Module 3: VLANs
•Instructor Materials
Switching, Routing, and Wireless Essentials v7.0 (SRWE)

Cisco Networking Academy Program
Switching, Routing, and Wireless Essentials v7.0 (SRWE)
Module 3: VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Instructor Materials – Module 3 Planning Guide
•This PowerPoint deck is divided in two parts:
•Instructor Planning Guide
•Information to help you become familiar with the module
•Teaching aids
•Instructor Class Presentation
•Optional slides that you can use in the classroom
•Begins on slide # 12
•Note: Remove the Planning Guide from this presentation before sharing with anyone.
•For additional help and resources go to the Instructor Home Page and Course Resources for this
course. You also can visit the professional development site on netacad.com, the official Cisco
Networking Academy Facebook page, or Instructor Only FB group.

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
§To facilitate learning, the following features within the GUI may be included in this module:
§
§
•
What to Expect in this Module
Feature
Description
Animations
Expose learners to new skills and concepts.
Videos
Expose learners to new skills and concepts.
Check Your Understanding(CYU)
Per topic online quiz to help learners gauge content understanding.
Interactive Activities
A variety of formats to help learners gauge content understanding.
Syntax Checker
Small simulations that expose learners to Cisco command line to practice configuration skills.
PT Activity
Simulation and modeling activities designed to explore, acquire, reinforce, and expand skills.

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Feature
Description
Hands-On Labs
Labs designed for working with physical equipment.
Class Activities
These are found on the Instructor Resources page. Class Activities are designed to facilitate
learning, class discussion, and collaboration.
Module Quizzes
Self-assessments that integrate concepts and skills learned throughout the series of topics
presented in the module.
Module Summary
Briefly recaps module content.
What to Expect in this Module (Cont.)
§To facilitate learning, the following features may be included in this module:

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Check Your Understanding
•Check Your Understanding activities are designed to let students quickly determine if they
understand the content and can proceed, or if they need to review.
•Check Your Understanding activities do not affect student grades.
•There are no separate slides for these activities in the PPT. They are listed in the notes area of
the slide that appears before these activities.
•
§

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Activities
•What activities are associated with this module?
•
•
•
Page #
Activity Type
Activity Name
Optional?
3.1.4
Packet Tracer
Who Hears the Broadcast?
Recommended
3.1.5
Check Your Understanding
Overview of VLANs
Recommended
3.2.8
Packet Tracer
Investigate a VLAN Implementation
Recommended
3.2.9
Check Your Understanding
VLANs in a Multi-Switched Environment
Recommended
3.3.11
Syntax Checker
VLAN Configuration
Recommended
3.3.12
Packet Tracer
VLAN Configuration
Recommended
3.4.5
Packet Tracer
Configure Trunks
Recommended
3.4.6
Lab
Configure VLANs and Trunking
Recommended
3.5.5
Packet Tracer
Configure DTP
Recommended
3.5.6
Check Your Understanding
Dynamic Trunking Protocol
Recommended
3.6.1
Packet Tracer
Implement VLANs and Trunking
Recommended
3.6.2
Lab
Implement VLANs and Trunking
Recommended

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Best Practices (Cont.)
•Prior to teaching Module 3, the instructor should:
•Review the activities and assessments for this module.
•Try to include as many questions as possible to keep students engaged during classroom
presentation.
•Topic 3.1
•Ask the class if they know what a VLAN is. A helpful analogy is that VLANs are like multiple
classes being conducted in one large common area.  Layer 2 VLANs are like walls that can be built
around the groups. However, layer 2 cannot create doors. We will see layer 3 help us with this.
Layer 2 can create broadcast domains, but cannot route traffic between these groups because layer 2
does not understand the IP addressing of each group.
•Explain that VLAN 1 is the default everything VLAN.  The reason for this is that the switch is
designed to function by default with out extra configuration. This is not best practice, but it can
do this. We can buy a switch, plug it in and it will function fine passing LAN traffic.
•
•
§
§
•
§
•
•
§
§

