To those of you who have passed the CCNA certification training, then this should not be anything new, but it's good to have a recap, especially as it is clearly stated on the CCIE syllabus.
VLANs are a way of segmenting your traffic into business or geographic boundaries, a logical network segment. A VLAN introduces a separate broadcast domain - so broadcasts will not cross VLAN boundaries.
VLANs are a way of segmenting your traffic into business or geographic boundaries, a logical network segment. A VLAN introduces a separate broadcast domain - so broadcasts will not cross VLAN boundaries.
There are two types of VLANs, static or dynamic:
Static VLANs
Static VLANs are port based. Set up is easy.
Open up Packet tracer and drag two switches and two workstations onto it. I have used different switches (a 2960 and a 2950)
On the switches enter the following
Switch0(config)# vlan 2
Switch0(config-vlan)# name VLAN2
Now connect the fastethernet 0/2 port to the switches and enter this:
Switch0(config)# interface FastEthernet0/2
Switch0(config-if)# switchport mode access
Switch0(config-if)# switchport access vlan 2
Give the workstations ip addresses of 10.0.0.12/24 and 10.0.0.13/24
Dynamic
Deploying VLANs
There are two ways to deploy VLANs across the infrastructure, End-to-End or Local VLANs
End-to-End vlans
Also know as campuswide VLANs, these span the entire fabric of a network, they are positioned to support maximum flexibility and mobility of end users and follow the 80/20 rule, whereby 80% of traffic is within the local workgroup, and 20% is destined for outside networks.
End-to-End VLANs are more difficult to manage than Local VLANs due to the increased broadcasts around the network
Local VLANs
These are based on geographic needs and follows the 20/80 rule - 20% is local traffic, 80% is traffic that wiull traverse the core layer. More commonly used than end-to-end.
Trunking
A trunk is used to transport many VLANs between switches, frames are tagged with an ID corresponding to the VLAN number and there are two types of trunk - ISL and 802.1Q.
ISL which is proprietary to Cisco, but is now deprecated in favor of 802.1Q. ISL encapsulates each frame between a header and trailer.
802.1Q is the industry standard. Tags are embedded within the frame, and it uses a concept called the "native VLAN". Frames beloging to this VLAN are not encapsulated with any tagging information.
Trunks can be forcefully set or allowed to form under their own default settings. This uses DTP (Dynamic Trunking Protocol) and it negotiates a common trunking mode between two switches. A trunk link can be negotiated between two switches only if they belong to the same VTP domain (VLAN Trunking Protocol covered next), or if both switches do not have the VTP domain specified (i.e NULL domain). If the two switches are in different VTP domains and trunking is required then the trunk links must be set to On or Negotiate mode.
The configuration is as follows:
Switch(config)# interface type mod/port
Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
Switch(config-if)# switchport trunk native vlan vlan-id
Switch(config-if)# switchport trunk allowed vlan {vlan-list | all | {add | except | remove} vlan-list}
Switch(config-if)# switchport mode {trunk | dynamic {desirable | auto}}
There are three trunking modes:
1: trunk - permanent trunking mode (on).
2: dynamic desirable - (the default) The port actively tries to convert the link to trunking and asks the far end to bring up a trunk. If the far end is set to trunk, dynamic desirable or auto then a trunk is formed.
3: dynamic auto - the port can be converted into a trunk if the other side actively asks for it. The other side must be set as trunk or dynamic desirable. if both sides are set to auto a trunk is not formed.
DTP packets are set every 30 seconds. To stop these (i.e. if unnecessary bandwidth is an issue, or just to follow best-practice) set the trunk ports to "switchport nonegotiate"
Returning to our Packet Tracer example configure a link between fastEthernet0/1 on each switch. Your PacketTracer screen should look like this:
Configure the first switch like this:
switch0(config)# int fastethernet 0/1
switch0(config-if)# switchport trunk encapsulation dot1q
switch0(config-if)# switchport trunk native vlan 2
switch0(config-if)# switchport trunk allowed vlan 100-200
switch0(config-if)# switchport mode trunk
switch0(config-if)# switchport nonegotiate
If the other side's native VLAN settings do not match then you should see this message:
OK, now did you have any issues with the commands? You should have found that the encapsulation command did not work. This is because ISL is being deprecated in favour of 802.1Q and Cisco has started to remove the ISL option from its line up.
Now configure the other switch in the same way as the first.
Issuing a sh interfaces trunk you can see:
You should be able to ping from one PC to another across the trunk.
Save this PacketTracer lab as we will be expanding on it later on.
Troubleshooting
Make sure that the VLANs re where they should be (sh vlan id 2)
Make sure that the trunking parameters are set (trunk, negotiated or nonegotiate)
Make sure that the trunks are talking the same language (802.1Q, or ISL)
Make sure that the native VLAN is set when using 801.1Q
Make sure that the Allowed VLANs match on both sides.
Commands:
sh interface trunk (shown above)
sh dtp <int> to see DTP packets
sh interface <int> switchport
Next we'll move on to VTP.