Category: Networks

Posted on

Add and Remove VLANs on a Trunk

Where access ports allow for only one data VLAN and one voice VLAN, a trunk port can carry one or more VLANs. Generally, you would use a trunk to connect switches together where you need to carry traffic. In some cases, you would configure a trunk port to connect to a server, such as a virtual server. If the device needs to use more than one VLAN, then you will want to configure the port as a trunk port.

Configure

The following commands will set up the interface to trunk mode exclusively. This will turn off Dynamic Trunking Protocol (DTP). Depending on the hardware you are on, you may need to set the encapsulation mode. Most newer equipment and code should default to using 802.1Q encapsulation, though.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk encapsulation {dot1q | isl}
Switch(config-if)#switchport mode trunk

In order to add and remove VLANs on a trunk, you need to go to the interface and specify whether you want to add or remove VLANs.

To add one or more VLANs to the trunk:

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan add vlan-id,vlan-id,vlan-id

To remove one or more VLANs from the trunk, you replace the add parameter with remove. It may appear odd that the allowed parameter is in the command but think of it like this, you are removing an allowed VLAN from the trunk.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan remove vlan-id,vlan-id,vlan-id

Verify

To verify what interfaces are trunks and what VLANs are configured, you would use the following command:

Switch#show interfaces trunk

You may also want to check the switchport configuration for the interface.

Switch#show interfaces interface-id switchport
Name: interface-id
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Troubleshoot

When you try to set the interface to trunk mode, you may encounter an error message regarding the trunk encapsulation. This occurs on older hardware, but you may still see it. You just need to set the trunk encapsulation first, then go back to configuring the interface as a trunk.

Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.

Trunks will carry multiple VLANs only if they are created. If you look at the output of the show interfaces trunk command and do not see the VLANs you expect, ensure the VLANs are created on the device.

Posted on

Assigning Switch Ports to VLANs

Interfaces on Cisco switches can belong to two VLANs, one for data traffic and one for voice traffic. You set the interface to be an access port. This also turns off trunking and VLAN Trunking Protocol (VTP).

Configure

The following command will configure an access port. An access port is intended for data traffic.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan vlan-id

In order to configure a voice VLAN, you follow the exact same procedure as above, but this time, use the voice vlan keyword in place of the access keyword. The following command will configure a voice port. A voice port is intended for voice traffic.

Switch#configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport voice vlan vlan-id

Verify

The following command will output switchport statistics for the interface you choose.

Switch#show interfaces interface-id switchport

The above command will output the following:

Name: interface-id
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiated
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: vlan-id (vlan-name)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: vlan-id

You can also look at the running-config output for the interface.

!
interface interface-id
switchport access vlan vlan-id
switchport mode access
switchport nonegotiate
switchport voice vlan vlan-id
!

Troubleshooting

An issue you may run into is seeing  an inactive VLAN entry when you check the status of the switchport.

Switch#show interfaces interface-id switchport
Name: interface-id 
Switchport: Enabled 
Administrative Mode: static access 
Operational Mode: static access 
Administrative Trunking Encapsulation: negotiated 
Operational Trunking Encapsulation: native 
Negotiation of Trunking: Off 
Access Mode VLAN: vlan-id (inactive) 
Trunking Native Mode VLAN: 1 (default) 
Voice VLAN: vlan-id

This occurs when a VLAN was assigned to an interface and then the VLAN was deleted. This could be a result of administrative error or with configuring a protocol like VLAN Trunking Protocol (VTP). If you are not careful, you could plug a switch into the network that will delete the current vlan.dat file. When the VLAN is deleted, the assigned VLAN does not go away. As you can see from the above output, you can see that where the name of the VLAN is usually displayed, instead, you see the word inactive. No traffic flows and the packets are dropped.

Posted on

Default Virtual Local Area Network (VLAN)

The default virtual local area network (VLAN) is 1 by default on any Cisco switch. It is a special VLAN in that it cannot be changed or deleted. It is a management VLAN that carries control protocols such as Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PagP), and Dynamic Trunking Protocol (DTP).

The default VLAN is different than the native VLAN. The native VLAN is a VLAN in which traffic is not tagged in a trunk.

Configure

There isn’t anything to configure for the default VLAN since VLAN 1 is the default VLAN out of the box and is a mandatory VLAN.

Verify

You can verify the default VLAN by typing in the following:

Switch#show vlan

The above command will display the following:

VLAN  Name             Status    Ports
----  ---------------- --------- -------------------
1     default          active    Fa0/1, Fa0/2, Fa0/3

To view the native vlan, you would look at the trunk properties of the interface.

Switch#show interfaces interface-id switchport

This will display the interface switchport information containing VLAN information. This particular line will display the native vlan:

Trunking Native Mode VLAN: 1 (default)

 

Posted on

Link State Advertisements (LSA) Types

Routers have to agree on certain parameters (such as timers and being on a common subnet) before they can become neighbors. After its neighbor routers are discovered, the router determines whether it should exchange routes with those neighbors. (If they decide to do so, they become adjacent.) If they are adjacent, they begin to exchange information about networks (links) it knows about, using messages called link state advertisements (LSA). After exchanging all routes, the routers send out updates only when there is a change, and they send information only for that affected link, not the entire routing table.

LSA 1 — Router LSA — Generated by all routers in an area to describe their directly attached links (Intra-area routes). These do not leave the area.

LSA 2 — Network LSA — Generated by the designated router (DR) of a broadcast or non-broadcast segment to describe the neighbors connected to the segment. These do not leave the area.

LSA 3 — Summary LSA — Generated by the area border router (ABR) to describe a route to neighbors outside the area. (Intra-area routes)

LSA 4 — Summary LSA — Generated by the area border router (ABR) to describe a route to an autonomous system boundary router (ASBR) to neighbors outside the area.

