{"id":2276,"date":"2019-08-05T22:42:58","date_gmt":"2019-08-05T22:42:58","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=2276"},"modified":"2020-07-07T19:03:26","modified_gmt":"2020-07-07T19:03:26","slug":"section-20-vlans-virtual-local-area-networks","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=2276","title":{"rendered":"Section 20: VLANS &#8211; Virtual Local Area Networks"},"content":{"rendered":"<p><a href=\"http:\/\/wiki.thomasandsofia.com\/?p=2222\">&lt; Section 19<\/a> | <a href=\"\/course-introduction\/\">Home<\/a> | <a href=\"http:\/\/wiki.thomasandsofia.com\/?p=2306\">Section 21 &gt;<\/a><\/p>\n<p>61% Complete<\/p>\n<h1>124. Introduction<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657024#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657024#content<\/a><\/p>\n<p>&nbsp;<\/p>\n<h1>125. Campus LAN Design &#8211; Core, Distribution and Access Layers<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657030#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657030#content<\/a><\/p>\n<h2>Overview<\/h2>\n<ul>\n<li>Multi-building LAN network design (not multi-city WAN)<\/li>\n<li>Should be designed for scalability, performance and security<\/li>\n<li>To aid best practice designs, the network topology is split into access, distribution and core layers<\/li>\n<li>The layers have their own design principles and characteristics.<\/li>\n<\/ul>\n<h2>Access Layer<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2277\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1.png\" alt=\"\" width=\"1067\" height=\"188\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1.png 1067w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-300x53.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-768x135.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1024x180.png 1024w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-150x26.png 150w\" sizes=\"auto, (max-width: 1067px) 100vw, 1067px\" \/><\/a><\/p>\n<ul>\n<li>End hosts, such as desktops, servers and IP phones connect into the network at the access layer<\/li>\n<li>It is designed to have a high port count at an affordable cost.<\/li>\n<li>Desktops typically have only one Network Interface Card (NIC) so they connect into one switch or Wireless Access Point.<\/li>\n<li>Servers will often have dual NICs and connect to a pair of redundant switches<\/li>\n<li>Client access security measures are enabled at the Access Layer<\/li>\n<\/ul>\n<h2>Distribution Layer<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2278\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1.png\" alt=\"\" width=\"1066\" height=\"268\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1.png 1066w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1-300x75.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1-768x193.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1-1024x257.png 1024w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-1-150x38.png 150w\" sizes=\"auto, (max-width: 1066px) 100vw, 1066px\" \/><\/a><\/p>\n<ul>\n<li>Access Layer switches uplink to Distribution Layer switches<\/li>\n<li>The Distribution Layer switches serve as an aggregation point for the Access Layer and provide scalability.<\/li>\n<li>Distribution Layer switches are typically deployed in redundant pairs, with downstream Access Layer switches connected to both.\n<ul>\n<li>If a switch goes down, the endpoints will not lose connectivity.<\/li>\n<\/ul>\n<\/li>\n<li>End hosts are not typically connected here.<\/li>\n<li>Most software policy such as QoS (Quality of Service) is enabled at this layer.<\/li>\n<\/ul>\n<h2>Core Layer<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2279\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2.png\" alt=\"\" width=\"1068\" height=\"486\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2.png 1068w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2-300x137.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2-768x349.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2-1024x466.png 1024w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-2-150x68.png 150w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><\/a><\/p>\n<ul>\n<li>Notice one pair of Core Layer switches vs. multiple pairs of distribution layer switches per building.<\/li>\n<li>Distribution Layer switches uplink to Core Layer switches.<\/li>\n<li>Core Layer switches are typically deployed in redundant pairs, with downstream Distribution Layer switches connected to both.<\/li>\n<li>Traffic between different parts of the campus travels through the core, so it is designed for speed and resiliency<\/li>\n<li>Software policies slow the switch down, so these should be avoided in the Core Layer.