Back to Dashboard
Module 6
VLANs and Trunking
β Previous Module
Next Module β
# π CCNA 200-301 - Video 6: VLANs and Trunking ## Deep Study Notes --- ## π Learning Objectives By the end of this video, you should understand: - What VLANs are and why they are used - VLAN types and configuration - How trunking works (802.1Q) - Native VLAN concept - VLAN tagging process - Inter-VLAN routing basics --- ## π§ Core Concepts ### 1. What is a VLAN? **Definition:** A Virtual Local Area Network (VLAN) is a logical grouping of devices that can communicate as if they were on the same physical network, regardless of their physical location. **Analogy:** Think of a VLAN like grouping students in a large school by grade level, even though they sit in different classrooms. The physical building (switch) is the same, but the logical groups (VLANs) separate them so they only interact with their own group. **Problem Without VLANs:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β SINGLE BROADCAST DOMAIN (No VLANs) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββ βββββββββββ βββββββββββ βββββββββββ β β β HR β β Sales β β IT β β Admin β β β β PC1 β β PC2 β β PC3 β β PC4 β β β ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ β β β β β β β β ββββββββββββββ΄βββββββββββββ΄βββββββββββββ β β β β β ββββββΌβββββ β β β Switch β β β βββββββββββ β β β β PROBLEMS: β β β’ All devices see all broadcast traffic β β β’ HR can communicate with Sales (security risk) β β β’ No traffic isolation β β β’ Wasted bandwidth from broadcasts β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Solution With VLANs:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β MULTIPLE BROADCAST DOMAINS (VLANs) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β VLAN 10 (HR) VLAN 20 (Sales) VLAN 30 (IT) β β βββββββββββ βββββββββββ βββββββββββ β β β HR β β Sales β β IT β β β β PC1 β β PC2 β β PC3 β β β ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ β β β β β β β ββββββββββββββββββββββΌβββββββββββββββββββββ β β β β β ββββββΌβββββ β β β Switch β β β β VLANs: β β β β 10,20,30β β β βββββββββββ β β β β BENEFITS: β β β’ Broadcast traffic isolated per VLAN β β β’ Security between departments β β β’ Devices in different VLANs CANNOT communicate (without router) β β β’ Better bandwidth utilization β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 2. VLAN Benefits | Benefit | Description | Example | |---------|-------------|---------| | **Security** | Devices in different VLANs cannot communicate directly | HR can't access Finance servers | | **Broadcast Control** | Broadcasts stay within VLAN, not whole network | ARP requests only in same VLAN | | **Performance** | Smaller broadcast domains reduce overhead | Less CPU usage on devices | | **Flexibility** | Move users without re-cabling | Employee moves offices, stays in same VLAN | | **Cost Reduction** | Fewer physical switches needed | One switch serves multiple departments | | **Simplified Management** | Group by function, not location | All printers in VLAN 50 | --- ### 3. VLAN Types **Default VLAN (VLAN 1):** | Property | Description | |----------|-------------| | **VLAN ID** | 1 | | **Status** | Default VLAN on all Cisco switches | | **All ports** | Initially assigned to VLAN 1 | | **Security** | Should NOT be used for user traffic (security risk) | | **Best Practice** | Move all ports to other VLANs, leave VLAN 1 unused | **Normal Range VLANs:** | Property | Description | |----------|-------------| | **VLAN IDs** | 1-1005 | | **Storage** | Stored in vlan.dat file (Flash memory) | | **Creation** | Can be created, modified, deleted | | **VLAN 1** | Default, cannot be deleted | | **VLANs 1002-1005** | Reserved for Token Ring/FDDI (cannot be deleted) | **Extended Range