Cisco Networking/CCENT/VLANs

This lesson covers VLANs and VLAN routing.

Objectives and Skills
Objectives and skills for the VLANs portion of Cisco CCENT certification include:
 * Describe how VLANs create logically separate networks and the need for routing between them
 * Explain network segmentation and basic traffic management concepts
 * Configure and verify VLANs
 * Configure and verify trunking on Cisco switches
 * DTP (topic)
 * Auto-negotiation
 * Configure and verify interVLAN routing (router on a stick)
 * Sub interfaces
 * Upstream routing
 * Encapsulation
 * Configure SVI interfaces.

Readings

 * 1)  Virtual LAN
 * 2)  VLAN Trunking Protocol
 * 3)  IEEE 802.1Q
 * 4)  Dynamic Trunking Protocol
 * 5)  Router on a stick
 * 6)  Switch virtual interface
 * 7) Cisco: LAN Switching and VLANs
 * 8) Cisco: EtherSwitch Network Module (ESW) Configuration Example

Multimedia

 * 1) YouTube: VLANs - CompTIA Network+ N10-005: 1.4
 * 2) YouTube: Configuring VLANs - CompTIA Network+ N10-005: 2.1
 * 3) YouTube: VLAN Trunking Protocol - CompTIA Network+ N10-005: 2.1
 * 4) YouTube: CCNA And CCNP Tutorial: VLAN Trunking Protocol (VTP)
 * 5) YouTube: Cisco Inter-VLAN Routing on a Stick
 * 6) YouTube: Switched Virtual Interfaces for Inter-VLAN Routing
 * 7) YouTube: 802.1Q and Trunking

vlan
To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode. vlan { | } vlan 2

name
To name a VLAN on a switch, use the name command in VLAN configuration mode. name sale

switchport mode
To set the interface type, use the switchport mode command in interface configuration mode. switchport mode < access | trunk > switchport mode access switchport mode trunk

switchport access vlan
To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode. switchport access vlan  switchport access vlan 2

switchport trunk
To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode. switchport trunk { native vlan  | allowed vlan  } switchport trunk native vlan 10 switchport trunk allowed vlan 2-3, 10

show vlan
To display VLAN information on a switch, use the show vlan command in privileged EXEC mode. show vlan [brief | id  | name [ifindex] | ] show vlan show vlan brief show vlan 2 show vlan sales

show interfaces switchport
To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode. show interfaces switchport

Command Sequence
A command sequence to configure a switch for VLAN switching might be similar to the following. enable configure terminal vlan 2 name sales vlan 3 name r&d exit

interface vlan 1 ip address 192.168.1.10 255.255.255.0 no shutdown ip default-gateway 192.168.1.1

interface fastethernet1/0 switchport trunk encapsulation dot1q switchport mode trunk interface range fastethernet1/1 - 2 switchport access vlan 2 interface range fastethernet1/3 - 4 switchport access vlan 3 exit exit

show vlan brief show interface trunk show interfaces switchport

vlan database
To enter VLAN configuration mode on a router with a switch module, use the vlan database command in privileged EXEC mode. vlan database

vlan (VLAN)
To configure a specific VLAN, use the vlan command in VLAN configuration mode. vlan  [name ] vlan 2 name sales

show vlan-switch
To display VLAN information, use the show vlan-switch command in user EXEC or privileged EXEC mode. show vlan-switch [brief | id | name ] show vlan-switch show vlan-switch brief

show interface trunk
To display the interface-trunk information, use the show interface trunk command in user EXEC or privileged EXEC mode. show interface [ interface  ] trunk [ module | vlan ] show interface trunk

Command Sequence
A command sequence to configure an EtherSwitch router for VLAN switching might be similar to the following. enable vlan database vlan 2 name sales vlan 3 name r&d exit

configure terminal interface vlan 1 ip address 192.168.1.10 255.255.255.0 no shutdown ip default-gateway 192.168.1.1

interface fastethernet1/0 switchport mode trunk interface range fastethernet1/1 - 2 switchport access vlan 2 interface range fastethernet1/3 - 4 switchport access vlan 3 exit exit

show vlan-switch brief show interface trunk

encapsulation dot1q
To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN, use the encapsulation dot1q command in interface range configuration mode or subinterface configuration mode. encapsulation dot1q  [native]

show vlans
To display VLAN subinterfaces, use the show vlans command in privileged EXEC mode. show vlan

Command Sequence
A command sequence to configure a router for VLAN routing might be similar to the following. enable configure terminal

interface fastethernet0/0 ip address 192.168.1.1 255.255.255.0 no shutdown

interface fastethernet0/0.2 encapsulation dot1q 2 ip address 192.168.2.1 255.255.255.0

interface fastethernet0/0.3 encapsulation dot1q 3 ip address 192.168.3.1 255.255.255.0

exit exit

show ip interface brief show vlans

Command Sequence
A command sequence to configure switch virtual interface (SVI) VLAN routing might be similar to the following. enable configure terminal

ip routing

interface vlan 2 ip address 192.168.2.1 255.255.255.0 no shutdown

interface vlan 3 ip address 192.168.3.1 255.255.255.0 no shutdown

exit exit

show ip route

Activities

 * 1) Configure and test switching.Cisco CCENT Switch 4 PCs.png
 * 2) Add an EtherSwitch router and four VPCS PCs to a new GNS3 project and start the devices.
 * 3) Add links to connect the following.
 * 4) * PC1 Ethernet0 <-> ESW1 FastEthernet1/1
 * 5) * PC2 Ethernet0 <-> ESW1 FastEthernet1/2
 * 6) * PC3 Ethernet0 <-> ESW1 FastEthernet1/3
 * 7) * PC4 Ethernet0 <-> ESW1 FastEthernet1/4
 * 8) Set the following IP addresses and subnet masks.
 * 9) * ESW1 VLAN1: 192.168.1.10 255.255.255.0
 * 10) * PC1 Ethernet0: 192.168.1.11 255.255.255.0
 * 11) * PC2 Ethernet0: 192.168.1.12 255.255.255.0
 * 12) * PC3 Ethernet0: 192.168.1.13 255.255.255.0
 * 13) * PC4 Ethernet0: 192.168.1.14 255.255.255.0
 * 14) Test the configuration using the following command on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 15) Configure and test VLAN switching.Cisco CCENT Switch 4 PCs.png
 * 16) Using the project from above, create the following VLANs.
 * 17) * VLAN 2: sales, FastEthernet1/1, FastEthernet1/2
 * 18) * VLAN 3: r&d, FastEthernet1/3, FastEthernet1/4
 * 19) Open the console for the switch and practice using the following commands.
 * 20) Verify the configuration using the following commands.
 * 21) Test the configuration using the following command on the switch and the PCs.  Test all switch and PC addresses.  Only connections on the same VLAN should be successful.
 * 22) Configure and test VLAN routing.Cisco CCENT Router Switch 4 PCs.png
 * 23) Add a router to the project from above and start the device.
 * 24) Add a link to connect the following.
 * 25) * R1 FastEthernet0/0 <-> ESW1 FastEthernet1/0
 * 26) Set the following IP addresses, subnet masks, and default gateways for the switch and PCs.
 * 27) * R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
 * 28) * R1 FastEthernet0/0.2: 192.168.2.1 255.255.255.0
 * 29) * R1 FastEthernet0/0.3: 192.168.3.1 255.255.255.0
 * 30) * ESW1 VLAN1: 192.168.1.10 255.255.255.0 192.168.1.1
 * 31) * PC1 Ethernet0: 192.168.2.11 255.255.255.0 192.168.2.1
 * 32) * PC2 Ethernet0: 192.168.2.12 255.255.255.0 192.168.2.1
 * 33) * PC3 Ethernet0: 192.168.3.13 255.255.255.0 192.168.3.1
 * 34) * PC4 Ethernet0: 192.168.3.14 255.255.255.0 192.168.3.1
 * 35) Open the console for the router and practice using the following commands.
 * 36) Verify the configuration using the following commands.
 * 37) Open the console for the switch and practice using the following commands.
 * 38) Verify the configuration using the following commands.
 * 39) Test the configuration using the following commands on the router, switch, and the PCs.  Test all router, switch, and PC addresses.  All tests should be successful.
 * 40) Configure and test switch virtual interface (SVI) routing.Cisco CCENT Switch 4 PCs.png
 * 41) Remove the router from the project above.
 * 42) Set the following IP addresses and subnet masks for the switch.
 * 43) * ESW1 VLAN2: 192.168.2.1 255.255.255.0
 * 44) * ESW1 VLAN3: 192.168.3.1 255.255.255.0
 * 45) Open the console for the router and practice using the following commands.
 * 46) Verify the configuration using the following commands.
 * 47) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Verify the configuration using the following commands.
 * 2) Open the console for the switch and practice using the following commands.
 * 3) Verify the configuration using the following commands.
 * 4) Test the configuration using the following commands on the router, switch, and the PCs.  Test all router, switch, and PC addresses.  All tests should be successful.
 * 5) Configure and test switch virtual interface (SVI) routing.Cisco CCENT Switch 4 PCs.png
 * 6) Remove the router from the project above.
 * 7) Set the following IP addresses and subnet masks for the switch.
 * 8) * ESW1 VLAN2: 192.168.2.1 255.255.255.0
 * 9) * ESW1 VLAN3: 192.168.3.1 255.255.255.0
 * 10) Open the console for the router and practice using the following commands.
 * 11) Verify the configuration using the following commands.
 * 12) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Verify the configuration using the following commands.
 * 2) Test the configuration using the following commands on the router, switch, and the PCs.  Test all router, switch, and PC addresses.  All tests should be successful.
 * 3) Configure and test switch virtual interface (SVI) routing.Cisco CCENT Switch 4 PCs.png
 * 4) Remove the router from the project above.
 * 5) Set the following IP addresses and subnet masks for the switch.
 * 6) * ESW1 VLAN2: 192.168.2.1 255.255.255.0
 * 7) * ESW1 VLAN3: 192.168.3.1 255.255.255.0
 * 8) Open the console for the router and practice using the following commands.
 * 9) Verify the configuration using the following commands.
 * 10) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Configure and test switch virtual interface (SVI) routing.Cisco CCENT Switch 4 PCs.png
 * 2) Remove the router from the project above.
 * 3) Set the following IP addresses and subnet masks for the switch.
 * 4) * ESW1 VLAN2: 192.168.2.1 255.255.255.0
 * 5) * ESW1 VLAN3: 192.168.3.1 255.255.255.0
 * 6) Open the console for the router and practice using the following commands.
 * 7) Verify the configuration using the following commands.
 * 8) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Verify the configuration using the following commands.
 * 2) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Verify the configuration using the following commands.
 * 2) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Verify the configuration using the following commands.
 * 2) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.
 * 1) Test the configuration using the following commands on the switch and the PCs.  Test all switch and PC addresses.  All tests should be successful.

