USD ($)
$
United States Dollar
India Rupee

Cisco: Configure Trunk Port & Native VLAN

Created by Deepak Sharma in CCNA 4 May 2024
Share

Chapter 1.13

Chapter 2.1c

2.1 & 2.2 Configure and verify VLANs and interswitch connectivity

2.1 Configure and verify VLANs (normal range) spanning multiple switches 

  2.1.a Access ports (data and voice) 

  2.1.b Default VLAN

2.2 Configure and verify interswitch connectivity 

  2.2.a Trunk ports 

  2.2.b 802.1Q 

  2.2.c Native VLAN 

VLANs (Virtual Local Area Networks) are logical networks created within a physical network infrastructure. They allow segregation of network traffic by keeping different broadcast domains which improves performance, scalability and security.

The access VLANs can be configured on switch ports as data and voice. The following aspects are typically considered

Data VLAN:

The data VLAN is used for regular data traffic, such as internet access, file transfers, and accessing network resources. There can be multiple VLANs across many switches, traffic flowing in the same VLANs are able to communicate however data traffic between different VLANs can not talk to each other.

Voice VLAN:

The voice VLAN is specifically dedicated to carrying voice traffic for IP telephony systems, such as IP phones. It ensures the quality and reliability of voice communication and allows for the prioritization of voice packets over data packets.

Default VLAN:

In Cisco switches VLAN 1 is considered as the default VLAN, all the switch ports are assigned to VLAN 1. It is recommended that VLAN 1 should not be used for the data traffic, as it may posses a security risk.

The interswitch connectivity is achieved by connecting more switches in trunk, the following terms are important to know for interswitch connectivity.

Trunk Ports:

Trunk ports are used to carry traffic for multiple VLANs across a single link between switches. They allow for the transportation of VLAN-tagged frames between switches, enabling devices connected to different VLANs to communicate with each other. Trunk ports support the transmission of traffic from multiple VLANs simultaneously.

802.1Q:

802.1Q is an industry-standard protocol used for VLAN tagging. It adds a VLAN tag to Ethernet frames, allowing switches to identify which VLAN the frame belongs to when it traverses a trunk port. This tagging is crucial for switches to correctly forward frames to the appropriate VLANs across the network. 802.1Q tagging adds extra information to the Ethernet frame by inserting a 4-byte VLAN tag.

Native VLAN:

The native VLAN is the default VLAN for untagged traffic on a trunk port. When frames arrive on a trunk port without a VLAN tag, they are assumed to belong to the native VLAN. The native VLAN is typically used for management traffic or carries untagged frames, such as frames from devices that are not VLAN-aware. VLAN 1 is the native VLAN on Cisco switches by default. It is recommended to change it.

In summary, trunk ports enable the transportation of VLAN-tagged frames between switches, 802.1Q is the standard protocol used for VLAN tagging, and the native VLAN is the default VLAN for untagged traffic on trunk ports. 

Topology Diagram


Tasks

● Please note that the enable password is CISCO.

● To check the default value of the timer for dynamically learned MAC addresses on SW01, use the appropriate command.

 ✓ Modify the timer on SW01 to expire after 100 seconds of inactivity.

● Configure the interswitch links on SW02, SW03, and SW04 to function as 802.1q VLAN trunks using the following guidelines:

 ✓ Utilize the "interface range" command whenever possible to minimize repetitive configuration.

 ✓ Higher-numbered switches should initiate the process of dynamically forming trunks with lower-numbered switches.

 ✓ The trunk link shared by SW02 (E0/0) and SW03 (E0/1) should have VLAN-2 set as the Native VLAN.

 ✓ Configure all 802.1q VLAN trunks to only allow VLANs 1-5. Any additional VLANs added in the future should not be permitted on these trunks.

● Set VTP version-2 on all three switches as follows:

 ✓ VLANs manually configured on SW02 should be propagated to SW03 via VTP.

 ✓ SW04 should use a VTP mode that allows manual creation and deletion of VLANs but does not dynamically update other switches about changes to its VLAN database.

 ✓ Secure VTP with a password of "CISCO".

 ✓ Configure any other necessary parameters for VTP operation at your discretion.

 ✓ On SW04, configure VLANs 1-5 with the following names:

VLAN-2 = "Payroll"

VLAN-3 = "Engineering"

VLAN-4 = "Marketing"

VLAN-5 = "Executives"

  ✓ Configure the same VLANs with the same names on SW02 and verify that VTP has successfully propagated this information to SW03.

