VLAN Trunk Links | Network Fundamentals Part 13

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] using VLANs is like breaking a physical switch into a few virtual ones but eventually we'll need more physical ports which means more physical switches how do we get our VLANs to work across several switches like the many branches on a tree trunk we can use a trunk link to carry many VLANs sound confusing hang around it's all gonna make sense soon [Applause] [Music] if the company we work for grows then they're going to need more computers printers servers and other devices these all connect to the network which means they all need more switch ports to connect to so eventually we buy more switches normally we would connect one switch to another to extend our number of ports but we have cut our network into VLANs now so how do we connect the two switches together should we perhaps run a link between each switch for each VLAN well we could we could make that work but what happens if we have many VLANs if we need a link for each VLAN we will use up our ports again pretty quickly leaving less for the new devices that we need to connect and then what happens if we want to add a third switch or a fourth clearly this method is not scalable meaning that it's growth is severely limited instead we are able to use a single link which is capable of carrying all of our VLANs this uses a technology called trunking or tagging in the last video we saw how to add devices to a VLAN the type of port they connect to is called an access port typically we would connect workstations printers servers and phones to an access port this will have one data VLAN and maybe one additional VLAN for voice which I'll talk about in a minute when we connect two switches together we configure these ports as trunk ports trunk ports are able to have many VLANs configured on them at one time if you have trouble remembering the difference an access port is how workstations access the network trunk ports are like a single tree trunk we have many branches or VLANs so we are left with an interesting question why do we want to use VLANs to separate traffic if a trunk link just mixes them all together again well let me give you some good news the traffic doesn't fully get mixed together it goes over the same link sure but it won't leave its VLAN this is thanks to our good friend Ethan it as a reminder he is the ethernet header think of a device on a VLAN sending a frame it goes to an access port which is configured with a VLAN so the switch knows which VLAN this frame belongs to when the frame reaches the trunk link the switch will add a four byte tag to the Ethernet header the tag contains a few different types of information but the only part we care about right now is the VLAN ID please note it's just the VLAN ID and not the villain name that we configured in the last lab this means that VLAN names are locally significant to each switch and they don't have to match on two different switches when the frame arrives at the destination trunk port the switch looks at the tag and knows the VLAN that this frame belongs to it can now strip the tag from the frame and deliver it to the destination workstation so the workstation will never see the VLAN tag in fact it doesn't really even know that it's in a VLAN and here is a key point for you a trunk link extends VLANs from one switch to another VLANs are in a broadcast domain trunk links also extend broadcast domains across switches so broadcast messages will stay within a VLAN but will pass over a trunk to other switches and the same is true for flooding any frame that needs to be flooded will stay within the VLAN but will travel over the trunk links to other switches and once again Cisco's terminology is a little bit different to everyone else's to start with a trunk port is really a tag de port this is because of the tag that is added to the frame as it passes between the switches also an access port is really an untagged port remember how I said that there is no tag in the ethernet frame when it was delivered to the workstation that's why it's called an untagged port don't worry too much about which terminology you use they're both really well known it's still a good idea to understand both so you'll always know what other people are talking about though when it comes to tagging there are two ways it can be done the first is called arrow 2.1 cue which was developed by the I Triple E everyone supports this standard and this is what I've been describing so far because this is an I Triple E standard all switches can use it which means a trunk between switches from different manufacturers is possible the second possibility is called ISL or inter switch link this is Cisco's original trunking standard and is much older than attitude at one cue this one's getting pretty rare these days in fact I've never actually seen it in production myself but you do still see it mentioned in some documentation and you can still configure it on some switches so you need to be aware that it's out there but in most cases forget ISL and focus on 802 or 1q earlier I mentioned voice VLANs these are important if you have IP telephony in your network if you're not familiar with that term IP telephony is where you have phones connected to your network in a case like this you would probably have a phone and a workstation on each desk your workstation would belong to a data VLAN while the phone would belong to a voice VLAN so based on what we've talked about so far you would probably connect the workstation to one port on the switch and the phone to another but usually phones are a little bit special they have a miniature 3 port switch built in so we can connect the phone into the switch and the workstation to the phone the third port is hidden from sight it's inside the phone connecting to the phone Hardware why would we do this well there's two reasons for one there's less need for ports in the main switch secondly you don't normally connect phones and workstations directly into a switch they normally go into a wall socket with cabling through the wall which is eventually connected to the switch so with less connections to the switch there's less need for cabling which can be expensive to install anyway the link from the phone to the switch is like a mini trunk link except it carries only two VLANs the data VLAN and the voice of e LAN we'll have a goal configuring this later voice networking is a subject entirely of its own so we're not going to get any deeper into voice than that though right let's try some of this in the lab our topology is very similar to the last video in fact logically it's the same network however you'll see some differences in the physical topology we've now added an extra switch which will mean configuring a trunk link we've also removed a physical link from the router and we'll see what that's all about a bit later on I hope this helps to explain why we have logical and physical diagrams we can make changes to the way the network is physically deployed without really changing the logical component of the network itself so the basic config from the last video is still there from the point of view of the workstations not much has changed we do have two switches now and one workstation and one server haven't moved to the second switch I've already moved the config for these ports to the second switch so you won't need to worry about that and just for a quick review this is how the workstation ports are confirmed it is very simple just one line to put them in the right villain these are access ports which I hope makes a bit more sense to you now after a bit of an explanation than it did in the last video but access ports aren't the only option we have another possibility is to configure a port with a voice VLAN unfortunately I don't actually have a VoIP phone to connect through this lab but we're gonna pretend that we do and we'll configure the port just like we normally would so we'll start by configuring VLAN 110 and we'll give it the name voice this is exactly the same as before there's no fancy configuration here next we can figure out interface as I said before it's not connected to anything but you'll get the idea first I'm going to force this port to be in access mode switch ports have the ability to dynamically decide what port type they are so forcing it is kind of optional the way the dynamic nature works is a bit adverse for now so I'm not gonna explain that just yet but the short of it is I like to set the ports manually this is especially useful if other people have been working on the switch and may have changed the default values we can now set the voice VLAN this still uses the switch port command so this should be quite comfortable sorry I've done that wrong that should be in VLAN 100 and 10 and finally we set the access port as well so keep in mind that when you have a phone connected you set the voice VLAN as well as a separate access VLAN now let's go back to that trunk link we haven't config yet so as you would imagine if we jump onto workstation 1 and we try to ping workstation 2 it's gonna fail so for this to work we need to configure a link that allows us to add VLAN tags to the frames that we'll pass between the switches the good news is it's not really difficult to do it all let's start over at switch 1 and enter into interface configuration mode the first step is to set the encapsulation type there are three options we could configure which are dot1q ISL and negotiate negotiate is that dynamic port type that I was talking about earlier so we'll ignore that for now of the other two options we want to use dot1q which is the most common form of tagging now we need to configure the port type previously we've configured access ports but on this occasion we're going to use a trunk port remember that a trunk port allows frames to be tagged with a VLAN ID we need to do the same over on switch 2 I've made switch to CL I look purple so it's easy to tell which is which is which so I hope that doesn't hurt your eyes too much when we configure trunk links we have the option of allowing some VLANs while disallowing others this is called pruning and we do this with the switch port trunk allowed VLAN command if we don't use this command all VLANs are allowed over the link if we do use this command only the VLANs in this list are allowed we don't really need it for what we're doing today but you will see other people doing this regularly which is why I wanted to mention it there's a few things that we should do to make sure that we've been successful show interface a switch port is one of the commands we can use and it gives us a lot of information but before we dig into this let me just show you a quick trick when a command gives you too much information there's an extra CLI command that you can use to filter this down a bit after you type your command enter the pipe symbol next we're going to use an extra command called begin this will look for whatever pattern you give it and it will start displaying the output from that point forward so we'll use begin GI 0/2 this will start the output at the point where GI 0 slash tooth first shows up pretty neat huh so in this output there are a few points of interest first we can see the port type in our case ear to trump port we can also see the type of encapsulation that we're using as well as the VLANs that are allowed over the link another command we can use is Shou interfaces trunk for a trunk port this gives us similar information but is a little bit tidier you should know though that this is only for trunk ports as the name suggests so access ports won't show up here but the best way to prove that this is working is to head over to workstation one from here we can see that traffic is successfully flowing across the trunk link to workstation - so do you understand what's going on find out by testing yourself with this quiz if you have any questions let me know in the comments when you first turn on a switch all the ports will by default belong to VLAN one we don't do anything to configure VLAN one it's just always there so is VLAN one special in any way the answer is a little bit tricky but on a Cisco switch VLAN 1 is indeed a little bit special from time to time there is a need to pass control traffic between devices so I'm not talking about a workstation sending traffic through a switch here I'm talking about a case when two switches are connected together like in our lab we're gonna see this a bit later on with an example protocol called CDP but the key point here is that control traffic between Cisco switches use VLAN one keep in mind that other switch vendors may have a different way of approaching this so don't try to remove VLAN one I don't even think you can remove VLAN one now I think about it also it's a good practice to keep your devices like your workstations and printers and so on on a separate VLAN just leave VLAN one for this control traffic there's another special VLAN that we need to consider this is called the native VLAN the native VLAN was created to support devices that don't support VLANs think of a hub or a cheap switch for example if you connect one of these devices to a trunk link they won't be able to tag any of the traffic they send so which VLAN is this traffic a part of the answer is the native VLAN by default the native VLAN is vlm one but we can change this to another villain if we want to in fact will see this in a lab soon but before that consider what happens if traffic passes from a switch to a hub any frames that are part of the native VLAN will be sent out untagged this keeps compatibility with these non VLAN enabled devices time to head back over to the lab this is the same one from before so there's no surprises we can show a villian summary to see how many VLANs have been configured on this switch this doesn't give us a lot of information though so I prefer to use show VLAN brief now see how VLAN 1 is there even though we didn't configure it VLAN 1 is always there by default on Cisco switches if we have a look at an unused port using our show interface switch port command we can see that it's already in VLAN 1 all ports on a Cisco switch are in VLAN 1 by default looking at our trunk link we can also see that VLAN 1 is the native VLAN this is also how Cisco switches are configured by default but it doesn't have to be that way we can set the native VLAN to nearly any number we want under interface configuration mode we can use the switch port trunk command to change trunking parameters for example where you could change the native VLAN to be VLAN 2 although we're not seeing any problems here this will eventually generate some warning messages this will happen because switch 2 is still using VLAN 1 as its native VLAN well it's not mandatory it is a good idea to have both switches use the same native VLAN for now though we'll just put it back to VLAN 1 but how do the two switches know that there's a mismatch how does one switch know how the other is configured it does this by using a protocol called CDP or Cisco discovery protocol this is one of those types of traffic that flows between the switches themselves and will always use VLAN 1 this is a little bit off topic but I think it's worth a quick look so a CDP is a Cisco made protocol if two devices that are connected together support it they can learn about each other on most Cisco switches it is enabled by default which we can confirm with show CDP this is not too exciting so let's try show CDP neighbors here we can see that we've learned about switch to on interface GI 0/2 it also mentions GI 0/0 which is just something that my lab software does so don't worry about that one for today when we add the detail keyword we get a ton of more information for example we can see the native VLAN and that's how they detect our mismatch we can also see the iOS version that the connected device is running an interesting point is the capability section this tells us what features our switch thinks the connected device is capable of if we really wanted to we could disable CDP with no CDP run some people like to do this for security reasons which is quite understandable this can be done globally like we've just done or we could disable it on some individual ports while leaving it active on others and of course we can enable it again with the CDP run so why do we use CDP well it helps with troubleshooting the network and is particularly useful if you haven't been keeping your network documentation up to date also if you're connecting Cisco phones CDP will help you to set up your voice network but as I said this is a Cisco protocol they made this years ago when there were no other options so what happens when you connect a device made by another manufacturer well some other vendors like VMware they do support CDP but a lot of vendors don't fortunately there is an alternative called lldp or link layer discovery protocol LLDPE is vendor-neutral so it's supported by a lot of vendors as well as Cisco and it does the same basic job as CDP justice with CDP we can enable or disable it globally or per interface it's disabled by default on this model of switch so