VLANs:** | Property | Description | |----------|-------------| | **VLAN IDs** | 1006-4094 | | **Storage** | Stored in running-config (VTP transparent mode required) | | **Prerequisite** | Switch must be in VTP transparent mode | | **Features** | More VLANs for larger networks | **VLAN Ranges:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β VLAN ID RANGES β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β 0 1 1001 1006 4094 β β β β β β β β β βΌ βΌ βΌ βΌ βΌ β β βββββββββββ¬ββββββββββ¬ββββββββββ¬ββββββββββββββββββ β β βReserved β Normal βReserved β Extended β β β β β Range β (FDDI/ β Range β β β β β1-1005 β Token) β 1006-4094 β β β βββββββββββ΄ββββββββββ΄ββββββββββ΄ββββββββββββββββββ β β β β VLAN 1: Default VLAN (cannot be deleted) β β VLAN 2-1001: Normal range (stored in vlan.dat) β β VLAN 1002-1005: Reserved (Token Ring/FDDI) β β VLAN 1006-4094: Extended (VTP transparent required) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 4. VLAN Port Types **Access Port:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β ACCESS PORT β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββ β β β SWITCH β β β β β β β βββββββββββ β βββββββββββββββββββββββββββββββ β β β β PC ββββββββββ Access Port β β β β β VLAN 10 β β β VLAN 10 β β β β βββββββββββ β β Untagged β β β β β βββββββββββββββββββββββββββββββ β β β β β β β βββββββββββββββββββββββββββββββββββββββ β β β β Characteristics: β β β’ Belongs to ONE VLAN β β β’ Carries untagged traffic β β β’ Connects to end devices (PCs, printers, servers) β β β’ Removes VLAN tag before sending to device β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Trunk Port:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β TRUNK PORT β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Switch 1 Switch 2 β β βββββββββββββββββββββββ βββββββββββββββββββββββ β β β β β β β β β βββββββββββββββββ β Tagged β βββββββββββββββββ β β β β β Trunk Port ββββββ 802.1Q βββββββ Trunk Port β β β β β β VLANs: β β Frames β β VLANs: β β β β β β 10,20,30 β β β β 10,20,30 β β β β β βββββββββββββββββ β β βββββββββββββββββ β β β β β β β β β βββββββββββββββββββββββ βββββββββββββββββββββββ β β β β Characteristics: β β β’ Carries traffic for MULTIPLE VLANs β β β’ Adds VLAN tag to frames (802.1Q) β β β’ Connects switches, routers, servers (with VLAN support) β β β’ Native VLAN carries untagged traffic β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 5. 802.1Q Trunking **What is 802.1Q?** IEEE standard for VLAN tagging that adds a 4-byte tag to Ethernet frames to identify which VLAN they belong to. **802.1Q Tag Structure:** ``` Original Ethernet Frame (without VLAN tag): βββββββββββββββ¬ββββββββββββββ¬ββββββββ¬ββββββββββββββ¬ββββββββββ β Destination β Source β Type β Data β FCS β β MAC β MAC β β β β βββββββββββββββ΄ββββββββββββββ΄ββββββββ΄ββββββββββββββ΄ββββββββββ 802.1Q Tagged Frame (with VLAN tag): βββββββββββββββ¬ββββββββββββββ¬ββββββββββββββββ¬ββββββββ¬ββββββββββββββ¬ββββββββββ β Destination β Source β 802.1Q Tag β Type β Data β FCS β β MAC β MAC β (4 bytes) β β β β βββββββββββββββ΄ββββββββββββββ΄ββββββββββββββββ΄ββββββββ΄ββββββββββββββ΄ββββββββββ 802.1Q Tag Format: βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Bytes: 2 bytes 3 bits 1 bit 12 bits β β βββββββββββββββββββ¬ββββββββββββββββββ¬ββββββββ¬ββββββββββββββββββ β β β TPID (0x8100) β Priority β CFI β VLAN ID β β β β Tag Protocol β (PCP) β β (VID) β β β β Identifier β 0-7 β β 1-4094 β β β βββββββββββββββββββ΄ββββββββββββββββββ΄ββββββββ΄ββββββββββββββββββ β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **802.1Q Tag Fields:** | Field | Size | Description | |-------|------|-------------| | **TPID** | 16 bits | Tag Protocol Identifier (0x8100) - identifies frame as VLAN-tagged | | **PCP** | 3 bits | Priority Code