A LAN is a single broadcast domain, including all devices in that broadcast domain. A broadcast domain is the group of devices that receives a broadcast frame (FFFF.FFFF.FFFF) sent my any one of the members
From this diagram, one can see that this is not an optimal setup as the broadcast domain includes all departments and there are performance and security issues at play here:
Performance - Lots of unnecessary broadcast traffic can reduce network performance
Security - Even within the same office, you want to limit who has access to what. You can apply security policies on a router/firewall. As this setup is one LAN, security policies on the router will have no effect as PC's can reach each other directly.
In this scenario, the different departments have been separated via different subnets. If PC1 want to send a message to PC2, PC1 knows PC2 is ion a different network so sets its destination MAC to its default gateway (R1). R1 swaps out the Src and Dst MAC as its own and PC2 respectively sends it the switch and the switch forwards it to PC2.
The issue here is that if PC1 needs to send a broadcast, the switch is L2 and doesn't understand the different networks and so broadcasts PC1's message to all ports except the port it received it on. As you can see we still have the performance issue. Even though the departments have been separated into 3 subnets (Layer 3) they are still in the SAME broadcast domain.
One way of separating the broadcast domain is via segmentation, or creating VLAN's
VLAN's are configured on switches on a per-interface basis
VLAN's logically separate end hosts at Layer 2
Switches do not forward traffic directly between hosts in different VLAN's. Only a L3 device can send traffic between VLAN's
Configuring VLAN's
SW1(config)# interface range gi1/0 - 3
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 10
% Access VLAN does not exists. Creating vlan 10
We can see that VLAN 10 was created automatically
We can see the VLAN's created above VLAN0010, VLAN0020 and VLAN0030. Lets change these names to be more specific
SW1(config)#vlan 10 ----------------> this is how you create a VLAN Manually
SW1(config-vlan)#name ENGINEERING
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name HR
SW1(config-vlan)#vlan 30
SW1(config-vlan)#name SALES
SW1(config)# do show vlan brief
Trunk ports = multiple VLAN's on an interface (or bundled interfaces aka EtherChanell). When a frame is received on a TRUNK interface, how does it know where to forward the traffic to?
For example, PC1 wants to send data to PC2 in the same VLAN across the trunk, it sends the data to SW2 and SW2 forwards the data to SW1. The trunk port allows VLAN's 10 and 30
How does SW1 know which VLAN the traffic belongs to?
It does this by VLAN Tagging. Switches will 'tag' all frames that they send over a trunk link. This allows the receiving switch to know which VLAN the frame belongs to.
There are 2 main trunking protocols:
ISL (Inter-Switch Link) - old Cisco proprietary created before the IEEE 802.1Q industry standard. Modern Cisco equipment don't support it any more.
802.1Q - commonly known as dot1q
VLAN's (802.1q) as defined by IEEE and states that 32bits (4 Bytes) are added to the Ethernet Frame in the following fields:
TPID = Tag Protocol Identifier (16bit)
This field is set to 0x8100 to identify that its a 802.1q VLAN
PCP = Priority Code Point (3bit) - 802.1p
This is the L2 CoS (Class of Service) from 0-7 (lowest to highest priority)
DEI = Drop Eligible Indicator (1bit)
If there is congestion within the network, this can be set to be dropped
VLAN ID = 12bit
This is basically the VLAN number between 0-4096. As its 12bits, ( 2^12 = 4096) . VLANS 0 and 4095 are reserved and can't be used,so it can only support 1 - 4094 VLAN's
VLAN 0 is solely used for 802.1p traffic - QoS - (Cant be modified of deleted)
VLAN 1 is the default VLAN (Cant be modified or deleted)
VLAN's 2-1001 are in the 'Normal' VLAN range and CAN be modified or deleted
VLAN's 1002-1005 are reserved and cannot be deleted (fddi, token-ring, fddinet, trnet)
VLAN's 1006 - 4094are in the 'Extended' VLAN range and can be added, deleted and modified as necessary
As discussed above previously, the 802.1q tag is inserted between the 'Source' and 'Type/Length Fields
The tag is 4Bytes (32 bits) and is made up of 2 main fields:
Native VLAN
802.1q has a feature called 'Native VLAN' which ISL does not. The native VLAN is by default VLAN 1 which in the beginning all ports are associated to. This can be manually changed on each trunk port.
