Packet Tracer Network Simulator (2014)

Chapter 10. Configuring VLANs and Trunks

A switch breaks up collision domains and is a single broadcast domain. So how about breaking the single broadcast domains into multiple ones? VLAN (Virtual LAN) makes this possible and on a single switch we can have multiple broadcast domains. But once you create multiple VLANs on a switch, it becomes tedious to replicate the same configuration on all the other switches. This is where VTP (VLAN Trunking Protocol) comes in. So we have multiple switches with different VLANs and VTP, making management easier. But how do we make a device in one VLAN communicate with a device in another VLAN? We'll cover this in InterVLAN routing.

Creating VLANs and VTP domains

VLAN is a technology used to partition a single layer 2 network into multiple broadcast domains. This is done to restrict communication between devices that share the same broadcast medium. However, these devices can communicate with one another through a layer 3 device, such as a router. This is similar to connecting devices to different switches and then connecting them all to a router to separate broadcast traffic.

As more and more VLANs are created, it becomes tedious to replicate the configuration across all switches, which was why VTP was created.

We'll first learn about creating VLAN and assigning ports to it. VLAN 1 is created by default on all switches, and all ports reside in it. This VLAN is called the management VLAN.

To create a VLAN, use the following command:

Sw1(config)#vlan 2

The VLAN ID can be between 1 and 1001. The IDs 1002, 1003, 1004, and 1005 are reserved. Once this command has been entered, you are taken to the VLAN subconfiguration mode. This is the place where we can assign a name to the VLAN.

Sw1(config-vlan)#name finance

Assigning a name to a VLAN is optional; by default, the name is VLAN0002. Next, we will assign a few ports to this VLAN. To assign many ports to a single VLAN, the range command can be used, which then selects multiple interfaces.

Sw1(config)#interface range f0/10-20

To assign these ports to VLAN 2, use the following command:

Sw1(config-if-range)#switchport access vlan 2

Let's verify if the ports were indeed assigned to the correct VLAN.

Sw1#show vlan

Note that in the above example, some of the output has been omitted for brevity.

We will now create a topology with three switches to demonstrate VTP. VTP has three modes: server, client, and transparent.

· Server: This is the default mode of VTP; in this mode, switches are allowed to modify their VLANs and send VTP advertisements.

· Client: In this mode, switches listen for VTP advertisements from other server switches. Client switches aren't allowed to modify their VLAN database locally.

· Transparent: This mode works independent of other switches. In this mode, the switch only forwards the VTP advertisements it receives and does not generate any, neither does it modify its own VLANs based on the VTP advertisements.

The following topology will be used for demonstration:

1. In the first switch (VTP-Server), we will have four VLANs with different names. Then, we will set all the switch-switch ports to trunking.

2. VTP-Server(config)#interface Fa0/1

3. VTP-Server(config-if)#switchport mode trunk

4. VTP-Transparent(config)#interface range Fa0/1-2

5. VTP-Transparent(config-if-range)#switchport mode trunk

6. VTP-Client(config)#interface Fa0/1

7. VTP-Client(config-if)#switchport mode trunk

8. Since VTP is already in server mode, we will just change the VTP domain name and set a password.

9. VTP-Server(config)#vtp domain My-Office

10.Changing VTP domain name from NULL to My-Office

11.VTP-Server(config)#vtp password s3cRet

12.Setting device VLAN database password to s3cRet

13. Move on to the second switch (VTP-Transparent) and make it transparent.

14.VTP-Transparent(config)#vtp mode transparent

15. The final task is to move the third switch (VTP-Client) to client mode.

16.VTP-Client(config)#vtp mode client

17. You do not have to change the domain of this switch, as changing it to client will make it pick up the domain name from the server. However, it is necessary to set the VTP password.

18.VTP-Client(config)#vtp password s3cRet

The configuration is done; now, use the show vlan command on the VTP-Client switch to see the new VLANs. This example is only to demonstrate VTP. This topology won't allow normal communication between VTP-Server and VTP-Client, as the switch in the middle (VTP-Transparent) doesn't have any of the VLANs we configured.

InterVLAN routing with routers and layer 3 switches

Although VLAN is used to split the broadcast domain, it is necessary to enable communication between two or more VLANs at layer 3 using IP routing. This is called InterVLAN routing and can be configured using both routers and layer 3 switches. This requires allocating a different IP subnet for devices in each VLAN.

We will configure InterVLAN routing by connecting the router to a switch using a single link. All the traffic to other VLANs passes through this link, to the router and back again through this link. This method of configuration is also called router-on-a-stick, as a singlelink to the router handles all traffic.

InterVLAN on a router

We will use the following topology for this setup:

As stated earlier, each VLAN will have IP addresses from different network ranges and the router's interface will have three IP addresses—each belonging to a different network.

1. After IP addresses have been assigned to all PCs, create the necessary VLANs on the switch and assign the ports to them.