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Best Practices (Cont.)
•Topic 3.2
•Discuss the importance trunks compared to the legacy way of connecting. The legacy way connected
access ports for each VLAN between the switches. Obviously this could consume a lot of ports.
•Tagging is critical for trunking to work. Many years ago Cisco supported isl trunking, dot1q is
preferred on todays network for many reasons, one of the biggest reasons is because dot1q supports
QoS and isl does not.
•Ask the class why Voice VLAN is tied to an access interface and not a trunk. There are several
reasons for this. Back in 2005 a VoIP was connected to a trunk interface. Back then we did not have
port-security, which requires the end device to be connected to an access interface. Also
understanding why the phone should be traffic should be separated from the data traffic. First, UDP
and TCP traffic do not mix well because of TCP starvation. This is where TCP gets dropped when our
buffers get full because it will be resent, but then cuts it traffic in half. UDP takes more
bandwidth and repeats the cycle (TCP is dropped again and cuts it half by another half) until there
is almost no TCP traffic.

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Best Practices (Cont.)
•Topic 3.2 (Cont.)
•Voice traffic is some of the most sensitive traffic we have in regards to QoS compared to data
traffic.
•Also explaining how a VoIP phone boots up may help the class understand why voice and data traffic
are separated. When CDP tells the phone what VLAN it is on the phone will tag its traffic for DHCP
and request an IP address, but the DHCP server has some critical information to pass onto the
phone.  Option 150 from the DHCP server tells the VoIP phone where the TFTP server is located.  The
TFTP server has the firmware of the phone. This firmware tells the phone what functions it can do,
like transfer calls, park calls, do conference calls, but more importantly what the buttons on the
phone will do; for instance the phone number(s) associated to the phone, what are the speed dials,
etc. The phone will actually fail to boot if it receives an IP for the data network instead of for
voice.
•
§
§
•
§
•
•
§
§

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Best Practices (Cont.)
•Topic 3.3
•Have the class tell you the difference between extended and normal VLANs.
•Have the class create both types of VLANs in Packet Tracer. You may need them to put the switch
into VTP transparent mode to create the extended VLANs.
•Topic 3.4
•Have the class create a trunk in Packet Tracer between two switches.  Have them change the native
VLAN and see if they start receiving CDP error messages.
•One practice good practice is to use the range command and shutdown all interfaces on all switches
before beginning the labs.  This will help trunks to come up cleanly and without CDP errors.  Just
remind the students to bring up all interfaces as they configure them for use.
•
§
•
§
•
•
§
§

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module 3: Best Practices (Cont.)
•
•Topic 3.5
•Explain the importance the importance of DTP issues and why Cisco recommends that we make a trunk
or an access interface statically on one or the other with use of DTP.
•Emphasize to the class that trunk and access configurations each side of a link will have no
communications.
§
§
•
§
•
•
§
§

Module 3: VLANs
Switching, Routing, and Wireless Essentials v7.0 (SRWE)

Cisco Networking Academy Program
Switching, Routing, and Wireless Essentials v7.0 (SRWE)
Module 3: VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Objectives
•Module Title: Protocols and Models
•Module Objective: Explain how network protocols enable devices to access local and remote network
resources.
•
•
•
Topic Title
Topic Objective
Overview of VLANs
Explain the purpose of VLANs in a switched network.
VLANs in a Multi-Switched Environment
Explain how a switch forwards frames based on VLAN configuration in a multi-switch environment.
VLAN Configuration
Configure a switch port to be assigned to a VLAN based on requirements.
VLAN Trunks
Configure a trunk port on a LAN switch.
Dynamic Trunking Protocol
Configure Dynamic Trunking Protocol (DTP).

3 – VLANs
3.0 – Introduction
3.0.2 – What will I learn to do in this module?