Point (CoS) - QoS priority (0-7) | | **CFI** | 1 bit | Canonical Format Indicator (Ethernet = 0) | | **VID** | 12 bits | VLAN ID (1-4094, 0 and 4095 reserved) | --- ### 6. Native VLAN **Definition:** The Native VLAN is the VLAN that carries untagged traffic on a trunk port. Frames in the native VLAN are not tagged when sent across the trunk. **Concept:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β NATIVE VLAN CONCEPT β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Switch A Switch B β β β β VLAN 10 (Data) VLAN 10 (Data) β β βββββββββββ βββββββββββ β β β Tagged β β Tagged β β β β VLAN 10 β β VLAN 10 β β β ββββββ¬βββββ ββββββ¬βββββ β β β β β β βΌ βΌ β β βββββββββββββββββββ βββββββββββββββββββ β β β Trunk Port β Tagged Frames (VLAN 10)β Trunk Port β β β β β ββββββββββββββββββββββββΊ β β β β β Native VLAN = 1 β β Native VLAN = 1 β β β βββββββββββββββββββ βββββββββββββββββββ β β β β β β βΌ βΌ β β βββββββββββ βββββββββββ β β βUntagged β βUntagged β β β β VLAN 1 β β VLAN 1 β β β βββββββββββ βββββββββββ β β β β Important: Native VLAN must match on both ends of the trunk! β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Native VLAN Security:** | Risk | Description | Mitigation | |------|-------------|------------| | **VLAN Hopping** | Attacker can spoof DTP to become trunk | Disable DTP, use static trunk | | **Double Tagging** | Attacker adds second VLAN tag | Change native VLAN to unused VLAN | | **Untagged Access** | Unauthorized access to native VLAN | Use VLAN 1 as native (not recommended) | **Best Practice:** Change native VLAN from default (VLAN 1) to an unused VLAN. ``` Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# switchport trunk native vlan 999 Switch(config-if)# switchport trunk allowed vlan 10,20,30 ``` --- ### 7. VLAN Configuration **Creating VLANs:** ```cisco ! Method 1: VLAN database mode (older) Switch# vlan database Switch(vlan)# vlan 10 name HR Switch(vlan)# vlan 20 name Sales Switch(vlan)# vlan 30 name IT Switch(vlan)# exit ! Method 2: Global configuration mode (current) Switch> enable Switch# configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name HR Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Sales Switch(config-vlan)# exit Switch(config)# vlan 30 Switch(config-vlan)# name IT Switch(config-vlan)# exit ! Verify VLANs Switch# show vlan brief Switch# show vlan id 10 ``` **Assigning Access Ports:** ```cisco ! Configure interface as access port Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# no shutdown Switch(config-if)# exit ! Configure multiple ports (range) Switch(config)# interface range fastEthernet 0/1 - 10 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Switch(config-if-range)# exit ``` **Configuring Trunk Ports:** ```cisco ! Configure trunk port Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk native vlan 999 Switch(config-if)# switchport trunk allowed vlan 10,20,30 Switch(config-if)# no shutdown ! Alternative: DTP dynamic modes Switch(config-if)# switchport mode dynamic desirable ! Actively tries to trunk Switch(config-if)# switchport mode dynamic auto ! Passively waits Switch(config-if)# switchport nonegotiate ! Disable DTP ``` --- ### 8. DTP (Dynamic Trunking Protocol) **Definition:** Cisco proprietary protocol that automatically negotiates trunking between switches. **DTP Modes:** | Mode | Behavior | |------|----------| | **switchport mode access** | Puts port in permanent access mode; no trunking | | **switchport mode trunk** | Puts port in permanent trunk mode; sends DTP frames | | **switchport mode dynamic desirable** | Actively attempts to become trunk | | **switchport mode dynamic auto** | Passively waits; becomes trunk if other side desires | | **switchport nonegotiate** | Disables DTP (must be manually set to trunk/access) | **DTP Negotiation:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β DTP NEGOTIATION MATRIX β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Switch A Switch B Result β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β Access Access Access β β Access Dynamic Auto Access β β Access Dynamic Desirable Access β β Access Trunk Trunk? NO! β β β β Trunk Trunk Trunk β β Trunk Dynamic Auto Trunk β β Trunk Dynamic Desirable Trunk β β Trunk Access Trunk? NO! β β β β Dynamic Auto Dynamic Auto Access β β Dynamic Auto Dynamic Desirable Trunk β β Dynamic Desirable Dynamic Desirable Trunk β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Security Best Practice:** Disable DTP and set trunks manually. ```cisco Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport nonegotiate ``` --- ### 9. VLAN Verification Commands | Command | Purpose | |---------|---------| | `show vlan brief` | Display all VLANs and assigned ports | | `show vlan id [vlan-id]` | Display specific VLAN details | | `show interfaces status` | Show VLAN assignment for all ports | | `show interfaces trunk` | Display trunk ports and allowed VLANs | | `show interfaces [interface] switchport` | Detailed switchport configuration | | `show running-config` | View VLAN configuration | **Example Outputs:** ```cisco Switch# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 10 HR active Fa0/9, Fa0/10, Fa0/11, Fa0/12 20 Sales active Fa0/13, Fa0/14, Fa0/15, Fa0/16 30 IT active Fa0/17, Fa0/18, Fa0/19, Fa0/20 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 999 Port Vlans allowed on trunk Gi0/1 10,20,30 Port Vlans allowed and active in management domain Gi0/1 10,20,30 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 10,20,30 ``` --- ### 10. Inter-VLAN Routing (Preview) **Problem:** Devices in different VLANs cannot communicate by default. **Solutions:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β INTER-VLAN ROUTING METHODS β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β 1. ROUTER-ON-A-STICK (802.1Q Trunk to Router) β β β β βββββββββββββββββββ β β β Router β β β β Subinterfaces β β β β Gi0/0.10: 10.1β β β β Gi0/0.20: 10.2β β β ββββββββββ¬βββββββββ β β β Trunk (802.1Q) β β ββββββββββΌβββββββββ β β β Switch β β β β VLAN 10,20 β β β βββββββββββββββββββ β β β β 2. LAYER 3 SWITCH (SVI - Switch Virtual Interface) β β β β βββββββββββββββββββββββββββββββββββββββββββ β β β Layer 3 Switch β β β β VLAN 10: interface vlan 10 = 10.1 β β β β VLAN 20: interface vlan 20 = 10.2 β β β β ip routing enabled β β β βββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## π§ Complete Configuration Examples ### Lab: Basic VLAN Configuration **Topology:** ``` βββββββββββββββββββ β Switch β β SW1 β βββββββββββββββββββ β βββββββββββββββββββΌββββββββββββββββββ β β β ββββββΌβββββ ββββββΌβββββ ββββββΌβββββ β PC1 β β PC2 β β PC3 β β VLAN 10 β β VLAN 20 β β VLAN 10 β β10.10.1.2β β10.20.1.2β β10.10.1.3β βββββββββββ βββββββββββ βββββββββββ ``` **Configuration:** ```cisco ! Create VLANs Switch# configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name HR Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Sales Switch(config-vlan)# exit ! Configure PC1 (Port Fa0/1) - VLAN 10 Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# no shutdown Switch(config-if)# exit ! Configure PC2 (Port Fa0/2) - VLAN 20 Switch(config)# interface fastEthernet 0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20 Switch(config-if)# no shutdown Switch(config-if)# exit ! Configure PC3 (Port Fa0/3) - VLAN 10 Switch(config)# interface fastEthernet 0/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# no shutdown Switch(config-if)# exit ! Verify configuration Switch# show vlan brief Switch# show interfaces status ``` **Test