However, when it’s going between switches, between switch one and switch two, switch two wouldn’t know what VLAN that traffic was a part of. Switch one does when it’s going from B to F because both ports are on the same switch and the switch knows what ports are on what VLAN but computer two doesn’t know what ports or what VLAN over here or switch two does not know what ports are in what VLAN. So switch one has to tell it. So what it does is the frame is about to leave the switch, switch one to switch two, It gets marked and basically what it says is hey, there is a little extra header on here that says “Hey this is a part of VLAN3 if they are in VLAN3. What would happen is they’ll go over here, the switch would read this VLAN tag header on there and say “that can only communicate with other switches that are n VLAN3 or other computers that are in VLAN3 so it would look at the ports that are a part of VLAN3 and determine where to forward this frame and remove the header because it forwarded out. So computer D would get this frame and never even know that it was marked with anything to do with VLAN, it doesn’t know what a VLAN is because that marking, that VLAN tag header is removed as it enters into the switch over here on switch two. If it needed to forward it along to another switch, we’d mark it again and say “Hey, VLAN tag header is part of VLAN3, it’s going to this computer over here, maybe computer H, whatever and switch three would read the VLAN tag header, remove it, forward it out.”
There are a couple of small differences between ISL and 802.1q that I need to talk about, for a quick comparison between ISL inter switch linking and 802.1q trunking protocols, ISL encapsulates the entire original frame, so you have the original frame, ISL encapsulates the entire thing. So there is a full header and full trailer with the ISL and this is the original Ethernet frame with 802.1q, all it does is simply adds a four-bite header. Both use a 12 bit long VLAN ID so they can support the same number of VLANs, both supports separate instances of spanning tree, 802.1q did that at a later point and again spanning tree is important because it prevents bridging or switching loops which creates broadcast storms and all kinds of problems on your network. 802.1q uses what’s called a native VLAN. Here is a frame, here is a couple of switches, if traffic is passing between switches across the trunk line and it’s a part of VLAN1, the switch doesn’t do anything with it if it’s 802.1q. If switch two receives a frame without any VLAN encapsulation on it whatsoever it assumes that frame is a part of VLAN1. ISL would fully encapsulate all traffic regardless of the VLAN it’s in. So those are the main differences between 802.1q and ISL. The key thing is if you are running all Cisco environment, you can us ISL, if you are running multi vender environment you better use 802.1q or if you are non Cisco you can be using 802.1q, it’s important to understand that there are different trunking protocols out there in case you get an environment and you are assuming, you might be assuming ISL is being used and 802.1q is and it’s causing problems.
Let’s go back and take a look at our CCNA VLAN slide. So here is our VLAN slide, so we just want to over ISL and 802.1q encapsulation. So just a real quick overview of this again, we have one switch in server, one in client, we can have transparent mode if we wanted to be all by itself and not share in the VLAN information with everybody else. So this is server, this is client. We actually have to turn trunking on at each one of these interfaces. So we have to use a switch port mode trunk command to turn trunking on and what that does is it tells the switches to start sending VLAN information across. On the server, on this switch right here, this is where we go and then create all the VLAN so we’d go create all the VLAN and then assign the ports to the appropriate VLAN. We’ll go to each port one at a time, put it in the right VLAN and we’d be good to go at that point. There are bunch of show commands here that we can use to check this out and there are different commands we use to assign the ports to the VLANs, turn trunking on and things like that. So let’s go in and configure a couple of switches with the same scenario minus computer F.
So we have computer A, B, C, D, switch one, switch two and we’ll set up some VLANs. So here is the scenario in my simulator. Palestra, Palestra, FA012 from Palestra connects to FA012 on Palestra. I’ve got four machines, PC1, PC2, PC3 and PC4. PC1 and 2 are plugged into ports one and two on Palestra, PC3 and 4 are connected to ports one and two on Palestra. So what I’m going to do is I’m actually going to create two additional VLANs, put PC1 and PC3 on one VLAN, PC2 and PC4 in another VLAN. I’ll call the VLAN that PC1 and 3 in, VLAN odd, PC2 and 4, VLAN even. The IPs for the switches will remain in the same VLAN which is VLAN1. Typically you would leave VLAN1 empty and just have all (Sisco) devices IPs in VLAN1 and use that as a management in monitoring VLAN, again the VLAN is simply a broadcast demand, so let’s go in and configure this. The first thing on the day before I start configuring this is take a look at everything to a show run, see the host name, interface VLAN1, VTP domain is a big domain and that’s the default of the simulator, it’s not something I chose and so I can go and check that out. I also want to check out the VLAN, show VLAN. I see that there is a VLAN1 as well as the other default VLANs reserved for Fidi, token ring, Fidi.net and all ports are n VLAN1, ports one through 12 all the way over here. So what I’m going to be doing is making 12 a trunk port and put ports one and port two in two different VLANs.
