Module 9 VLANS and Trunk
Native VLAN
Special VLAN whose traffic goes across the 802.1q trunk without a VLAN tag
What is the process of inserting the VLAN frame into the layer 2 frame called?
Tagging or Encapsulation
What inserts the VLAN Tag into the Frame
The Trunk Port
What is a switch Trunk Port
This port is used to transfer traffic for different VLANS and Devices, The port sets unique identifier tags on the FRAME using Either 802.1Q or ISL encapsulation protocols
How does a Trunk Port identify what VLAN the frame belongs to?
Trunk port adds a VLAN tag to the Frame to indicate what VLAN the frame belongs to.
What is the process of traversing different VLAN traffic over the trunk is called?
Trunking
VLAN ID
Unique ID to identify the Virtual Network
Endpoints connected to a switch have what logical barrier to protect themselves from other endpoints connected to the switch
VLAN
What VLAN is an Access Port on by Default
VLAN 1
By Default, what VLAN is the Native VLAN?
VLAN 1, the native VLAN be be changed to anything we like
What is a VLAN
Virtual Network on a switch that represents a broadcast domain, Logical network that can group devices/users regardless of different physical locations.
Three facts about Default VLAN 1
We cannot change it, we cannot delete it, Not intended as Standard Data VLAN
Does the same Trunk protocol need to be used on both Trunk Ports on either end?
Yes
What do you configure on the Switch to enable inter-VLAN routing
switchport Mode Trunk
What is a switch Access Port
-When port is used to connect an end device. Interface must be configured as an Access Port. - Access Ports transport traffic to and from the VLAN to which they are assigned
What are the two Switchport Modes
1 - Access, 2- Trunk
Benefits of VLANS
1 - Security/Segmentation, 2-Performance Improvement by reducing size of broadcast domain , 3- Simplicity of network management operations and maintenance
What is the purpose of Native VLAN
1) Backward compatibility with old devices that don't support VLANs, 2) Native VLAN used by switch to carry specific control and management protocol traffic like CDP (Cisco Discovery Protocol), VTP (VLAN Trunking Protocol), STP (Spanning Tree Protocols) or other network mgmt Traffic. 3) Useful for VoIP
What modes can DTP run in?
1- Dynamic Auto, 2- Dynamic Desirable
What are the 4 fields on the VLAN Tag
1- Trigger:Frame to a VLAN, 2- Qualityof Service, 3- 1 Bit flag. Always 0 for ethernet switches 4 - VLAN ID (1-4094)
What is the Valid VLAN ID range for sending data?
1-1005
Valid ID ranges for Vlans
1-1005, Extended 1006 - 4094
What are other default VLANS
1002: fddi-default, 1003 token-ring-default, 1004 fddinet-default, 1005 trnet-default
What is the default Trunk Protocol today
802.1q
What are other names for a Trunk
802.1q Link or Dot1q Link
What does inter VLAN Routing require to take place
A Layer 3 device to encapsulate and decapsulate
Whose responsibility is it to create and manage VLANs?
A Switch
Dynamic Desirable DTP
Allows DTP negotiation packets to be sent to the destination switch
What side of the Trunk does the Native VLAN need to be defined on?
Both sides of the Trunk
What type of VLAN traffic doesn't need VLAN tag to go over the Trunk
CDP, VTP, STP etc.
CLI: show vlan brief
Command shows VLAN details
CLI: switchport mode trunk allow vlan [vlan-id]
Command to allow certain VLANs to pass through the Trunk
CLI: switchport trunk native vlan [vlanid]
Command to change the Native VLAN
CLI: vlan vlan-id | name [name]
Command to create a VLAN, Names are arbitrary
CLI: switchport mode access | switchport access vlan [vlanid] | switchport voice vlan [vlan-id]
Command to define a port as a Voice VLAN
CLI: switchport mode access | switchport nonegoiate
Command to disable DTP
CLI: switchport mode access | switchport access vlan [vlan-id]
Command to enable Access mode and assign port to VLAN
CLI: show interfaces switchport
Command to show Port interface information
What creates a Trunk
Configurations of switch ports on both ends of the link. Trunk Port in Cisco world or "Tagged" port otherwise; Configuring TRUNK ports
Dynamic Auto DTP
Default for each port. Does nothing until receives request. Does not negotiate
What are the different types of VLANS
Default: 1 and 1002-1005, Data: 2-1001, Voice: VoIP , Management: VLAN 1 uses Layer 3 interface called SVI. Used for remote connections via SSH and Telnet, Native: forwards untagged traffic such as DTP and CDP
What is best practice regarding assigning Native VLAN number?
Do NOT leave it as VLAN 1. Make it something like 777 or 666 etc.
What type of attack can be mitigated by using Native VLAN
Double Tagging Attacks
What is DTP
Dynamic Trunking Protocol by Cicsco to create Trunk Links automatically. It can be turned off. DTP automatically negotiates for packets between switches. When switches reach "Agreement", the trunk is established.
CLI: switchport mode trunk
Enable Trunk Mode on Port
Which is more secure, first assign VLAN to a port, then enable Access Mode, or enable Access mode then assign and then a VLAN
First enable Access mode, then assign the port to the VLAN
What is the name of a Frame that contains VLAN information
IEEE 802.1q
What is an older Trunk Protocol
ISL (inter-switch-link)
What is a Trunk
It enables Devices on different Devices but the same VLAN to be able to communicate
What layer to VLANS operate in?
Layer 2
Router on a Stick
Layer 3 device to enable inter VLAN routing. Single physical connection bc switch and router. One physical interface on the router but many logical subinterfaces ...one per VLAN. Each subinterface is configured as default gateway for it's VLAN.
Is a LAN Logical of Physical division between local networks
Logical
Error message with mismatched Native VLANs defined
NATIVE_VLAN_MISMATCH
Can users on VLAN 10 access data on VLAN 20?
No
Do devices on an Access port have any idea about the VLAN
No. Devices are not aware of their VLAN or that they belong to one.
Access Port ("Untagged" in non-cisco world) does what
Port that sends and expects traffic with NO VLAN tag because it carries traffic only for 1 VLAN.
How does the Trunk allow communication between different switches or router?
Provides VLAN ID for frames traversing between switches
What command can be used to assign multiple ports to a VLAN simultaneously?
Range
