Jeremy’s IT Lab lecture video:
Commands
Commands List
VLAN Show Commands
4. VLANs
Link to original
- show vlan
- show vlan brief
-->Shows a brief list of VLANs and the access ports that are using themVLAN Interface Commands
Switchport
1. General
- switchport mode type { access
/trunk/dynamic auto/dynamic desirable }-->Configures the switchport type for VLANs- switchport nonegotiate
-->Disables Dynamic Trunking Protocol (DTP) requests between switches (setting the switch to access mode does the same thing)2. Access Ports
- switchport access vlan vlan-id
-->Changes the access port’s VLAN to the specified VLAN ID- switchport voice vlan vlan-id
-->Assigns VOIP (Voice over IP) traffic to be tagged with a specific VLAN ID (Done while the switchport is in access mode)3. Trunk Ports
Link to original
- switchport trunk encapsulation mode {auto
/negotiate/dot1q/isl}- switchport trunk allowed vlan argument {vlan-id
/add vlan-id/remove vlan-id/all/none/except vlan-id}
(Multiple VLANs can be used inadd,removeandexceptby putting a comma in between the vlan-IDs)- switchport trunk native vlan vlan-id
ROAS Commands
Sub-interface / ROAS
Link to original
- interface interface/id.sub-interface-id
-->Initialize a sub-interface
- Ex: interface G0/0.10
- encapsulation dot1q vlan-id
-->Set the sub-interface’s VLAN- encapsulation dot1q vlan-id native
-->Sets the native VLAN for the sub-interface- ip address ip-address netmask
-->Sets the IP address on the virtual sub-interface
Trunk Ports
Reminder
Link to original
- A trunk port carries traffic from multiple VLANs. Traffic is tagged on this interface except if the data is being sent on the native VLAN.
VLAN Tagging
There are two main trunking protocols:
- ISL (Inter-Switch Link):
- ISL is an old Cisco proprietary protocol, created before IEEE 802.1Q
- IEEE 802.1Q (dot1q):
- 802.1Q (dot1q) is an industry standard protocol.
802.1Q Tag
/ATCH-Screenshot-031_Free-CCNA-|-VLANs-(Part-2)-|-Day-17-|-CCNA-200-301-Complete-Course-T00.08.42.667-F15680---Day-17---VLANs-(2).webp)
Dot1Q Tag Properties
- The 802.1Q tag is inserted between the Source and the Type/Length fields of the Ethernet frame.
- 4 bytes (32 bits) in length.
Consists of Two Main Fields
- Tag Protocol Identifier (TPID) - (16 bits)
- Always has a hex value of 0x8100, This indicates the frame is Dot1Q tagged.
- Tag Control Information (TCI) - (16 bits total)
- Priority Code Point (PCP) - (3 bits)
- Used for CoS (Class of Service) to prioritize traffic.
- Drop Eligible Indicator (DEI) - (1 bit)
- Used to indicate frames that can be dropped during network congestion.
- VLAN Identifier (VID) - (12 bits)
- Identifies the VLAN the frame belongs to.
- 212 = 4096 possible VLANs, with a range of 0 - 4095
- VLANs 0 and 4095 are reserved and cannot be used, therefore, the actual range is 1 - 4094
- Priority Code Point (PCP) - (3 bits)
/ATCH-Screenshot-031_Free-CCNA-|-VLANs-(Part-2)-|-Day-17-|-CCNA-200-301-Complete-Course-T00.12.12.434-F21973---Day-17---VLANs-(2).webp)
VLAN Ranges
The range of VLANs (1 - 4094) is divided into two sections:
- Normal VLANs: (1 - 1005)
- Extended VLANs: (1006 - 4094)
Native VLAN
802.1Q has a feature called Native VLAN (Not available on ISL)
Where the switch:
- Doesn’t add a Dot1Q tag to frames in the native VLAN.
- Assumes untagged traffic on a trunk port belongs to the native VLAN.
The Native VLAN by default is VLAN 1.
Switches will discard tagged frames that match the native VLAN.
Example: Native VLAN discarding
- If the native VLAN on SW1 is VLAN 30, and the switch receives a frame tagged with VLAN 30 as well, it’ll discard it and assume it to be an error, as VLAN 30 traffic is supposed to be untagged when sent on that VLAN.
Watch out: Native VLAN configuration
It is important that the native VLAN matches between switches.
Show command tip:
The
show vlan briefcommand shows the access ports assigned to each VLAN, not the trunk ports that allow each VLAN.
Use theshow interfaces trunkcommand instead to confirm trunk ports.
Router on a Stick (ROAS)
Instead of connecting multiple interfaces between a router and a switch in order to route between VLANs, we can connect the router and the switch with 1 connection and split the router’s physical port into logical sub-interfaces.
So, ROAS is used to route between multiple VLANs using a single interface on the router and switch.
The switch interface is configured as a regular trunk, while the router interface is split into sub-interfaces each with their own VLAN tag and IP address.
- The router will behave as if frames arriving with a certain VLAN tag have arrived on the sub-interface configured with the aforementioned VLAN tag.
- The router will also tag frames leaving that sub-interface with the VLAN tag configured on it.