Cisco Networking/CCENT/VLANs
This lesson covers VLANs and VLAN routing.
Objectives and Skills
editObjectives and skills for the VLANs portion of Cisco CCENT certification include:[1]
- Describe how VLANs create logically separate networks and the need for routing between them
- Explain network segmentation and basic traffic management concepts
- Configure and verify VLANs
- Configure and verify trunking on Cisco switches
- DTP (topic)
- Auto-negotiation
- Configure and verify interVLAN routing (router on a stick)
- Sub interfaces
- Upstream routing
- Encapsulation
- Configure SVI interfaces.
Readings
editMultimedia
edit- YouTube: VLANs - CompTIA Network+ N10-005: 1.4
- YouTube: Configuring VLANs - CompTIA Network+ N10-005: 2.1
- YouTube: VLAN Trunking Protocol - CompTIA Network+ N10-005: 2.1
- YouTube: CCNA And CCNP Tutorial: VLAN Trunking Protocol (VTP)
- YouTube: Cisco Inter-VLAN Routing on a Stick
- YouTube: Switched Virtual Interfaces for Inter-VLAN Routing
- YouTube: 802.1Q and Trunking
Examples
editSwitch Configuration
editvlan
editTo add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.[2]
vlan {<vlan-id> | <vlan-range>} vlan 2
name
editTo name a VLAN on a switch, use the name command in VLAN configuration mode.[3]
name sale
switchport mode
editTo set the interface type, use the switchport mode command in interface configuration mode.[4]
switchport mode < access | trunk > switchport mode access switchport mode trunk
switchport access vlan
editTo set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.[5]
switchport access vlan <vlan-id> switchport access vlan 2
switchport trunk
editTo set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.[6]
switchport trunk { native vlan <vlan-id> | allowed vlan <vlan-list> } switchport trunk native vlan 10 switchport trunk allowed vlan 2-3, 10
show vlan
editTo display VLAN information on a switch, use the show vlan command in privileged EXEC mode.[7]
show vlan [brief | id <vlan-id> | name <name> [ifindex] | <ifindex>] show vlan show vlan brief show vlan 2 show vlan sales
show interfaces switchport
editTo display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.[8]
show interfaces switchport
Command Sequence
editA command sequence to configure a switch for VLAN switching might be similar to the following.
enable configure terminal vlan 2 name sales vlan 3 name r&d exit interface vlan 1 ip address 192.168.1.10 255.255.255.0 no shutdown ip default-gateway 192.168.1.1 interface fastethernet1/0 switchport trunk encapsulation dot1q switchport mode trunk interface range fastethernet1/1 - 2 switchport access vlan 2 interface range fastethernet1/3 - 4 switchport access vlan 3 exit exit show vlan brief show interface trunk show interfaces switchport
EtherSwitch Router Configuration
editvlan database
editTo enter VLAN configuration mode on a router with a switch module, use the vlan database command in privileged EXEC mode.[9]
vlan database
vlan (VLAN)
editTo configure a specific VLAN, use the vlan command in VLAN configuration mode.[10]
vlan <vlan-id> [name <vlan-name>] vlan 2 name sales
show vlan-switch
editTo display VLAN information, use the show vlan-switch command in user EXEC or privileged EXEC mode.[11]
show vlan-switch [brief | id <vlan> | name <name>] show vlan-switch show vlan-switch brief
show interface trunk
editTo display the interface-trunk information, use the show interface trunk command in user EXEC or privileged EXEC mode.[12]
show interface [ interface <interface-number> ] trunk [ module <number> | vlan <vlan> ] show interface trunk
Command Sequence
editA command sequence to configure an EtherSwitch router for VLAN switching might be similar to the following.
enable vlan database vlan 2 name sales vlan 3 name r&d exit configure terminal interface vlan 1 ip address 192.168.1.10 255.255.255.0 no shutdown ip default-gateway 192.168.1.1 interface fastethernet1/0 switchport mode trunk interface range fastethernet1/1 - 2 switchport access vlan 2 interface range fastethernet1/3 - 4 switchport access vlan 3 exit exit show vlan-switch brief show interface trunk
Router Configuration
editencapsulation dot1q
editTo enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN, use the encapsulation dot1q command in interface range configuration mode or subinterface configuration mode.[13]
encapsulation dot1q <vlan-id> [native]
show vlans
editTo display VLAN subinterfaces, use the show vlans command in privileged EXEC mode.[14]
show vlan
Command Sequence
editA command sequence to configure a router for VLAN routing might be similar to the following.