Results:** - PC1 can ping PC3 (same VLAN 10) - PC1 CANNOT ping PC2 (different VLANs) - PC2 cannot ping any other device (isolated in VLAN 20) --- ### Lab: Trunk Configuration (Two Switches) **Topology:** ``` Switch A Switch B βββββββββββββββββββ βββββββββββββββββββ β VLAN 10 β β VLAN 10 β β βββββββ β β βββββββ β β β PC1 β β β β PC3 β β β βββββββ β β βββββββ β β VLAN 20 β Trunk β VLAN 20 β β βββββββ β 802.1Q β βββββββ β β β PC2 β βββββββββββββββββββββββββΊβ β PC4 β β β βββββββ β β βββββββ β βββββββββββββββββββ βββββββββββββββββββ ``` **Configuration:** ```cisco ! ========== SWITCH A ========== SwitchA# configure terminal ! Create VLANs SwitchA(config)# vlan 10 SwitchA(config-vlan)# name HR SwitchA(config-vlan)# exit SwitchA(config)# vlan 20 SwitchA(config-vlan)# name Sales SwitchA(config-vlan)# exit ! Configure access ports SwitchA(config)# interface fastEthernet 0/1 SwitchA(config-if)# switchport mode access SwitchA(config-if)# switchport access vlan 10 SwitchA(config-if)# exit SwitchA(config)# interface fastEthernet 0/2 SwitchA(config-if)# switchport mode access SwitchA(config-if)# switchport access vlan 20 SwitchA(config-if)# exit ! Configure trunk port SwitchA(config)# interface gigabitEthernet 0/1 SwitchA(config-if)# switchport mode trunk SwitchA(config-if)# switchport trunk native vlan 999 SwitchA(config-if)# switchport trunk allowed vlan 10,20 SwitchA(config-if)# no shutdown SwitchA(config-if)# exit ! ========== SWITCH B ========== SwitchB# configure terminal ! Create VLANs (same as Switch A) SwitchB(config)# vlan 10 SwitchB(config-vlan)# name HR SwitchB(config-vlan)# exit SwitchB(config)# vlan 20 SwitchB(config-vlan)# name Sales SwitchB(config-vlan)# exit ! Configure access ports SwitchB(config)# interface fastEthernet 0/1 SwitchB(config-if)# switchport mode access SwitchB(config-if)# switchport access vlan 10 SwitchB(config-if)# exit SwitchB(config)# interface fastEthernet 0/2 SwitchB(config-if)# switchport mode access SwitchB(config-if)# switchport access vlan 20 SwitchB(config-if)# exit ! Configure trunk port SwitchB(config)# interface gigabitEthernet 0/1 SwitchB(config-if)# switchport mode trunk SwitchB(config-if)# switchport trunk native vlan 999 SwitchB(config-if)# switchport trunk allowed vlan 10,20 SwitchB(config-if)# no shutdown SwitchB(config-if)# exit ! Verify trunk SwitchA# show interfaces trunk SwitchA# show interfaces gigabitEthernet 0/1 switchport ``` --- ## π Text-Based Diagrams ### VLAN Tagging Process ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β VLAN TAGGING FLOW β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PC1 (VLAN 10) sends frame to PC3 (VLAN 10) through trunk β β β β STEP 1: PC1 to Switch A β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Untagged Frame (VLAN 10) β β β β [DST MAC][SRC MAC][DATA][FCS] β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β STEP 2: Switch A adds VLAN tag (Access Port to Trunk) β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Tagged Frame (802.1Q) β β β β [DST][SRC][802.1Q Tag: VLAN 10][TYPE][DATA][FCS] β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β STEP 3: Frame travels across trunk β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Switch A Trunk β Switch B Trunk (Tagged Frame) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β STEP 4: Switch B removes tag (Trunk to Access Port) β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Untagged Frame (VLAN 10) β β β β [DST MAC][SRC MAC][DATA][FCS] β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β STEP 5: Frame delivered to PC3 (VLAN 10) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` ### VLAN Logical Separation ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β LOGICAL VLAN DIAGRAM β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PHYSICAL