The switch does not add 802.1q tags to frames received on the Native VLAN, and forward the frame normally over the trunk port (without an 802.1q tag - ie its coming through the truk port as an UNTAGGED frame.
The receiving switch sees the untagged frame on the trunk port and assumes it belongs to the NATIVE VLAN (remember to ensure native VLAN's match between switches trunk ports).
As mentioned, switches will still forward traffic if there is a NATIVE VLAN MISMATCH which could cause problems as traffic can change VLAN's unintentionally.
Lets see some scenarios below:
PC1 wants to forward traffic to PC2 and both are in the same VLAN10 which also happens to be the configured 802.1q native vlan. Because the native vlan is 10 the frame will NOT be tagged and SW2 forwards the frame to SW1.
SW1 sees it has no tag and assumes its in the native VLAN 10 and sends it to PC2. This works in this case
NATIVE VLAN MISMATCH
Here we can see a native VLAN mismatch with SW2 as VLAN10 and DW1 as VLAN30.
As with the previous example the untagged frame arrives at SW1 which it then assumes it must belong to VLAN30, but the destination is VLAN10 so it drops the frame.
Here we can see that PC1 want to send data to PC2 in VLAN30. All is the same except that SW2 has marked the frame as VLAN 30 but on SW1, VLAN 30 is the native VLAN and so it wont be expecting VLAN30 tagged traffic so will then discard the frame.
All switch control plane traffic is advertised using the NATIVE VLAN. To change the default Native VLAN (for security reasons)- it is best to change it to an unused VLAN (make sure the naive VLAN matches between switches !!)
Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDU)
Dynamic Trunking Protocol (DTP)
always use the Native VLAN. Other protocols always use VLAN1 (default Native VLAN) such as
Cisco Discovery Protocol (CDP)
VTP (VLAN Trunk Protocol)
PAgP (Port Aggregation Protocol)
UDLD (Uni Directional Link Detection)
However if the Native VLAN is NOT Vlan 1, then they will be tagged to the NATIVE VLAN
Configuring Trunk Ports
SW1(config)# interface gi0/0
SW1(config-if)# switchpost mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" cannot be configured to "trunk" mode **Switches that support both trubk protocols (ISL and 802.1q) have their trunk interfaces set to auto by default. SO have to set encapsulation 1st !!!
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# end
SW1# show interfaces trunk
Mode On = Interface was manually configured as a trunk
Encapsulation = 802.1q as configured and Native VLAN is 1 as per default
SW1(config)# interface gi0/0
SW1(config-if)# switchport trunk allowed vlan ? PLEASE SEE AVAILABLE OPTIONS with ?
SW1(config-if)# switchport trunk allowed vlan 10, 30
VLAN Port Allocation
Ports are assigned to VLAN's in a number of ways:
Statically Assigned - this is where the Administrator statically assigns switch ports to their respective VLAN's
Dynamic VLAN's
Using VMPS (VLAN Membership Policy Server), whereby the ports can be dynamically updated depending on which source MAC address of the device attached to that port. For example a boardroom port, if a Director connects to a port, the VMPS dynamically assigns that port to the Directors VLAN based on his MAC address.
If the following day a Manager plugs his laptop into the same port the VMPS dynamically allocates the port to the Managers VLAN
VOICE VLAN's - specifically used by IP Phones
VTP
VLAN Trunking Protocol is a Cisco Proprietary Layer 2 Protocol which allows for the propagation of VLAN information from one switch to another rather than connecting individually to each switch, whereby you can create, add or delete or rename VLAN's and have that information propagate to other switches across TRUNK links. (Notice the name:VTP - this information can only be propagated across TRUNK links)
VTP can save a lot of time but also can be a headache:
Entire VLAN information and configuration can be wiped out due to a new Cisco switch being intro an environment without due diligence being followed and a lot of Engineers will disable VTP to mitigate these issues.
The Router (Router on a Stick) - Inter VLAN routing (Use sub-interfaces!!!)
The 3 interfaces to the router from the switch for each VLAN does not scale, so instead of 3 we have 1 physical connection with sub-interfaces to carry the 3 VLAN's.
g0/0.10 --> for vlan 10
g0/0.20 --> for vlan 20
g0/0.30 --> for vlan 30
If the router interface to the switch is gi0/0 we configure the port to the router as a normal trunk port and then on the router we do the following: (We have assigned the last userble ip address of the subnet as the IP Addrresss)
The sub-interface number eg. gi0/0.10, does not have to match the VLAN number but it does make it easier to understand which VLAN and sub-interface you are looking at to make it the SAME !! :)
LAB 2 - Trunks
SW1
SW2#sh run
Building configuration...