LSA 5 — External LSA — Generated by autonomous system boundary router (ASBR) to describe routes redistributed into the area. These routes appear as E1 or E2 in the routing table. Listed as E1 or E2 in the route table.

LSA 6 — Multicast LSA — Not supported on Cisco routers

LSA 7 — Not-So-Stubby Area (NSSA) External LSA — Generated by an autonomous system boundary router (ASBR) inside a not-so-stubby area to describe routes redistributed into the not-so-stubby area. LSA 7 is translated into LSA 5 by area border router (ABR). Appear as N1 or N2 in the routing table.

References

  • Cisco CCNA Routing and Switching 200-120 Exam Cram, Fourth Edition by Michael Valentine and Keith Barker
  • OSPF LSA Types document originally located at http://www.ccietalk.com/2008/07/13/ospf-lsa-types and retrieved on December 6, 2017 from https://learningnetwork.cisco.com/docs/DOC-7994
Posted on

Defining the Message Severity Level

You can set the severity level of messages according to the level of detail you need. You can also control the destinations of the messages.

Configure

The following command will set the logging to the console, this is the default.

Switch#configure terminal
Switch(config)#logging console
Switch(config)#end

If you want to send logs to a syslog server, you would send them to a host.

Switch#configure terminal
Switch(config)#logging host <ip address>
Switch(config)#end

In order to not be interrupted on the command line with messages, you can set the messages to be synchronized.

Switch#configure terminal
Switch(config)#line console 0
Switch(config-line)#logging synchronous
Switch(config-line)#end

Levels

  • Emergencies — level 0 — System unstable
  • Alerts — level 1 — Immediate action needed
  • Critical — level 2 — Critical conditions
  • Errors — level 3 — Error conditions
  • Warnings — level 4 — Warning conditions
  • Notifications — level 5 — Normal but significant condition
  • Informational — level 6 — Informational messages only
  • Debugging — level 7 — Debugging messages

By default, the console receives debugging messages (level 7) and numerically lower levels. For example, if you set the logging level to 4, you will recieve all warnings, errors, critical, alerts, and emergencies.

 

Posted on

Dynamic Trunking Protocol (DTP)

Dynamic Trunking Protocol is a Cisco proprietary protocol used to negotiate trunks between Cisco devices. To autonegotiate trunking, the interfaces must be in the same VLAN Trunking Protocol (VTP) domain. Trunk negotiation is managed by the Dynamic Trunking Protocol, which is a point-to-point protocol.

Configure

Switch# configure terminal
Switch(config)# interface interface-id
Switch(config-if)# switchport mode {access | dynamic {auto | desirable} | trunk}

Modes

  • access: Set the port to access mode. The port is set to access unconditionally and operates as a nontrunking, single VLAN interface that sends and receives nonencapsulated (non-tagged) frames. An access port can be assigned to only one VLAN.
  • dynamic auto: Set the interface trunking mode dynamic parameter to auto to specify that the interface convert the link to a trunk link. This is the default switchport mode.
  • dynamic desirable: Set the interface trunking mode dynamic parameter to desirable to specify that the interface actively attempt to convert the link to a trunk link.
  • trunk:  Set the port to trunk unconditionally. The port is a trunking VLAN Layer 2 interface. The port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.

Verify

Switch# show interfaces interface-id switchport
Name: interface-id
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On

Troubleshoot

The default switchport mode is dynamic auto, so if two switches are connected, they will not form a trunk.

Access mode will not trunk, period.

Trunk mode will change the interface to permanent trunking mode.

Dynamic auto will only trunk if the neighboring interface is set to trunk or desirable mode.

Dynamic desirable will trunk if the neighboring interface is set to trunk, desirable, or auto mode.

References

  1. https://networklessons.com/switching/cisco-dtp-dynamic-trunking-protocol-negotiation/
  2. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/15-0_1_se/command/reference/cr_3560/cli3.html#marker-2357437
Posted on

Virtual Local Area Network (VLAN)

A Virtual Local Area Network or VLAN is a way to logically break up broadcast domains.

VLAN = Subnet = Broadcast Domain

When using multiple switches, you have to ensure that the VLAN is configured on any switch that will use the VLAN. Since a VLAN defines broadcast domains in a Layer 2 network, in order to pass traffic from one VLAN to another, you must use routers or Layer 3 switches.

Configure

A VLAN is configured in global configuration mode using the vlan keyword. VLAN configuration is stored in a vlan.dat file, not in the running-config or startup-config files.

Switch# configure terminal
Switch(config)# vlan vlan_ID
Switch(config-vlan)# end

VLAN Ranges

  • VLAN 1 is the Cisco default; it is created for you and cannot be deleted.
  • VLAN 2 – VLAN 1001 are used for Ethernet VLANs; these can be created and deleted
  • VLAN 1002 – VLAN 1005 are defaults for FDDI and Token Ring; these cannot be deleted.
  • VLAN 1006 – VLAN 4094 are considered in the extended range and are for Ethernet VLANs only. These will not be propagated by VLAN Trunking Protocol (VTP) and also will not be saved to the VLAN database unless in VTP transparent mode.

Verify

Switch# show vlan [id | name] vlan_name

Troubleshoot

Oddly enough, the Cisco exam objectives for ICND2 call out troubleshooting VLANs. While at this point there is not much for troubleshooting besides verifying that you have created VLANs, the troubleshooting objective will be necessary after further configurations have been made, such as after assigning an interface to a VLAN or with VLAN Trunking Protocol (VTP). There are no specific commands, per se, to aide in troubleshooting.