Configure and verify VLANs (normal range) spanning multiple switches - CSU359

Wireless Principles

0. VLAN Spanning Multiple Switches

In network design, VLANs often need to span multiple switches to maintain consistent network segmentation across different physical locations. VLAN spanning allows devices connected to different switches but within the same VLAN to communicate as if they were on the same physical switch. This is crucial in large networks where devices are spread across multiple switches but need to remain in the same VLAN for purposes like departmental segmentation or ensuring the same broadcast domain.

0.1 Understanding VLAN Trunks

To span VLANs across multiple switches, trunk links are used. A trunk link is a point-to-point link between two network devices that carries traffic for multiple VLANs. Unlike access ports, which are part of a single VLAN, trunk ports can carry traffic from multiple VLANs by tagging the frames with a VLAN identifier.

The most common protocol used for VLAN tagging is IEEE 802.1Q, which adds a VLAN tag to Ethernet frames to identify the VLAN to which the frame belongs.

0.2 Configuring Trunk Ports

To allow VLANs to span multiple switches, you must configure the ports connecting the switches as trunk ports. Below is an example of configuring trunk ports on two switches:

0.2.1 Configuration Example on Switch 1

Switch1(config)# interface GigabitEthernet 1/0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk allowed vlan all
Switch1(config-if)# switchport trunk encapsulation dot1q

0.2.2 Configuration Example on Switch 2

Switch2(config)# interface GigabitEthernet 1/0/24
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk allowed vlan all
Switch2(config-if)# switchport trunk encapsulation dot1q

In these examples, the GigabitEthernet 1/0/24 ports on both Switch 1 and Switch 2 are configured as trunk ports, allowing them to carry traffic for all VLANs across the trunk link.

0.3 VLAN Propagation Using VTP

VLAN Trunking Protocol (VTP) can be used to propagate VLAN information across switches. VTP manages the addition, deletion, and renaming of VLANs across the network, ensuring consistent VLAN configuration on all switches in the VTP domain. While VTP can simplify VLAN management in large networks, it also comes with potential risks, such as accidental VLAN deletion. Therefore, its use should be carefully managed.

0.4 Verifying VLAN Spanning Across Switches

To ensure that VLANs are correctly spanning multiple switches, use the following verification commands:

Check VLAN Configuration: Ensure that VLANs are created and configured on all switches.
Verify Trunk Ports: Use the show interfaces trunk command to verify that trunk ports are operational and carrying the expected VLAN traffic.
Verify VLAN Membership: Use the show vlan brief command to check that the correct ports are assigned to the appropriate VLANs.

Switch# show interfaces trunk
Switch# show vlan brief

0.5 Troubleshooting VLAN Spanning Issues

If VLANs are not correctly spanning across multiple switches, consider the following troubleshooting steps:

Check Trunk Configuration: Ensure that trunk ports are correctly configured on all switches and that they are set to allow the necessary VLANs.
Verify VTP Settings: If using VTP, verify that all switches are in the correct VTP domain and that VTP versions are consistent.
Inspect VLAN Membership: Confirm that VLANs are created and active on all switches in the network.
Check for Misconfigured Ports: Ensure that there are no access ports incorrectly configured as trunk ports or vice versa.

1. Configure and Verify VLANs (Normal Range) Spanning Multiple Switches - Access Ports (Data and Voice)

In a computer network, Virtual Local Area Networks (VLANs) allow logical segmentation of networks, improving security and reducing congestion. In this section, we will cover how to configure and verify VLANs spanning multiple switches with access ports that handle both data and voice traffic.

1.1 Understanding VLANs

A VLAN is a broadcast domain created by partitioning and isolating network traffic at the data link layer (Layer 2). VLANs allow devices in different locations to communicate as if they were on the same physical network. VLANs are particularly useful in managing data and voice traffic separately while using the same physical network infrastructure.

1.2 VLAN Ranges

VLANs in Cisco switches are categorized into two ranges:

Normal Range VLANs: VLAN IDs from 1 to 1005. These are typically used in small to medium-sized networks and are stored in the VLAN database.
Extended Range VLANs: VLAN IDs from 1006 to 4094. These are used in larger networks and are stored in the running configuration.

1.3 Configuring VLANs on Multiple Switches

When spanning VLANs across multiple switches, trunk ports are used to carry VLAN traffic between switches. Access ports connect end devices like computers and phones to the network. Below is the process to configure VLANs on multiple switches:

1.3.1 Configure VLAN on the First Switch

Switch1(config)# vlan 10
Switch1(config-vlan)# name Data_VLAN
Switch1(config)# vlan 20
Switch1(config-vlan)# name Voice_VLAN

1.3.2 Assign VLANs to Access Ports

Access ports connect end devices and are assigned to specific VLANs. For instance, port 1/0/1 is assigned to the data VLAN and port 1/0/2 to the voice VLAN.

Switch1(config)# interface FastEthernet 1/0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 10

Switch1(config)# interface FastEthernet 1/0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 20

1.3.3 Configure Trunk Ports Between Switches

Trunk ports carry traffic for multiple VLANs across switches:

Switch1(config)# interface GigabitEthernet 1/0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk allowed vlan 10,20

1.3.4 Replicate Configuration on the Second Switch

Switch2(config)# vlan 10
Switch2(config-vlan)# name Data_VLAN
Switch2(config)# vlan 20
Switch2(config-vlan)# name Voice_VLAN

Switch2(config)# interface FastEthernet 1/0/1
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 10

Switch2(config)# interface FastEthernet 1/0/2
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 20

Switch2(config)# interface GigabitEthernet 1/0/24
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk allowed vlan 10,20

1.4 Verifying VLAN Configuration

After configuring the VLANs, it's crucial to verify the configuration to ensure everything works correctly. Use the following commands:

Switch1# show vlan brief
Switch1# show interfaces trunk
Switch1# show interfaces status

These commands help verify that the VLANs are correctly configured and that the trunk ports are carrying the intended VLAN traffic.