Current configuration : 1472 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
no ip domain-lookup
!
no spanning-tree vlan 1-4094
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
-----------------------------------------
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport trunk native vlan 1001
switchport trunk allowed vlan 10,30
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk native vlan 1001
switchport trunk allowed vlan 10,20,30
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end
SW2#
SW2#sh vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24
10 VLAN0010 active Fa0/2, Fa0/3
20 VLAN0020 active Fa0/1
30 VLAN0030 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#
SW2#sh interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1001
Gig0/2 on 802.1q trunking 1001
Port Vlans allowed on trunk
Gig0/1 10,30
Gig0/2 10,20,30
Port Vlans allowed and active in management domain
Gig0/1 10,30
Gig0/2 10,20,30
Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 10,30
Gig0/2 10,20,30
SW2#
SW2
SW2#sh run
Building configuration...
Current configuration : 1472 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
no ip domain-lookup
!
no spanning-tree vlan 1-4094
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
------------------------------------
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport trunk native vlan 1001
switchport trunk allowed vlan 10,30
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk native vlan 1001
switchport trunk allowed vlan 10,20,30
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end
SW2#
SW2#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24
10 VLAN0010 active Fa0/2, Fa0/3
20 VLAN0020 active Fa0/1
30 VLAN0030 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#
SW2#sh int trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1001
Gig0/2 on 802.1q trunking 1001
Port Vlans allowed on trunk
Gig0/1 10,30
Gig0/2 10,20,30
Port Vlans allowed and active in management domain
Gig0/1 10,30
Gig0/2 10,20,30
Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 10,30
Gig0/2 10,20,30
SW2#
R1
R1#sh run
Building configuration...
Current configuration : 980 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX152425PG-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.0.62 255.255.255.192
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.0.126 255.255.255.192
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.0.190 255.255.255.192
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
R1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0.10 10.0.0.62 YES manual up up
GigabitEthernet0/0.20 10.0.0.126 YES manual up up
GigabitEthernet0/0.30 10.0.0.190 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
R1#
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.0.0.0/26 is directly connected, GigabitEthernet0/0.10
L 10.0.0.62/32 is directly connected, GigabitEthernet0/0.10
C 10.0.0.64/26 is directly connected, GigabitEthernet0/0.20
L 10.0.0.126/32 is directly connected, GigabitEthernet0/0.20
C 10.0.0.128/26 is directly connected, GigabitEthernet0/0.30
L 10.0.0.190/32 is directly connected, GigabitEthernet0/0.30
R1#
Native VLAN on a Router (ROAS)
From previous section we mentioned that is was best practise to change the Native Vlan to an unused VLAN as the native VLAN feature can cause security issues. Lest see how we can use it on a router.
The native VLAN feature does have one benefit because frames in the native VLAN are not tagged its more efficient, each frame is smaller so it allows the device to send more frames per second. In the previous section we set the native VLAN to an unused VLAN of 1001 on SW1's gi0/0 and SW2's gi0/0 and gi0/1interfaces. There are 2 methods for configuring the native VLAN on a router
This tells the the router that this sub-interface belongs to the native VLAN and it will function just like the native VLAN on a switch
The second option is not to use a sub-interface at all but just configure the IP address for the natie VLAN on the routers physical interface (the encapsulation dot1q <vlan-id> command is not necessary.
Layer 3 (Multilayer Switches
Capable of switching and routing
Its Layer 3 aware
You can assign IP addresses like a router
You can create virtual interfaces for each VLAN and assign IP's to those interfaces
You can configure routes on it, just like a router
Can be used for inter-VLAN routing
SVI's - switch virtual interfaces are the virtual interfaces you can assign IP addresses to in a multiayer switch. Configure the PC's to use the SVI as their Default Gateway and not the router
A couple of commands first. We created the sub-interfaces on R1 when it was a ROAS. To delete interfaces and reset them to default:
Configuration of Devices
R1
R1(config)# no interface gi0/0.10
R1(config)# no interface gi0/0.20
R1(config)# no interface gi0/0.30
R1(config)# default interface gi0/0
Even though the interfaces have been deleted, they will remain here with a 'deleted' status unless we reload the router
SW2
Another command to use:
SW2# show interface status
SVI's
Pretty easy to configure:-
For a SVI to work a few pre-requisites must be enabled first. For example from the above SVI picture we added in another SVI: vlan 40 with IP address 40.40.40.40 255.255.255.0
The only issue here is that the interface is down - Why??