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.1 Overview of VLANs

3 – VLANs
3.1 – Overview of VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
VLAN Definitions
•VLANs are logical connections with other similar devices.
•Placing devices into various VLANs have the following characteristics:
•Provides segmentation of the various groups of devices on the same switches
•Provide organization that is more manageable
•Broadcasts, multicasts and unicasts are isolated in the individual VLAN
•Each VLAN will have its own unique range of IP addressing
•Smaller broadcast domains

3 – VLANs
3.1 – Overview of VLANs
3.1.1 –  VLAN Definitions

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
Benefits of a VLAN Design
•Benefits of using VLANs are as follows:
Benefits
Description
Smaller Broadcast Domains
Dividing the LAN reduces the number of broadcast domains
Improved Security
Only users in the same VLAN can communicate together
Improved IT Efficiency
VLANs can group devices with similar requirements, e.g. faculty vs. students
Reduced Cost
One switch can support multiple groups or VLANs
Better Performance
Small broadcast domains reduce traffic, improving bandwidth
Simpler Management
Similar groups will need similar applications and other network resources

3 – VLANs
3.1 – Overview of VLANs
3.1.2 –  Benefits of a VLAN Design

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
Types of VLANs
•Default VLAN
•   VLAN 1 is the following:
•The default VLAN
•The default Native VLAN
•The default Management VLAN
•Cannot be deleted or renamed
•
•Note: While we cannot delete VLAN1 Cisco will recommend that we assign these default features to
other VLANs

3 – VLANs
3.1 – Overview of VLANs
3.1.3 –  Types of VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
Types of VLANs (Cont.)
•Data VLAN
•Dedicated to user-generated traffic (email and web traffic).
•VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN.
•Native VLAN
•This is used for trunk links only.
•All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.
•Management VLAN
•This is used for SSH/Telnet VTY traffic and should not be carried with end user traffic.
•Typically, the VLAN that is the SVI for the Layer 2 switch.
•
•

3 – VLANs
3.1 – Overview of VLANs
3.1.3 –  Types of VLANs (Cont.)

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
Types of VLANs (Cont.)
•Voice VLAN
•A separate VLAN is required because Voice traffic requires:
•Assured bandwidth
•High QoS priority
•Ability to avoid congestion
•Delay less that 150 ms from source to destination
•The entire network must be designed to support voice.

3 – VLANs
3.1 – Overview of VLANs
3.1.3 –  Types of VLANs (Cont.)

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Overview of VLANs
Packet Tracer – Who Hears the Broadcast?
•In this Packet Tracer activity, you will do the following:
•
•Observe Broadcast Traffic in a VLAN Implementation
•Complete Review Questions

3 – VLANs
3.1 – Overview of VLANs
3.1.4 –  Packet Tracer – Who Hears the Broadcast?
3.1.5 – Check Your Understanding – Overview of VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.2 VLANs in a
Multi-Switched Environment

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Defining VLAN Trunks
•A trunk is a point-to-point link between two network devices.
•Cisco trunk functions:
•Allow more than one VLAN
•Extend the VLAN across the entire network
•By default, supports all VLANs
•Supports 802.1Q trunking

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.1 –  Defining VLAN Trunks

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Networks without VLANs
•Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.2 –  Networks without VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Networks with VLANs
•With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer 3
device to connect the VLANs, devices in different VLANs cannot communicate.

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.3 – Networks with VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
VLAN Identification with a Tag
•The IEEE 802.1Q header is 4 Bytes
•When the tag is created the FCS must be recalculated.
•When sent to end devices, this tag must be removed and the FCS recalculated back to its original
number.
•
802.1Q VLAN Tag Field
Function
Type
•2-Byte field with hexadecimal 0x8100
•This is referred to as Tag Protocol ID (TPID)
User Priority
•3-bit value that supports
Canonical Format Identifier (CFI)
•1-bit value that can support token ring frames on Ethernet
VLAN ID (VID)
•12-bit VLAN identifier that can support up to 4096 VLANs

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.4 – VLAN Identification with a Tag

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Native VLANs and 802.1Q Tagging
•802.1Q trunk basics:
•Tagging is typically done on all VLANs.
•The use of a native VLAN was designed for legacy use, like the hub in the example.
•Unless changed, VLAN1 is the native VLAN.
•Both ends of a trunk link must be configured with the same native VLAN.
•Each trunk is configured separately, so it is possible to have a different native VLANs on
separate trunks.

