Read the article on VLANs
We have the following architecture:
– the VLAN 10 of switch-01 can discuss with the VLAN 10 of the SWITCH-02.
– the VLAN 20 of switch-01 can discuss with the VLAN 20 of the SWITCH-02.
– the VLAN 30 of the SWITCH-01 can discuss with the VLAN 30 of the SWITCH-02.
Good bah let's try several methods:
Test 01: I'm not setting up the FastEthernet 0/8 port of SWITCH-01 and SWITCH-02.
Result: These will be in VLAN 1. VLANs 10.20 and 30 will not be able to use this port.
Test 02: I put the FastEthernet 0/8 port of switch-01 and SWITCH-02 in The VLAN 10,
As a result, VLANs 20 and 30 will not be able to use this port.
Test 03: I put the FastEthernet 0/8 port of switch-01 and SWITCH-02 in the VLAN 20,
As a result, VLANs 10 and 30 will not be able to use this port.
Test 04: I put the FastEthernet 0/8 port of switch-01 and SWITCH-02 in the VLAN 30,
As a result, VLANs 10 and 20 will not be able to use this port.
We can see that we need something extra to make it work!
What it takes is a trunk link!
Trunk – Trunk in English
– physical link that allows the transit of VLANs
– keeps the VLAN iD made on a frame
Simply put, a trunk port:
– is part of all the VLANs of the switch so everyone can contact him
– indicates in each frame sent the number of VLAN
– look in all the frames received if there was not a VLAN number
Switch (config) - FastEthernet interface 0/24 Switch (config-if) description VERS-SWITCH-001 Switch (config-if) - trunk mode switchport Switch (config-if) - switchport trunk encapsulation dot1q< Pour les vieux switchs pour="" les="" vieux=""></ Pour les vieux switchs>
This configuration is to be put on <> all SWITCH SWITCH interconnection ports.
The rest of the course concerns
CCNP SWITCH certification
To set up a trunk link, there are two protocols:
ISL (Inter-Switch Link)
– CISCO protocol
– encapsulates the frame
– adds 30 bytes
– standardized protocol
– tague the frame
– adds 4 bytes
ISL – Inter-Switch Link
– Owner Cisco
– developed long before the IEEE 802.1Q protocol
– adds 30 bytes to each frame
ISL encapsulates each frame between a 26-byte header (header) and a 4-byte trailer .en-tail.
The IEEE Institute has released a standard so that all network equipment of different brands can exchange their VLAN information.
Cisco favors IEEE 802.1Q and abandons its ISL protocol.
This protocol is no longer implemented in new Cisco network equipment.
All frames that pass through a trunk ISL link will be encapsulated (there are no notions of native VLAN).
The 802.1Q protocol:
– IEEE standard is standard protocol
– created to standardize trunk links
– commonly called Dot1q (802.1q – .1q – dot1q / translation: dot – point)
This protocol will add a Tag 802.1Q just after the MAC addresses destination and source of our frames.
The IEEE 802.1q protocol adds a tag on every frame except on the frames belonging to the native VLAN!
If a trunks port using this standardized protocol receives an untagged frame, it deduces that this frame is part of the native VLAN.
The default native VLAN is VLAN 1.
But why did the IEEE create the native VLAN?
A long time ago, the use of a hub was common. They could be placed on a trunk link. The end users connected to these hubs received 802.1q frames and do not understand them… If they are part of the native VLAN, the frame is not tagged and becomes understandable by end users.
Since the release of Windows XP, end-users have included 802.1q frames without taking into account VLAN markings.
The native VLAN remains important as the untagged frames received by a trunk port 802.1q will be placed in the native VLAN.
Imagine a scenario:
– all our customers are in the VLAN 20
– the native VLAN is the VLAN 20
All our frames generated by our switches (CDP, LLDP, DTP) will therefore be placed in our customer VLAN (not cool level security).
It is therefore strongly advised to create a VLAN reserved for native VLAN.
To set up a port in trunk mode, it's important to see how a port is configured by default.
If we turn on a switch for the first time and do a show running-configuration, we can see this:
FastEthernet interface 0/1 ! FastEthernet interface 0/2 ! etc.
On the face of it, our ports have no configuration, except that our equipment does not display the default settings.
If they displayed them, we would see:
FastEthernet interface 0/1 switchport mode dynamic auto switchport trunk encapsulation negotiate switchport trunk native VLAN 1 switchport trunk allowed VLAN all vLAN 1 switchport access ! FastEthernet interface 0/2 Ect.
A switch interface can take 3 modes:
The access mode is detailed in the VLAN article
The trunk mode is detailed in the subchapter "Manual"
The dynamic mode is detailed in the "Dynamic Trunking Protocol" subchapter
Put a port in trunk mode:
Switch (config-if) - trunk mode switchport
Both trunk ports must be in trunk mode.
Dynamic Trunking Protocol
DTP – Dynamic Trunking Protocol
– Cisco proprietary protocol
– dynamically configures the two ports of a trunk link (ISL or 802.1q)
Put a port in dynamic mode:
Switch (config-if) - switchport dynamic mode[ auto | desirable ]
If the port opposite is configured in manual mode, it will go into the same mode.
There are two dynamic modes:
The port will go into trunk mode if the other port of the link asks.
If the port opposite is in trunk or dynamic desirable mode, both ports of this link will be in trunk mode.
Otherwise, both ports will be in access mode.
The port will actively try to put this link in trunk mode.
If the port opposite is in trunk, dynamic auto or dynamic desirable mode, both ports of this link will be in trunk mode.
Otherwise, both ports will be in access mode.
The following table can therefore be concluded:
To turn it off:
switch (config-if) - switchport nonegotiate
Trunk mode options
1) Allowed VLAN
By default, all VLANs are allowed to transit on our trunk link.
In order to secure our network, we can only allow the VLANs we want.
Example: We want to allow VLANs from 10 to 20 and 40 to 50.
Switch (config-if) - switchport trunk allowed clan 10-20, 40-50
Switch (config-if) - switchport trunk allowed VLAN 10-50 Switch (config-if) - switchport trunk allowed VLAN remove 21-39
2) Native VLAN
(Only relates to 802.1q)
As explained above, it is advisable to create a VLAN specifically for native VLAN.
We'll see how to do it:
Switch (config) VLAN 3 Switch (config-VLAN) - name NATIVE Switch (config-VLAN) Switch (config) - GigaBitEthernet interface 0/1 Switch (config-if) - switchport trunk native VLAN 3
All untagged frames will therefore be placed in the VLAN 3 by the receiving trunk port.
We have seen that it is possible to use the ISL and 802.1q protocols to set up a trunk link.
Switch (config-if) - switchport trunk encapsulation[ isl | dot1q | negotiate ]
By default, all our ports are in negotiate mode.
If the two ports of our link are in negotiate mode and our two equipments support both protocols, ISL will be chosen…
So it is important to choose, yourself, are trunk protocol.
Switch (config-if) - switchport trunk encapsulation isl
Switch (config-if) - switchport trunk encapsulation dot1q
Check the status of our ports:
Switch show interfaces FastEthernet 0/1 switchport
In the image above, we can see that:
– the 0/1 port of the Switch-A is in dynamic auto mode (default)
– the 0/1 port of the Switch-B is in trunk mode
The "operational mode" line has therefore gone into trunk mode
Hoping this article has been helpful to you!
Don't hesitate to let me know!!