8. VLAN Trunk Ports Lab Demo
Lecture, you’ll learn how to configure VLAN trunk ports with the lab demo. So the lab topology now we’ve got switch one, switch to and switch three and a switch one and switch three. We’ve got both engineering and sales clients. The engineering PCs are in the 1010 dot 24 IP subnet and in the engine VLAN. And the sales PCs are in the 1010 24 IP subnet. And the salesvillan right now we’re carrying on from the last lab demo. So I’ve already configured switch one. I’ve put the engineering PCs and the sales PC into the correct VLAN. I haven’t configured the trunk port over to switch two yet, and I haven’t configured switch two or switch three at all.
So let’s have a look at that. So I’ll go on to switch one, and if I do a show VLAN brief, you can see that the correct parts for the PCs are configured to put them into the correct VLAN. But the interface that is going across to the other switch of gig zero one is not configured yet. And if I do a show interface gigabit ethernet one switch port, you can see it’s got the default configuration for a modern switch where it is currently an access port and it is in VLAN one. So I need to configure that to be a trunk port. So I’ll go to global configuration and actually before I configure the interface, I’m going to want to configure the native VLAN on here and I don’t want to use the default VLAN of one because there’s some security issues with that.
So I’m going to create a dedicated VLAN to be used as the native VLAN. I’m not going to have any actual production traffic in this VLAN though. So I will create a VLAN. I’ll use a number that I’m not using elsewhere in production, one nine nine, for example, and you can name it anything you like. I will name this native to give it a descriptive name. Now I’m ready to configure my interface. So I’ll go to interface gigabit ethernet one and I’ll say switch port mode is trunk to configure it as a trunk port. Now, if this was an older switch, it would support both ISL and one Q trunking and ISL was never used anymore.
We always want to use one Q. So to check that, I’ll put in the command switchport, switchport trunk NCAP one Q and I’m getting an error message now because this is a newer switch, it only actually supports one Q, but it didn’t do any harm putting that command in to check. I also need to set the native VLAN. So I’ll say switchport troncative VLAN is one nine nine, changing it from the default of one and that’s everything I need to do on that part. I need to configure the other side as well. Also to be a trunk. So that was on switch two, also an interface gig zero slash one. So let’s go on to switch to if I do a show of VLAN brief on here, you can see it’s a brand new switch. I haven’t configured anything on it yet, so I need to configure my VLANs first. So I go to global configuration and configure Vlon ten, which was named vlon 20 name sales and VLAN one nine nine name native.
This has to have a consistent configuration with my other switches in the campus. Then I configure my interface. So it was interface gigabit ethernet one switch port mode trunk to set it as a trunk port. I’m going to use the abbreviated command here. I just say switch mode trunk to save me typing in the whole word of switchboard. And it’s currently set to trunk encapsulation auto. So I need to change this to switchport trunk NCAP one Q to set it to one Q trunking first. And then I’ll try switchport mode trunk and it works. Okay, now, so this is an older switch disciport, one Q and ISL before I can configure it as a trunk port, I need to say switchboard trunk encapsulation one Q. So that’s done.
The last thing, don’t forget to also set the native VLAN. The trunk won’t come up properly if you don’t do that. So switchport trunk native VLAN one nine nine so that’s the trunk configured going over to the left to switch one. Another thing I could do here, real world you’d want to do is just put a description on here so I could say description trunk to switch one. I also need to do the trunk on the right hand side going to switch three. So that’s on interface gig two, and I need to say switchport trunk NCAP one q, switchport mode trunk and switchport trunk native VLAN one nine nine. Okay, so that is switched to configured.
Now, if I do a show VLAN brief, I can see that all of my VLANs have been configured. And if I do a show interface gig one switch port, I can see that rather than being the default of an access port in VLAN one, this is now an administrative mode is trunk. Your operational mode is down right now because the trunk hasn’t come up. Okay, let’s do a show IP interface brief and I can see that gigabit ethernet one is for some reason administratively down.
So there’s a problem there. So let’s go to global config again and interface gig one and do a no shutdown and that should fix that problem. While we’re here, while we’re waiting for our interface to come up properly, see, we got an error message from CDP saying that it was a native VLAN mismatch discovered on gig zero two that’s in the interface which is facing switch three. It’s because we haven’t configured switch three with the trunk port and the native VLAN one nine nine yet. Once we do that, that error message will go away.
Okay, so let’s try the show interface switch port command again for gig one. And now I can see that the operational mode has come up as a trunk. It was down before, so it’s a trunk port and the native VLAN is one nine nine. So that is looking good. Now last switch that we need to configure is switch three. So let’s go on there and we need to configure the VLANs again. So I’ll go to global configuration VLAN ten nameenge VLAN 20 name sales and VLAN 199 name native. So I’ve created my VLANs. Now I need to configure the trunk port going back to switch two.
That was an interface gig zero two on switch three. And I will say switchport trunk NCAP one Q. I get an error message because it’s in your switch. That’s no problem. Then switchport mode trunk and switchport trunk ENCAPs switchboard trunk native VLAN one nine nine. So that is my trunk port configured. And I see, I get a message saying that port consistency is restored. Let’s just check that this one isn’t shut down. So I’ll do a show IP interface brief and gig two is up, up, that looks good. And I’ll do a show interface gig zero two, switch port. And I can see that the operational mode is trunk and it’s up. That looks good. And the native VLAN is one nine nine. So I’m trunking all the way end to end across my switches. Now the last thing I need to do is configure my access ports for my PCs on switch three. So let’s have a look at the topology and see which parts are which. So fast zero one and two are for the sales VLAN and zero three is for the Nvlan. So let’s configure that that was on switch three back to global configuration. And I’ll do interface range so I can configure both of the sales ports at the same time. Interface range fast 0122, switch port mode access and switch port access VLAN 20 words for sales and then interface fast zero three. Again, switchport mode access.