<\/li>\n<\/ul>\n<h3>Collapsed Distribution and Core<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2280\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-3.png\" alt=\"\" width=\"762\" height=\"417\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-3.png 762w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-3-300x164.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-3-150x82.png 150w\" sizes=\"auto, (max-width: 762px) 100vw, 762px\" \/><\/a><\/p>\n<ul>\n<li>Smaller campuses do not need the scalability of three separate layers.<\/li>\n<li>In these cases, a Collapsed Distribution and Core layer is used, where the Distribution and Core layer functions are performed on the same hardware device.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>126. Why we have VLANS<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657038#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657038#content<\/a><\/p>\n<h2>Router Operations<\/h2>\n<ul>\n<li>Routers operate at Layer 3 of the OSI stack.<\/li>\n<li>Hosts in separate IP subnets must send traffic via a route to communicate.<\/li>\n<li>Security rules on routers or firewalls can be used to easily control what traffic is allowed between different IP subnets at Layer 3.<\/li>\n<li>Routers do not forward broadcast traffic by default.<\/li>\n<li>They provide performance and security by splitting networks into smaller domains at Layer 3.<\/li>\n<\/ul>\n<h2>Switch Operations<\/h2>\n<ul>\n<li>Switches operate at Layer 2 of the OSI stack<\/li>\n<li>They do forward broadcast traffic by default<\/li>\n<li>By default, a campus switched network is one large broadcast domain.<\/li>\n<li>Switches flood broadcast traffic everywhere, <strong>including between different IP subnets<\/strong>.<\/li>\n<li>This raises performance and security concerns.<\/li>\n<\/ul>\n<h2>Unicast Traffic within same IP Subnet<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2281\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4.png\" alt=\"\" width=\"1015\" height=\"469\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4.png 1015w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4-300x139.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4-768x355.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-4-150x69.png 150w\" sizes=\"auto, (max-width: 1015px) 100vw, 1015px\" \/><\/a><\/p>\n<h3>Same Subnet<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2283\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6.png\" alt=\"\" width=\"1012\" height=\"468\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6.png 1012w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6-300x139.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6-768x355.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-6-150x69.png 150w\" sizes=\"auto, (max-width: 1012px) 100vw, 1012px\" \/><\/a><\/p>\n<ul>\n<li>If the traffic is intended for a specific host that the switch has already learned, the switch will route that traffic directly to the connected port.\n<ul>\n<li>Good for performance and security<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Different subnet<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2282\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5.png\" alt=\"\" width=\"1015\" height=\"468\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5.png 1015w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5-300x138.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5-768x354.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-5-150x69.png 150w\" sizes=\"auto, (max-width: 1015px) 100vw, 1015px\" \/><\/a><\/p>\n<ul>\n<li>The traffic will enter the switch, then to the Router because the Router&#8217;s IP is the default Gateway.<\/li>\n<li>The router, seeing the subnet is on that switch, will send it back down.<\/li>\n<li>The switch, knowing the MAC of the intended host will then send it directly to the port the host is connected on.\n<ul>\n<li>Also good for performance and security<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Broadcast Traffic<\/h2>\n<h3>Example 1<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2284\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7.png\" alt=\"\" width=\"1015\" height=\"471\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7.png 1015w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7-300x139.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7-768x356.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-7-150x70.png 150w\" sizes=\"auto, (max-width: 1015px) 100vw, 1015px\" \/><\/a><\/p>\n<ul>\n<li>Sales PC2 sends out an ARP.<\/li>\n<li>The switch sends the ARP out ALL PORTS.\n<ul>\n<li>Switches flood broadcast traffic everywhere, including between different IP subnets<\/li>\n<li>The affects security because the traffic bypasses router or firewall Layer 3 security policies<\/li>\n<li>It affects performance because every end host has to process the traffic.<\/li>\n<li>It also affects performance by using bandwidth on links where the traffic is not required.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Example 2<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2285\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8.png\" alt=\"\" width=\"925\" height=\"451\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8.png 925w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8-300x146.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8-768x374.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-8-150x73.png 150w\" sizes=\"auto, (max-width: 925px) 100vw, 925px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>VLAN Virtual Local Area Networks<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2286\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9.png\" alt=\"\" width=\"1020\" height=\"469\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9.png 1020w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9-300x138.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9-768x353.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-9-150x69.png 150w\" sizes=\"auto, (max-width: 1020px) 100vw, 1020px\" \/><\/a><\/p>\n<ul>\n<li>We can increase performance and security in the LAN by implementing VLANS on our switches.<\/li>\n<li>VLANS segment the LAN into separate broadcast domains at Layer 2<\/li>\n<li>There is typically a one-to-one relationship between an IP subnet and a VLAN.<\/li>\n<\/ul>\n<h3>VLAN Broadcasts<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2290\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10.png\" alt=\"\" width=\"1018\" height=\"467\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10.png 1018w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10-300x138.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10-768x352.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-10-150x69.png 150w\" sizes=\"auto, (max-width: 1018px) 100vw, 1018px\" \/><\/a><\/p>\n<ul>\n<li>Broadcasts are ONLY sent out ports that have been assigned to the VLAN<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>127. VLAN Access Ports and Configurations<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657044#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657044#content<\/a><\/p>\n<ul>\n<li>VLAN access ports are configured on the switch interfaces where end hosts are plugged in.<\/li>\n<li>Access ports are configured with one specific VLAN<\/li>\n<li>The configuration is all on the switch, the end host is not VLAN aware<\/li>\n<li>Switches only allow traffic within the same VLAN\n<ul>\n<li>This creates smaller broadcast domains.<\/li>\n<\/ul>\n<\/li>\n<li>Hosts in the same subnet should be on the same VLAN or they will not be able to communicate.<\/li>\n<\/ul>\n<h2>Default VLAN<\/h2>\n<ul>\n<li>By default, all ports are in VLAN 1<\/li>\n<\/ul>\n<h2>VLAN Configuration<\/h2>\n<h3>Create the VLAN<\/h3>\n<ul>\n<li>VLANS require a unique number between 1 to 4094 (2^12 excluding 0 and 4095)<\/li>\n<\/ul>\n<pre>SW1(config)#vlan 10\r\nSW1(config-vlan)#name Eng<\/pre>\n<h3>Configure a single Switch Port<\/h3>\n<pre>SW1(config)#interface FastEthernet 0\/1\r\nSW1(config-if)#switchport mode access\r\nSW1(config-if)#switchport access vlan 10<\/pre>\n<h3>Configure a range of Switch Ports<\/h3>\n<pre>SW1(config)#interface range FastEthernet 0\/1 - 5\r\nSW1(config-if)#switchport mode access\r\nSW1(config-if)#switchport access vlan 10<\/pre>\n<h2>View Available VLANS<\/h2>\n<pre>#show vlan brief\r\nVLAN Name                             Status    Ports                                \r\n---- -------------------------------- --------- -------------------------------      \r\n1    default                          active    Gi0\/1, Gi0\/2                         \r\n100  10-0-0-0                         active    Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4           \r\n                                                Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8           \r\n                                                Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12        \r\n200  10-0-1-0                         active    Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16       \r\n                                                Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20       \r\n                                                Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24       \r\n1002 fddi-default                     act\/unsup                                      \r\n1003 token-ring-default               act\/unsup                                      \r\n1004 fddinet-default                  act\/unsup                                      \r\n1005 trnet-default                    act\/unsup<\/pre>\n<h1>128. VLAN Access Ports Lab