Vlan Trunks:

Switchport modes:

  • Access – Nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface, regardless of whether the neighboring interface is a trunk interface.
  • Dynamic auto – Makes the interface able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for all Ethernet interfaces is dynamic auto.
  • Dynamic desirable – Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches.
  • Trunk – Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface.
  • Switchport nonegotiate – Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.
VLAN Tag Field Details

When the switch receives a frame on a port configured in access mode and assigned a VLAN, the switch inserts a VLAN tag(4 bytes)  in the frame header, recalculates the FCS, and sends the tagged frame out of a trunk port.Fields in an Ethernet 802.1Q Frame

The VLAN tag field consists of a Type field, a Priority field, a Canonical Format Identifier field, and VLAN ID field:

  • Type – A 2-byte value called the tag protocol ID (TPID) value. For Ethernet, it is set to hexadecimal 0x8100.
  • A 2-byte Tag Control Information (TCI), which is made of the following:
    1. User priority – A 3-bit value that supports level or service implementation.
    2. Canonical Format Identifier (CFI) – A 1-bit identifier that enables Token Ring frames to be carried across Ethernet links.
    3. VLAN ID (VID) – A 12-bit VLAN identification number that supports up to 4096 VLAN IDs.

After the switch inserts the Type and tag control information fields, it recalculates the FCS values and inserts the new FCS into the frame.

Set VLan trunk :

s1(config-if)#Switchport mode trunk

If you get the message “Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode”, better try

s1(config-if)#switchport mode trunk encapasulation dot1q

s1(config-if)#switchport trunk native vlan vlan_id

s1(config-if)#switchport trunk allowed vlan Vlan_id1,vlan_id2,vlan_id3

 Reset the Trunk links:

S1(config-if)#no switchport trunk allowed vlan

S1(config-if)#no switchport trunk native vlan

DTP (Dynamic trunking protocol)

DTP is a Cisco proprietary protocol that is automatically enabled on Catalyst 2960 and Catalyst 3560 Series switches. Switches from other vendors do not support DTP. DTP manages trunk negotiation only if the port on the neighbor switch is configured in a trunk mode that supports DTP.

  • switchport mode access – Puts the interface (access port) into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface, regardless of whether the neighboring interface is a trunk interface.
  • switchport mode dynamic auto – Makes the interface able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for all Ethernet interfaces is dynamic auto.
  • switchport mode dynamic desirable – Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches.
  • switchport mode trunk – Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface.
  • switchport nonegotiate – Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.

Caution: Some internetworking devices might forward DTP frames improperly, which can cause misconfigurations. To avoid this, turn off DTP on interfaces on a Cisco switch connected to devices that do not support DTP.

With DTP: “default is dynamic auto”

Dynamic desirable: desirable to be trunk.

Dynamic auto:  follow the other interface’s rule.

DTP negotiation
Disable DTP:

S3(config-if)#switchport mode trunk
S3(config-if)#switchport nonegotiate
Private VLAN(VLAN security)

In order let one neighbor can not see the traffic generated by another neighbor, the Private VLAN (PVLAN) Edge feature, also known as protected ports, ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

PVLAN_edge

Characteristics:

  • A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port, except for control traffic. Data traffic cannot be forwarded between protected ports at Layer 2.
  • Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
  • Protected ports must be manually configured.

To configure the PVLAN Edge feature, enter the “ switchport protected "command in interface configuration mode. To disable protected port, use the " no switchport protected " interface configuration mode command. To verify the configuration of the PVLAN Edge feature, use the show interfaces interface-id switchport

Show command:

show interfaces interface-ID switchport

show interfaces trunk

Further study

Vlan and Organizational Unit

VLAN and Organizational Unit are both designed to organize network and object into logical group, not geographic group. So, it’s a good practice to map the VLAN to specific computer OU. Apply ACL or group policy to them.

Trunk port requirement

Full duplex or half duplex

Full duplex and trunking is two different concepts. I see no technical reason why you could not make a trunk half duplex. Full duplex basically simplifies the algorithm at the port itself by disabling colision detection (that is the cd part of csma/cd) and allowing the out queue to directly talk to the wire without consulting the cd algorithm. This really has nothing to do with tagging the frames that would already be done at this point.

I don’t think there is no reason that you would want to make a trunk anything other than full-duplex. I guess in theory, you could have a trunk connected through a dumb hub and that would not work very well unless you allowed it to do half duplex. That would be a very poor design. In practice a trunk should be a direct connection between two switches. Additionally, for best performance they should do full duplex. With a direct switch to switch connection, there is no reason not to.

VTP

 

“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network”

VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches.

VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.

The “show vtp status” command analysis

The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. Let’s have a look at the output of this command:

Sw-Ac3#show vtp status

VTP Version : 2

Configuration Revision : 0

Maximum VLANs supported locally : 255

Number of existing VLANs : 9

VTP Operating Mode : Client

VTP Domain Name : office

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x6D 0xC1 0x99 0xD4 0x7C 0x49 0x9C 0xAD

Configuration last modified by 1.1.1.1 at 3-1-93 00:14:49

 

+ VTP Version: displays the VTP version the switch is running. By default, the switch runs version 1 but can be set to version 2. Within a domain, the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain.
+ Configuration Revision: current Revision number on this switch.
+ Maximum VLANs Supported Locally: maximum number of VLANs supported locally.
+ Number of Existing VLANs: Number of existing VLANs.
+ VTP Operating Mode: can be server, client, or transparent.
+ VTP Domain Name: name that identifies the administrative domain for the switch.

Access mod, trunk mode, or general mod

Access Mode – means the port is locked to a single untagged vlan. Use this if you want to connect something to a particular vlan on this port.

Trunk Mode – This seems to be designed to connect 2 switches. vlan 1 is always untagged and all over vlans are enabled on this port as tagged. By connecting 2 switches with “trunk” on both will allow you to “trunk” the vlans between switches.

General Mode – This is the mode your probably expecting to see. In this mode you can configure the port any way you want. You can have any vlan as the untagged one and you can have as many or as few vlans tagged as you like. Use this is you want to have vlan X as untagged and vlan Y as tagged and vlan Z excluded.

VLAN Trunking Protocol VTP Tutorial

Pages: 1 2