VLANs, Trunks, Port Types and Interfaces
The aim of this post is to explain basic concepts in the networking field such as Virtual LANs (VLANs), Port Types and Interfaces.
Contents:
- Topology
- Virtual LANs (VLANs)
- Port types
- Access Port
- Trunk Port / Dynamic Trunking Protocol (DTP)
- Types of Interfaces
- Related show commands
- Summary
Topology
Figure 1 shows the different port types and interfaces in a Switch configuration.
Virtual LANs (VLANs)
A virtual LAN (VLAN) abstracts the idea of the LAN; a VLAN is a group of devices on one or more physical LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
There are two types of VLANs:
Standard VLANs (1-1001)
- By default all ports in a switch are placed on VLAN 1.
- Best practices recommend not using the default VLAN for management or data traffic.
- Ports in a switch which are not in use should be moved to a different VLAN and be manually shutdown.
Extended VLANs (1006 – 4094)
- Traditionally used in VLAN Trunking Protocol (VTP) transparent mode, now available to use with VTP version 3.
- They are used as Internal VLANs for routed ports (no switchport). So ensure an internal VLAN is not used for data traffic on other switches (show vlan internal usage).
- Extended VLANs are not stored in the vlan.dat file they are stored in running config.
VLANs 1002-1005 are reserved.
Port Types
Access Port
Static Access Port is a port which is a member of a VLAN. Normally an end host will be connected to an access port. VLANs should be configured first.
switch(config)# vlan 10
switch(config-vlan)# name Accounting
switch(config-vlan)# state active
switch(config-vlan)# no shutdown
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Dynamic Trunking Protocol (DTP) is not used and a trunk will never be formed in an Access Port.
Trunk Port
Trunk ports carry multiple VLANs by running a tagging protocol (IEEE 802.1q or ISL) which tags frames with the source VLAN number they came from. Trunk ports are point to point and will negotiate DTP unless the switchport nonegotiate command is configured. Typically a trunk is a link between two switches, a switch and a router or a link to servers with trunk capable NICs.
Dynamic Ports (default configuration) run DTP which negotiates trunk links between switches automatically. There are five modes:
- Dynamic desirable – actively negotiates a trunk if the other side is capable.
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode dynamic desirable
- Dynamic auto – passively negotiates a trunk if the other side is desirable or a trunk port.
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode dynamic auto
- On – this interface will always be a trunk no matter what happens on the other side. This is accomplished with the switchport mode trunk.
Switch(config)#interface fa0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
- Off – forces the link to permanently not trunk, even if the neighbour does not agree. This is done by using the no switchport.
Switch(config)#interface fa0/1
Switch(config-if)#no switchport
- Nonegotiate – forces the port to permanently trunk but not send DTP frames. The neighbouring switch must be set to trunking manually.
Switch(config)#interface fa0/1
Switch(config-if)# switchport nonegotiate
Table 1 illustrates the results of the DTP configuration options on opposite ends of a trunk link.
Dynamic Auto | Dynamic Desirable | Trunk (On) | Access (Static) | |
Dynamic Auto | Access | Trunk | Trunk | Access |
Dynamic Desirable | Trunk | Trunk | Trunk | Access |
Trunk (On) | Trunk | Trunk | Trunk | Limited connectivity |
Access (Static) | Access | Access | Limited connectivity | Access |
It is recommended to configure trunk links statically whenever possible.
In order to control traffic on trunks, the allowed list specifically removes or allows VLANs on a trunk link:
Switch(config)#interface fa0/1
Switch(config-if)#switchport trunk allowed vlan 1,10,20
Type of Interfaces:
Layer 3/Routed Port – a routed interface with an IP address. Not configured to be part of a VLAN.
Switch(config)#interface fa0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 192.168.30.1 255.255.255.252
Switch(config-if)#no shutdown
Switched virtual interface (SVI) – a software interface in a switch which is configured to be within a VLAN and has an IP address. With SVIs the switch will use virtual Layer 3 interface to route traffic to other Layer 3 interface thus eliminating the need for a physical router. Often used as default gateway for the hosts in the VLAN or for management purposes (remote switch administration).
Switch(config)#interface vlan 10
Switch(config-if)# ip address 192.168.10.2 255.255.255.0
Switch(config-if)#no shutdown
Tunnel port – used to provide metro Ethernet services. Customer dot1q tagged frames are encapsulated inside another dot1q tag which is used to keep traffic from different customers separate within a provider network. Layer 2 protocol tunnelling allows Layer 2 protocol data units (PDUs) (CDP, STP, and VTP) to be tunnelled through a network.
Related show commands:
show vlan
show vlan brief
show interfaces Fa0/1 switchport
show interfaces trunk
show dtp interface Fa0/1
show vlan internal usage
show interface status
Summary
- A VLAN is a custom network created from one or more existing physical LANs. It enables groups of devices from multiple networks (both wired and wireless) to be combined into a single logical network and share a single broadcast and multicast domain. The result is a virtual LAN that can be administered like a physical LAN.
- Access ports – ports attached to user workstations or workgroup servers within a VLAN.
- Trunk ports – connections to other switches or to far end devices which do not run DTP: servers with trunk capable NICs, router-on-a-stick. May use the switchport nonegotiate command to prevent DTP negotiation.
- Dynamic ports – May be used for connections to other Cisco switches (DTP is Cisco proprietary) to enable autonegotiation of trunk links. Generally static trunk configuration is preferred.
- Routed ports – used when connecting to an external router for onward connectivity to non-Ethernet segments (e.g. WAN).
- SVIs – used to provide a management IP address in layer 2 switches. In layer 3 switches, SVI’s may be the default gateway addresses for hosts within local VLANs.