enable configure terminal interface fastethernet0/0 ip address 192.168.1.1 255.255.255.0 no shutdown interface fastethernet0/0.2 encapsulation dot1q 2 ip address 192.168.2.1 255.255.255.0 interface fastethernet0/0.3 encapsulation dot1q 3 ip address 192.168.3.1 255.255.255.0 exit exit show ip interface brief show vlans
Switch Virtual Interface Configuration
editCommand Sequence
editA command sequence to configure switch virtual interface (SVI) VLAN routing might be similar to the following.
enable configure terminal ip routing interface vlan 2 ip address 192.168.2.1 255.255.255.0 no shutdown interface vlan 3 ip address 192.168.3.1 255.255.255.0 no shutdown exit exit show ip route
Activities
edit- Configure and test switching.
- Add an EtherSwitch router and four VPCS PCs to a new GNS3 project and start the devices.
- Add links to connect the following.
- PC1 Ethernet0 <-> ESW1 FastEthernet1/1
- PC2 Ethernet0 <-> ESW1 FastEthernet1/2
- PC3 Ethernet0 <-> ESW1 FastEthernet1/3
- PC4 Ethernet0 <-> ESW1 FastEthernet1/4
- Set the following IP addresses and subnet masks.
- ESW1 VLAN1: 192.168.1.10 255.255.255.0
- PC1 Ethernet0: 192.168.1.11 255.255.255.0
- PC2 Ethernet0: 192.168.1.12 255.255.255.0
- PC3 Ethernet0: 192.168.1.13 255.255.255.0
- PC4 Ethernet0: 192.168.1.14 255.255.255.0
- Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
ping
- Configure and test VLAN switching.
- Using the project from above, create the following VLANs.
- VLAN 2: sales, FastEthernet1/1, FastEthernet1/2
- VLAN 3: r&d, FastEthernet1/3, FastEthernet1/4
- Open the console for the switch and practice using the following commands.
enable
vlan database
vlan
exit
configure terminal
interface
switchport access
- Verify the configuration using the following commands.
show running-config
show vlan-switch
- Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. Only connections on the same VLAN should be successful.
ping
- Using the project from above, create the following VLANs.
- Configure and test VLAN routing.
- Add a router to the project from above and start the device.
- Add a link to connect the following.
- R1 FastEthernet0/0 <-> ESW1 FastEthernet1/0
- Set the following IP addresses, subnet masks, and default gateways for the switch and PCs.
- R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
- R1 FastEthernet0/0.2: 192.168.2.1 255.255.255.0
- R1 FastEthernet0/0.3: 192.168.3.1 255.255.255.0
- ESW1 VLAN1: 192.168.1.10 255.255.255.0 192.168.1.1
- PC1 Ethernet0: 192.168.2.11 255.255.255.0 192.168.2.1
- PC2 Ethernet0: 192.168.2.12 255.255.255.0 192.168.2.1
- PC3 Ethernet0: 192.168.3.13 255.255.255.0 192.168.3.1
- PC4 Ethernet0: 192.168.3.14 255.255.255.0 192.168.3.1
- Open the console for the router and practice using the following commands.
enable
configure terminal
interface
encapsulation
ip address
exit
- Verify the configuration using the following commands.
show ip interface brief
show vlans
- Open the console for the switch and practice using the following commands.
enable
configure terminal
interface
ip address
ip default-gateway
switchport mode trunk
exit
- Verify the configuration using the following commands.
show vlan-switch
show interface trunk
- Test the configuration using the following commands on the router, switch, and the PCs. Test all router, switch, and PC addresses. All tests should be successful.
ping
trace
- Configure and test switch virtual interface (SVI) routing.
- Remove the router from the project above.
- Set the following IP addresses and subnet masks for the switch.
