Jaycee's Networking

April 5, 2009


Filed under: IOS, VLAN — Tags: , , — Jaycee @ 7:23 pm

1. Layer 2 switchport modes:

a. Access – one Vlan
b. Trunk – multiple Vlans
c. Tunnel – Transparent Layer 2 VPN
d. Dynamic (3560 dynamic auto, 3550 dynamic desirable) – DTP negotiation

*3560 and 3550 are both layer-3 switches: ip routing

2. Layer 3 Ports:

a. Switched Virtual Interface (SVI) => vlan interfaces
b. Native routed interfaces => Fast Ethernet interfaces

3. Example:

3550# sh run int f0/1
interface FastEthernet0/1
switchport mode dynamic desirable
no ip address

3550# sh int f0/1 switchport
Name: Fa0/1
Administrative Mode: dynamic desirable
Switchport: Enable <= running layer 2
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On

3550# sh cdp nei
Device ID Local Intrfce Holdtme Capability Platform Port ID
3550 Fas 0/1 172 S I WS-C3550-2 Fas 0/1

3560# sh int f0/5
Name: Fa0/5
Switchport: Enable
Administrative Mode: dynamic auto
Operational Mode: static access <= the other side didn’t initiate trunk, so it fell back to access mode
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On <= via DTP

4. Layer 2 Trunking

a. ISL – Cisco proprietary, all traffic tagged with ISL
b. 802.1q – Open standard, “Native” Vlan sent untagged => native vlan has to match on all switches and routers
c. DTP – Dynamic Trunking Protocol

*The goal of setting vlan is to separate broadcast domain.

5. Example:

3560# sh int trunk
Port Mode Encapsulation Status Natvie vlan
Fa0/5 desirable n-isl trunking 1
Fa0/6 auto n-isl trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/5 1-4094 <= means not doing any filtering by default
Fa0/6 1-4094

Port Vlans allowed and active in management domain
Fa0/5 1
Fa0/6 1

Port Vlans allowed and active in management domain
Fa0/1 1

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1 <= forwarding state
Fa0/5 none <= blocking state
Fa0/6 none <= blocking state

3560(config)#int f0/5
3560(config-if)#switchport trunk encapsulation dot1q

3560(config)#sh int trunk | in 802.1q
Fa0/4 auto n-802.1q trunking 1
Fa0/5 desirable n-802.1q trunking 1

*Vlan 1 can’t be removed from “Vlans allowed on trunk list”.

6. You can tag vlan 1 if other devices do not support untagged traffic:

SW1(config)# vlan dot1q tag native


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: