Cisco VLAN Trunking - Cisco VLAN Configuration Step By Step Part 2 - Trunking and DTP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys welcome to part two in the cisco VLAN series this video I'm hoping won't I try to keep the videos as short as I can and hopefully this one won't run too long but there a couple things we can discuss here that may get a lot a little long-winded but I'm going to try to avoid that at all costs in part one we configured an accounting VLAN and a marketing VLAN on a single Cisco Catalyst 2960 switch here in building one in this video we're going to expand our network to building two by connecting another Cisco Catalyst which in that building to our existing switch in the new building we're also going to have a an accounting user and a marketing user so we're going to need our VLANs to span across both switches and in order for that to happen we have to use what is called chunking as I mentioned in part one a trunk is basically a link between two switches however that statement wasn't totally accurate you can have a link between two switches that is not a trunk the link can become a trunk in one of two ways you can either manually configure the ports on each end to be trunk ports or the switches can auto negotiate that connection to determine whether they will form a trunk but before we get into that let's talk about what a trunk is and talk about why we need them a trunk is a link between two switches that can carry traffic from multiple VLANs so in our case we're going to need a a trunk here because we're going to want to carry traffic from VLAN 10 and VLAN 20 whereas these ports here that we set up our pcs on there access ports and can only belong to one VLAN APC let's elaborate on that a little bit a PC itself it has it's not VLAN aware it has no idea what VLAN it's in and it could care less so for that reason if we want the traffic from pc1 to be on a specific VLAN we have to configure that port to be on a specific VLAN if this port word word trunk port let's say in it it could carry traffic from be any VLAN and we plug in this PC well how does the PC doesn't know where it's reveal and it's on to the end without the port being assigned to a specific VLAN then you know we've kind of defeated purpose there so that's why the access ports are allowed to one VLAN only now in our example like we said we have two VLANs configured we've got VLAN 10 for our accounting users and we have VLAN 20 for our marketing users we're going to add another switch and our link between it has to be a trunk port in order to carry multiple VLANs so let's put on our thinking caps for a minute because we got a they've made it probably a little more complicated than it needs to be but there are four chunking modes one of them we have already learned about and that is access mode access mode means the port belongs to one specific VLAN so obviously these are the the ports that your PCs your printers your servers that type of thing plug into or you're going to set those ports as access ports the next mode we're going to talk about is trunk mode now this is when you configure a switch port specifically to be a trunk port and it's a trunk port period there's nothing that's going to change that unless you automatic unless you manually go in and configure that port to be something other than trunk mode the two other modes we're going to talk about our dynamic auto and dynamic desireable these modes can dynamically negotiate whether the port is going to be a trunk port or not based on what the switch on the other end is set to dynamic auto does not actively seek to be a trunk it doesn't it is never trying to be a trunk but if the switch on the other end wants to be a trunk and is actively seeking to be a trunk the trunk will be formed so dynamic auto kind of just sits there and just waits until somebody asked it to be a trunk so in other words if switch one had its port set to dynamic auto and the port on the switch to that it was connected to was in either trunk mode or dynamic desirable a trunk would form between the two however if the switch 1 port was set to dynamic auto and switched to sport was also set to dynamic auto the trunk would not be formed because neither of those ports are actively trying to become a trunk port dynamic desirable is actively trying to be a trunk port so if the port on the other end is either auto or trunk mode a trunk will be formed because the Namek desirable sitting over there coin I want to be a trunk I want to be a trunk so if it meets one that is a trunk alright cool where a trunk if it meet one that is an auto auto will be like okay if you want to be a trunk wouldn't be one great so that's basically it now the last thing I want to talk about in in regards to trunk modes or sorry trunking modes is a best practice and I think the best practice is to put all your ports in access mode right out right out of the gate turn everything into access mode and then when you know you have a port that you want to be a trunk port manually set it to trunk mode and here's the reason I say that let's let's have an example here where this accounting VLAN is has a lot of information that you don't want to get into the wrong hands so we've got a you know a few users that have access to that VLAN 10 but no one else should ever see to be able to get to that VLAN now by default a 2960 switch all the ports are going to be set to dynamic auto and that's good to remember if you're taking your CCNA exam you may be asked about that it's when I'm making this videos 2015 the current CCNA I believe is based on the 2960 switch previous version of the exam I believe we're based on the 2950 and the default on that is dynamic desirable so you may need to know the difference there but on a 2960 switch the default for the ports is dynamic auto now why is that a bad thing okay let's say we've we've got these guys in access mode on VLAN 10 and a hacker comes in sits at an empty cubicle he brings his own Cisco switch and he sets his port to trunk mode and he plugs into an empty port on your switch what's going to happen well he set the trunk mode your switch is set to dynamic auto so a trunk is going to be formed so that hacker can at that point configure any pour it on his switch to be in VLAN 10 so now he has access to VLAN 10 which is supposed to be totally secure so for that reason that's why I say you know put everything in access mode and then only turn on trunk mode when you know that you need it okay so that was the part of the video that I thought was going to probably take a little too long because I know watching these videos after about 20 minutes people start nodding off including myself so let's go ahead and start talking about how we're going to configure our network here all right the first thing we're going to do is take a look at switch 1 and here's another command for you show interface sorry show IP interface brief so that's just going to show us the port's we have here