Again if I do a show run, I can see interface one and two, no configuration or any of that. Interface 12, no configuration or any of that so everything should be fine. Show VTP status, shows me the VTP information here so it shows me that VTP version is two, there are multiple versions of VTP, both switches or every switch in your VTP domain needs to support the same version. I can revert to version one if needed. Configuration revision number is currently at two maximum number of VLAN is 64 supported locally. The operating mode that this particular switches in is server mode and that’s the mode I want switch one to be in our Palestra, Palestra I’m going to end up making in client mode. Let me do the bulk of the work over here and then just tell the other one that it’s a client. So what I’m going to do here is go in and create a couple of VLANs. My command is VLAN database, I’m going to get back one… now why I went into the mode, VLAN database and I’m going to create VLAN, I’m just going to make it VLAN11, name odd and then I’m going to create VLAN12 named Even.
Computers one and three on the two switches are going to go on VLAN11, computers two and four are going to go in VLAN12 which is the even VLAN. Notice odd numbers odd, even numbers even? So I’ve created the VLANs but I haven turn trunking or anything like that on… or added the ports to the VLANs. So the next thing I’m going to do since this switch is already in server mode, my VLANs are created, I’m going to exit out of here and I’m going to go to interface, FA0/1, I’m going to make this interface a member of VLAN11. So I go switch port access, VLAN11 is the command. So I’ve just put FA01 which computer one is plugged into and the VLAN11. I’m going to go to interface FA0/2 and put it in VLAN12. This should bring up my previous commands using control P or the up arrow and now FA02 is part of VLAN12. If I want to change the VTP domain, let’s change VTP domain to Palestra, let me exit out of here and I can set the VTP domain to something beside big domains, I just don’t like the name big domain.
Let me get back into the VLAN database and I’m going to go VTP domain Palestra. So the VTP domain was changed from no which was big domain to Palestra. I will exit out of here and now what I need to do, the last thing, I’ve set the VTP domain, I’ve made sure that this switch is in server mode and it has to be in server mode otherwise I wouldn’t have been able to create the VLANs and I’ve set the switch port access, VLAN11 command on FA01 to make that a member of the odd VLAN, VLAN11 and I’ve used the VLAN12 switch port access VLAN12 to make port FA02 a member of the even VLAN, VLAN12. Now it doesn’t matter what computer I plug into these interfaces. Whatever computer I plug in here is going to be a part of the corresponding VLAN so I better make sure I know what computer is supposed to be plugged into what port. Let me go in, I’m already in Global mode so I don’t need to type that command out, so what I’m going to do now is I’m going to go in and I’m going to turn interface FA0/12 into a trunk. Switch port. I’m using my tab key there, mode, and I’ve got multiple options here with the mode that my switch port is going to be in and these are important trunk. If I say trunk that means it’s going to be a trunk, always trunking, meaning carrying VLAN information. If I say dynamic, what that dose is it tries to be a trunk. It’s going to dynamically negotiate access mode or trunking mode. So we’ll try to be a trunk if the other end is a PC and it’s not trying to share VLAN information then it will go ahead and be an access port.