The VLAN must exist on the switch first
The switch must have at least one access port in the VLAN in an up/up state AND/OR one trunk port that allows the VLAN that is in the up/up state
The VLAN must not be shutdown (you can use the 'shutdown' command to disable a VLAN)
The SVI must not be shutdown (SVI's are disabled by default - just like router interfaces !!)
LAB3 - SVI's
R1#sh run
Building configuration...
Current configuration : 1169 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX152425PG-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.0.62 255.255.255.192
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.0.126 255.255.255.192
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.0.190 255.255.255.192
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 10.0.0.193
ip route 0.0.0.0 0.0.0.0 10.0.0.193
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip flow-export version 9
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
----------------------------------------------------------------------------
R1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.10 10.0.0.62 YES NVRAM up up
GigabitEthernet0/0.20 10.0.0.126 YES NVRAM up up
GigabitEthernet0/0.30 10.0.0.190 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/0 1.1.1.2 YES NVRAM up up
Vlan1 unassigned YES NVRAM administratively down down
R1#
-----------------------------------------------------------------------------
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet0/0/0
L 1.1.1.2/32 is directly connected, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.0.0.0/26 is directly connected, GigabitEthernet0/0.10
L 10.0.0.62/32 is directly connected, GigabitEthernet0/0.10
C 10.0.0.64/26 is directly connected, GigabitEthernet0/0.20
L 10.0.0.126/32 is directly connected, GigabitEthernet0/0.20
C 10.0.0.128/26 is directly connected, GigabitEthernet0/0.30
L 10.0.0.190/32 is directly connected, GigabitEthernet0/0.30
R1#
------------------------------------------------------------------------------
SW1#sh run
Building configuration...
Current configuration : 1370 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
no spanning-tree vlan 1-4094
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/5
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 10,30
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end
SW1#
------------------------------------------------------------------------------
SW1#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
10 VLAN0010 active Fa0/1, Fa0/2
30 VLAN0030 active Fa0/3, Fa0/4
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
------------------------------------------------------------------------------
SW1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig0/1 10,30
Port Vlans allowed and active in management domain
Gig0/1 10,30
Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 10,30
SW1#
----------------------------------------------------------------------------
SW2#sh run
Building configuration...
Current configuration : 1766 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
no ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 10,30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/5
switchport access vlan 10
switchport mode access
switchport nonegotiate
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
SW2#
*******************************************************************************
SW2#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gig1/0/6, Gig1/0/7, Gig1/0/8, Gig1/0/9
Gig1/0/10, Gig1/0/11, Gig1/0/12, Gig1/0/13
Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
Gig1/1/2, Gig1/1/3, Gig1/1/4
10 VLAN0010 active Gig1/0/4, Gig1/0/5
20 VLAN0020 active Gig1/0/3
30 VLAN0030 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
SW2#
******************************************************************************
******************************************************************************
SW2#sh int trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/1 on 802.1q trunking 1
Gig1/0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig1/0/1 10,30
Gig1/0/2 10,20,30
Port Vlans allowed and active in management domain
Gig1/0/1 10,30
Gig1/0/2 10,20,30
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 10,30
Gig1/0/2 10,20,30
SW2#
Steps Taken
R1
Remove sub-interfaces
Ser gi0/0 to default config
Added in gi0/0 new IP address - 10.0.0.194 255.255.255.252
SW2
sh run and see that had to add in the switchport trunk encapsulation dot1q (option for ISL)
remove trunk config from gi1/0/2 - set to default and remove encapsulation dot1q
set default route to R1 0.0.0.0 0.0.0.0 10.0.0.194
no switchport
enable L3 routing ' ip routing'
check if enabled
sh ip route - can see routing tab;e with 1 connected route and 1 local route1/0/2)
create SVI's
interface vlan 10
ip address 10.0.0.62 255.255.255.192
Commands Used:
show run | section interface
sh ip int brief
no interface gi0/0.10 etc
int gi0/0 ip address
ip routing
no switchport
sh ip route
There are 4 broadcast domains - which means there are 4 LAN's
Not an optimal design
SW2 Trunk Config Gi0/0 and Gi0/1
The second method of configuring the native VLAN on the physical interface gi0/0
Set a static default route to R1 connected to Internet
