Categories
VLAN

Configuring allowed VLANs

By default, all VLANs are allowed across a trunk link on a Cisco switch. We can verify that using the show interfaces trunk command:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,5,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1,5,10

In the output above you can see that all VLANs (1 through 1005) are allowed on the trunk by default.

We can prevent traffic from certain VLANs from traversing a trunk link using the following interface mode command:

(config-if)#switchport trunk allowed vlan {add | all | except | remove} vlan-list

For example, to prevent traffic from VLAN 5 to traverse the trunk link, we would use the following command:

SW1(config)#int fa0/1
SW1(config-if)#switchport trunk allowed vlan remove 5

The same command needs to be entered on the switch on the other end of the link.

To verify that the traffic from VLAN 5 will indeed be blocked from traversing a trunked link, we can enter the show interfaces trunk command again:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-4,6-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

Notice how now only VLANs 1-4 and 6-1005 are allowed on trunk.

NOTE
You can use the switchport trunk allowed vlan all interface mode command to reset the switch port to its original default setting (permitting all VLANs on the trunk).

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Configuring voice VLANs

Most corporate networks today use IP telephony. This means that the phones are connect to the same network and use the same cabling as other network devices, such as workstations or routers. Since offices usually have only a single UTP cable to each desk, most of the IP phones today include a small switch that enable you to connect your PC to the phone sitting on the desk, and then connect the phone to the local network.

Consider the backside of an IP telephone Yealink T21:

Yealink T21 backside

As you can see from the picture, this phone has two UTP ports. One port is connected to the local network, while the other port can be connected to the PC.

The port on the phone connected to the switch can carry both data and voice traffic. To enable this, we need to define two VLANs on the switch port – data VLAN and voice VLAN. Here is how we can do that:

SW1(config)#vlan 5
SW1(config)#vlan 20
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5
SW1(config-if)#switchport voice vlan 20

We’ve created two VLANs – VLAN 5 that will be used for data sent by the PC and VLAN 20 for IP phone’s voice traffic. We’ve then placed the port into both VLANs. The keyword voice indicates that the VLAN 20 will be a voice VLAN.

To verify that the interface indeed carries data from both VLANs, we can use the show interfaces Fa0/1 switchport command:

Switch#show interfaces fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 5 (VLAN0005)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 20
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
...

The lines Access Mode VLAN: 5 (VLAN0005) and Voice VLAN: 20 indicate that the interface is indeed carrying traffic from both VLANs.

NOTE
Some IP phones can be automatically configured with appropriate VLANs using protocols such as LLDP or CDP. However, on some models you will need to manually configure data and voice VLANs on the phone using its web interface.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Inter-Switch Link (ISL)

Another VLAN tagging protocol is Inter-Switch Link (ISL). This protocol is Cisco proprietary, which means that, unlike 802.1Q, it can be used only between Cisco switches. It is considered to be deprecated, and newer Cisco switches don’t even support it.

ISL works by encapsulating a frame in an ISL header and trailer. The encapsulated frame remains unchanged. The VLAN ID is included in the ISL header.

Original frame:

normal frame

ISL frame:

ISL frame

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

IEEE 802.1Q

IEEE 802.1Q is one of the VLAN tagging protocols supported by Cisco switches. This standard was created by the Institute of Electrical and Electronics Engineers (IEEE), so it an open standard and can be used on non-Cisco switches.

To identify to which VLAN a frame belongs to, a field is inserted into the frame’s header.

Original frame:

normal frame
802.1Q frame:

802.1Q frame

An example will attempt to clarify the concept. Let’s say that we have a network of 2 switches and 4 hosts. Hosts A and host D are in VLAN 2, while hosts B and C are in VLAN 3.

frame tagging
On the segment between two switches, a process called VLAN trunking is used. Let’s say that host A sends a broadcast frame. SW1 “tags” the frame by inserting the VLAN ID in the header of the frame before sending the frame to SW2. SW2 receives the frame and knows that the frame belongs to VLAN 3, so it sends the frame only to host D, since that host is in VLAN 3.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Frame tagging

To identify the VLAN a packet is belonging to, switches use tagging to assign a numerical value to each frame in a network with multiple VLANs. This is done to ensure that switches know out which ports to forward frames.

For example, consider the following network topology.

frame tagging

There are two VLANs in the toplogy pictured above, namely VLAN 3 and VLAN 4. Host A sends a broadcast packet to switch SW1. Switch SW1 receives the packet, tags the packet with the VLAN ID of 3 and sends it to SW2. SW2 receives the packet, looks up at the VLAN ID, and forwards the packet only out the port Fa0/1, since only that port is in VLAN 3. Host B and host C will not receive the packet because they are in different VLAN than host A.