Access ports, term access means basically it’s an access to our end users so a computer would plug into an access port, a switch would be connected through a trunk port in VLAN traffic so switch port mode dynamic tries to do trunking. If the other device is not set up for trunking, then it becomes an access port or I could go switch port mode access which is the default and it will simply be a switch port to plug a machine into or another switch if I wasn’t going to be dong up linking. Since I know its trunking, I’m going to use trunk as my command and turn that into a trunk. So real quick, show VTP, show VTP. Show VTP status is my command, it shows me the VTP version, configuration revision number, maximum number of VLAN that should have… up by the way when I created the new… normally it will and it’s not on the simulator. VTP operating mode is server, Palestra is the name of my VTP domain and if I do a show running config, I can check out what I’ve configured on the interfaces, notice FA01 part of VLAN11, FA02, part of VLAN12. My mode is still VTP server, you can see that I’ve created these other two VLANs and all that so I can go and check that out. Another command I can use, the one I’ve been suing earlier show VLAN will now show me that port 11 is in the odd VLAN, I’m sorry, port 1 is in the odd VLAN, VLAN11, port two is in the even VLAN, VLAN12 and then the last thing is I want to check out my port, my trunk there and I can see that switch port mode trunk so port 12 is a trunk. I want to make sure that that’s up.
So what I would do next is show interfaces to make sure all my interfaces that I need up and up particularly interface 12 because that’s my trunk up and up, okay everything is good. Now I haven’t done anything to Palestra, let’s go and connect up to Palestra and configure that as a client and then put the appropriate information or the appropriate ports into the appropriate VLANs. I am connecting to switch Palestra, again a quick look at the net map, Palestra this port right here has turned on as a trunk, this port is in VLAN11, I didn’t mean to move that. This port that PC2 is plugged into is in VLAN12 so I’m going to go over to Palestra turn FA012 into a trunk and put port one in the VLAN11 and port two in the VLAN12 so the end result will be PC1 and PC3 are in the same VLAN, PC2, PC4 are in one VLAN and then the switches are both n the same VLAN which is VLAN1, the management VLAN, it doesn’t have to be the management VLAN and that’s the way Cisco recommends it.
So here, what I’m going to do is I’m going to set this guy to client mode. Now I jumped ahead a bit, I went in and I set the VTP mode to client in global mode, running VTP mode client command. So now it’s a client, it’s going to get the information from the server that’s in the same VTP domain. I’ve got to set the VTP domain on the 2950 on some 1900s, once I put it in client mode, it pulls all the information over automatically, but there I have to set the VTP domain to Palestra. Once I set the VTP domain, I have to turn trunking on so it carries all that VLAN information, virtual trunk and protocol information like if I add a VLAN on the server, make sure that the switch will get that information if that VLAN exist as well as encapsulating and looking for encapsulated information coming from the server switch as far as what VLAN is part of. Then now that this Palestra knows that VLAN11 exists, because it got the information from Palestra I can set FA01 into the odd VLAN, VLAN11 and I can set FA02 into the even VLAN, VLAN12.
Now I can go in and check out everything that I’ve done and make sure that I see it there. Show VTP status, I see VTP domain as Palestra, the mode is client so that’s good, I can do a show VLAN and verify the VLAN information and when I do that, you can see here that it sees the VLANs, there’s VLAN11 odd, VLAN12 even, I did not create those VLANs on the switch. The only way I found out about this VLANs is by making a part of the VTP domain Palestra making sure it’s a client switch so listens to the server and turning trunking on. If I didn’t have trunking on or the VTP domain wasn’t right or it wasn’t in client mode it wouldn’t get this information s I can check that out. Now what I want to do is again use my show command, show run, I did those a couple of times just to make sure everything looks good, switch ports are on the right, VLANs, which I just saw with the show VLAN command, switch port mode is a trunk for 12, VTP mode is client, VTP domain is Palestra, everything is good so now let’s try some pinging so what I can do is I can type in Ping, 172.16.1.1 and what that is, is that is pinging, we show the net map, Palestra is pinging Palestra through VLAN1 so what happen is as the packet leaves, Palestra is interfaced, it gets encapsulated with ISL information saying “Hey, it only goes to VLAN1” since Palestra, it’s IP address is in VLAN1 it’s able to receive the Ping, send a reply back. Now watch what happens when I try to ping that 16.1.30, which is computer three from Palestra, I don’t get a reply and again looking at my net map, Palestra is directly connected to PC3, and they are on the same physical connection.
So I have a connection running directly from PC3 to Palestra. PC3 plugs into Palestra is FA014 however, PC3s IP address which I just moved around here, PC3s IP is in VLAN11, (Palestra 2’s) IP is in VLAN1, they can’t Ping each other. PC3 however should be able to Ping PC1 because they are in the same VLAN, they are both in VLAN11, let’s verify that. Oops! Wrong machine here, let me go to my eStation 3, Ping, 172.16.1.10 and I should get a reply and I get a reply. Because they are on the same VLAN, now watch what happens when I try to Ping PC4 which has an IP of 40, request time out and again looking at my net map viewer, PC3 and 4 plugged into the same switch but port two, that PC4 is plugged into is in a different VLAN, a different broadcast demand so the switch does not allow PC3 to communicate with PC4. However, PC4 can communicate with PC2 because they are in the same VLAN so I get a reply back.
Let me illustrate this CCNA concepts on the slide one more time just to make sure it’s clear. So here is my slide again with the switches, now we’ve got switch and this is actually called Palestra not switch one, Palestra not switch to in the CCNA sim that I did so I’ve got a computer plugged into port one and a computer plugged into port two. Computer one, computer two, computer three is plugged into port one on switch two, computer four is plugged into port two on switch two. We made a trunk out of the connection from interface 12, interface 12 between the switches, we turned trunking on there, everybody is a part of the same VTP domain, that’s supposed to be a P and the VTP domain is Palestra and I did that by typing VTP domain Palestra on both devices, switch one is in server mode and switch two is in client mode. Now, what I did was I created VLAN11, the odd VLAN on server or switch one and VLAN12 on switch one and then once this guy had the client, I assigned port one from each switch into VLAN11 and port two from each switch in the VLAN12 so when three wants to communicate with computer one, let’s say ARP request whatever enters into the port, the switch looks at that ARP request and goes “Oh, that can only go to other devices that are in VLAN1” so it does not send it out here, it sends it out there.
Since it’s a part of… I’m sorry, I said VLAN1, it’s a VLAN11, since it’s a part of VLAN11 it encapsulates it, puts a little
Now let’s do a little bit of troubleshooting. The first thing you are going to want to do as a CCNA when troubleshooting any of these, let’s say computer three for some reason can’t talk to computer one over here so when you try to connect to compute one they can’t talk. The first thing is check all your cabling, make sure all your interfaces are up and up, the machines are plugged into the right ports so you’re going to have to get the
Let’s take a look at some CCNA level show commands back at the switches that will help us out. I’ve connected up the switches Palestra here and some commands that are very helpful, show VLAN and verify especially on the server here, verify that the VLANs exist, the right interfaces are part of the right VLANs, very important, I can do a show running config and check it out there as well, I can see my port configuration, the switch port mode trunk command, make sure the trunk has been turned into a trunk, show VTP status. If I make a change over here and add a new VLAN this configuration revision number should increment. When it does increment, make sure the configuration revision number matches on the server and on the client’s switches. Make sure the VTP domain is the same, same letters, sometimes people might type something in wrong like put transpose the ENA there and it wouldn’t work so they’ve got to be the same VTP domains and all that so verify the VTP domains, physical cabling, show interfaces and verify that the interfaces are up that you are trying to work on especially the trunk so trunk is up, so all those things are important check, you can also do a show interfaces and check out for a particular VLAN so you can do show interfaces VLAN and then enter the number of the VLAN or just hit enter, woops! I got to enter the number here, 11 so I can check that out… let me try this again. VLAN and then question mark, it should work. Let me put the VLAN number here, 11.
I’m doing the command right again on the CCNA sim, sometimes things don’t work out exactly hey way they should. I can also do show interfaces. Trunk as well check out my trunks to make sure they are on so the port mode is on, and check this out. FA012 is a trunk, the mode is on that is good, the VLANs allowed to go across it are 11 and 12, which are all the VLANs there, that’s a good information, I can limit the VLANs that can go across particular trunks if I want to. If I just do switch port mode trunk however, it will allow all VLAN security across the trunk so some very helpful commands in there when you want to figure out why you may not be able to Ping, again always check layer one, which is the physical cabling and the IP addressing, very important. IP addressing, again not layer one, layer three but check layer one and check layer three as well. so we have talked about what a virtual