add DTP VLAN and Subnetting
This commit is contained in:
199
17. VLAN (Part 2).md
Normal file
199
17. VLAN (Part 2).md
Normal file
@@ -0,0 +1,199 @@
|
||||
---
|
||||
id: 17. VLAN (Part 2)
|
||||
aliases: []
|
||||
tags: []
|
||||
---
|
||||
|
||||
# VLAN (Part 2)
|
||||
|
||||
## Trunk ports
|
||||
|
||||
In a small network with few [[VLAN]]s it is possible to use separate interface for each VLAN
|
||||
when connecting switches to switches, and switches to routers.
|
||||
|
||||
However, when the number of VLANs increases, this is not viable. it will result in wasted interfaces,
|
||||
and often routers won't have enough interfaces for each VLAN.
|
||||
|
||||
You can use trunk ports to carry traffic from multiple VLANs over a single interface.
|
||||
|
||||
Switches wil 'tag' all frames that they send over a trunk link.
|
||||
This allows the receiving switch to know which VLAN the frame belong to.
|
||||
|
||||
Trunk ports = 'tagged' ports
|
||||
Access ports = 'untagged' ports
|
||||
|
||||
### VLAN Tagging
|
||||
|
||||
- There are two main trunking protocols: [[ISL]] (Inter-Switch Link) and [[IEEE 802.1Q]] (dot1q)
|
||||
- ISL is an old Cisco proprietary protocol created before the industry standard IEEE 802.1Q
|
||||
- IEEE 802.1Q is an industry standard protocol created by the [[IEEE]] (Institure of Electrical and
|
||||
Electronics Engineers)
|
||||
- You will probably NEVER use ISL in the real world. Even modern Cisco equipment doesn't support it
|
||||
For the CCNA you only need to learn 802.1Q
|
||||
|
||||
#### inside Ethernet Header
|
||||
|
||||
Preamble | SFF | Destination | Source | 802.1Q | Type
|
||||
|
||||
The 802.1Q tag is inserted between the Source and Type/Length fields of the Ethernet frame.
|
||||
The tag is 4 bytes (32 bits) in length.
|
||||
The tag consists of two main fields:
|
||||
- Tag Protocol Identifier [[TPID]]
|
||||
- Tag Control Information [[TCI]]
|
||||
|
||||
The TCI consists of three sub-fields.
|
||||
|
||||
802.1Q tag Format
|
||||
+-----------------------------------+
|
||||
|16 bits | 3 | 1 |12 bits |
|
||||
| | bits | bit | |
|
||||
| TPID | TCI |
|
||||
| | PCP | DEI | VID |
|
||||
+-----------------------------------+
|
||||
|
||||
##### TPID ( Tag Protocol Identifier)
|
||||
|
||||
- 16 bits (2bytes) in length
|
||||
- Always set to a alue of 0x8100. This indicate that the frame is 802.1Q-tagged.
|
||||
|
||||
##### PCP (Priority code point)
|
||||
|
||||
- 3 bits in length
|
||||
- Used for Class of Service (CoS), which prioritizes iimportant traffic in congested network
|
||||
|
||||
##### DEI ( Drop Eligible Indicator)
|
||||
|
||||
- 1 bit in length
|
||||
- Used to indicate frames that can be dropped if the network is congested.
|
||||
|
||||
##### VID (VLAN ID)
|
||||
|
||||
- 12 bits in lenght
|
||||
- Indentifies the VLAN the frame elongs to.
|
||||
- 12 bits in length = 4096 total VLANs (2^12), range of 0 - 4095
|
||||
- VLANs 0 and 4095 are reserved and can't be used
|
||||
- Therefore the actula range of VLANs is 1-4094
|
||||
- Cisco's proprietary ISL also has a VLAN range of 1 - 4094
|
||||
|
||||
more info https://en.wikipedia.org/wiki/IEEE_802.1Q
|
||||
|
||||
## VLAN Ranges
|
||||
|
||||
- The range of VLANs (1-4094) is divided into two sections:
|
||||
Normal VLANs: 1-1005
|
||||
Extended VLANs : 1006-4094
|
||||
|
||||
- Some older devices cannot use the extended VLAN range, however it's safe to expect that modern
|
||||
switches will support the extended VLAN range.
|
||||
|
||||
## Native VLAN
|
||||
|
||||
- 802.1Q has a feature called the **native VLAN**.
|
||||
ISL does not have this feature
|
||||
- The native VLAN is VLAN 1 by default on all trunk ports, however this can be manually configured
|
||||
on each trunk port.