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.5 – Native VLANs and 802.1Q Tagging

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Voice VLAN Tagging
•The VoIP phone is a three port switch:
•The switch will use CDP  to inform the phone of the Voice VLAN.
•The phone will tag its own traffic (Voice) and can set Cost of Service (CoS). CoS is QoS for layer
2.
•The phone may or may not tag frames from the PC.
•
Traffic
Tagging Function
Voice VLAN
tagged with an appropriate Layer 2 class of service (CoS) priority value
Access VLAN
can also be tagged with a Layer 2 CoS priority value
Access VLAN
is not tagged (no Layer 2 CoS priority value)

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.6 – Voice VLAN Tagging

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Voice VLAN Verification Example
•The show interfaces fa0/18 switchport command can show us both data and voice VLANs assigned to
the interface.
•

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.7 – Voice VLAN Verification Example

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLANs in a Multi-Switched Environment
Packet Tracer – Investigate a VLAN Implementation
•In this Packet Tracer activity, you will:
•Part 1: Observe Broadcast Traffic in a VLAN Implementation
•Part 2: Observe Broadcast Traffic without VLANs
•

3 – VLANs
3.2 – VLANs in a Multi-Switched Environment
3.2.8 – Packet Tracer – Investigate a VLAN Implementation
3.2.9 – Check Your Understanding – VLANs in a Multi-Switch Environment

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.3 VLAN Configuration

3 – VLANs
3.3 – VLAN Configuration

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
VLAN Ranges on Catalyst Switches
•Catalyst switches 2960 and 3650 support over 4000 VLANs.
•
•
•
•
•
•
Normal Range VLAN 1 – 1005
Extended Range VLAN 1006 - 4095
Used in Small to Medium sized businesses
Used by Service Providers
1002 – 1005 are reserved for legacy VLANs
Are in Running-Config
1, 1002 – 1005 are auto created and cannot be deleted
Supports fewer VLAN features
Stored in the vlan.dat file in flash
Requires VTP configurations
VTP can synchronize between switches

3 – VLANs
3.3 – VLAN Configuration
3.3.1 – VLAN Ranges on Catalyst Switches

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
VLAN Creation Commands
•VLAN details are stored in the vlan.dat file. You create VLANs in the global configuration mode.
Task
IOS Command
Enter global configuration mode.
Switch# configure terminal
Create a VLAN with a valid ID number.
Switch(config)# vlan vlan-id
Specify a unique name to identify the VLAN.
Switch(config-vlan)# name vlan-name
Return to the privileged EXEC mode.
Switch(config-vlan)# end
Enter global configuration mode.
Switch# configure terminal

3 – VLANs
3.3 – VLAN Configuration
3.3.2 – VLAN Creation Commands

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
VLAN Creation Example
•If the Student PC is going to be in VLAN 20, we will create the VLAN first and then name it.
•If you do not name it, the Cisco IOS will give it a default name of vlan and the four digit number
of the VLAN. E.g. vlan0020 for VLAN 20.
Prompt
Command
S1#
Configure terminal
S1(config)#
vlan 20
S1(config-vlan)#
name student
S1(config-vlan)#
end

3 – VLANs
3.3 – VLAN Configuration
3.3.3 – VLAN Creation Example

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
VLAN Port Assignment Commands
•Once the VLAN is created, we can then assign it to the correct interfaces.
•
Task
Command
Enter global configuration mode.
Switch# configure terminal
Enter interface configuration mode.
Switch(config)# interface interface-id
Set the port to access mode.
Switch(config-if)# switchport mode access
Assign the port to a VLAN.
Switch(config-if)# switchport access vlan vlan-id
Return to the privileged EXEC mode.
Switch(config-if)# end

3 – VLANs
3.3 – VLAN Configuration
3.3.4 – VLAN Port Assignment Commands

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
VLAN Port Assignment Example
•We can assign the VLAN to the port interface.
•Once the device is assigned the VLAN, then the end device will need the IP address information for
that VLAN
•Here, Student PC receives 172.17.20.22
Prompt
Command
S1#
Configure terminal
S1(config)#
Interface fa0/18
S1(config-if)#
Switchport mode access
S1(config-if)#
Switchport access vlan 20
S1(config-if)#
end

