Free CCNA | VLANs (Part 2) | Day 17 | CCNA 200-301 Complete Course

Welcome to Jeremy’s IT Lab

This section introduces the course and discusses the topic of VLANs.

Introduction to VLANs

• VLANs are Virtual Local Area Networks.

• They allow for logical segmentation of a network.

• VLANs can be used to group devices together based on factors such as department or function.

Trunk Ports

• Trunk ports carry traffic from multiple VLANs on a single interface.

• They are used to connect switches together and allow for communication between different VLANs.

Purpose of Trunk Ports

• Trunk ports enable the transfer of traffic between VLANs.

• They are essential for inter-VLAN routing and efficient network communication.

802.1Q Encapsulation

• 802.1Q encapsulation is an additional tag added to an Ethernet frame.

• It is used to identify which VLAN the traffic belongs to on a trunk port.

Trunk Port Configuration

• Configuring trunk ports involves learning a few additional commands.

• It is not overly complicated and allows for efficient network management.

Router on a Stick

• "Router on a stick" is an alternative method for performing inter-VLAN routing.

• It provides a more efficient way of routing traffic between different VLANs using a single router interface.

Network Topology

This section discusses different network topologies involving multiple switches and how they impact VLAN configurations.

Network Topology with Multiple Switches

• In this lesson, two switches are used in the network topology.

• The engineering department's VLAN is split between the two switches, which is common in real-world scenarios where departments may not be physically located together.

Inter-Switch Links

• Links between switches are necessary for enabling communication between devices in different VLANs.

• Each switch needs to have connections in the respective VLANs it serves.

Inter-VLAN Routing

• Inter-VLAN routing is performed by the router.

• Even without a direct VLAN connection between switches, inter-VLAN communication is possible through the router's routing capabilities.

Trunk Ports and VLAN Tagging

This section explains how trunk ports work and how VLAN tagging allows for proper identification of traffic belonging to specific VLANs.

Trunk Ports and Traffic Carrying

• Trunk ports carry traffic from multiple VLANs over a single interface.

• They are different from access ports, which belong to a single VLAN only.

Understanding Trunk Port Configuration

• A single physical connection can carry traffic from multiple VLANs using trunk ports.

• Each trunk port has specific allowed VLANs that can pass through it.

VLAN Tagging

• Switches tag frames sent over trunk links with information about the corresponding VLAN.

• This allows receiving switches to correctly identify which VLAN the frame belongs to.

Conclusion

The conclusion summarizes the importance of trunk ports and their role in facilitating efficient network communication across multiple VLANs.

Importance of Trunk Ports

• Trunk ports enable efficient utilization of network interfaces by carrying traffic from multiple VLANs.

• They are essential when dealing with networks that have numerous VLANs, preventing wasted interfaces on routers.

802.1Q and Dot1q

This section provides an overview of 802.1Q and Dot1q, explaining their significance and differences.

Introduction to 802.1Q and Dot1q

• : An industry standard protocol created by the IEEE for VLAN tagging.

• Dot1q: A specific implementation of 802.1Q used in Ethernet networks.

• ISL (Inter-Switch Link) is another VLAN tagging protocol but is not commonly used in modern networks.

Understanding Dot1q Tagging

• Dot1q for CCNA: While it's important to know about ISL, focus on learning dot1q for the CCNA exam.

• Ethernet Header and Trailer: The dot1q tag is inserted between two fields of the Ethernet header.

• Position of Dot1q Tag: The dot1q tag is inserted between the source MAC address and the type or length fields of the Ethernet header.

Fields of the Dot1q Tag

• Tag Protocol Identifier (TPID): The first field in the dot1q tag, always set to a value of 0x8100, indicating a dot1q-tagged frame.

• Tag Control Information (TCI): Consists of three sub-fields: PCP, DEI, and VID.

• PCP (Priority Code Point): A 3-bit field used for Class of Service (CoS) to prioritize traffic in congested networks.

• DEI (Drop Eligible Indicator): A single bit field indicating frames that can be dropped in congested networks.

• VID (VLAN ID): A 12-bit field that identifies the VLAN to which the frame belongs. The range of usable VLANs is 1 to 4094.