|
||||
- The switch does not ad an 802.1Q tag to frames in the native VLAN.
|
||||
- When a switch receives an untagged frame on a trunk port, it assumes the frame belongs to
|
||||
the native VLAN.
|
||||
**It's very important that the native VLAN matches!**
|
||||
|
||||
## Trunk Configuration
|
||||
|
||||
```Cisco
|
||||
SW1(config)#interface g0/0
|
||||
SW1(config-if)#switchport mode trunk
|
||||
command rejected
|
||||
```
|
||||
|
||||
Many modern switches do not support Cisco;s ISL at all. They only support 802.1Q (dot1q)
|
||||
However, switches that do support both (like the one I'm using in this example) have a trunk
|
||||
encapsulation of Auto by default
|
||||
To manually configure the interface as a trunk port, you must first set the encapsulation to
|
||||
802.1Q or ISL. On switches that only support 802.1Q this is not necessary
|
||||
|
||||
```Cisco
|
||||
SW1(config)#interface g0/0
|
||||
SW1(config-if)#switchport trunk encapsulation dot1q
|
||||
SW1(config-if)#switchport mode trunk
|
||||
```
|
||||
|
||||
To see the configurations about the trunk
|
||||
|
||||
```Cisco
|
||||
SW1#show interfaces trunk
|
||||
|
||||
Port Mode encapsulation Status Native vlan
|
||||
Gi0/0 on 802.1q trunking 1
|
||||
```
|
||||
|
||||
|
||||
```Cisco
|
||||
## for security reason you must not allow every vlan on the trunk
|
||||
SW1(config-if)#switchport trunk allowed vlan 10,30
|
||||
|
||||
### for adding VLAN
|
||||
SW1(config-if)#switchport trunk allowed vlan add 20
|
||||
|
||||
## For removing Vlan in the trunk use this command
|
||||
SW1(config-if)#switchport trunk allowed vlan remove 20
|
||||
|
||||
### The all option is to allowed all vlan
|
||||
SW1(config-if)#switchport trunk allowed vlan all
|
||||
|
||||
## The except command if for all vlan except a range or a specific vlan
|
||||
SW1(config-if)#switchport trunk allowed except 1-5,10
|
||||
|
||||
## The none disable every VLAN
|
||||
SW1(config-if)#switchport trunk allowed none
|
||||
```
|
||||
|
||||
For security purposes, it is best to change the native VLAN to an unused VLAN.
|
||||
(network security will be explained more-in depth later in the course)
|
||||
**Make sure the native VLAN matches on between switches**
|
||||
|
||||
The command to change the native VLAN is :
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)#switchport trunk native vlan 1001
|
||||
```
|
||||
|
||||
note : the show vlan brief command shows the access prots assigned to each VLAN, not
|
||||
the trunk ports that allow each VLAN.
|
||||
Use the **show interfaces trunk** command instead to confirm trunk ports.
|
||||
|
||||
|
||||
## ROAS (Router on a stick)
|
||||
|
||||
For three VLAN in the same interface
|
||||
|
||||
```Cisco
|
||||
R1(config)#interface g0/0
|
||||
R1(config-if)#no shutdown
|
||||
R1(config-if)#interface g0/0.10
|
||||
R1(config-if)#encapsulation dot1q 10
|
||||
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
|
||||
R1(config-if)#encapsulation dot1q 20
|
||||
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
|
||||
R1(config-if)#encapsulation dot1q 30
|
||||
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
|
||||
```
|
||||
|
||||
The subinterface number does not have to match the VLAN number.
|
||||
Howerver it is highly recommended that they do match, to make it easier to understand
|
||||
|
||||
- ROAS is used to route beween multiple VLANs using a single interface on the router and switch.
|
||||
- The switch interface is configured as a regular trunk.
|
||||
- The router interface is configured using subinterfaces.
|
||||
- You configure the VLAN tag and IP address on each subinterface.
|
||||
- The router will behave as if frames arriving with a certain VLAN tag have arrived on the
|
||||
subinterface configured with that VLAN tag.
|
||||
- The router will tag frames sent out of each subinterface with the VLAN tag configured on the
|
||||
subinterface.
|
||||
|
||||
## Review
|
||||
|
||||
- What is a trunk port ?
|
||||
- What is the purpose of trunk ports?
|
||||
- 802.1Q Encapsulation
|
||||
- How to configure trunk ports
|
||||
- 'Router on a Stick'(ROAS)
|
||||
Reference in New Issue
Block a user