- ESW1 VLAN2: 192.168.2.1 255.255.255.0
- ESW1 VLAN3: 192.168.3.1 255.255.255.0
- Open the console for the router and practice using the following commands.
enable
configure terminal
interface
ip address
exit
ip routing
- Verify the configuration using the following commands.
show ip route
- Test the configuration using the following commands on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
ping
trace
Lesson Summary
edit- A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[15]
- Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.[16]
- VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.[17]
- VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.[18]
- IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.[19]
- Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.[20]
- A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.[21]
- Switch port mode settings available are:[22]
- Access - Puts the Ethernet port into permanent nontrunking mode.
- Trunk - Puts the Ethernet port into permanent trunking mode.
- Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
- Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
- Nonegotiate - Disables DTP.
- Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.[23]
- A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.[24]
- A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.[25]
- To add a VLAN and enter config-VLAN submode on a switch, use the
vlan
command in global configuration mode.[26] - To name a VLAN on a switch, use the
name
command in VLAN configuration mode.[27] - To set the interface type, use the
switchport mode
command in interface configuration mode.[28] - To set the VLAN when the interface is in access mode, use the
switchport access vlan
command in interface configuration or template configuration mode.[29] - To set the trunk characteristics when the interface is in trunking mode, use the
switchport trunk
command in interface configuration mode.[30] - To display VLAN information on a switch, use the
show vlan
command in privileged EXEC mode.[31] - To display the administrative and operational status of a switching (nonrouting) port, use the
show interfaces switchport
command in user EXEC or privileged EXEC mode.[32]
Key Terms
edit- access interface
- A network link carrying a single VLAN, without VLAN tagging.[33]
- trunk interface
- A network link with VLAN tagging, able to carry multiple VLANs.[34]
- trunking administrative mode
- The configured port trunking setting.[35]
- trunking operational mode
- The current trunking behavior of a given port after negotiating with the neighboring port.[36]
Review Questions
edit-
A virtual LAN (VLAN) is _____.A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
-
Managed switches can _____.Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.
-
VLANs allow network administrators to _____.VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.
-
VLAN Trunking Protocol (VTP) is _____.VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.
-
IEEE 802.1Q is _____.IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
-
Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is _____.Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
-
A VLAN ID is added only if _____. If the frame is to be forwarded out a port configured as an access link, the _____.A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.
-
Switch port mode settings available are:Switch port mode settings available are:
Access - Puts the Ethernet port into permanent nontrunking mode.
Trunk - Puts the Ethernet port into permanent trunking mode.
Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
Nonegotiate - Disables DTP. -
Dynamic Trunking Protocol (DTP) is _____.Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.
-
A "router on a stick", is _____.A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.
-
A switched virtual interface (SVI) is _____.A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.
-
To add a VLAN and enter config-VLAN submode on a switch, use the _____ command in global configuration mode.To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.
-
To name a VLAN on a switch, use the _____ command in VLAN configuration mode.To name a VLAN on a switch, use the name command in VLAN configuration mode.
-
To set the interface type, use the _____ command in interface configuration mode.To set the interface type, use the switchport mode command in interface configuration mode.
-
To set the VLAN when the interface is in access mode, use the _____ command in interface configuration or template configuration mode.To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.
-
To set the trunk characteristics when the interface is in trunking mode, use the _____ command in interface configuration mode.To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.
-
To display VLAN information on a switch, use the _____ command in privileged EXEC mode.To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.
-
To display the administrative and operational status of a switching (nonrouting) port, use the _____ command in user EXEC or privileged EXEC mode.To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.
Assessments
edit- Flashcards: Quizlet: CCENT - VLANS
- Quiz: Quizlet: CCENT - VLANS
See Also
editReferences
edit- ↑ Cisco: ICND1 Exam Topics
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS Interfaces and Hardware Component Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: VLAN Trunking Protocol
- ↑ Wikipedia: IEEE 802.1Q
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Dynamic Trunking Protocol
- ↑ Wikipedia: Dynamic Trunking Protocol
- ↑ Wikipedia: Router on a stick
- ↑ Wikipedia: Switch virtual interface
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS LAN Switching Command Reference
- ↑ Cisco: IOS Interfaces and Hardware Component Command Reference
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Virtual LAN
- ↑ Wikipedia: Dynamic Trunking Protocol
- ↑ Wikipedia: Dynamic Trunking Protocol