VIEW: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β SINGLE SWITCH β β β β βββββββ βββββββ βββββββ βββββββ βββββββ βββββββ β β β β βPC1 β βPC2 β βPC3 β βPC4 β βPC5 β βPC6 β β β β β βHR β βSalesβ βHR β βIT β βSalesβ βIT β β β β β ββββ¬βββ ββββ¬βββ ββββ¬βββ ββββ¬βββ ββββ¬βββ ββββ¬βββ β β β β β β β β β β β β β β ββββ΄ββββββββ΄ββββββββ΄ββββββββ΄ββββββββ΄ββββββββ΄βββ β β β β β SWITCH BACKPLANE β β β β β ββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β LOGICAL VIEW (VLANs create separate logical switches): β β β β VLAN 10 (HR) VLAN 20 (Sales) VLAN 30 (IT) β β βββββββββββββββ βββββββββββββββ βββββββββββββββ β β β βββββββ β β βββββββ β β βββββββ β β β β βPC1 β β β βPC2 β β β βPC4 β β β β β βββββββ β β βββββββ β β βββββββ β β β β βββββββ β β βββββββ β β βββββββ β β β β βPC3 β β β βPC5 β β β βPC6 β β β β β βββββββ β β βββββββ β β βββββββ β β β β βββββββ β β β β β β β β β β β β β β β β β β βββββββ β β β β β β β βββββββββββββββ βββββββββββββββ βββββββββββββββ β β β β Each VLAN = Separate Broadcast Domain β β Communication between VLANs requires router β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## β Exam Tips (For CCNA 200-301) | Topic | What Cisco Tests | |-------|------------------| | **VLAN Benefits** | Security, broadcast control, flexibility | | **VLAN Ranges** | Normal (1-1005), Extended (1006-4094) | | **Access vs. Trunk** | Access = single VLAN, Trunk = multiple VLANs | | **802.1Q** | 4-byte tag, TPID=0x8100, 12-bit VLAN ID | | **Native VLAN** | Untagged on trunk; must match both ends | | **DTP Modes** | Dynamic auto vs. dynamic desirable | | **Inter-VLAN Routing** | Router-on-a-stick vs. Layer 3 SVI | ### Common Exam Scenarios: **Scenario 1:** "A switch port is configured with `switchport mode dynamic auto`. What must the other side be set to for trunking to form?" - **Answer:** `dynamic desirable` or `trunk` (dynamic auto + dynamic auto = access) **Scenario 2:** "Two switches are connected via trunk. Devices in VLAN 10 on Switch A cannot communicate with VLAN 10 on Switch B. What could be the issue?" - **Answer:** Native VLAN mismatch, VLAN not allowed on trunk, or trunk not established **Scenario 3:** "What is the purpose of the 802.1Q tag?" - **Answer:** Identifies which VLAN a frame belongs to when traversing a trunk ### Mnemonics: **VLAN ID Ranges:** **"Normal Nuns Eat 1005 Cookies, Extended Elders Eat 4094"** - Normal: 1-1005 - Extended: 1006-4094 **DTP Modes (from most to least aggressive):** **"Trucks Drive Autos Automatically"** - **T**runk - **D**esirable - **A**uto - **A**ccess --- ## π Summary (1-Minute Revision) ``` VLANS: βββ Logical grouping of devices βββ Benefits: Security, broadcast control, flexibility βββ VLAN 1 = default (avoid using) βββ Normal range: 1-1005 (stored in vlan.dat) βββ Extended: 1006-4094 (VTP transparent required) ACCESS PORTS: βββ Single VLAN βββ Untagged traffic βββ Connects end devices βββ Command: switchport mode access, switchport access vlan X TRUNK PORTS: βββ Multiple VLANs βββ 802.1Q tagging (4-byte tag) βββ Native VLAN = untagged βββ Command: switchport mode trunk βββ Must match allowed VLANs and native VLAN 802.1Q TAG: βββ TPID: 0x8100 (identifies tag) βββ PCP: 3-bit priority βββ VID: 12-bit VLAN ID (1-4094) βββ Adds 4 bytes to frame DTP: βββ Negotiates trunking automatically βββ Modes: trunk, desirable, auto, access, nonegotiate βββ Security risk: disable if not needed KEY COMMANDS: βββ show vlan brief βββ show interfaces trunk βββ show interfaces [int] switchport βββ switchport trunk allowed vlan [list] ``` --- ## π§ͺ Practice Questions **1. What is the primary purpose of a VLAN?