring Inter-VLAN Routing
- To support ISL or 802.1q routing on a FastEthernet interface, the router's interface is divide in to logical interfaces--one for each VLAN Example: ISR#config t ISR(config)#int fa0/0.1 ISR(config-subif)#encapsulation do1q 1
Trunk link and VLAN process
- Trunk ports are great because they'll support tagged and untagged traffic simultaneously if you're using 802.1q trunking. - The trunk port is assigned a deafult port VLAN ID (PVID) for a VLAN upon which all untagged traffic will travel. This VLAN is also called the native VLAN and is always VLAN 1 by default, but it can be changes to any VLAN number.
What vlan number are not allowed to be changed
- VLANs can only be created up to 1001, and you can't use, change, rename, or delete VLANs 1 or 1002 through 1005 because they're reserved. - The VLAN numbers above 1005 are called extended VLANs and won't be saved in the database unless your switch is set to what is called VLAN Trunking Protocol (VTP) transparent mode.
Assigning Switch Ports to VLANs Configuration
- You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port carries plus the number of VLANs it can belong to. - You can also configure each port on a switch to be in a specific VLAN (access port) by using the interface switchport command. Or you can use interface range command to configure multiple ports at the same time.
show vlan
Displays VLAN information
show interfaces interface switchport
Displays information for a specific interface. Example: S1#sh interfaces fa0/15 switchport
Cisco Show commands
Following cards
Configuring inter-VLAN routing on multilayer switch
S1(config)#ip routing S1(config)#int vlan 10 S1(config-if)#ip address 192.168.10.1 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip address 192.168.20.1 255.255.255.0 - Enable IP routing and create one logical interface for each VLAN using the interface vlan number command.
ip default-gateway
Sets the default-gateway of the switch. Example: ip default-gateway 192.168.10.1
Three factors Cisco expects you to know
• The router is connected to the switch using subinterfaces • The switch port connecting to the router is a trunk port • The switch ports connecting to the clients and the hub are access ports, not trunk ports.
What is a VLAN
- A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. - When you create VLANs, you're regiven the ability to create smaller broadcast domains within a layer 2 switched internetwork by assigning different ports on the switch to service different subnetworks.
What should you do after creating VLANs
- After creating the VLANs that you want, you can use the "show vlan" command to check them out. By default, all ports on the switch are in VLAN 1. - To change the VLAN associated with a port, you need to go to each interface and specially tell it which VLAN to be a part of.
What is an Access port?
- An access port belongs to and carries the traffic of only one VLAN. Traffic is both received and sent in native formats with no VLAN information (tagging) whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port.
Assign Switch Ports to VLANs configuration (Cont)
- Configruing interface fa0/3 to VLAN 3. This is the connection from the S3 switch to hsot device: S3#config t S3(config)#int fa0/3 S3(config-if)#switchport mode access S3(config-if)#switchport access vlan 3 S3(config-of)#switchport voice vlan 5 - By starting with the switchport mode access command, you're telling the switch that this is a nontrunking layer 2 port.
What is DTP?
- Dynamic Trunking Protocol (DTP) is used for negotiating trunking on a link between two devices as well as negotiating the encapsulation type of either 802.1q or ISL.
Understand the term Frame Tagging
- Frame tagging refers to VLAN identification; this is what switches use to keep track of all those frames as they're traversing a switch fabric. It's how switches identify which frames belong to which VLANs.
Notes on configuring the inter-VLAN routing
- The host in each VLAN would be assigned an address from their subnet range, and the default gateway would be the IP address assigned to the router's subinterface in that VLAN.
What does switchport mode dynamic desirable do?
- This one makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. - This is now the default switch port mode for all Ethernet interfaces on all new Cisco switches.
Configuring VLANs
- To configure VLANs on a Cisco Catalyst switch, use the global config vlan command. Example: S1(config)#vlan 2 S1(confg-vlan)#name Sales S1(config-vlan)#vlan 3 S1(config-vlan)#name Marketing S1(config-vlan)#vlan 4 S1(config-vlan)#name Accounting S1(config-vlan)#vlan 5 S1(config-vlan)#name Voice
How to disable trunking on a port?
- To disable trunking on an interface, use the switchport mode access command, which sets the port back to a dedicated layer 2 access switch port.
802.1q IEEE Scenario
- You first designate each port that's going to be a trunk with 802.1q encapsulation. The other ports must be assigned a specific VLAN ID in order for them to communicate. VLAN 1 is the default native VLAN, and when using 802.1q, all traffic for a native VLAN is untagged. - The ports that populate the same trunk create a group with this native VLAN and each port gets tagged with an identification number reflecting that. The native VLAN allows the trunks to accept information that was received without any VLAN identification or frame tag.
show interfaces trunk
Displays information on the interface-trunk.
Remember to check a switch port's VLAN assignments when plugging in a new host
If you plug a new host into a switch, then you must verify the VLAN membership of that port. If the membership is different than what is needed for that host, the host will not be able to reach the needed network services, such as a workgroup server or printer.
How to change the native VLAN?
S1(config)#int fa0/15 S1(config-if)#switchport trunk native vlan 4 - We've changed our native VLAN on our trunk link to 4, and by using the show running-config command, I can see the configuration under the trunk link.
How to change back native VLAN?
S1(config-if)#no switchport trunk native vlan. - If all switches don't have the same native VLAN configured on the given trunk links, then we'll start to receive an error message.
Remember how to create a Cisco router on a stick to provide inter-VLAN communication
You can use a Cisco FastEthernet or Gigabit Ethernet interface to provide inter-VLAN routing. The switch port connected to the router must be a trunk port; then you must create virtual interfaces (subinterfaces) on the router port for each VLAN connecting to it. The hosts in each VLAN will use this subinterface address as their default gateway address.