Additional Information

• VLAN Ranges: The VLAN range is divided into "normal VLANs" (1-1005) and "extended VLANs" (1006-4094).

• Native VLAN: Dot1q has a feature called the Native VLAN, which is VLAN 1 by default on trunk ports.

Dot1q Tag Fields

This section provides a detailed explanation of each field in the dot1q tag.

TPID Field

• TPID Field Overview: The TPID field is always set to a value of 0x8100, indicating a dot1q-tagged frame.

TCI Fields

• TCI Field Overview: The TCI consists of three sub-fields: PCP, DEI, and VID.

• PCP (Priority Code Point): A 3-bit field used for Class of Service (CoS) to prioritize traffic in congested networks.

• DEI (Drop Eligible Indicator): A single bit field indicating frames that can be dropped in congested networks.

• VID (VLAN ID): A 12-bit field that identifies the VLAN to which the frame belongs.

Conclusion

These notes provide an overview of 802.1Q and Dot1q protocols, their significance, and an explanation of each field in the dot1q tag. Understanding these concepts is important for networking professionals preparing for the CCNA exam or working with VLANs in real-world scenarios.

Understanding Native VLAN Mismatch on Trunk Ports

In this section, we learn about the behavior of a receiving switch when it receives an untagged frame on a trunk port and the importance of matching native VLANs between switches.

Receiving Untagged Frames on Trunk Ports

• When a switch receives an untagged frame on a trunk port, it assumes the frame belongs to the native VLAN.

• It is crucial to ensure that the native VLAN matches between switches to avoid potential problems.

• Switches will still forward traffic even with a native VLAN mismatch, but issues may occur.

Example of Native VLAN Mismatch

• If there is a native VLAN mismatch configuration between switches, problems can arise.

• The receiving switch will assume that an untagged frame belongs to its configured native VLAN.

• If the destination is in a different VLAN than what the receiving switch assumes, it won't forward the frame.

Importance of Matching Native VLANs

This section highlights another reason why matching native VLANs is important and discusses how mismatches can lead to dropped frames.

Consequences of Native VLAN Mismatch

• A PC in one VLAN trying to reach a PC in another VLAN can result in dropped frames if there is a native VLAN mismatch.

• When a tagged frame arrives at a switch with an incorrect native VLAN configuration, it will discard the frame instead of forwarding it.

Configuring Trunk Ports Manually

This section focuses on manually configuring trunk ports and explains how to set up encapsulation for trunk interfaces.

Manual Configuration as Trunk

• To manually configure an interface as a trunk port, use the command SWITCHPORT MODE TRUNK.

• Some switches may require setting the encapsulation type before configuring the interface as a trunk.

Setting Trunk Encapsulation

• Use the command SWITCHPORT TRUNK ENCAPSULATION to set the encapsulation type.

• Options for encapsulation include dot1q, isl, and negotiate (AUTO mode).

Viewing Trunk Port Configuration

This section explains how to view and verify trunk port configuration using the SHOW INTERFACES TRUNK command.

Viewing Trunk Port Configuration

• Use the command SHOW INTERFACES TRUNK to view trunk port details.

• The output displays information such as trunk interfaces, mode (on), encapsulation type, status (trunking), native VLAN, and allowed VLANs on the trunk.

Configuring Allowed VLANs on a Trunk

This section covers how to configure which VLANs are allowed on a trunk port.

Limiting VLANs on a Trunk

• By default, all VLANs from 1 to 4094 are allowed on a trunk.

• For security purposes, it may be necessary to limit which VLANs can be forwarded on a trunk.

• Use the command SWITCHPORT TRUNK ALLOWED VLAN followed by options to configure allowed VLANs on a trunk.

Adding Allowed VLANs to the Existing List

In this section, the speaker explains how to add allowed VLANs to the existing list on a switch.

Adding VLAN 20 to the Allowed List

• Use the command SWITCHPORT TRUNK ALLOWED VLAN ADD 20 to add VLAN 20 to the allowed list.

• The SHOW INTERFACES TRUNK command confirms that VLANs 10, 20, and 30 are now allowed on the trunk.

