Cisco Networking/CCENT/VLANs

From Wikiversity
Jump to navigation Jump to search
CCENT
  1. Networking Models
  2. Ethernet LANs
  3. IP Addressing
  4. Subnetting
  5. Lab Setup
  6. IOS Basics
  7. Remote Management
  8. Network Services
  9. Static Routing
  10. Dynamic Routing
  11. Switching
  12. VLANs
  13. Security
  14. Access Control Lists
  15. Troubleshooting
Download Learning Guide

This lesson covers VLANs and VLAN routing.

Objectives and Skills[edit | edit source]

Objectives and skills for the VLANs portion of Cisco CCENT certification include:[1]

  • Describe how VLANs create logically separate networks and the need for routing between them
    • Explain network segmentation and basic traffic management concepts
  • Configure and verify VLANs
  • Configure and verify trunking on Cisco switches
    • DTP (topic)
    • Auto-negotiation
  • Configure and verify interVLAN routing (router on a stick)
    • Sub interfaces
    • Upstream routing
    • Encapsulation
  • Configure SVI interfaces.

Readings[edit | edit source]

  1. Wikipedia: Virtual LAN
  2. Wikipedia: VLAN Trunking Protocol
  3. Wikipedia: IEEE 802.1Q
  4. Wikipedia: Dynamic Trunking Protocol
  5. Wikipedia: Router on a stick
  6. Wikipedia: Switch virtual interface
  7. Cisco: LAN Switching and VLANs
  8. Cisco: EtherSwitch Network Module (ESW) Configuration Example

Multimedia[edit | edit source]

  1. YouTube: VLANs - CompTIA Network+ N10-005: 1.4
  2. YouTube: Configuring VLANs - CompTIA Network+ N10-005: 2.1
  3. YouTube: VLAN Trunking Protocol - CompTIA Network+ N10-005: 2.1
  4. YouTube: CCNA And CCNP Tutorial: VLAN Trunking Protocol (VTP)
  5. YouTube: Cisco Inter-VLAN Routing on a Stick
  6. YouTube: Switched Virtual Interfaces for Inter-VLAN Routing
  7. YouTube: 802.1Q and Trunking

Examples[edit | edit source]

Switch Configuration[edit | edit source]

vlan[edit | edit source]

To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.[2] 

vlan {<vlan-id> | <vlan-range>}
vlan 2

name[edit | edit source]

To name a VLAN on a switch, use the name command in VLAN configuration mode.[3] 

name sale

switchport mode[edit | edit source]

To set the interface type, use the switchport mode command in interface configuration mode.[4] 

switchport mode < access | trunk >
switchport mode access
switchport mode trunk

switchport access vlan[edit | edit source]

To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.[5] 

switchport access vlan <vlan-id>
switchport access vlan 2

switchport trunk[edit | edit source]

To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.[6] 

switchport trunk { native vlan <vlan-id> | allowed vlan <vlan-list> }
switchport trunk native vlan 10
switchport trunk allowed vlan 2-3, 10

show vlan[edit | edit source]

To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.[7] 

show vlan [brief | id <vlan-id> | name <name> [ifindex] | <ifindex>]
show vlan
show vlan brief
show vlan 2
show vlan sales

show interfaces switchport[edit | edit source]

To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.[8] 

show interfaces switchport

Command Sequence[edit | edit source]

A command sequence to configure a switch for VLAN switching might be similar to the following. 

enable
configure terminal
vlan 2 
name sales
vlan 3 
name r&d
exit

interface vlan 1
ip address 192.168.1.10 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1

interface fastethernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
interface range fastethernet1/1 - 2
switchport access vlan 2
interface range fastethernet1/3 - 4 
switchport access vlan 3
exit
exit

show vlan brief
show interface trunk
show interfaces switchport

EtherSwitch Router Configuration[edit | edit source]

vlan database[edit | edit source]

To enter VLAN configuration mode on a router with a switch module, use the vlan database command in privileged EXEC mode.[9] 

vlan database

vlan (VLAN)[edit | edit source]

To configure a specific VLAN, use the vlan command in VLAN configuration mode.[10] 

vlan <vlan-id> [name <vlan-name>]
vlan 2 name sales

show vlan-switch[edit | edit source]

To display VLAN information, use the show vlan-switch command in user EXEC or privileged EXEC mode.[11] 

show vlan-switch [brief | id <vlan> | name <name>]
show vlan-switch
show vlan-switch brief

show interface trunk[edit | edit source]

To display the interface-trunk information, use the show interface trunk command in user EXEC or privileged EXEC mode.[12] 

show interface [ interface <interface-number> ] trunk [ module <number> | vlan <vlan> ]
show interface trunk

Command Sequence[edit | edit source]

A command sequence to configure an EtherSwitch router for VLAN switching might be similar to the following. 

