Cisco: Configure Trunk Port & Native VLAN

Chapter 1.13

Chapter 2.1c

2.1 & 2.2 Configure and verify VLANs and interswitch connectivity

2.1 Configure and verify VLANs (normal range) spanning multiple switches 

  2.1.a Access ports (data and voice) 

  2.1.b Default VLAN

2.2 Configure and verify interswitch connectivity 

  2.2.a Trunk ports 

  2.2.b 802.1Q 

  2.2.c Native VLAN 

VLANs (Virtual Local Area Networks) are logical networks created within a physical network infrastructure. They allow segregation of network traffic by keeping different broadcast domains which improves performance, scalability and security.

The access VLANs can be configured on switch ports as data and voice. The following aspects are typically considered

Data VLAN:

The data VLAN is used for regular data traffic, such as internet access, file transfers, and accessing network resources. There can be multiple VLANs across many switches, traffic flowing in the same VLANs are able to communicate however data traffic between different VLANs can not talk to each other.

Voice VLAN:

The voice VLAN is specifically dedicated to carrying voice traffic for IP telephony systems, such as IP phones. It ensures the quality and reliability of voice communication and allows for the prioritization of voice packets over data packets.

Default VLAN:

In Cisco switches VLAN 1 is considered as the default VLAN, all the switch ports are assigned to VLAN 1. It is recommended that VLAN 1 should not be used for the data traffic, as it may posses a security risk.

The interswitch connectivity is achieved by connecting more switches in trunk, the following terms are important to know for interswitch connectivity.

Trunk Ports:

Trunk ports are used to carry traffic for multiple VLANs across a single link between switches. They allow for the transportation of VLAN-tagged frames between switches, enabling devices connected to different VLANs to communicate with each other. Trunk ports support the transmission of traffic from multiple VLANs simultaneously.

802.1Q:

802.1Q is an industry-standard protocol used for VLAN tagging. It adds a VLAN tag to Ethernet frames, allowing switches to identify which VLAN the frame belongs to when it traverses a trunk port. This tagging is crucial for switches to correctly forward frames to the appropriate VLANs across the network. 802.1Q tagging adds extra information to the Ethernet frame by inserting a 4-byte VLAN tag.

Native VLAN:

The native VLAN is the default VLAN for untagged traffic on a trunk port. When frames arrive on a trunk port without a VLAN tag, they are assumed to belong to the native VLAN. The native VLAN is typically used for management traffic or carries untagged frames, such as frames from devices that are not VLAN-aware. VLAN 1 is the native VLAN on Cisco switches by default. It is recommended to change it.

In summary, trunk ports enable the transportation of VLAN-tagged frames between switches, 802.1Q is the standard protocol used for VLAN tagging, and the native VLAN is the default VLAN for untagged traffic on trunk ports. 

Topology Diagram

Tasks

● Please note that the enable password is CISCO.

● To check the default value of the timer for dynamically learned MAC addresses on SW01, use the appropriate command.

 ✓ Modify the timer on SW01 to expire after 100 seconds of inactivity.

● Configure the interswitch links on SW02, SW03, and SW04 to function as 802.1q VLAN trunks using the following guidelines:

 ✓ Utilize the "interface range" command whenever possible to minimize repetitive configuration.

 ✓ Higher-numbered switches should initiate the process of dynamically forming trunks with lower-numbered switches.

 ✓ The trunk link shared by SW02 (E0/0) and SW03 (E0/1) should have VLAN-2 set as the Native VLAN.

 ✓ Configure all 802.1q VLAN trunks to only allow VLANs 1-5. Any additional VLANs added in the future should not be permitted on these trunks.

● Set VTP version-2 on all three switches as follows:

 ✓ VLANs manually configured on SW02 should be propagated to SW03 via VTP.

 ✓ SW04 should use a VTP mode that allows manual creation and deletion of VLANs but does not dynamically update other switches about changes to its VLAN database.

 ✓ Secure VTP with a password of "CISCO".

 ✓ Configure any other necessary parameters for VTP operation at your discretion.

 ✓ On SW04, configure VLANs 1-5 with the following names:

VLAN-2 = "Payroll"

VLAN-3 = "Engineering"

VLAN-4 = "Marketing"

VLAN-5 = "Executives"

  ✓ Configure the same VLANs with the same names on SW02 and verify that VTP has successfully propagated this information to SW03.

● Ensure that switchports connecting to routers or PCs cannot form VLAN trunks (except for E0/3 on SW03, which can be ignored for now). Refer to the table below for device names, switchports, and VLAN assignments:

Device Name           Switchport VLAN           Assignment

          SW02                     E0/1                          VLAN-2

          SW02                     E0/2                          VLAN-2

          SW03                     E1/0                          VLAN-3

          SW03                     E0/0                          VLAN-4

          SW04                     E0/1                          VLAN-5

● To confirm VLAN creation and port assignment on each switch, use the "show vlan brief" command.

Configuration and Verification

The MAC addresses are learned on the switches dynamically and switches keep these mac addresses in their mac tables for 300 seconds (aging time) by default. This can be checked on SW01 as follows.

SW01:

!

show mac address-table aging-time

!

The default value can be changed using the following command, as per task change it to 100 seconds, and verify it again using above command.

Configure all inter-switch links on SW02, SW03 and SW04 to operate as 802.1q trunks. SW04 and SW03 should initiate the process of dynamically forming trunks towards SW03 and SW02 respectively. 

SW04:

!

configure terminal

!

interface range E0/0, E0/2, E1/0-1

 switchport trunk encapsulation dot1q

 switchport mode dynamic desirable

 switchport trunk allowed vlan 1-5

!

end

!

write

!

SW03:

!

configure terminal

!

interface range E0/1

 switchport trunk encapsulation dot1q

 switchport mode dynamic desirable

 switchport trunk native vlan 2

!

interface range E0/1-2, E1/1

 switchport trunk allowed vlan 1-5

!

end

!

write

!

SW02:

!

configure terminal

!

interface range E0/0

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 2

!

interface range E0/0, E0/3, E1/0

 switchport trunk allowed vlan 1-5

!

end

!

write

!

Verify on SW02 and SW03, whether 802.1q trunks are forming between the switches SW02, SW03 and SW04 and native VLAN 2 is there between SW02 and SW03.

SW02:

SW03: