3.6.2 Lab - Implement Vlans And Trunking

In the realm of network administration, VLANs (Virtual Local Area Networks) and trunking stand as cornerstones for efficient network segmentation and management. This lab exercise delves into the practical implementation of these technologies, providing a hands-on understanding of their configuration and benefits. By creating VLANs and configuring trunk links, you'll gain the ability to logically divide a physical network into multiple broadcast domains, enhancing security, performance, and manageability.

Understanding VLANs

A VLAN, at its core, is a logical grouping of network devices that behave as if they are on their own independent network, regardless of their physical location. This segmentation offers several advantages:

• Enhanced Security: VLANs isolate traffic, preventing unauthorized access to sensitive resources.
• Improved Performance: By reducing the size of broadcast domains, VLANs minimize unnecessary traffic and improve network efficiency.
• Simplified Management: VLANs allow administrators to group users and devices based on department, function, or project, simplifying network management and policy enforcement.
• Flexibility and Scalability: VLANs make it easier to add, move, or change network devices without requiring physical rewiring.

Understanding Trunking

Trunking, on the other hand, is a method of carrying multiple VLANs over a single physical link. This is essential for connecting switches and routers, allowing them to communicate with each other and forward traffic for different VLANs across the network infrastructure. Without trunking, each VLAN would require its own dedicated physical connection between switches, which is impractical and inefficient.

Lab Objectives

This lab exercise aims to provide a practical understanding of VLANs and trunking by guiding you through the configuration of these technologies on network switches. The specific objectives include:

• Creating VLANs on a switch.
• Assigning ports to specific VLANs.
• Configuring a trunk link between two switches to carry multiple VLANs.
• Verifying VLAN and trunking configuration.
• Troubleshooting common VLAN and trunking issues.

Lab Setup and Requirements

Before embarking on the implementation, let's outline the necessary hardware, software, and preparatory steps:

Hardware Requirements

• Two or more Cisco switches: These switches should support VLAN and trunking functionality. Catalyst 2960, 3560, or similar models are suitable.
• Computers or virtual machines: Two or more computers or virtual machines to test connectivity between VLANs.
• Console cables: To connect to the switches for configuration.
• Ethernet cables: To connect the switches and computers.

Software Requirements

• Terminal emulation software: PuTTY, Tera Term, or similar software to access the switch's command-line interface (CLI).
• Network diagramming software (optional): To create a visual representation of the network topology.

Lab Topology

A simple topology consisting of two switches interconnected via a trunk link is sufficient for this lab. Each switch will have computers connected to different VLANs. Here's a basic representation:

[PC1] -- (Switch1) --- (Trunk Link) --- (Switch2) -- [PC2]
         |                                   |
         | VLAN 10                           | VLAN 20
         |                                   |
[PC3] -- (Switch1)                           (Switch2) -- [PC4]
         | VLAN 20                           | VLAN 10

Preparatory Steps

1. Familiarize yourself with the Cisco IOS CLI: Understanding the basic commands for navigating the CLI, configuring interfaces, and saving configurations is essential.
2. Review VLAN and trunking concepts: Ensure you have a solid understanding of the theoretical concepts behind VLANs and trunking before proceeding with the configuration.
3. Plan your VLAN assignments: Decide which VLANs you will create and which ports will be assigned to each VLAN.
4. Document your configuration: Keep a record of all commands entered and configurations made for future reference and troubleshooting.

Step-by-Step Implementation

Now, let's delve into the step-by-step implementation of VLANs and trunking on the switches.

Step 1: Accessing the Switch CLI

1. Connect a console cable from your computer to the console port on the switch.
2. Open your terminal emulation software and configure the connection settings:
   • Baud rate: 9600
   • Data bits: 8
   • Parity: None
   • Stop bits: 1
   • Flow control: None
3. Power on the switch. You should see the switch boot sequence in the terminal window.
4. Press Enter to access the switch's CLI prompt.

Step 2: Configuring VLANs on Switch1

1. Enter privileged EXEC mode:

   Switch> enable
   Switch#
   

2. Enter global configuration mode:

   Switch# configure terminal
   Switch(config)#
   

3. Create VLAN 10:

   Switch(config)# vlan 10
   Switch(config-vlan)# name VLAN_10
   Switch(config-vlan)# exit
   

   This creates a VLAN with ID 10 and assigns it the name "VLAN_10". Using descriptive names makes VLAN management easier.

4. Create VLAN 20:

   Switch(config)# vlan 20
   Switch(config-vlan)# name VLAN_20
   Switch(config-vlan)# exit
   

   Similarly, this creates VLAN 20 and names it "VLAN_20".

