CCNA (200-301): Ethernet Trunking and VLAN Pruning

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey welcome back to the channel everybody this is Kevin and in this week's video we're gonna take a look at e3 net trunks on our Cisco Catalyst the switches now a trunk is a connection that has the very unique ability to carry traffic for multiple VLANs in other words multiple subnets over a single connection that way if I've got a couple of switches and they each have a set of ten VLANs I don't have to use one physical connection for one VLAN and another physical connection to interconnect that other VLAN no I just have one connection and all the VLANs can use that single connection and this is a topic that we cover in our CCNA video training series for exam number two hundred eyes three zero one and this video it's divided into three different parts in part one you're going to learn the theory of trunking then in part two you'll see how to configure an Ethernet trunk and finally in part three you'll learn how to limit what VLANs are allowed to flow over a trunk using a feature called VLAN pruning and if you enjoyed this video please do me a favor and click the like button down below and also subscribe to our channel so you don't miss any of our weekly content now let's jump into our discussion of Ethernet trunks in this video we want to talk about Ethernet trunks the cool thing about a trunk is it allows us to send traffic for multiple VLANs over a single connection that way if I have five VLANs on one switch and five VLANs on another switch if I want to interconnect those VLANs so that VLAN 100 on switch one can talk to VLAN 100 on switch two instead of having a dedicated port to interconnect every single VLAN I can just use one port I can use a trunk port and the most popular type of trunk we see today is an I Triple E 802 dot1q trunk no Cisco does have its own proprietary trunking approach it's called ISL interests which link but cisco has largely been moving away from that now and pretty much everything we see these days is a dot1q trunk and a dot1q trunk is going to add 4 bytes to an Ethernet frame we'll check out the format of an Ethernet frame in just a moment but it's gonna add four bytes to every VLAN except the native VLAN of the native VLAN that's the one VLAN on a dot1q trunk that does not get tagged traffic in the other VLANs does get tagged and that tagging identifies the VLAN membership let's take a look at the format of an I Triple E 802 dot1q frame here we see the format of a basic Ethernet frame down at layer one we have a seven by preamble and a one byte sof or stark a frame delimiter these bytes are essentially announcing that here comes an Ethernet frame think of somebody blowing the trumpet to announce Tom Tom here comes an Ethernet frame but that's at layer 1 up at layer 2 we have a six byte destination MAC address remember a MAC address is 48 bits in length well that's what six bytes is it's 48 bits we then say from Winsted this frame come what's the source MAC address that's six bytes then we have a 2-bike type field saying what type of data is contained in this Ethernet frame and typically the type is either IP version 4 or IP version 6 and then we've got a frame check sequence an FCS of four bytes at the end just to do some error checking to make sure the frame was not corrupted in transit but when we have an 802 dot1q frame and who say that we're tagging an Ethernet frame what we're doing is we're adding four bytes right in between the source address and the type field we're adding a couple of bytes to say what kind of tag is this and then we have a tag control identifier that takes up a couple of bytes so we've added four bytes to this frame and inside of those four bytes we're saying hey this is a member of VLAN 100 as an example and remember there's one VLAN that doesn't get this tag and that is the native VLAN and we can configure our switch ports to be trunk ports instead of access ports in fact we can set it up such that a trunk can form dynamically let's take a look at some of those options the protocol that lets that happen is called DTP the dynamic a trunk protocol our switch ports can be access ports an excess port is going to connect out to a single n station it's a mem of one VLAN a trunk port is going to be a port that can carry traffic for multiple VLANs so we can hard code a truck as being a one or the other access or trunk or we could be dynamic we could be either an access port or a trunk port based on what the other end of this connection wants to do that's where DTP comes in DTP allows us to send messages to the other side to determine hey do you want to become a truck or not and on many of our Cisco Catalyst switches the default mode is dynamic auto dynamic auto says I'm willing to become a trunk but I'm not going to initiate the formation of a trunk I'm not going to send a DTP frame to the far side saying hey let's be a trunk but if the other side will suggest it I'm willing and we'll set up a trunk it's kind of quit my wife and I are trying to decide where to go eat for dinner sometimes hey where do you want to go honey oh I don't know where do you want to go and we just go back and forth and nobody will initiate and suggest a specific restaurant that's very similar to what's going on here neither end of this link is suggesting that we become a trunk however if one end is set to dynamic desirable then it will send a DTP frame to the other side and if it's set to dynamic auto at that other side that dynamic auto port will see this incoming frame saying hey do you want to be a trunk and if we're set to dynamic Auto will say sure we'll be a trunk and a trunk will form in fact let's go through all the different combinations and permutations in the table at the bottom of the screen if one side let's say switch 1 is set to an access mode it doesn't really matter what the other side is set to because a trunk is not going to be formed if one side is hard-coded as an access port let's say that one side is a trunk and one side is set to dynamic desirable will the trunk come up then it sure will because if we set the port to a trunk mode not only have we made it a trunk it also sends those DTP frames and when the dynamic desirable port at the far end sees that it's gonna become a trunk port as well same thing with dynamic auto on one side and trunk on the other the trunk will send the DTB frames that'll be seen by the dynamic auto port and a trunks gonna come up and of course if we set both sides to a trunk they are by definition both trunk ports and we have a trunk between them if both sides are dynamic desirable that's fine they'll send DTP messages to one another if one side is dynamic desirable and one side is dynamic auto that will work because the dynamic desirable that's example I gave you earlier we'll send the DTP frame to the other side saying hey do you want to be a trunk and dynamic auto would say yeah I'd love to be a trunk and a trunk is gonna form the only other option where a trunk does not form is where both sides are set to dynamic auto and this is what we have in a lot of our default Cisco Catalyst switch configurations both sides are willing to form a trunk but nobody is suggesting it however we'll be able to go in and do some configuration to influence ports to form trunks in this video we want to set up a couple of trunks one between SW 1 & SW 2 and another between SW 1 and SW 3 and let's begin by looking at the port that's going to go from SW 1 down to SW 2 it's a fast ethernet 1/2 0 / 13 on SW 1 let's do a show interfaces fast ethernet 1 / 2 0 / 13 switch port and we currently see that we're in the dynamic auto mode which means if I receive a DTP frame suggesting that a trunk be formed will form a truck on this interface however the other side of this link is also set to dynamic auto so if both sides are set that way a trucks not going to be formed so we'll want to enable DTP frames to be sent from this port and I don't really want the trunk encapsulation to be negotiated I want a hard code that to dot1q now let's take a look at the port going down to SW 3 that's fastethernet 1/2 0 / 14 and it's got a similar configuration it's also configured for dynamic auto and we're negotiating the trunk encapsulation type so let's do a couple of different things here let's hard-code the trunk encapsulation on both of these ports to be I Triple E 802 dot1q and let's configure the native VLAN to be 100 as something other than the default and that's going to need to match at the far end so let's set that up on interfaces of Fast Ethernet once I should 0 / 13 with a mode of dynamic desirable this is gonna cause it to send DTP frames down to switch SW 2 and then just to illustrate that setting the mode to trunk will also send DTP frames let's set the mode of fast ethernet 1/2 0 size 14 that goes to the SW 3 let's set that to the trunk mode will just confirm right now that we don't have any trunks I'll do a show interfaces truck command we don't have any right now so let's get started with our truck configuration for the link between SW 1 and SW 2 I'm gonna create a VLAN of 100 and we're gonna make that our native VLAN so let's add a VLAN of 100 I'll say VLAN 100 and I'll give it a name of I'll just say native it doesn't have to be called that I'll just remind myself if that's gonna be acting as the native VLAN let's now go into interface fastethernet 1/2 0 / 13 and instead of negotiating of the trunk encapsulation type which will often negotiate two ISL which we probably don't want we want to hard-code that do not one key let's say switch port trunk encapsulation and context-sensitive help shows we could negotiate it we could hard-coded I a cell or we could hard-coded to dot1q I want to hard-code this to dot1q and I also want to set the native VLAN to 100 to do that will say yeah switchboard trunk native VLAN 100 and we want to get out of that mode of dynamic auto we want to go to dynamic desirable we're going to say switch port mode dynamic desirable this is gonna cause us to proactively send DTP frames now we're going to go down and we're going to come back up and we're probably gonna get some error messages on screen because we have an inconsistent native VLAN the far side even though we said let's bring up a trunk the other side has a different native VLAN so we need to go configure that on switch SW too so let's go to have the switch SW - and let's create VLAN 100 since I don't think we have it let's check let's do a show VLAN brief know we do have a native VLAN I guess VTP educated SW - about that so we do have a VLAN of 100 let's say that that's our native VLAN we'll do that on port fastethernet 0 sorry let's go into global configuration mode and I'll say interface fastethernet 0/1 native VLAN 100 hopefully that'll make those pesky error messages go away on SW 1 let's go check hopefully we won't get any more error messages like that now what we want to do now is set up a trunk