Demo<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657050#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657050#content<\/a><\/p>\n<h2>VLAN Lab<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2293\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11.png\" alt=\"\" width=\"301\" height=\"328\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11.png 301w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11-275x300.png 275w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11-138x150.png 138w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-11-300x327.png 300w\" sizes=\"auto, (max-width: 301px) 100vw, 301px\" \/><\/a><\/p>\n<h2>Initial Config<\/h2>\n<ul>\n<li>All switchports on VLAN1<\/li>\n<\/ul>\n<p>ENG1 Pings 10.10.10.11<\/p>\n<pre>ping ping ping<\/pre>\n<p>ENG1 Pings 10.10.10.255<\/p>\n<pre>ping ping ping<\/pre>\n<h2>Config SW1-F0\/1 VLAN 10<\/h2>\n<pre>configure terminal\r\nvlan 10\r\nname ENG\r\nint f0\/1\r\nswitchport mode access\r\nswitchport access vlan 10<\/pre>\n<p>ENG1 Pings 10.10.10.11<\/p>\n<pre>Request time out.<\/pre>\n<p>ENG1 Pings 10.10.10.255<\/p>\n<pre>Request time out.<\/pre>\n<p><b>The ping request fail because F01 and F0\/2 are on different VLANs<\/b><\/p>\n<h2>Config SW1-F0\/2 VLAN 10<\/h2>\n<pre>configure terminal\r\nint f0\/2\r\nswitchport mode access\r\nswitchport access vlan 10<\/pre>\n<p>ENG1 Pings 10.10.10.11<\/p>\n<pre>ping ping ping<\/pre>\n<p>ENG1 Pings 10.10.10.255<\/p>\n<pre>ping ping ping<\/pre>\n<h1>129. VLAN Trunk Ports<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657058#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657058#content<\/a><\/p>\n<h2>Trunk Ports: Links between switches<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2294\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12.png\" alt=\"\" width=\"889\" height=\"414\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12.png 889w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12-300x140.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12-768x358.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-12-150x70.png 150w\" sizes=\"auto, (max-width: 889px) 100vw, 889px\" \/><\/a><\/p>\n<h2>Dot1Q Trunks<\/h2>\n<ul>\n<li>An access port carries traffic for one specific VLAN<\/li>\n<li>Dot1Q trunks are configured on the links between switches where we need to carry traffic for multiple VLANs\n<ul>\n<li>ISL (Inter-Switch Link) was a Cisco proprietary trunking protocol, but is now obsolete.<\/li>\n<\/ul>\n<\/li>\n<li>When the switch forwards traffic to another switch, it tags the Layer 2 Dot1Q header with the correct VLAN\n<ul>\n<li>The tag is inserted into the Layer 2 header.\u00a0 See &#8216;Dot1Q Format&#8217; below.<\/li>\n<\/ul>\n<\/li>\n<li>The receiving switch will only forward the traffic out ports that are in that VLAN<\/li>\n<li>The switch removes the Dot1Q tag from the Ethernet frame when it sends it to the end host.<\/li>\n<\/ul>\n<h2>Dot1Q Format<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2296\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13.png\" alt=\"\" width=\"918\" height=\"258\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13.png 918w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13-300x84.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13-768x216.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-13-150x42.png 150w\" sizes=\"auto, (max-width: 918px) 100vw, 918px\" \/><\/a><\/p>\n<h2>Example<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2298\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14.png\" alt=\"\" width=\"888\" height=\"409\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14.png 888w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14-300x138.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14-768x354.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-14-150x69.png 150w\" sizes=\"auto, (max-width: 888px) 100vw, 888px\" \/><\/a><\/p>\n<ul>\n<li>Sales PC2 sends out a broadcast message.<\/li>\n<li>There are no other port configured on SW1&#8217;s Sales VLAN, but it does have a trunk port, so it sends the request on that port.\n<ul>\n<li>Before it sends, it &#8216;injects&#8217; the header with the 12bit VLAN number<\/li>\n<\/ul>\n<\/li>\n<li>SW2 receives the frame and removes the tag from header.<\/li>\n<li>Since there are no Sales VLANs available, it re-tags the header and passes the traffic through its trunk port to SW3.<\/li>\n<li>SW3 receives the message and removes the tag.\n<ul>\n<li>It sees it has a port configured for the Sales VLAN and passes the frame through that port.<\/li>\n<li>It also sees it has Trunk connection to SW4, so it re-adds the VLAN data and sends the frame to SW4.<\/li>\n<\/ul>\n<\/li>\n<li>SW4 receives the message and removes the tag.\n<ul>\n<li>It sees it has a port configured for the Sales VLAN and passes the frame through that port.