enable
vlan database
vlan 2 name sales
vlan 3 name r&d
exit

configure terminal
interface vlan 1
ip address 192.168.1.10 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1

interface fastethernet1/0
switchport mode trunk
interface range fastethernet1/1 - 2
switchport access vlan 2
interface range fastethernet1/3 - 4 
switchport access vlan 3
exit
exit

show vlan-switch brief
show interface trunk

Router Configuration[edit | edit source]

encapsulation dot1q[edit | edit source]

To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN, use the encapsulation dot1q command in interface range configuration mode or subinterface configuration mode.[13] 

encapsulation dot1q <vlan-id> [native]

show vlans[edit | edit source]

To display VLAN subinterfaces, use the show vlans command in privileged EXEC mode.[14] 

show vlan

Command Sequence[edit | edit source]

A command sequence to configure a router for VLAN routing might be similar to the following. 

enable
configure terminal

interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown

interface fastethernet0/0.2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0

interface fastethernet0/0.3
encapsulation dot1q 3
ip address 192.168.3.1 255.255.255.0

exit
exit

show ip interface brief
show vlans

Switch Virtual Interface Configuration[edit | edit source]

Command Sequence[edit | edit source]

A command sequence to configure switch virtual interface (SVI) VLAN routing might be similar to the following. 

enable
configure terminal

ip routing

interface vlan 2
ip address 192.168.2.1 255.255.255.0
no shutdown

interface vlan 3
ip address 192.168.3.1 255.255.255.0
no shutdown

exit
exit

show ip route

Activities[edit | edit source]

  1. Configure and test switching.
    1. Add an EtherSwitch router and four VPCS PCs to a new GNS3 project and start the devices.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> ESW1 FastEthernet1/1
      • PC2 Ethernet0 <-> ESW1 FastEthernet1/2
      • PC3 Ethernet0 <-> ESW1 FastEthernet1/3
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/4
    3. Set the following IP addresses and subnet masks.
      • ESW1 VLAN1: 192.168.1.10 255.255.255.0
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0
      • PC2 Ethernet0: 192.168.1.12 255.255.255.0
      • PC3 Ethernet0: 192.168.1.13 255.255.255.0
      • PC4 Ethernet0: 192.168.1.14 255.255.255.0
    4. Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
      • ping
  2. Configure and test VLAN switching.
    1. Using the project from above, create the following VLANs.
      • VLAN 2: sales, FastEthernet1/1, FastEthernet1/2
      • VLAN 3: r&d, FastEthernet1/3, FastEthernet1/4
    2. Open the console for the switch and practice using the following commands.
      • enable
      • vlan database
      • vlan
      • exit
      • configure terminal
      • interface
      • switchport access
    3. Verify the configuration using the following commands.
      • show running-config
      • show vlan-switch
    4. Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. Only connections on the same VLAN should be successful.
      • ping
  3. Configure and test VLAN routing.
    1. Add a router to the project from above and start the device.
    2. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> ESW1 FastEthernet1/0
    3. Set the following IP addresses, subnet masks, and default gateways for the switch and PCs.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/0.2: 192.168.2.1 255.255.255.0
      • R1 FastEthernet0/0.3: 192.168.3.1 255.255.255.0
      • ESW1 VLAN1: 192.168.1.10 255.255.255.0 192.168.1.1
      • PC1 Ethernet0: 192.168.2.11 255.255.255.0 192.168.2.1
      • PC2 Ethernet0: 192.168.2.12 255.255.255.0 192.168.2.1
      • PC3 Ethernet0: 192.168.3.13 255.255.255.0 192.168.3.1
      • PC4 Ethernet0: 192.168.3.14 255.255.255.0 192.168.3.1
    4. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • encapsulation
      • ip address
      • exit
    5. Verify the configuration using the following commands.
      • show ip interface brief
      • show vlans
    6. Open the console for the switch and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip address
      • ip default-gateway
      • switchport mode trunk
      • exit
    7. Verify the configuration using the following commands.
      • show vlan-switch
      • show interface trunk
    8. Test the configuration using the following commands on the router, switch, and the PCs. Test all router, switch, and PC addresses. All tests should be successful.
      • ping
      • trace
  4. Configure and test switch virtual interface (SVI) routing.
    1. Remove the router from the project above.
    2. Set the following IP addresses and subnet masks for the switch.
      • ESW1 VLAN2: 192.168.2.1 255.255.255.0
      • ESW1 VLAN3: 192.168.3.1 255.255.255.0
    3. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip address
      • exit
      • ip routing
    4. Verify the configuration using the following commands.
      • show ip route
    5. Test the configuration using the following commands on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
      • ping
      • trace

Lesson Summary[edit | edit source]