Lesson Summary

 * A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
 * Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.
 * VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.
 * VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.
 * IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
 * Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
 * A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.
 * Switch port mode settings available are:
 * Access - Puts the Ethernet port into permanent nontrunking mode.
 * Trunk - Puts the Ethernet port into permanent trunking mode.
 * Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
 * Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
 * Nonegotiate - Disables DTP.
 * Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.
 * A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.
 * A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.
 * To add a VLAN and enter config-VLAN submode on a switch, use the  command in global configuration mode.
 * To name a VLAN on a switch, use the  command in VLAN configuration mode.
 * To set the interface type, use the  command in interface configuration mode.
 * To set the VLAN when the interface is in access mode, use the  command in interface configuration or template configuration mode.
 * To set the trunk characteristics when the interface is in trunking mode, use the  command in interface configuration mode.
 * To display VLAN information on a switch, use the  command in privileged EXEC mode.
 * To display the administrative and operational status of a switching (nonrouting) port, use the  command in user EXEC or privileged EXEC mode.

Key Terms

 * access interface
 * A network link carrying a single VLAN, without VLAN tagging.


 * trunk interface
 * A network link with VLAN tagging, able to carry multiple VLANs.


 * trunking administrative mode
 * The configured port trunking setting.


 * trunking operational mode
 * The current trunking behavior of a given port after negotiating with the neighboring port.

Assessments

 * Flashcards: Quizlet: CCENT - VLANS
 * Quiz: Quizlet: CCENT - VLANS