● Ensure that switchports connecting to routers or PCs cannot form VLAN trunks (except for E0/3 on SW03, which can be ignored for now). Refer to the table below for device names, switchports, and VLAN assignments:

Device Name           Switchport VLAN           Assignment

          SW02                     E0/1                          VLAN-2

          SW02                     E0/2                          VLAN-2

          SW03                     E1/0                          VLAN-3

          SW03                     E0/0                          VLAN-4

          SW04                     E0/1                          VLAN-5

● To confirm VLAN creation and port assignment on each switch, use the "show vlan brief" command.


Configuration and Verification

The MAC addresses are learned on the switches dynamically and switches keep these mac addresses in their mac tables for 300 seconds (aging time) by default. This can be checked on SW01 as follows.

SW01:

!

show mac address-table aging-time

!


The default value can be changed using the following command, as per task change it to 100 seconds, and verify it again using above command.


Configure all inter-switch links on SW02, SW03 and SW04 to operate as 802.1q trunks. SW04 and SW03 should initiate the process of dynamically forming trunks towards SW03 and SW02 respectively. 

SW04:

!

configure terminal

!

interface range E0/0, E0/2, E1/0-1

 switchport trunk encapsulation dot1q

 switchport mode dynamic desirable

 switchport trunk allowed vlan 1-5

!

end

!

write

!


SW03:

!

configure terminal

!

interface range E0/1

 switchport trunk encapsulation dot1q

 switchport mode dynamic desirable

 switchport trunk native vlan 2

!

interface range E0/1-2, E1/1

 switchport trunk allowed vlan 1-5

!

end

!

write

!


SW02:

!

configure terminal

!

interface range E0/0

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

!

interface range E0/0, E0/3, E1/0

 switchport trunk allowed vlan 1-5

!

end

!

write

!


Verify on SW02 and SW03, whether 802.1q trunks are forming between the switches SW02, SW03 and SW04 and native VLAN 2 is there between SW02 and SW03.

SW02:


SW03:



Configure VLANs 1-5 using VTP version 2 on SW02, SW03 and SW04. SW02 is VTP server which allows to create VLANs manually and propagate to SW03. SW04 is VTP transparent, it allows creation of VLANs but does not dynamically update other switches.

Keep VTP password and VLANs names as per given in the task. Also assign switchport to their respective VLANs connected to routers or PCs as per the table given in the task.

SW02, SW03 and SW04
!
configure terminal
!
vtp version 2
!
write
!

SW04:
!
configure terminal
!

vtp domain CISCO
vtp mode transparent 
vtp version 2
vtp password CISCO
!
vlan 2
 name Payroll
vlan 3
 name Engineering
vlan 4
 name Marketing
vlan 5
 name Executives
!
interface E0/1
 switchport access vlan 5
 switchport mode access
!
end
!
write
!


SW03:
!
configure terminal
!
vtp domain CISCO
vtp mode client
vtp version 2 
vtp password CISCO
!
interface E0/0
 switchport access vlan 3
 switchport mode access
!
interface E1/0
 switchport access vlan 4
 switchport mode access
!
end
!
write
!


SW02:
!
configure terminal
!
vtp domain CISCO
vtp mode server
vtp version 2 
vtp password CISCO
!
vlan 2
 name Payroll
vlan 3
 name Engineering
vlan 4
 name Marketing
vlan 5
 name Executives
!
interface range E0/1, E0/2
 switchport access vlan 2
 switchport mode access
!
end
!
write
!


Check on SW03 (VTP client) if VLANs have been propagated in its database from SW02 (VP server) and SW02's access ports are assigned to VLAN 2.

SW03:


In the output above all vlans are propagated on SW03, it is also showing VTP domain and VTP version correctly. However, there is a MD5 digest checksum mismatch message appearing, this can be removed by flapping (shut then no shut) the trunk ports, or you can simply ignore them.

Check on SW02 and SW04 if VLANs are created and ports are assigned in correct VLANs.

SW02:


SW04:


Don't Miss to Checkout our Next Articles

Configuring Cisco Port Channels: Step-by-Step Guide

Understanding Spanning Tree: Cisco Rapid PVST



Other Popular & Useful Articles

MAC Address Flooding: Understanding

Automate Saving Configuration & Executing Backup Script


Deepak Sharma

He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...

More... | Author`s Bog | Book a Meeting

Comments (0)

Share

Share this post with others

Contact learning advisor

New Cisco ACI Training Live Batch Starts June 15th!
New Cisco ACI Training Live Batch Starts June 15th!
Advance your career? Don't miss out on our Cisco Application Centric Infrastructure (ACI) training ...
Enroll Now