<\/li>\n<li>It also sees it has Trunk connection to SW5, so it re-adds the VLAN data and sends the message to SW5.<\/li>\n<\/ul>\n<\/li>\n<li>SW4 receives the message and removes the tag.\n<ul>\n<li>SW5 has no additional Trunk ports and no Sales VLANs so it drops the frame.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Hypervisors &#8211; VLAN Aware Hosts<\/h2>\n<p>(Not required for the exam)<\/p>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-15.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2299\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-15.png\" alt=\"\" width=\"650\" height=\"429\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-15.png 650w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-15-300x198.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-15-150x99.png 150w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<ul>\n<li>End hosts are typically members of only one VLAN and are not VLAN aware.<\/li>\n<li>A special case is virtualized hosts, where there are virual machines in different IP subnets on the host.<\/li>\n<li>In this case, we need to trunk the VLANS down to the host.<\/li>\n<\/ul>\n<h2>Trunk Port Configuration<\/h2>\n<pre>SW1(config)#interface fastethernet 0\/24\r\nSW1(config-if)#description Trunk to SW2\r\nSW1(config-if)#switchport mode trunk\r\nSW1(config-if)#switchport trunk encapsulation dot1q<\/pre>\n<h3>Note<\/h3>\n<ul>\n<li>Older switches still support ISL<\/li>\n<li>Newer switches do not, but you still need to specify &#8216;dot1q&#8217; protocol.<\/li>\n<\/ul>\n<h2>The Native VLAN<\/h2>\n<ul>\n<li>The switch needs to know which VLAN to assign to any traffic that comes in untagged on a trunk port.<\/li>\n<li>This used to be required when a switch was connected to a hub.\n<ul>\n<li>Hubs are Layer 1 devices and are not VLAN aware<\/li>\n<\/ul>\n<\/li>\n<li>The Native VLAN is used for this<\/li>\n<li>The default Native VLAN is VLAN 1<\/li>\n<li>Using VLAN 1 poses some security risks, so it is best practice to change it to an unused VLAN<\/li>\n<li>The Native VLAN must match on both sides of the trunk for it to come up.<\/li>\n<\/ul>\n<h1>Native VLAN Configuration<\/h1>\n<pre>SW1(config)#VLAN 199\r\nSW1(config-vlan)#name Native\r\nSW1(config-vlan)#interface gigabitethernet 0\/1\r\nSW1(config-if)#description Trunk to SW2\r\nSW1(config-if)#switchport mode trunk\r\nSW1(config-if)#switchport trunk encapsulation dot1q\r\nSW1(config-if)#switchport trunk native vlan 199<\/pre>\n<p>** It appears there is no need to assign the encapulation. In fact, my switch would not accept the encapsulation command!<\/p>\n<h3>Verify Trunking Settings<\/h3>\n<p>Know this for the exam!<\/p>\n<pre>SW1#show interface g0\/1 switchport\r\nName: Gi0\/1\r\nSwitchport: Enabled\r\nAdministrative Mode: trunk\r\nOperational Mode: down\r\nAdministrative Trunking Encapsulation: dot1q\r\nNegotiation of Trunking: On\r\nAccess Mode VLAN: 1 (default)\r\nTrunking Native Mode VLAN: 199 (Native)\r\nVoice VLAN: none\r\nAdministrative private-vlan host-association: none \r\nAdministrative private-vlan mapping: none \r\nAdministrative private-vlan trunk native VLAN: none\r\nAdministrative private-vlan trunk encapsulation: dot1q\r\nAdministrative private-vlan trunk normal VLANs: none\r\nAdministrative private-vlan trunk private VLANs: none\r\nOperational private-vlan: none\r\nTrunking VLANs Enabled: ALL\r\nPruning VLANs Enabled: 2-1001\r\nCapture Mode Disabled\r\nCapture VLANs Allowed: ALL\r\nProtected: false\r\nUnknown unicast blocked: disabled\r\nUnknown multicast blocked: disabled\r\nAppliance trust: none<\/pre>\n<h2>Limiting Allowed VLANs<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2301\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16.png\" alt=\"\" width=\"806\" height=\"399\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16.png 806w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16-300x149.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16-768x380.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-16-150x74.png 150w\" sizes=\"auto, (max-width: 806px) 100vw, 806px\" \/><\/a><\/p>\n<ul>\n<li>In the example above:\n<ul>\n<li>SW1 is connected to:\n<ul>\n<li>VLAN10 (Eng)<\/li>\n<li>VLAN 20 (Sales)<\/li>\n<li>VLAN 30 (Accounts)<\/li>\n<\/ul>\n<\/li>\n<li>SW2 is connected to:\n<ul>\n<li>Eng<\/li>\n<li>Accounts<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Since there is no need for Sales VLAN traffic to pass through this trunk, use the following configuration:<\/li>\n<\/ul>\n<pre>interface g 0\/1\r\nswitchport trunk allowed vlan 10, 30<\/pre>\n<h1>130. VLAN Trunks Lab Demo<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657064#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657064#content<\/a><\/p>\n<h2>Lab Demo<\/h2>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-17.