NOTE
When forwarding a tagged frame to a host device a switch will remove the VLAN tag, since host devices don’t understand tagging and would drop the packet.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Configuring access & trunk ports

To configure an interface to be an access interface, the switchport mode acess interface command is used. This type of interface can be assigned only to a single VLAN.

To configure a trunk interface, the switchport mode trunk interface command is used. This type of interface can carry traffic of multiple VLANs.

An example will help you understand the concept.

access trunk port configuration

Host A and host B are in different VLANs, VLAN 1 and VLAN 2. These ports need to be configured as access ports and assigned to their respective VLANs by using the following sequence of commands:

access ports example

Because the link between SW1 and SW2 needs to carry traffic of multiple VLANs, it needs to be configured as a trunk interface. This is done by using the following commands on both SW1 and SW2:

On SW1:

switch1 trunk example

On SW2:

switch2 trunk example

Now the link between SW1 and SW2 can carry traffic from both the VLAN1 and VLAN2. You can verify that an interface is indeed a trunk interface by using the show interface Fa0/3 switchport command on SW1:

show interface switchport

NOTE
VLAN 1 doesn’t have to be created, it exists by default. Also, by default, all ports are in the VLAN 1, so Fa0/1 doesn’t need the switchport access vlan 1 command.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Access and trunk ports

If you intend to use VLANs in your network, you will need to configure some ports on a switch as access ports and other as trunk ports. Here is a description each port type:

  • access port – a port that can be assigned to a single VLAN. This type of interface is configured on switch ports that are connected to end devices such as workstations, printers, or access points.
  • trunk port – a port that is connected to another switch. This type of interface can carry traffic of multiple VLANs, thus enabling you to extend VLANs across your entire network. Frames are tagged by assigning a VLAN ID to each frame as they traverse between switches.

The following picture illustrates the difference:

Access and trunk ports

In the example network pictured above, the switch ports connected to workstations would be configured as access ports. The ports that connect switches together would be configured as trunk ports.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

Configuring VLANs

By default, all ports on a switch are in the VLAN 1. We can verify that by typing the show vlan command from the IOS enable mode of a switch:

default vlan

In the picture above, you can see that all of the 24 ports of the switch are in the same VLAN, namely VLAN 1.

Two steps are required to create a VLAN and assign a switch port to the VLAN:

  1. create a vlan using the vlan NUMBER global mode command
  2. assing a port to the VLAN by using two interface subcommands. The first command is the switchport mode access command. This command specifies that the interface is an access interface. The second command is the switchport access vlan NUMBER command. This command assigns the interface to a VLAN.

 

Here is an example of assigning the VLAN 2 to the interface:

creating a vlan

The first command (vlan 2) created the VLAN 2. We’ve then entered the Fa0/1 subinterface mode and configured the interface as an access interface that belongs to VLAN 2. To verify this, we can again use the show vlan command:

show vlan

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo

Categories
VLAN

What is a VLAN?

VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are usually configured on switches by placing some interfaces into one broadcast domain and some interfaces into another. Each VLAN acts as a subgroup of the switch ports in an Ethernet LAN.

VLANs can spread across multiple switches, with each VLAN being treated as its own subnet or broadcast domain. This means that frames broadcasted onto the network will be switched only between the ports within the same VLAN.

A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if they are not connected to the same switch. Here are the main reasons why VLANs are used:

  • VLANs increase the number of broadcast domains while decreasing their size.
  • VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood.
  • you can keep hosts that hold sensitive data on a separate VLAN to improve security.
  • you can create more flexible network designs that group users by department instead of by physical location.
  • network changes are achieved with ease by just configuring a port into the appropriate VLAN.

The following topology shows a network with all hosts inside the same VLAN:

A network without VLANs

Without VLANs, a broadcast sent from host A would reach all devices on the network. Each device will receive and process broadcast frames, increasing the CPU overhead on each device and reducing the overall security of the network.

By placing interfaces on both switches into a separate VLAN, a broadcast from host A would reach only devices inside the same VLAN, since each VLAN is a separate broadcast domain. Hosts in other VLANs will not even be aware that the communication took place. This is shown in the picture below:

A network with VLANs

NOTE
To reach hosts in a different VLAN, a router is needed.

 

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo