====== Cisco Trunks ======
Nov 2017
\\
\\
THIS PAGE IS UNDER PROGRESS. THIS MESSGAE WILL DISAPPER UPON COMPLETION
\\
\\
{{:topologyvlantrunk.jpg?650|}}
\\
----
==== Introduction ====
In the previous topic regarding [[cisco_vlans_and_trunks_danscourses|Cisco VLANs and Trunks]] there are some videos outlining the theory of using VLANs and Trunks. Here we will look more at a worked example, and see some of the commands.
\\
\\
//**Why is using a Trunk port important?**// There are a few reasons for this, but from my perspective it is down to a new product that we have, the T1. The T1 is effectively a group of blades in a box with two switches. Access to the switches, which have a number of ports, is limited to just a few ports on the front panel. This means we really need to be able to group all of our multicasts in to a single source interface, and connect this to the T1.
\\
\\
{{ :mfelt1ciscotrunk.jpg?900 |}}
\\
\\
Looking at the above diagram, we see an example of some sources on the left (could be encoders, receivers or streaming devices) feeding a cisco switch. The Cisco could have one or more VLANs configured, and we need to get all of these VLANs in to a single interface in our T1. If you only have a single VLAN, then a Trunk port is not required, but in some way it would be a good practice to use a trunk port, as if you needed to add VLANs later, half your work is already done.
\\
\\
----
==== Example ====
\\
VLANs, while technically the same, can be broken down in to funciton. Some of these are:
\\
Default VLAN
Native VLAN
Data VLAN
Management VLAN
Voice VLAN
\\
I will discuss the meaning of these VLANs later, but for now I want to look at the configuration.
----
==== Default VLAN ====
\\
As the name suggests, the default VLAN is the VLAN that the interfaces are initially located in. On a Cisco this is VLAN 1. From the Cisco CLI you can use the command show vlan to list the currently configured VLANs.
\\
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Above we can see that VLAN 1 is listed as the default VLAN, this VLAN contains all the ports on the switch, this is how the switch will be configured from new when powered on.
\\
\\
----
==== Native VLAN ====
\\
\\
\\
\\
----
==== notes ====
Default VLAN
Native VLAN
Data VLAN
Management VLAN
Voice VLAN
Default VLAN is VLAN 1
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Cannot delete or rename vlan 1
vlan50
name student
vlan99
name mgt
exit
sh vlan
see vlan but no ports, need to assign ports.
int fa 0/10
switchport mode access
switchport access vlan 50
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/1
Gig0/2
50 student active Fa0/10
Switch(config-if)#ip address 192.168.99.2 255.255.255.0
Switch(config-if)#no shutdown
not using vlan 1 is better for security, as guessing a vlan or interface number is harder.
Native VLAN is important for Trunk Ports
Interfaces (access ports) are one port per vlan effectivly (but no vlan configured)
Trunk Port carries multiple VLANs across a single link (single interface)
virtual terminal
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config)#enable secret cisco
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Switch(config-if)#switchport trunk allowed vlan 1-99
interface FastEthernet0/1
switchport trunk allowed vlan 1-99
switchport trunk encapsulation dot1q
switchport mode trunk
port 1 no longer shown:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
50 student active Fa0/10
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Switch#sh interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-99
Port Vlans allowed and active in management domain
Fa0/1 1,50
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50
The native vlan defaults to vlan 1 (default vlan)
Protocol 802.1q is the trunking protocol that puts tags on packets as they traverse the trunk (vlan tagging)
If you have a device that does not support 802.1q, then the switch will put that traffic on the default vlan (if that vlan is allowed in the trunk)
(the defaul vlan is vlan 1 unless you changed it)
This traffic remains untagged.
Switch(config)#vlan 80
Switch(config-vlan)#name native
Switch#show interfaces fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1-99
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
set native vlan
Switch(config-if)#switchport trunk native vlan 80
show interfaces fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 80
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1-99
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 80
Port Vlans allowed on trunk
Fa0/1 1-99
Port Vlans allowed and active in management domain
Fa0/1 1,50,80
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50,80
native vlan for backwards compatibility, or non tagged vlan traffic.
REMEMBER TO DO THIS ON BOTH SWITCHES.
You will see this message after configuring the first switch, on the second switch.
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with Switch FastEthernet0/1 (80).
until you configure second switch.
(CDP Cisco Discovery Protocol) This message occurs if Spanning Tree protocol is on.
You will see an unblock message when second switch is configured.
%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0001. Port consistency restored.
do show ip interface br
Switch(config)#do sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset up up
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset up up
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
Vlan1 unassigned YES unset administratively down down
Vlan99 192.168.99.2 YES manual up up