Removing VLAN 20 from the Allowed List

• Use the command SWITCHPORT TRUNK ALLOWED VLAN REMOVE 20 to remove VLAN 20 from the allowed list.

• The SHOW INTERFACES TRUNK command confirms that only VLANs 10 and 30 are now allowed on the trunk.

Allowing All VLANs on the Trunk

• Use the command SWITCHPORT TRUNK ALLOWED VLAN ALL to allow all VLANs on the trunk.

• This is equivalent to the default state where all VLANs are allowed.

Allowing All VLANS Except Specified Ones

• Use the command SWITCHPORT TRUNK ALLOWED VLAN EXCEPT 1 TO 5,10 to allow all VLANS except those specified (6 to 9 and 11 to 4094).

Disallowing All VLANS on the Trunk

• Use the command SWITCHPORT TRUNK ALLOWED VLAN NONE to disallow all VLANS on the trunk.

• This effectively blocks any traffic from passing over it.

Configuring Allowed VLANS for Network Security and Performance

In this section, network security and performance considerations related to configuring allowed VLANS are discussed.

Setting Allowed VLANS for SW1

• Configure SW1's trunk to allow only VLANs 10 and 30, as no hosts in VLAN20 are connected.

• This ensures that only necessary VLAN traffic can use the trunk connection and avoids unnecessary broadcast traffic.

Changing the Native VLAN

• For security purposes, it is recommended to change the native VLAN to an unused VLAN.

• Use the command SWITCHPORT TRUNK NATIVE VLAN <VLAN number> to change the native VLAN.

• Ensure that the native VLAN matches between switches for proper communication.

Viewing Trunk Ports and Access Ports

This section explains how to view trunk ports and access ports on a switch.

Differentiating Between Trunk Ports and Access Ports

• The SHOW INTERFACES TRUNK command confirms trunk ports on a switch.

• The SHOW VLAN BRIEF command shows access ports assigned to each VLAN, not trunk ports.

Configuring Allowed VLANS for SW2

This section focuses on configuring allowed VLANS for SW2.

Configuring G0/0 Interface on SW2

• Configure SW2's G0/0 interface to allow VLANS 10 and 30, similar to SW1's configuration.

Configuring G0/1 Interface on SW2

• Configure SW2's G0/1 interface to allow VLANS 10, 20, and 30.

• These configurations are displayed in the output of the SHOW INTERFACES TRUNK command.

Router-on-a-Stick (ROAS) Configuration

This section introduces router-on-a-stick (ROAS) configuration using subinterfaces on R1.

Using Subinterfaces for Inter-VLAN Routing

• When using a single physical connection between a router and a switch, subinterfaces are used for inter-VLAN routing.

• The physical interface G0/0 on R1 is divided into three logical subinterfaces: G0/0.10 for VLAN10, G0/0.20 for VLAN20, and G0/0.30 for VLAN30.

Summary of Switch Configurations

This section provides a summary of the switch configurations covered in the lesson.

Recap of Switch Configurations

• SW1's trunk allows only VLANS 10 and 30.

• SW2's G0/0 interface allows VLANS 10 and 30.

• SW2's G0/1 interface allows VLANS 10, 20, and 30.

• The SHOW INTERFACES TRUNK command confirms these configurations.

Router Configuration Considerations

• Due to using a single physical connection between SW2 and R1, subinterfaces are used on R1 for inter-VLAN routing.

• Each subinterface corresponds to a specific VLAN (VLAN10, VLAN20, and VLAN30).

New Section

In this section, the speaker discusses the configurations for router interfaces and subinterfaces, including enabling the interface, assigning VLAN numbers, encapsulation, and assigning IP addresses.

Configuring Router Interfaces and Subinterfaces

• To enable a router interface, use the command no shutdown.

• Subinterfaces can be configured on a router interface to handle multiple VLANs.

• The subinterface number does not have to match the VLAN number but it is recommended for easier understanding.

• Use the command ENCAPSULATION DOT1Q followed by the VLAN number to specify how frames with that VLAN tag should be treated.

• Frames arriving with a specified VLAN tag will be treated as if they arrived on the corresponding subinterface.