1.5 Configuring Voice VLANs on Access Ports

In scenarios where IP phones and computers share the same physical port, a Voice VLAN is configured in addition to the Data VLAN:

Switch1(config)# interface FastEthernet 1/0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 10
Switch1(config-if)# switchport voice vlan 20

This configuration allows both data and voice traffic to coexist on the same port while being segmented into separate VLANs.

2. Default VLAN

The Default VLAN is a fundamental concept in VLAN configuration, especially in environments using Cisco switches. By default, all switch ports are members of the Default VLAN, which is typically VLAN 1. Understanding the Default VLAN is essential for managing network traffic effectively and ensuring secure and organized communication across the network.

2.1 What is the Default VLAN?

The Default VLAN is the VLAN assigned to all switch ports when the switch is first configured or reset to factory settings. In most cases, the Default VLAN is VLAN 1. This VLAN is crucial for the basic operation of the switch and allows devices to communicate with each other across all ports unless the VLAN assignment is modified.

2.2 Characteristics of the Default VLAN

VLAN ID: The Default VLAN ID is 1.
All Ports Assigned: By default, all switch ports are part of the Default VLAN (VLAN 1).
Management VLAN: VLAN 1 is often used for management purposes, though this practice is not recommended due to potential security risks.
Cannot be Deleted: VLAN 1 cannot be deleted or renamed, but its ports can be reassigned to other VLANs.

2.3 Best Practices for Default VLAN

While VLAN 1 is the default, it is generally recommended to avoid using VLAN 1 for data or management traffic due to security concerns:

Change Management VLAN: Use a different VLAN (e.g., VLAN 100) for network management to reduce exposure to security risks.
Reassign Ports: Reassign switch ports from VLAN 1 to other VLANs as part of network segmentation to improve security and performance.
Monitor Traffic: Regularly monitor VLAN 1 traffic to ensure it is not being used for unauthorized purposes.

2.4 Verifying Default VLAN Configuration

To verify the configuration and status of the Default VLAN, the following commands can be used:

Switch# show vlan brief
Switch# show interfaces vlan 1

These commands help confirm which ports are still assigned to VLAN 1 and the status of the VLAN itself.

3. InterVLAN Connectivity

InterVLAN connectivity refers to the ability for devices on different VLANs to communicate with each other. VLANs, by design, isolate network traffic to enhance security and reduce broadcast traffic. However, in many scenarios, devices on different VLANs need to communicate. This is achieved using InterVLAN routing, which allows traffic to be routed between VLANs.

3.1 Understanding InterVLAN Routing

InterVLAN routing is the process of forwarding traffic between different VLANs. Since VLANs are separate broadcast domains, a Layer 3 device, such as a router or a Layer 3 switch, is required to enable communication between them.

3.2 Methods of InterVLAN Routing

There are two primary methods for implementing InterVLAN routing:

Router-on-a-Stick: This method uses a single physical interface on a router that is configured with subinterfaces, each corresponding to a different VLAN.
Layer 3 Switch: A Layer 3 switch can perform routing functions in addition to switching, allowing it to route traffic between VLANs internally without needing a separate router.

3.2.1 Router-on-a-Stick

In the Router-on-a-Stick configuration, a router's physical interface is divided into multiple subinterfaces, each representing a different VLAN. Each subinterface is assigned an IP address that serves as the default gateway for the respective VLAN.

3.2.1.1 Configuration Example

Router(config)# interface GigabitEthernet 0/0
Router(config-if)# no shutdown
Router(config-if)# interface GigabitEthernet 0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0

Router(config-if)# interface GigabitEthernet 0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0

In this example, the router's GigabitEthernet 0/0 interface is configured with two subinterfaces, each handling traffic for VLAN 10 and VLAN 20, respectively.

3.2.2 Layer 3 Switch

A Layer 3 switch can perform routing between VLANs without requiring an external router. The switch itself is configured with IP addresses on its VLAN interfaces, which act as the default gateways for the respective VLANs.

3.2.2.1 Configuration Example

Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown

Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown

Switch(config)# ip routing

In this configuration, the Layer 3 switch is set up to route traffic between VLAN 10 and VLAN 20 internally.

3.3 Verifying InterVLAN Connectivity

After configuring InterVLAN routing, it is important to verify that devices on different VLANs can communicate. This can be done by:

Pinging Between VLANs: Use the ping command from a device in one VLAN to a device in another VLAN to test connectivity.
Checking Routing Tables: Use the show ip route command on the router or Layer 3 switch to ensure that routes between VLANs are correctly configured.

Switch# show ip route
Router# show ip route

3.4 Troubleshooting InterVLAN Connectivity

If InterVLAN connectivity is not functioning as expected, consider the following troubleshooting steps:

Check VLAN Assignment: Ensure that devices are correctly assigned to the appropriate VLANs and that the VLANs are configured on all switches involved.
Verify IP Addressing: Check that each VLAN has a unique IP subnet and that devices have the correct IP address and default gateway.
Inspect Trunk Links: Verify that trunk ports between switches are configured correctly and that they allow the necessary VLANs.
Check Routing Configuration: Ensure that routing is enabled on the router or Layer 3 switch and that all necessary subinterfaces or VLAN interfaces are configured correctly.