on our switch it's a bunch of fast ethernet ports and we've got two Gigabit Ethernet ports so we're going to use a Gigabit Ethernet oh one on this switch and on the other switch to be our trunk link there so now let's go into configuration mode or no sorry I'm going to show you one other command let's say since we know we're going to use Gigabit Ethernet one let's say show interface Gigabit Ethernet one and then put switch port at the end of that command and it shows us some interesting info here so here's our mode like I said dynamic auto by default another thing to look at here encapsulation there are two different encapsulation modes that you can use there's um dot1q and there's ISL is l is a cisco proprietary encapsulation method you don't really see it that much dot1q is kind of the industry standard I believe now even some of the Cisco switches maybe don't even let you use ISL so I just wanted to to point that out you see our negotiation of trunking is on but what we're going to do for our examples we're just going to manually set this mode to trunk so let's go to configuration mode go to the gigabit interface oh 1 and switch port mode and weave in type of question mark so you can see what we've got access mode we've used before and like say we've got we can manually set it trunk or we can set it to dynamic so I'm just going to show you that dynamic and we've got the options of auto and desirable we're going to just set it manually to trunk mode and actually what we'll do this will be kind of interesting well we're go ahead and show you how the auto negotiation works but then we'll set this later so let's see I may have played around with this one but um let's do shoe interface keep it Ethernet Oh 1 switch port yeah I've already got it set to trunk but let's do this let's uh let's change that to dynamic auto what kind of ill will test out our hacker theory here so we're going to connect our key bet youth in a 1/2 you're going to Gigabit Ethernet of one we'll give it a second until we see these turn green there's a command you might want to memorize show interfaces trunk that's going to show you the ports on your switch that are currently trunking there are that one set to auto the one on the other end was set to trunk and it is trunking so we've got a trunk formed so this switch had been a switch that a hacker brought in he'd be able to get into any V Landy ones from that point but let's go ahead and you know go with my best practice here and we're going to just set it manually to trunk there we go all right so we've got our truck formed so next step is we're going to make sure I've got my yeah my IP addresses are already configured so let's go ahead and connect our pcs so PC five we will connect to your port 5 PC 6 will connect port 6 now at this point let's go in here and you say we're on the same subnet as the PCs here in VLAN 10 but we haven't put our PC five into any specific VLAN yet so what VLAN out of being it would be in VLAN 1 by default right so our ping fails so let's go in here to point 5 switch porch mode we want to keep it in access mode and make it a member of VLAN 10 that's interesting to brand new switch we haven't configured any VLANs on it right so it doesn't know about VLAN 10 so now VLAN 10 has been created and this is a member of VLAN 10 now another thing we'll probably talk about in a later video is there's actually a way to make these switches learn the VLANs from the other switches on the network that's beyond the scope of what we're talking about here but just to let you know that that option is there another thing if your network small enough to get away with it keep that feature off all right so let's go ahead and try it again like that we're paying a PC on VLAN 10 from our location down here it's pretty cool or you know we had talked about one of the reasons for VLANs is that we can group our pcs logically instead of geographically so you know this building too could be you know in another state and here we are basically this PC appearing you know you would think it was physically on the same network but it's not they're in the same subnet but they're you know logically grouped instead geographically grouped alright so let's go ahead and do the same over here same thing didn't exist but now it does so let's share VLAN got ten and twenty and if we want to just to be consistent will go into VLAN 10 name it CC T and then we'll go into VLAN 20 name ma RK there we go and we'll also test this PC make sure we can paying something in the other location there we go and should not be able to pay anything in VLAN 10 I'll even try oops I did subnet 20 but it should have been 10 so we'll try to paint some I in the same office and yet fails alright so there we have it that's all for video 2 haven't decided yet whether there's going to be a actually well we'll go ahead and we're going to have another video in this series what we're going to talk about in the third video the series is what you would do in the situation where you know you're trying to limit broadcasts between these two VLANs but you still have a need to be able to get from one VLAN to the other let's say all your servers were in VLAN 20 you may not want all those broadcasts that the servers are sending back and forth to each other to you know be seen by these pcs but these pcs have to access the servers to get their files off the server so we're going to talk about how you would get from one VLAN to the other big hint is it's going to it's going to need to have routing involved so we'll talk about that in the next video thanks
Info
Channel: SkullBits
Views: 71,828
Rating: undefined out of 5
Keywords: vlan, icnd1, icnd2, ccna, 100-101, 200-120, how-to, configuration, cisco, switch, trunk, trunking, dtp, dynamic trunking protocol, cisco vlan trunking, cisco vlan configuration step by step, skullbits
Id: lnGogvK0jxY
Channel Id: undefined
Length: 20min 1sec (1201 seconds)
Published: Tue Jul 14 2015
Related Videos
Subnet Masks - How Subnet Masks Work
SkullBits
55K
Cisco VLAN Setup - Cisco Configuration Step By Step Part 1 - Creating VLANs
SkullBits
254K
Connect Cisco Router and Switch to ISP Home Router and Access Internet
Cisco Config
86K
Cisco Packet Tracer 2021 || ❗ Crash Course ❗
DigiDev
31K
Cisco VLAN Routing - Cisco VLAN Configuration Step By Step Part 4 - SVI
SkullBits
27K
#4: FortiGate: Basic Config of the firewall | VLAN, WAN, DHCP, IPv4 Policies | My Home Network
KBTrainings
106K
HOW TO CONFIGURE VLAN TRUNK | (VLAN PART 3)
NETWORKING PLUS
24K
MikroTik VLAN Configuration with Manageable Switch
System Zone
85K
you NEED to learn Port Security…….RIGHT NOW!! // FREE CCNA // EP 14
NetworkChuck
415K
How to configure DHCP for Inter-Vlans!
The Networking Doctors
302K
NAT basics for beginners CCNA - Part 2
danscourses
123K
VLANs and Trunks for Beginners - Part 6 VOIP
danscourses
376K
How to Connect to a Cisco Switch Using Putty (CCNA)
David Bombal
152K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.