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2303\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-17.png\" alt=\"\" width=\"560\" height=\"282\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-17.png 560w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-17-300x151.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2019\/08\/a1-17-150x76.png 150w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/><\/a><\/p>\n<h2>Init Setup<\/h2>\n<ul>\n<li>SW1 configured:\n<ul>\n<li>VLAN Eng: 0\/1, 0\/2<\/li>\n<li>VLAN Sales: 0\/3<\/li>\n<li>G0\/1 unconfigured\n<ul>\n<li>switchport mode access<\/li>\n<li>vlan 1<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Complete Configuration of SW1<\/h2>\n<h3>Configure the Native VLAN<\/h3>\n<ul>\n<li>Name can be anything<\/li>\n<li>Choose a vlan you are not using in production<\/li>\n<\/ul>\n<pre>SW1#conf t\r\nSW1(config)#vlan 199\r\nSW1(config-vlan)#name Native<\/pre>\n<h3>Configure SW1-G0\/1 as a trunk to SW2<\/h3>\n<ul>\n<li>The dot1q encapsulation command failed since only dot1q is allowed on this switch.<\/li>\n<\/ul>\n<pre>SW1(config)#int g0\/1\r\nSW1(config-if)#desc Trunk To SW2\r\nSW1(config-if)#switchport mode trunk \r\nSW1(config-if)#switchport trunk encapsulation dot1q\r\n\u00a0                               ^                                                                                               \r\n% Invalid input detected at '^' marker.\r\nSW1(config-if)#switchport trunk native vlan 199\r\nSW1(config-if)#no shutdown<\/pre>\n<h2>Configure SW2<\/h2>\n<h3>Configure Eng, Sales and Native<\/h3>\n<pre>SW2#configure terminal\r\nSW2#(config)#vlan 10\r\nSW2(config-vlan)#name Eng\r\nSW2(config-vlan)#vlan 20\r\nSW2(config-vlan)#name Sales\r\nSW2(config-vlan)#vlan 199\r\nSW2(config-vlan)#name Native<\/pre>\n<h3>Configure SW2-G0\/1 as a trunk to SW1<\/h3>\n<pre>SW2(config)#int g0\/1\r\nSW2(config-if)#desc Trunk To SW2\r\nSW2(config-if)#switchport mode trunk \r\nSW2(config-if)#switchport trunk encapsulation dot1q\r\nSW2(config-if)#switchport trunk native vlan 199\r\n#SW2(config-if)#switchport trunk allowed vlan 10,20 \r\nSW2(config-if)#no shutdown<\/pre>\n<h3>Configure SW2-G0\/2 as a trunk to SW3<\/h3>\n<pre>SW2(config)#int g0\/2\r\nSW2(config-if)#desc Trunk To SW3\r\nSW2(config-if)#switchport mode trunk \r\nSW2(config-if)#switchport trunk encapsulation dot1q\r\nSW2(config-if)#switchport trunk native vlan 199\r\nSW2(config-if)#no shutdown<\/pre>\n<h2>Configure SW3<\/h2>\n<h3>Configure the Eng, Sales and Native VLANs<\/h3>\n<pre>SW3#conf t\r\nSW3(config)#vlan 10\r\nSW3(config-vlan)#name Eng\r\nSW3(config-vlan)#vlan 20\r\nSW3(config-vlan)#name Sales\r\nSW3(config-vlan)#vlan 199\r\nSW3(config-vlan)#name Nativ<\/pre>\n<h3>Configure SW3-G0\/2 as a trunk to SW2<\/h3>\n<pre>SW3(config)#int g0\/2\r\nSW3(config-if)#desc Trunk To SW2\r\nSW3(config-if)#switchport trunk encapsulation dot1q \r\nSW3(config-if)#switchport mode trunk \r\nSW3(config-if)#switchport trunk native vlan 199\r\nSW3(config-if)#no shutdown<\/pre>\n<h3>Configure SW3 Access Po<\/h3>\n<pre>SW3(config)#int f0\/1\r\nSW3(config-if)#switchport mode access\r\nSW3(config-if)#switchport access vlan 200\r\nSW3(config)#int f0\/2\r\nSW3(config-if)#switchport mode access\r\nSW3(config-if)#switchport access vlan 200\r\nSW3(config)#int f0\/3\r\nSW3(config-if)#switchport mode access\r\nSW3(config-if)#switchport access vlan 100<\/pre>\n<h1>131. VLAN Configuration Lab Exercises<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657070#overview\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657070#overview<\/a><\/p>\n<p>VLAN and Inter-VLAN routing lab exercises are included together at the end of the next section. Please watch the Inter-VLAN routing section next before completing the labs.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; Section 19 | Home | Section 21 &gt; 61% Complete 124. Introduction https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657024#content &nbsp; 125. Campus LAN Design &#8211; Core, Distribution and Access Layers https:\/\/www.udemy.com\/cisco-icnd1\/learn\/lecture\/8657030#content Overview Multi-building LAN network design (not multi-city WAN) Should be designed for scalability, performance and security To aid best practice designs, the network topology is split into access, distribution ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=2276\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-2276","post","type-post","status-publish","format-standard","hentry","category-icnd1-ccent"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2276"}],"version-history":[{"count":15,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2276\/revisions"}],"predecessor-version":[{"id":3055,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2276\/revisions\/3055"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}