2. Sw1(config)#int range f0/2-3

3. Sw1(config-if-range)#switchport access vlan 10

4. Sw1(config-if-range)#int range f0/4-5

5. Sw1(config-if-range)#switchport access vlan 20

6. Sw1(config-if-range)#int range f0/6-7

7. Sw1(config-if-range)#switchport access vlan 30

8. Configure the switch port that connects to the router as a trunk link. More on this in the Switch-to-switch trunk links section.

9. Sw1(config)#int f0/1

10.Sw1(config-if)#switchport mode trunk

11. Now, moving on to the router portion of the configuration, bring the interface up.

12.R1(config)#int f0/0

13.R1(config-if)#no shutdown

14. We will now create the subinterfaces. Each will have its own IP address in a different network.

15.R1(config-subif)#int f0/0.10

16.R1(config-subif)#encapsulation dot1Q 10

17.R1(config-subif)#ip address 10.10.0.1 255.255.255.0

18.R1(config-subif)#int f0/0.20

19.R1(config-subif)#encapsulation dot1Q 20

20.R1(config-subif)#ip address 10.20.0.1 255.255.255.0

21.R1(config-subif)#int f0/0.30

22.R1(config-subif)#encapsulation dot1Q 30

23.R1(config-subif)#ip address 10.30.0.1 255.255.255.0

24. Notice the encapsulation command here. It specifies the VLAN ID the interface will handle.

25. That's it, now test the connectivity between hosts on different VLANs using simple PDUs or a ping. The first packet will always time out as it takes some time for the ARP (Address Resolution Protocol) to complete.

Try using tracert to see the path the packet takes.

InterVLAN on a layer 3 switch

The only layer 3 switch present on Packet Tracer is 3560-24PS. We will use the same topology by replacing only the router with the layer 3 switch, as shown in the following screenshot:

Creation and configuration of VLANs is the same on the layer 2 switch, hence it won't be repeated here. So, we'll move to the layer 3 switch straightaway.

1. Since the switch-switch link on the layer 2 switch was set to trunking mode with the switchport mode trunk command, the same port on the layer 3 switch will also be in trunking mode. This can be verified as follows:

2. MSw1#sh interface trunk

The trunking status indicates this. More on how this port automatically moved to trunk will be discussed in the next section (Switch-to-switch trunk links).

3. We will configure what is called SVI (Switch Virtual Interface), which will act as layer 3 interfaces for each VLAN.

4. MSw1(config)#int vlan 10

5. MSw1(config-if)#ip add 10.10.0.1 255.255.255.0

6. MSw1(config-if)#int vlan 20

7. MSw1(config-if)#ip add 10.20.0.1 255.255.255.0

8. MSw1(config-if)#int vlan 30

9. MSw1(config-if)#ip add 10.30.0.1 255.255.255.0

10. These interfaces will stay down, as this layer 3 switch doesn't have VLANs 10, 20, and 30. So we'll create them as follows:

11.MSw1(config)#vlan 10

12.MSw1(config-vlan)#vlan 20

13.MSw1(config-vlan)#vlan 30

14. As each command is entered, the associated SVI will come up. IP Routing has to be enabled.

15.MSw1(config)#ip routing

16. Use the simple PDU tool to test the connectivity.

Here, too, the first packet will always time out as the ARP process takes some time.

Switch-to-switch trunk links

When two switches are connected together, there must be a mechanism to identify the VLAN a frame belongs to. We aren't talking about the physical layer but about the data link layer. When two switches are connected together, each one needs to know to which VLAN the traffic is destined for. This is where VLAN tagging comes in; when a frame moves over a switch-to-switch link, the source switch tags the frame with the VLAN ID, and this switch-to-switch link is known as a trunk.

Following is a screenshot of an inbound and an outbound PDU, captured in simulation mode, when a PC in VLAN 10 pinged a PC in VLAN 30:

Notice the TCI (Tag Control Information) field that contains a hexadecimal value; it denotes the VLAN ID. So, the inbound PDU has 0xa, which is a VLAN 10 source, and the outbound PDU has 0x1e, which is a VLAN 30 destination.

Analyzing broadcasts in the simulation mode

The concept of VLAN is to split the broadcast domain: so, in this section, we will see how broadcasts are handled in a VLAN environment using the simulation mode. Use the same InterVLAN topology we used previously. From PC0 ping to 255.255.255.255, this sets the destination MAC address to FFFF.FFFF.FFFF, which is the layer 2 broadcast address. Switch to the simulation mode and see what happens. The switch receives an ICMP packet from PC0, and sends out two copies of it: one to the router and another to PC1. If this network weren't divided into VLANs, the ICMP packet would've been sent to each and every PC connected to the switch.

Summary

In this chapter, we learned how to use the devices in Packet Tracer to create VLANs, and to set up VTP to make their management easier. We also configured InterVLAN routing with both routers and layer 3 switches. So, by now, you'd be familiar with the SVIs of these layer 3 switches. Finally, we learned about the differences between normal switch-PC links and switch-switch links, which are also called trunks. The simulation mode of Packet Tracer is of immense help here, as it enables visualizing the packet flow in a VLAN environment.

The next and final chapter will show you how to create practical assessments in Packet Tracer so that you can distribute them and also use them to test your students or interview candidates.