6.4 KiB
id, aliases, tags
| id | aliases | tags |
|---|---|---|
| 17. VLAN (Part 2) |
VLAN (Part 2)
Trunk ports
In a small network with few VLANs it is possible to use separate interface for each VLAN when connecting switches to switches, and switches to routers.
However, when the number of VLANs increases, this is not viable. it will result in wasted interfaces, and often routers won't have enough interfaces for each VLAN.
You can use trunk ports to carry traffic from multiple VLANs over a single interface.
Switches wil 'tag' all frames that they send over a trunk link. This allows the receiving switch to know which VLAN the frame belong to.
Trunk ports = 'tagged' ports
Access ports = 'untagged' ports
VLAN Tagging
- There are two main trunking protocols: ISL (Inter-Switch Link) and IEEE 802.1Q (dot1q)
- ISL is an old Cisco proprietary protocol created before the industry standard IEEE 802.1Q
- IEEE 802.1Q is an industry standard protocol created by the IEEE (Institure of Electrical and Electronics Engineers)
- You will probably NEVER use ISL in the real world. Even modern Cisco equipment doesn't support it For the CCNA you only need to learn 802.1Q
inside Ethernet Header
Preamble | SFF | Destination | Source | 802.1Q | Type
The 802.1Q tag is inserted between the Source and Type/Length fields of the Ethernet frame. The tag is 4 bytes (32 bits) in length. The tag consists of two main fields:
The TCI consists of three sub-fields.
802.1Q tag Format +-----------------------------------+ |16 bits | 3 | 1 |12 bits | | | bits | bit | | | TPID | TCI | | | PCP | DEI | VID | +-----------------------------------+
TPID ( Tag Protocol Identifier)
- 16 bits (2bytes) in length
- Always set to a alue of 0x8100. This indicate that the frame is 802.1Q-tagged.
PCP (Priority code point)
- 3 bits in length
- Used for Class of Service (CoS), which prioritizes iimportant traffic in congested network
DEI ( Drop Eligible Indicator)
- 1 bit in length
- Used to indicate frames that can be dropped if the network is congested.
VID (VLAN ID)
-
12 bits in lenght
-
Indentifies the VLAN the frame elongs to.
-
12 bits in length = 4096 total VLANs (2^12), range of 0 - 4095
-
VLANs 0 and 4095 are reserved and can't be used
-
Therefore the actula range of VLANs is 1-4094
-
Cisco's proprietary ISL also has a VLAN range of 1 - 4094
more info https://en.wikipedia.org/wiki/IEEE_802.1Q
VLAN Ranges
-
The range of VLANs (1-4094) is divided into two sections: Normal VLANs: 1-1005 Extended VLANs : 1006-4094
-
Some older devices cannot use the extended VLAN range, however it's safe to expect that modern switches will support the extended VLAN range.
Native VLAN
- 802.1Q has a feature called the native VLAN. ISL does not have this feature
- The native VLAN is VLAN 1 by default on all trunk ports, however this can be manually configured on each trunk port.
- The switch does not ad an 802.1Q tag to frames in the native VLAN.
- When a switch receives an untagged frame on a trunk port, it assumes the frame belongs to the native VLAN. It's very important that the native VLAN matches!
Trunk Configuration
SW1(config)#interface g0/0
SW1(config-if)#switchport mode trunk
command rejected
Many modern switches do not support Cisco;s ISL at all. They only support 802.1Q (dot1q) However, switches that do support both (like the one I'm using in this example) have a trunk encapsulation of Auto by default To manually configure the interface as a trunk port, you must first set the encapsulation to 802.1Q or ISL. On switches that only support 802.1Q this is not necessary
SW1(config)#interface g0/0
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
To see the configurations about the trunk
SW1#show interfaces trunk
Port Mode encapsulation Status Native vlan
Gi0/0 on 802.1q trunking 1
## for security reason you must not allow every vlan on the trunk
SW1(config-if)#switchport trunk allowed vlan 10,30
### for adding VLAN
SW1(config-if)#switchport trunk allowed vlan add 20
## For removing Vlan in the trunk use this command
SW1(config-if)#switchport trunk allowed vlan remove 20
### The all option is to allowed all vlan
SW1(config-if)#switchport trunk allowed vlan all
## The except command if for all vlan except a range or a specific vlan
SW1(config-if)#switchport trunk allowed except 1-5,10
## The none disable every VLAN
SW1(config-if)#switchport trunk allowed none
For security purposes, it is best to change the native VLAN to an unused VLAN. (network security will be explained more-in depth later in the course) Make sure the native VLAN matches on between switches
The command to change the native VLAN is :
SW1(config-if)#switchport trunk native vlan 1001
note : the show vlan brief command shows the access prots assigned to each VLAN, not
the trunk ports that allow each VLAN.
Use the **show interfaces trunk** command instead to confirm trunk ports.
ROAS (Router on a stick)
For three VLAN in the same interface
R1(config)#interface g0/0
R1(config-if)#no shutdown
R1(config-if)#interface g0/0.10
R1(config-if)#encapsulation dot1q 10
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
R1(config-if)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
R1(config-if)#encapsulation dot1q 30
R1(config-subif)#ip address 192.168.1.62 255.255.255.192
The subinterface number does not have to match the VLAN number. Howerver it is highly recommended that they do match, to make it easier to understand
- ROAS is used to route beween multiple VLANs using a single interface on the router and switch.
- The switch interface is configured as a regular trunk.
- The router interface is configured using subinterfaces.
- You configure the VLAN tag and IP address on each subinterface.
- The router will behave as if frames arriving with a certain VLAN tag have arrived on the subinterface configured with that VLAN tag.
- The router will tag frames sent out of each subinterface with the VLAN tag configured on the subinterface.
Review
- What is a trunk port ?
- What is the purpose of trunk ports?
- 802.1Q Encapsulation
- How to configure trunk ports
- 'Router on a Stick'(ROAS)