we'll need to head over to switch to and enable it there if we're particularly security-conscious we can configure interfaces to only send or receive lldp traffic but we'll leave it all turned on for now lldp commands are basically the same as CDP and the output is very similar to you so just to see if you're following along he's a few more quiz questions that you can try see how you go now in the last video we connected a router to each VLAN to enable workstations and servers to communicate there were two VLANs so we use two links but what if we have ten VLANs do we need ten ports on our router does our router even have ten ports what if we needed 30 VLANs this is the same concern we faced with our switch is earlier we solved this by using a trunk link the good news is that routers can also use trunk links this might sound surprising as trunking is a switching technology but you'll find that the lines between routers and switches are sometimes blurry routers will support some switching functions like trunking and switches will support some routing functions too but they still behave a little bit differently routers primarily deal with routing which means their interfaces need IP addresses this is what the workstations and servers will use as their default gateway but how can we port an IP address in each VLAN how does the router know which IP address belongs in each VLAN the answer may surprise you the routers physical interface is connected to the switch but the physical interface can be divided up into several virtual sub interfaces this is very similar to how we divided our switch into several VLANs on a router we divided up interfaces and we map each one to a different feeling and once we have several virtual interfaces we can figure them independently this includes a different IPS for each one and these interfaces even though their virtual still behave like regular interfaces so we can still use them to route traffic between VLANs this way of configuring the router is called router on a stick or ROAS it's called this because the single trunk link between the router and switch looks a bit like a stick maybe is easy to see this in action back to the lab we go you we need to configure the router sport as a trunk to this uses the same concept but the commands are a little different step one is to make sure that the physical port is up with the no shut command next we create our first sub interface this is done by entering interface configuration mode using the physical interfaces name followed by a dot and then a number I always use the VLAN ID as the number as it makes it easier later on under interface configuration we now set the encapsulation type to 802 dot1q so it matches our switch we also need to include the VLAN ID and once that's done we can figure the rest of the interface just like we would for any other interface which includes setting an IP address and if we wanted to a description of course we now need to repeat the process for a sub interface on VLAN 20 the IP addresses that we're adding to the sub interfaces are the default gateways that the workstations and servers are using now we can go and confirm it's working over on workstation one let's start by pinging the routers sub interface and that looks good so now we can try pinging a server in VLAN 20 this also looks good and finally just to prove that there's no trickery going on we can run a traceroute to confirm that the traffic is going through the router and that's the lab configuration done I highly recommend that you try this yourself either build your own lab or download the one-off pre-built for you and of course try to answer the quiz questions to check your understanding we've now covered the basics of VLANs including how they work and why we use them you will see them a lot so get as familiar as you can with them we're going to step it up in the next video and see how we can limit the traffic between our two VLANs using the router I hope to see you there
Info
Channel: Network Direction
Views: 50,796
Rating: undefined out of 5
Keywords: Network direction, Cisco, Ccna, Trunk port, Trunking, Tagging, Vlan, Beginner, 802.1q, Isl, Layer 2, Access port, Voice vlan, Cdp, Lldp, Ethernet, Roas, Router on a stick, Untagged, Ieee, Dot1q, Ping, Traceroute, Switchport, Vlan 1, Native vlan, network fundamentals, trunk ports explained, trunk port configuration cisco, trunk port vs access port, trunk port and access port difference, trunk port cisco switch, trunk port configuration in cisco switch, trunk port configuration, free ccna
Id: m2PaaICoGzw
Channel Id: undefined
Length: 26min 33sec (1593 seconds)
Published: Tue Jun 25 2019
Related Videos
Understanding Access Control Lists | Network Fundamentals Part 14
Network Direction
62K
IEEE 802 1Q: Tagging and Trunking 101
Sunny Classroom
142K
How VLANs Work | Network Fundamentals Part 12
Network Direction
67K
Cabling Devices | Network Fundamentals Part 2
Network Direction
507K
How TCP and UDP Work | Network Fundamentals Part 7
Network Direction
110K
802.1Q and Trunking 101
Keith Barker
262K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Cisco CLI for Beginners | Network Fundamentals Part 10
Network Direction
135K
Advanced Networking Devices - CompTIA Network+ N10-007 - 2.3
Professor Messer
86K
Subnet Mask - Explained
PowerCert Animated Videos
406K
200-301 CCNA v3.0 | Day 11: VLAN Foundation | Free Cisco CCNA
NetworKing
418K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
272K
How Switching Works | Network Fundamentals Part 11
Network Direction
89K
Trunking - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012
Sikandar Shaik
77K
Don't Talk to the Police
Regent University School of Law
16M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.