3 – VLANs
3.3 – VLAN Configuration
3.3.5 – VLAN Port Assignment Example

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Data and Voice VLANs
•An access port may only be assigned to one data VLAN. However it may also be assigned to one Voice
VLAN for when a phone and an end device are off of the same switchport.
•

3 – VLANs
3.3 – VLAN Configuration
3.3.6 – Data and Voice VLANs

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Data and Voice VLAN Example
•We will want to create and name both Voice and Data VLANs.
•In addition to assigning the data VLAN, we will also assign the Voice VLAN and turn on QoS for the
voice traffic to the interface.
•The newer catalyst switch will automatically create the VLAN, if it does not already exist, when
it is assigned to an interface.
•Note: QoS is beyond the scope of this course. Here we do show the use of the mls qos trust [cos |
device cisco-phone | dscp | ip-precedence] command.

3 – VLANs
3.3 – VLAN Configuration
3.3.7 – Data and Voice VLAN Example

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Verify VLAN Information
•Use the show vlan command. The complete syntax is:
•show vlan [brief | id vlan-id | name vlan-name | summary]
Task
Command Option
Display VLAN name, status, and its ports one VLAN per line.
brief
Display information about the identified VLAN ID number.
id vlan-id
Display information about the identified VLAN name. The vlan-name is an ASCII string from 1 to 32
characters.
name vlan-name
Display VLAN summary information.
summary

3 – VLANs
3.3 – VLAN Configuration
3.3.8 – Verify VLAN Information

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Change VLAN Port Membership
•There are a number of ways to change VLAN membership:
•re-enter switchport access vlan vlan-id command
•use the no switchport access vlan to place interface back in VLAN 1
•Use the show vlan brief or the show interface fa0/18 switchport commands to verify the correct
VLAN association.

3 – VLANs
3.3 – VLAN Configuration
3.3.9 – Change VLAN Port Membership

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Delete VLANs
•Delete VLANs with the no vlan vlan-id command.
•Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.
•Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.
•Reload the switch when deleting all VLANs.
•Note: To restore to factory default – unplug all data cables, erase the startup-configuration and
delete the vlan.dat file, then reload the device.

3 – VLANs
3.3 – VLAN Configuration
3.3.10 – Delete VLANs
3.3.11 – Syntax Checker – VLAN Configuration

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Configuration
Packet Tracer – VLAN Configuration
•In this Packet Tracer activity, you will perform the following:
•Verify the Default VLAN Configuration
•Configure VLANs
•Assign VLANs to Ports

3 – VLANs
3.3 – VLAN Configuration
3.3.12 – Packet Tracer – VLAN Configuration

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.4 VLAN Trunks

3 – VLANs
3.4 – VLAN Trunks

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Trunk Configuration Commands
•Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.
Task
IOS Command
Enter global configuration mode.
Switch# configure terminal
Enter interface configuration mode.
Switch(config)# interface interface-id
Set the port to permanent trunking mode.
Switch(config-if)# switchport mode trunk
Sets the native VLAN to something other than VLAN 1.
Switch(config-if)# switchport trunk native vlan vlan-id
Specify the list of VLANs to be allowed on the trunk link.
Switch(config-if)# switchport trunk allowed vlan vlan-list
Return to the privileged EXEC mode.
Switch(config-if)# end

3 – VLANs
3.4 – VLAN Trunks
3.4.1 – Trunk Configuration Commands

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Trunk Configuration Example
•The subnets associated with each VLAN are:
•VLAN 10 - Faculty/Staff - 172.17.10.0/24
•VLAN 20 - Students - 172.17.20.0/24
•VLAN 30 - Guests - 172.17.30.0/24
•VLAN 99 - Native - 172.17.99.0/24
F0/1 port on S1 is configured as a trunk port.
Note: This assumes a 2960 switch using 802.1q tagging. Layer 3 switches require the encapsulation
to be configured before the trunk mode.
Prompt
Command
S1(config)#
Interface fa0/1
S1(config-if)#
Switchport mode trunk
S1(config-if)#
Switchport trunk native vlan 99
S1(config-if)#
Switchport trunk allowed vlan 10,20,30,99
S1(config-if)#
end