between SW 1 and SW 3 and to just show that setting the mode to trunk will send e TP frames let's set the mode on fastethernet 1/2 0 / 14 to trunk will go into interface fastethernet 1/2 0 size 14 and i'll say switch port trunk we're going to hard-code the encapsulation 2.1 queue let's set the native VLAN to 100 switch port trunk native VLAN 100 and here we're going to set the mode to trunk and we're done with our configuration on switch SW 1 now let's go down to SW 3 and make sure that we also tell it to use 100 as its native VLAN let's go over to SW 3 and does it know about VLAN 100 let's do a show VLAN brief command yes it does it learned that via VTP so let's go into interface fastethernet 0/1 will say switch port truck native VLAN 100 now we should have two trunks set up on switch SW 1 let's go confirm that they are up and operational and that those error messages have stopped about mismatch 2 native Elance let's do a show well we just got a message that the consistency is now restored so that's good news let's do a show interfaces trunk command and we see that we have two trunks the mode is set to desirable for the trunk going down to SW 2 specifically we were set to dynamic desirable and the mode is set to on for the trunk going down to SW 3 specifically it was set to the trunk mode we hard-coded the encapsulation to be a toe 2.1 queue for both trunks and we are currently trunking and we see that we have a non-default native VLAN of 100 and that's a look at how we can dynamically create trunks on our Cisco Catalyst 2 switches in our previous video we set up a couple of trunks we set up a trunk of going from SW 1 down to SW 2 and another trunk are going from SW 1 down to SW 3 now let's take a look at those trunks let's do a show interfaces trunk command and we can see those two trunks but I want to draw your attention to the VLANs allowed on the trunk notice that it allows all possible VLANs VLANs one through four thousand and ninety-four something we might want to do with our trunks is to limit the VLANs that are allowed to flow over specific trunks that could help us from a security perspective because by default all VLANs are allowed over a trunk including unknown unicast broadcast multicast traffic for all those VLANs and limiting or what we call pruning a VLAN from a trunk can also help us out with qualities our we don't have to send unnecessary traffic over a trunk if it's not needed we can reduce the load on that trunk link now one thing you might be surprised about if you look at the very bottom of this output you'll see that VLAN one is conspicuously absent from this bottom port fastethernet one size two zero size fourteen what's up with that well it's not that it's pruned or off of that port it's simply being blocked by spanning tree protocol but let's say that we did want to explicitly deny a VLAN from flowing over a trunk how can we prune off unwanted VLANs well for our example let's say that we don't want to allow VLAN that 200 to flow over the trunk on interface fastethernet 1/2 0 / 13 context-sensitive help can give us some guidance in doing this let's go into global configuration mode and we'll hop into that interface interface fastethernet 1 / 0 / 13 and let's say switch port trunk allowed VLAN and we'll get some context-sensitive help and we see that we could create a listing of allowed VLANs by adding VLAN IDs we could separate those with commas we could say for example 1 comma 100 comma 200 but maybe we've already given that command and we've got this big long list of VLANs added to our configuration if we just want to add one more VLAN to that list we could use the add at keyword now the all keyword obviously that's going to allow all VLANs across the trunk while the except keyword allows all VLANs with the exception of the VLANs that we specify and the none option that's going to prevent any VLANs from flowing across the trunk while the remove option removes one or more VLANs that were previously permitted to begin with let's add the individual VLANs that we want to be permitted will permit VLANs 1 and 100 but we will not permit VLAN 200 let's do a switch port trunk allowed VLAN and I'll say 1 comma 100 let's see what our trunk configuration looks like now let's do a show interfaces trunk and now we see that the allowed VLANs over that specific port are just VLANs 1 and 100 VLAN 200 is no longer allowed neither is any other VLAN for that matter that's one approach but let's examine a different way to accomplish exactly the same thing to begin with let's negate what we just did let's go back into interface configuration mode and I'll just put a no in front of that previous command and now we're going to say that we want to allow all VLANs except 200 let's say switch port trunk allowed VLAN and we'll use the except keyword and I'll say accept 200 now let's see what our trunks look like we'll do another show interfaces trunk here we see that we allow all possible VLANs in the range of 1 through 4,000 94 but we skip over VLAN 200 we allow everyone except VLAN 200 and that's a look at some different ways that we can prune off or exclude VLANs from flowing over a specific trunk [Music] you

Info

Channel: Kevin Wallace Training, LLC

Views: 8,160

Rating: 4.9550562 out of 5

Keywords: ccna, ccnp, ccie, cisco, cisco cert, 200-301, 350-401, encor exam, ethernet, ethernet trunk, vlan pruning, #kwtrain

Id: tZ7YrG_AfL4

Channel Id: undefined

Length: 17min 56sec (1076 seconds)

Published: Wed Mar 25 2020