And this one is switchport access VLAN ten for my engineering PC. And that’s the configuration completed. Last thing I need to do is check that it actually works and that we’ve got connectivity. Let me just do some verification on the switch first. So I’ll do a show VLAN brief and I can see that my VLANs are created and the correct ports are in the correct VLANs. I already checked the trunk port going back to switch two, so that all looks good. So next I’ll go on to one of my PCs, I’ll go onto the engine one PC. I will ping engine two which is on the same switch. So I don’t need my trunks to be working for this. That’s at ten 1011 and that is working. Okay. Okay, the moment of truth.
Let’s try pinging ten dot, ten dot 1010 dot one two. If we look at the topology diagram again. So I’m pinging from edge one, which is connected to switch one over to engine three@ten. ten, dot ten, dot one two, which is on switch three. So we need to have end to end connectivity now. So let’s try the ping and great, the ping worked. So that is all good. I’ll also check that the sales VLAN is working. So I’ll go on to sales one. Actually, just before I go on to sales one, let’s have a look at the topology diagram again. So sales one is connected to switch three.
I’m going to ping across to sales free on switch one. So I need to ping ten 2012. So ping 1010 21 two and that’s all good as well. Now, if I look back at the topology diagram again, notice that I don’t have a router here. So I’m not going to be able to ping between my different Vlanc, between my different IP subnets. To be able to do that, I would need a router just to prove it to you that, you know, this isn’t going to work anyway. So from engine one, if I try to ping a sales PC, let’s ping ten 2011. This is going to fail because there’s no router there. We’re going to have a look in a later lecture in this section about how we do allow for interval and route thing. Okay, see you in the next lecture.
9. DTP Dynamic Trunking Protocol
You’ll learn about DTP, the Dynamic trunking protocol. If two Cisco switches are cable together, it’s possible for them to automatically negotiate a trunk connection on which ports were connected with using Cisco’s proprietary DTP Dynamic Trunking protocol. It is however, recommended not to use vicar Is to manually configure the switch ports, instead using the commands that we’ve been using earlier in this section. So if you want to configure a port as an access port, you use Switch port mode Access. If you want to configure it as a trunk port, you use Switch port mode trunk. But if you are going to use DTP, these are the available commands. First one is switchport mode. Dynamic auto.
So this is configured under the interface that will form a trunk if the neighbor switch port that this port is connected to is set to Trunk or desirable, trunk will not be formed if both sides are set to auto. And this is the default on newer switches. So with newer switches. The default configuration is switchport mode, dynamic auto. When you connect them into each other, it’s set to auto on both sides, so they will not form a trunk. It will stay as an access port. The next option you’ve got is Switch port mode Dynamic Desirable that will form a trunk. If the neighbor switch, the connection on the other side is set to trunk, to Desirable, or to Auto. And this is the default on older switches.
So with older switches, when you plug them into each other, they’re set to Dynamic Desirable on both sides, so they will form a trunk by default. And the last option is switchboard. No negotiate. And that disables DTP. So there are different options for the Switch port mode. You can set it to switchboard mode access or trunk or dynamic auto or dynamic desirable. But recommended is, like I said earlier, usually for switchport mode access where your end hosts are plugged in, switch port mode Trunk, where you’ve got another switch plugged in. Okay, so that’s it pretty simple. Let’s have a look at this in the lab. The same topology. Again, I’ve got my three switches, and right now I haven’t configured anything at all in the lab. So if I go on to switch one, these are all modern switches. If I do a show interface gig, one that’s connected to switch to switch port, you can see that the default is Dynamic Auto, and this is currently an axis port, because if I also look at switch two on the other side, I do a show interface gig zero one, switch Port. Over here, it’s also set to Dynamic Auto, so it doesn’t form a trunk, it stays as an access port. And the connection from switch to switch three is obviously the same because everything is just brand new out of the box here. So if I did want to use DTP to form a trunk here, what I could do is while I’m on switch to, I could go to the interface.
So I’ll go to Global config and then interface gig zero one, and I’ll say switch port mode dynamic desirable. And if the other side is set to either Dynamic desirable or auto or trunk, it will form a trunk. And you already saw that the other side is set to auto. So you see, when I do this, it resets the interface. And if I do a show interface GIGO one, switch port. Now this should have formed a trunk. I can see that the administrative mode is now dynamic desirable. What I just manually set it to and it has now formed a trunk. I’ll just verify it by going on to switch one as well onto the other side. And we’ll see it reset the interface here as well when I set it to Dynamic desirable on the other side.
And it should have negotiated the trunk. So if I do a show interface gig zero one, switch port. And there you see it’s still dynamic auto. Over here, I’ve left it the default, but because the other side is dynamic desirable, it has formed a trunk. So that was DTP. Again, it’s not recommended to use this the recommended way to configure your trunks. I’ve put this into a text editor already to save me typing all out. You’ve seen this config earlier in this section. So what I should have configured on my ports is I don’t want to use the default native VLAN at one. It’s a security issue.So I’m going to say VLAN 199 and create my native VLAN.
And then on my ports that are connected to another switch, I say switchport trunk NCAP one Q in case that isn’t the default already, switch port mode trunk and switchport trunk native VLAN 199. Okay, so that was DTP. See you in the next lecture where we’ll discuss VTP.