3 – VLANs
3.4 – VLAN Trunks
3.4.2 – Trunk Configuration Example

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Verify Trunk Configuration
•Set the trunk mode and native vlan.
•Notice sh int fa0/1 switchport command:
•Is set to trunk administratively
•Is set as trunk operationally (functioning)
•Encapsulation is dot1q
•Native VLAN set to VLAN 99
•All VLANs created on the switch will pass traffic on this trunk

3 – VLANs
3.4 – VLAN Trunks
3.4.3 – Verify Trunk Configuration

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Reset the Trunk to the Default State
•Reset the default trunk settings with the no command.
•All VLANs allowed to pass traffic
•Native VLAN = VLAN 1
•Verify the default settings with a     sh int fa0/1 switchport command.
•

3 – VLANs
3.4 – VLAN Trunks
3.4.4 – Reset the Trunk to the Default State

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Reset the Trunk to the Default State (Cont.)
•Reset the trunk to an access mode with the switchport mode access command:
•Is set to an access interface administratively
•Is set as an access interface operationally (functioning)
•
•

3 – VLANs
3.4 – VLAN Trunks
3.4.4 – Reset the Trunk to the Default State (Cont.)

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Packet Tracer – Configure Trunks
•In this Packet Tracer activity, you will perform the following:
•Verify VLANs
•Configure Trunks

3 – VLANs
3.4 – VLAN Trunks
3.4.5 – Packet Tracer – Configure Trunks

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
VLAN Trunks
Lab – Configure VLANs and Trunks
•In this lab, you will perform the following:
•Build the Network and Configure Basic Device Settings
•Create VLANs and Assign Switch Ports
•Maintain VLAN Port Assignments and the VLAN Database
•Configure an 802.1Q Trunk between the Switches
•Delete the VLAN Database

3 – VLANs
3.4 – VLAN Trunks
3.4.6 – Lab – Configure VLANs and Trunks

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.5 Dynamic Trunking Protocol

3 – VLANs
3.5 – Dynamic Trunking Protocol

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Dynamic Trunking Protocol
Introduction to DTP
•Dynamic Trunking Protocol (DTP) is a proprietary Cisco protocol.
•DTP characteristics are as follows:
•On by default on Catalyst 2960 and 2950 switches
•Dynamic-auto is default on the 2960 and 2950 switches
•May be turned off with the nonegotiate command
•May be turned back on by setting the interface to dynamic-auto
•Setting a switch to a static trunk or static access will avoid negotiation issues with the
switchport mode trunk or the switchport mode access commands.
•
•

3 – VLANs
3.5 – Dynamic Trunking Protocol
3.5.1 – Introduction to DTP

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Dynamic Trunking Protocol
Negotiated Interface Modes
•The switchport mode command has additional options.
•Use the switchport nonegotiate interface configuration command to stop DTP negotiation.
•
•
Option
Description
access
Permanent access mode and negotiates to convert the neighboring link into an access link
dynamic auto
Will becomes a trunk interface if the neighboring interface is set to trunk or desirable mode
dynamic desirable
Actively seeks to become a trunk by negotiating with other auto or desirable interfaces
trunk
Permanent trunking mode and negotiates to convert the neighboring link into a trunk link

3 – VLANs
3.5 – Dynamic Trunking Protocol
3.5.2 – Negotiated Interface Modes

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Dynamic Trunking Protocol
Results of a DTP Configuration
•DTP configuration options are as follows:
Dynamic Auto
Dynamic Desirable
Trunk
Access
Dynamic Auto
Access
Trunk
Trunk
Access
Dynamic Desirable
Trunk
Trunk
Trunk
Access
Trunk
Trunk
Trunk
Trunk
Limited connectivity
Access
Access
Access
Limited connectivity
Access