  • A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[15]
  • Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.[16]
  • VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.[17]
  • VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.[18]
  • IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.[19]
  • Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.[20]
  • A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.[21]
  • Switch port mode settings available are:[22]
    • Access - Puts the Ethernet port into permanent nontrunking mode.
    • Trunk - Puts the Ethernet port into permanent trunking mode.
    • Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
    • Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
    • Nonegotiate - Disables DTP.
  • Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.[23]
  • A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.[24]
  • A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.[25]
  • To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.[26]
  • To name a VLAN on a switch, use the name command in VLAN configuration mode.[27]
  • To set the interface type, use the switchport mode command in interface configuration mode.[28]
  • To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.[29]
  • To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.[30]
  • To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.[31]
  • To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.[32]

Key Terms[edit | edit source]

access interface
A network link carrying a single VLAN, without VLAN tagging.[33]
trunk interface
A network link with VLAN tagging, able to carry multiple VLANs.[34]
trunking administrative mode
The configured port trunking setting.[35]
trunking operational mode
The current trunking behavior of a given port after negotiating with the neighboring port.[36]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. A virtual LAN (VLAN) is _____.
    A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
  2. Managed switches can _____.
    Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.
  3. VLANs allow network administrators to _____.
    VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.
  4. VLAN Trunking Protocol (VTP) is _____.
    VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.
  5. IEEE 802.1Q is _____.
    IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
  6. Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is _____.
    Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
  7. A VLAN ID is added only if _____. If the frame is to be forwarded out a port configured as an access link, the _____.
    A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.
  8. Switch port mode settings available are:
    Switch port mode settings available are:

    Access - Puts the Ethernet port into permanent nontrunking mode.
    Trunk - Puts the Ethernet port into permanent trunking mode.
    Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
    Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
    Nonegotiate - Disables DTP.

  9. Dynamic Trunking Protocol (DTP) is _____.
    Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.
  10. A "router on a stick", is _____.
    A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.
  11. A switched virtual interface (SVI) is _____.
    A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.
  12. To add a VLAN and enter config-VLAN submode on a switch, use the _____ command in global configuration mode.
    To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.
  13. To name a VLAN on a switch, use the _____ command in VLAN configuration mode.
    To name a VLAN on a switch, use the name command in VLAN configuration mode.
  14. To set the interface type, use the _____ command in interface configuration mode.
    To set the interface type, use the switchport mode command in interface configuration mode.
  15. To set the VLAN when the interface is in access mode, use the _____ command in interface configuration or template configuration mode.
    To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.
  16. To set the trunk characteristics when the interface is in trunking mode, use the _____ command in interface configuration mode.
    To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.
  17. To display VLAN information on a switch, use the _____ command in privileged EXEC mode.
    To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.
  18. To display the administrative and operational status of a switching (nonrouting) port, use the _____ command in user EXEC or privileged EXEC mode.
    To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.

Assessments[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: IOS LAN Switching Command Reference
  3. Cisco: IOS LAN Switching Command Reference
  4. Cisco: IOS Interface and Hardware Component Command Reference
  5. Cisco: IOS Interface and Hardware Component Command Reference
  6. Cisco: IOS Interface and Hardware Component Command Reference
  7. Cisco: IOS LAN Switching Command Reference
  8. Cisco: IOS Interfaces and Hardware Component Command Reference
  9. Cisco: IOS LAN Switching Command Reference
  10. Cisco: IOS LAN Switching Command Reference
  11. Cisco: IOS LAN Switching Command Reference
  12. Cisco: IOS LAN Switching Command Reference
  13. Cisco: IOS LAN Switching Command Reference
  14. Cisco: IOS LAN Switching Command Reference
  15. Wikipedia: Virtual LAN
  16. Wikipedia: Virtual LAN
  17. Wikipedia: Virtual LAN
  18. Wikipedia: VLAN Trunking Protocol
  19. Wikipedia: IEEE 802.1Q
  20. Wikipedia: Virtual LAN
  21. Wikipedia: Virtual LAN
  22. Wikipedia: Dynamic Trunking Protocol
  23. Wikipedia: Dynamic Trunking Protocol
  24. Wikipedia: Router on a stick
  25. Wikipedia: Switch virtual interface
  26. Cisco: IOS LAN Switching Command Reference
  27. Cisco: IOS LAN Switching Command Reference
  28. Cisco: IOS Interface and Hardware Component Command Reference
  29. Cisco: IOS Interface and Hardware Component Command Reference
  30. Cisco: IOS Interface and Hardware Component Command Reference
  31. Cisco: IOS LAN Switching Command Reference
  32. Cisco: IOS Interfaces and Hardware Component Command Reference
  33. Wikipedia: Virtual LAN
  34. Wikipedia: Virtual LAN
  35. Wikipedia: Dynamic Trunking Protocol
  36. Wikipedia: Dynamic Trunking Protocol
Retrieved from "https://en.wikiversity.org/w/index.php?title=Cisco_Networking/CCENT/VLANs&oldid=2375549"