• No results found

VLAN Links

In document Cisco CCNA Simplified, 4th Edition_2 (Page 193-199)

You have seen that a switch can have multiple VLANs and the same VLAN can span across multiple switches. In fact, this is one of the main benefits of using switches. So how does this affect traffic from one switch to another? Looking at Figure 2.9 above, If the host in VLAN 3 on Floor 1 needs to communicate with another host on a different VLAN on Switch 2 (on Floor 2), how does Switch 1 send the message to Switch 2 without losing the VLAN information? This is accomplished using a mechanism called VLAN tagging.

The switch tags the frame with a header that contains the VLAN ID. Referring to Figure 2.9, Switch 1 tags frames from VLAN 3 with VLAN ID3 before sending them on to Switch 2. Once Switch 2 sees the tags, it knows that the frames should be kept within that VLAN.

There are two kinds of layer 2 links on a switch:

Access links Trunk links Access Links

A switch port that is defined as a member of one VLAN is referred to as an access link.

When a frame is received on an access link, it is tagged with its VLAN ID. The switch strips the tag of this frame at the destination before sending it on to the recipient host, so the process is transparent to the end device.

Access links are used to connect to hosts. Most ports on a switch are already set as access links, but you can hard set a port to be an access or trunk link and this is a common policy in commercial networks. I have shortened some of the commands below, which is common for network engineers to do:

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int f0/1

Switch(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access/trunk mode trunk Set trunking mode to TRUNK unconditionally

The dynamic setting allows the port to determine whether it should become an access or trunk link depending on the device it’s connected to. You won’t be able to leave the port in dynamic mode if you want to add port security, which we will look at later.

Trunk Links

A trunk link is used to carry traffic from multiple VLANs at the same time. Frames sent across a trunk link are tagged so they can be identified at the remote end. A trunk link can also be used to carry traffic between:

Two switches

A switch and a router A switch and a server

Trunk links are needed to forward traffic from multiple VLANs. Although you can use access links to connect two switches together, all the traffic from that access link would be treated as being in a single VLAN, which is configured on the port.

When multiple switches are connected using trunk links and they share information from the same VLANs, they are collectively called a Switch Fabric.

The protocol that is used for tagging VLANs on frames in a trunk link on Cisco switches is called the 802.1Q protocol.

802.1Q

802.1Q was created by the IEEE as a standard for tagging frames. 802.1Q works by inserting a 4-byte VLAN header into the original header of the Ethernet frame between the source MAC address and the Type/Length field. This 4-byte tag includes some information (including the VLAN ID of the frame).

Since 802.1Q is an IEEE standard, you can use it if you were connecting a trunk link between a Cisco switch and a non-Cisco switch. You can see 802.1Q frame tagging in action in the Wireshark capture below. Can you see the VLAN ID?

FIG 2.10 – Frame tagging

On a Cisco 3650 Multilayer Switch, the encapsulation command is still available.

Previously, you could choose either 802.1Q or ISL encapsulation. On modern Cisco switches you will still see the encapsulation option but only 802.1Q is available:

3650Switch(config-if)#switchport trunk encapsulation ?

dot1q Interface uses only 802.1q trunking encapsulation when trunking If you had a 3550 model, you would also see ISL and negotiate as options.

3550Switch(config-if)#switchport trunk encapsulation ?

dot1q Interface uses only 802.1q trunking encapsulation when trunking isl Interface uses only ISL trunking encapsulation when trunking

negotiate Device will negotiate trunking encapsulation with peer on

On the 2960 Switch, the encapsulation command is not available, only 802.1Q is available (you will be tested on this in the CCNA exam) :

Switch(config-if)#switchport trunk ?

allowed Set allowed VLAN characteristics when interface in trunking mode native Set trunking native characteristics when interface in trunking mode

Figure 2.11 illustrates the tag being inserted into the frame. When this is done the FCS (frame check sequence) must also be recalculated.

FIG 2.11 – Frames tagged and tags removed

All frames using 802.1Q are tagged with VLAN information. The exception to this is the native VLAN, which by default is VLAN 1. All frames inside the native VLAN remain untagged.

The native VLAN is nothing more than a default VLAN, given that any port in a (Cisco) switch has to be assigned to one VLAN. By default all ports belong to VLAN 1, or the native VLAN. You will learn how to change the native VLAN later.

In order for a trunk link to form, the native VLAN must match on both sides of the link.

Although many study guides specify that the link must be at least 100 Mbps, you can actually create an 802.1Q trunk link over a 10 Mbps connection.

Trunk Links Continued

As a network engineer, you will want to know the settings of a switch port and how it

Switch 1 Switch 2 Is a Trunk Formed?

On On Yes

On Auto Yes (only one side

passive)

Auto Auto No (both sides are

passive)

Desirable Desirable Yes

Desirable Auto Yes

Desirable On Yes

will form a trunk link with its neighbor because you may want it to become a certain port type rather than let the switch decide. This actually depends on the port mode. The possible modes are listed below:

On – The port is configured as a trunk with the switchport mode trunk

command. The connected device has to agree to also be a trunk; otherwise, the link will not work properly.

Off – The port will not function as a trunk, regardless of what is configured at the remote end.

Auto – The port is willing to be a trunk but will not initiate the negotiation, as the remote side has to initiate the negotiation. If both sides are set to auto, a trunk will not be formed.

Desirable – The port is willing to become a trunk and will initiate the negotiation. If the remote side is desirable or auto, a trunk is formed.

No-negotiate – Negotiation is disabled with the switchport nonegotiate command. The port has to be configured as a trunk or access link.

You must be familiar with all of the outcomes in Table 2-1 below for the exam:

Table 2-1: Trunk links

We will cover how to configure the trunk links above shortly, but for now you can use the command below to see your default settings because these differ from model to

Switch 1 Switch 2 Result

Trunking Native Mode VLAN: 1 (default)

In order to negotiate trunking, switches use Dynamic Trunking Protocol (DTP), which used to be in the CCNP SWITCH syllabus but is also in the CCNA syllabus now.

In document Cisco CCNA Simplified, 4th Edition_2 (Page 193-199)