3 – VLANs
3.5 – Dynamic Trunking Protocol
3.5.3 – Results of a DTP Configuration

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Dynamic Trunking Protocol
Verify DTP Mode
•The default DTP configuration is dependent on the Cisco IOS version and platform.
§Use the show dtp interface command to determine the current DTP mode.
§Best practice recommends that the interfaces be set to access or trunk and to turnoff DTP

3 – VLANs
3.5 – Dynamic Trunking Protocol
3.5.4 – Verify DTP Mode

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Dynamic Trunking Protocol
Packet Tracer – Configure DTP
•In this Packet Tracer activity, you will perform the following:
•Configure static trunking
•Configure and verify DTP
•

3 – VLANs
3.5 – Dynamic Trunking Protocol
3.5.5 – Packet Tracer – Configure DTP
3.5.6 – Check Your Understanding – Dynamic Trunking Protocol

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
3.6 Module Practice and Quiz

3 – VLANs
3.6 – Module Practice and Quiz

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
Packet Tracer – Implement VLANs and Trunking
•In this Packet Tracer activity, you will perform the following:
•Configure VLANs
•Assign Ports to VLANs
•Configure Static Trunking
•Configure Dynamic Trunking

3 – VLANs
3.6 – Module Practice and Quiz
3.6.1 – Packet Tracer – Implement VLANs and Trunking

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
Lab – Implement VLANs and Trunking
•In this lab, you will perform the following:
•Build the Network and Configure Basic Device Settings
•Create VLANs and Assign Switch Ports
•Configure an 802.1Q Trunk between the Switches

3 – VLANs
3.6 – Module Practice and Quiz
3.6.2 – Lab – Implement VLANs and Trunking

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
What did I learn in this module?
•VLANs are based on logical instead of physical connections.
•VLANs can segment networks based on function, team, or application.
•Each VLAN is considered a separate logical network.
•A trunk is a point-to-point link that carries more than one VLAN.
•VLAN tag fields include the type, user priority, CFI and VID.
•A separate voice VLAN is required to support VoIP.
•Normal range VLAN configurations are stored in the vlan.dat file in flash.
•An access port can belong to one data VLAN at a time, but may also have a Voice VLAN.

3 – VLANs
3.6 – Module Practice and Quiz
3.6.3 – What did I learn in this module?

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
What did I learn in this module? (Cont.)
•A trunk is a Layer 2 link between two switches that carries traffic for all VLANs.
•Trunks will need tagging for the various VLANs, typically 802.1q .
•IEEE 802.1q tagging makes provision for one native VLAN that will remain untagged.
•An interface can be set to trunking or nontrunking.
•Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP).
•DTP is a Cisco proprietary protocol that manages trunk negotiations.

3 – VLANs
3.6 – Module Practice and Quiz
3.6.3 – What did I learn in this module? (Cont.)
3.6.4 – Module Quiz – Protocols and Models

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
New Terms and Commands
•VLAN
•Logical broadcast domain
•Data VLAN
•Default VLAN
•Native VLAN
•Management VLAN
•show vlan brief
•Voice VLAN
•VLAN Trunk
•VLAN Segmentation
•IEEE 802.1Q
•VLAN Tagging
•Canonical Format Identifier (CFI)
•User Priority
•VLAN ID
•Type
•show interfaces int switchport
•

New Terms and Commands

‹#›
© 2016  Cisco and/or its affiliates. All rights reserved.   Cisco Confidential
Module Practice and Quiz
New Terms and Commands
•Normal Range VLANs
•Extended Range VLANs
•vlan vlan-id
•name vlan-name
•switchport mode access
•switchport access vlan vlan-id
•interface range
•no switchport access vlan vlan-id
•no vlan vlan-id
•delete flash:vlan.dat
•delete vlan.dat
•show vlan
•show interfaces
•show vlan summary
•show interfaces vlan vlan_id
•switchport mode trunk
•switchport trunk allowed vlan vlan_list
•switchport trunk native vlan vlan_id
•no switchport trunk allowed vlan
•no switchport trunk native vlan
•show interfaces switchport
•no switchport access vlan vlan_id
•show interfaces trunk
•show interfaces int_id trunk

New Terms and Commands