• Use the encapsulation dot1q command to assign an IP address to each subinterface.

New Section

In this section, the speaker explains how to verify the configuration of subinterfaces using the SHOW IP INTERFACE BRIEF command. They also discuss routing tables and how frames are tagged when sent out of subinterfaces.

Verifying Subinterface Configuration

• Use the SHOW IP INTERFACE BRIEF command to view all configured subinterfaces along with their assigned IP addresses.

• The physical interface itself may not have an assigned IP address.

• Connected and local routes are added in the routing table when IP addresses are assigned to regular physical interfaces or subinterfaces.

Tagging Frames Sent from Subinterfaces

• When frames are sent out of subinterfaces, they are tagged with the VLAN tag configured on that specific subinterface.

• This tagging allows for proper routing between different VLANs using a single physical interface on both routers and switches.

New Section

In this section, the speaker explains how interVLAN routing works using subinterfaces. They provide an example of a PC in one VLAN trying to reach a PC in another VLAN.

InterVLAN Routing with Subinterfaces

• InterVLAN routing can be achieved by configuring subinterfaces on a router.

• Frames are tagged with the appropriate VLAN tag when sent from one VLAN to another.

• The router receives the frame on the corresponding subinterface and forwards it based on the destination subnet.

• Switches also play a role in forwarding frames between VLANs over trunks.

New Section

In this section, the speaker summarizes the key points covered in the video, including trunk ports, 802.1Q encapsulation, and router-on-a-stick configuration.

Summary of Key Points

• Trunk ports allow traffic from multiple VLANs to be carried over a single physical interface on switches.

• 802.1Q encapsulation is used to identify which VLAN a frame belongs to when sent over a trunk port.

• Router-on-a-stick involves configuring multiple subinterfaces on a single physical interface of a router for routing between different VLANs and subnets.

• Frames are tagged with the appropriate VLAN tag when sent out of each subinterface.

New Section

In this section, the speaker presents two quiz questions related to trunk port configuration.

Quiz Questions

1. To configure SW1 to send untagged frames from VLAN10 over its GigabitEthernet0/1 interface (a trunk), use the command switchport trunk native vlan 10.

2. To return a modified trunk interface back to its default state, use the appropriate command (not mentioned in transcript).

The answer for question 2 is not provided in the transcript.

New Section

This section discusses default VLANs on a Cisco switch and how to configure trunk ports.

Configuring Trunk Ports

• To configure an interface on a Cisco switch as a trunk port, the command switchport mode trunk is used.

• If the command is rejected, the command switchport trunk encapsulation dot1q can fix the issue.

802.1Q Tag

• The field of the 802.1Q tag that identifies the VLAN ID of the frame is called VID (VLAN ID). It is 12 bits long and represents the VLAN number.

• TPID (Tag Protocol Identifier) uses a hexadecimal value of 8100 to identify the frame as 802.1Q-tagged.

• PCP (Priority Code Point) is used for class of service, not to tag the VLAN ID.

• VLN (Virtual LAN Number) is not a real field of the 802.1Q tag.

Troubleshooting Trunk Configuration

• If a configured VLAN does not exist on the switch, it will not appear in the "Vlans allowed and active in management domain" section of the show interfaces trunk command output.

New Section

This section provides additional information about configuring trunks and concludes with acknowledgments.

Additional Information on Trunks

• On Cisco switches that support both 802.1Q and ISL encapsulations for trunk ports, manually specifying SWITCHPORT TRUNK ENCAPSULATION DOT1Q sets the encapsulation type to dot1q.

• ISL encapsulation can also be used but is rarely used nowadays.

Acknowledgments

• The video acknowledges JCNP-level channel members and expresses gratitude to Boson Software for their practice exams and network simulator.

New Section

This section mentions supplementary materials available for further learning.

Supplementary Materials

• Flashcards for use with the software ANKI are provided to help remember concepts learned in the video.

• A separate video will include a packet tracer practice lab for practicing the configurations covered in the video.

New Section

This section concludes the video.

Conclusion

• The video concludes by thanking viewers for watching and mentioning the availability of supplementary materials.