** - A) Increase collision domain size - B) Logically segment a network without physical changes - C) Increase network speed - D) Replace the need for routers <details> <summary>Answer</summary> <b>B) Logically segment a network without physical changes</b> - VLANs allow logical grouping of devices regardless of physical location. </details> **2. What is the default VLAN on a Cisco switch?** - A) VLAN 0 - B) VLAN 1 - C) VLAN 1001 - D) VLAN 4094 <details> <summary>Answer</summary> <b>B) VLAN 1</b> - All ports are in VLAN 1 by default on Cisco switches. </details> **3. Which command configures a port as a trunk?** - A) `switchport mode access` - B) `switchport mode trunk` - C) `switchport trunk enable` - D) `switchport vlan trunk` <details> <summary>Answer</summary> <b>B) `switchport mode trunk`</b> - This puts the port in permanent trunking mode. </details> **4. How many bytes does the 802.1Q tag add to an Ethernet frame?** - A) 2 bytes - B) 4 bytes - C) 6 bytes - D) 8 bytes <details> <summary>Answer</summary> <b>B) 4 bytes</b> - The 802.1Q tag adds 4 bytes to the Ethernet frame (TPID, PCP, CFI, VID). </details> **5. What is the Native VLAN?** - A) The VLAN used for management traffic only - B) The VLAN that carries untagged traffic on a trunk - C) The default VLAN for access ports - D) The VLAN with the highest priority <details> <summary>Answer</summary> <b>B) The VLAN that carries untagged traffic on a trunk</b> - Native VLAN frames are not tagged when sent across a trunk. </details> **6. Two switches are connected with a trunk. Switch A has native VLAN 1, Switch B has native VLAN 10. What happens?** - A) Trunk works normally - B) VLAN mismatch causes CDP to report error, potential connectivity issues - C) Switches automatically negotiate matching native VLAN - D) Trunk fails to form <details> <summary>Answer</summary> <b>B) VLAN mismatch causes CDP to report error, potential connectivity issues</b> - Native VLAN mismatch causes traffic to be misdirected and generates CDP error messages. </details> **7. Which VLAN range is considered "extended range"?** - A) 1-1005 - B) 2-1001 - C) 1006-4094 - D) 4096-8192 <details> <summary>Answer</summary> <b>C) 1006-4094</b> - Extended range VLANs require VTP transparent mode. </details> **8. What does the `switchport trunk allowed vlan 10,20,30` command do?** - A) Allows only VLANs 10, 20, 30 on the trunk - B) Adds VLANs 10, 20, 30 to the trunk - C) Removes all other VLANs from the trunk - D) All of the above <details> <summary>Answer</summary> <b>D) All of the above</b> - This command limits the trunk to only the specified VLANs. </details> **9. Which DTP mode actively attempts to negotiate a trunk?** - A) Dynamic auto - B) Dynamic desirable - C) Trunk - D) Access <details> <summary>Answer</summary> <b>B) Dynamic desirable</b> - This mode actively sends DTP frames to negotiate trunking. </details> **10. What is the TPID value in an 802.1Q tag?** - A) 0x0800 - B) 0x0806 - C) 0x8100 - D) 0x86DD <details> <summary>Answer</summary> <b>C) 0x8100</b> - Tag Protocol Identifier identifies the frame as 802.1Q tagged. </details> --- ## π Next Steps After completing Video 6, you should be ready for: - **Video 7:** Spanning Tree Protocol (STP) - **Video 8:** Inter-VLAN Routing (Router-on-a-Stick) **Lab Practice:** 1. Create VLANs 10, 20, 30 on a single switch 2. Assign ports to different VLANs 3. Verify that same-VLAN devices can ping, different-VLAN cannot 4. Add second switch and configure trunk 5. Verify VLANs extend across both switches 6. Change native VLAN and observe effects --- **Ready for Video 7?** Share the link or say "next" and I'll continue with Spanning Tree Protocol (STP), covering loop prevention, root bridge election, and port states. I'll create comprehensive deep notes for **Video 7: Spanning Tree Protocol (STP)** based on the standard CCNA 200-301 curriculum. ---