5. Assign ports to VLAN 10: Let's assume you want to assign ports FastEthernet 0/1 and FastEthernet 0/2 to VLAN 10.

   Switch(config)# interface range fa0/1-2
   Switch(config-if-range)# switchport mode access
   Switch(config-if-range)# switchport access vlan 10
   Switch(config-if-range)# exit
   

   This configures the specified ports as access ports and assigns them to VLAN 10. Access ports are designed to carry traffic for a single VLAN.

6. Assign ports to VLAN 20: Let's assign ports FastEthernet 0/3 and FastEthernet 0/4 to VLAN 20.

   Switch(config)# interface range fa0/3-4
   Switch(config-if-range)# switchport mode access
   Switch(config-if-range)# switchport access vlan 20
   Switch(config-if-range)# exit
   

   This assigns the specified ports to VLAN 20.

7. Configure the trunk port: Let's assume you're using GigabitEthernet 0/1 as the trunk port.

   Switch(config)# interface gigabitethernet 0/1
   Switch(config-if)# switchport mode trunk
   Switch(config-if)# switchport trunk encapsulation dot1q
   Switch(config-if)# switchport trunk allowed vlan 10,20
   Switch(config-if)# no shutdown
   Switch(config-if)# exit
   

   • switchport mode trunk: Configures the port as a trunk port.
   • switchport trunk encapsulation dot1q: Specifies the trunking protocol. dot1q is the industry standard.
   • switchport trunk allowed vlan 10,20: Allows VLANs 10 and 20 to pass over the trunk link. You can use switchport trunk allowed vlan all to allow all VLANs, but it's generally best practice to explicitly specify the allowed VLANs for security reasons.
   • no shutdown: Enables the interface.

8. Exit global configuration mode:

   Switch(config)# exit
   Switch#
   

9. Save the configuration:

   Switch# copy running-config startup-config
   Destination filename [startup-config]?
   Building configuration...
   [OK]
   Switch#
   

   This saves the current running configuration to the startup configuration, ensuring that the changes are retained after a reboot.

Step 3: Configuring VLANs on Switch2

Repeat the steps above on Switch2, making the following adjustments:

1. Create VLAN 10 and VLAN 20: Use the same VLAN IDs and names as on Switch1 for consistency.
2. Assign ports to VLANs: Reverse the port assignments. Assign FastEthernet 0/1 and FastEthernet 0/2 to VLAN 20, and FastEthernet 0/3 and FastEthernet 0/4 to VLAN 10. This ensures that computers in the same VLAN on different switches can communicate.
3. Configure the trunk port: Configure the corresponding GigabitEthernet port (e.g., GigabitEthernet 0/1) on Switch2 as a trunk port, using the same encapsulation and allowed VLANs as on Switch1.
4. Save the configuration: Save the configuration to the startup configuration.

Step 4: Verifying VLAN and Trunking Configuration

After configuring the switches, it's essential to verify that the configuration is correct.

1. Verify VLAN configuration: On both switches, use the show vlan brief command to display the VLAN configuration.

   Switch# show vlan brief
   
   VLAN Name                             Status    Ports
   ---- -------------------------------- --------- -------------------------------
   1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                 Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                 Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                 Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                 Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                 Gi0/2
   10   VLAN_10                          active    Fa0/1, Fa0/2
   20   VLAN_20                          active    Fa0/3, Fa0/4
   1002 fddi-default                     act/unsup
   1003 token-ring-default               act/unsup
   1004 fddinet-default                  act/unsup
   1005 trnet-default                    act/unsup
   

   This output shows the VLANs configured on the switch, their names, status, and the ports assigned to each VLAN. Verify that the ports are assigned to the correct VLANs.

2. Verify trunk configuration: On both switches, use the show interfaces trunk command to display the trunk configuration.

   Switch# show interfaces trunk
   
   Port        Mode             Encapsulation  Status        Native vlan
   Gi0/1       on               802.1q         trunking      1
   
   Port        Vlans allowed on trunk
   Gi0/1       10,20
   
   Port        Vlans active on trunk
   Gi0/1       10,20
   
   Port        Vlans in spanning tree forwarding state and not pruned
   Gi0/1       10,20
   

   This output shows the trunk ports, their encapsulation type, status, native VLAN, allowed VLANs, and active VLANs. Verify that the trunk port is in the trunking state, the encapsulation is correct, and the allowed VLANs are configured as expected.

3. Test connectivity: Assign IP addresses to the computers in the same VLAN on different switches. For example:

   • PC1 (connected to Switch1, VLAN 10): 192.168.10.10/24
   • PC4 (connected to Switch2, VLAN 10): 192.168.10.20/24
   • PC3 (connected to Switch1, VLAN 20): 192.168.20.10/24
   • PC2 (connected to Switch2, VLAN 20): 192.168.20.20/24

   Try to ping between computers in the same VLAN on different switches. For example, ping from PC1 to PC4. If the configuration is correct, the ping should be successful. You should not be able to ping between computers in different VLANs without routing.

Troubleshooting Common Issues

Even with careful planning and execution, issues can arise during the implementation of VLANs and trunking. Here are some common problems and their solutions:

• Connectivity issues:
  • Incorrect VLAN assignments: Double-check that the ports are assigned to the correct VLANs on both switches.
  • Trunk port not configured correctly: Verify the trunk port configuration, including the encapsulation type and allowed VLANs.
  • Native VLAN mismatch: Ensure that the native VLAN is the same on both ends of the trunk link. Mismatched native VLANs can cause connectivity problems and security vulnerabilities.
  • Spanning Tree Protocol (STP) issues: STP can block ports to prevent loops. Verify that STP is not blocking any necessary ports. Use the show spanning-tree command to check the STP status.
• VLAN not propagating across the trunk:
  • VLAN not allowed on the trunk: Verify that the VLAN is allowed on the trunk link using the switchport trunk allowed vlan command.
  • VLAN not created on the other switch: Ensure that the VLAN is created on both switches.
• Configuration errors:
  • Typos: Double-check all commands for typos.
  • Incorrect interface names: Verify that you are configuring the correct interfaces.
  • Missing commands: Ensure that you have entered all the necessary commands.

Advanced Configuration Options

While the basic implementation of VLANs and trunking provides significant benefits, there are several advanced configuration options that can further enhance network performance, security, and manageability.

VLAN Trunking Protocol (VTP)

VTP is a Cisco proprietary protocol that allows VLAN information to be propagated across a network. VTP simplifies VLAN management by allowing you to create, delete, and modify VLANs on a single switch, and the changes are automatically propagated to other switches in the VTP domain. However, VTP can also be a security risk if not configured properly, as a rogue switch can inject incorrect VLAN information into the network. Therefore, it is important to understand the different VTP modes and configure VTP securely.

Private VLANs (PVLANs)

PVLANs provide further segmentation within a VLAN. PVLANs are typically used in environments where you need to isolate devices within the same VLAN, such as in a data center or a hotel. PVLANs consist of a primary VLAN and one or more secondary VLANs. The primary VLAN carries traffic to and from the outside world, while the secondary VLANs isolate devices within the VLAN.

VLAN Filtering

VLAN filtering allows you to control which VLANs are allowed to pass over a trunk link based on the source or destination MAC address or IP address. VLAN filtering can be used to enhance security and prevent unauthorized access to sensitive resources.

Quality of Service (QoS)

QoS allows you to prioritize traffic based on VLAN. This can be useful for ensuring that critical applications, such as voice and video, receive the necessary bandwidth and priority.

Benefits of Using VLANs and Trunking

Implementing VLANs and trunking offers a multitude of benefits for network administrators and organizations:

• Improved Security: VLANs isolate traffic, preventing unauthorized access and limiting the impact of security breaches.
• Enhanced Performance: Reducing broadcast domains minimizes unnecessary traffic and improves network efficiency.
• Simplified Management: VLANs allow for logical grouping of users and devices, simplifying network administration and policy enforcement.
• Increased Flexibility and Scalability: VLANs make it easier to add, move, or change network devices without physical rewiring.
• Cost Savings: Consolidating multiple physical networks into a single logical network reduces hardware costs and simplifies cabling.
• Compliance: VLANs can help organizations meet regulatory compliance requirements by providing network segmentation and access control.

Conclusion

This lab exercise has provided a comprehensive guide to implementing VLANs and trunking on network switches. By creating VLANs, assigning ports, configuring trunk links, and verifying the configuration, you have gained a practical understanding of these essential networking technologies. Remember to thoroughly test your configuration and troubleshoot any issues that arise. By mastering VLANs and trunking, you can build more secure, efficient, and manageable networks. As you advance in your networking journey, explore the advanced configuration options and consider how VLANs and trunking can be tailored to meet the specific needs of your network environment. Consistent practice and a solid understanding of the underlying concepts are key to becoming a proficient network administrator.