3.6.2 Lab - Implement VLANs and Trunking
In modern networking, VLANs (Virtual Local Area Networks) and trunking are foundational concepts for creating efficient, secure, and scalable networks. In practice, this lab focuses on implementing VLANs and trunking protocols to segment networks, enhance security, and optimize traffic flow. By the end of this guide, you’ll understand how to configure VLANs, assign ports to specific VLANs, and establish trunk links between switches to carry multiple VLANs over a single physical connection.
Introduction
VLANs and trunking are critical components of network design, enabling organizations to logically divide a physical network into smaller, isolated segments. VLANs improve security by restricting communication between devices in different segments, while trunking allows multiple VLANs to traverse a single link between switches. This lab will walk you through the process of configuring VLANs on Cisco Catalyst switches, setting up trunking between switches, and verifying the functionality of your setup.
Steps to Implement VLANs and Trunking
Prerequisites
Before starting, ensure you have the following:
- Cisco Catalyst switches (e.g., 2960 or 3560 series).
- Console cables to connect to the switches.
- Access to a terminal emulator (e.g., PuTTY).
- Basic familiarity with Cisco IOS commands.
Step 1: Configure VLANs on a Switch
- Access the switch via the console cable and terminal emulator.
- Enter global configuration mode:
Switch> enable Switch# configure terminal - Create VLANs:
- Define VLAN 10 (e.g., for HR department):
Switch(config)# vlan 10 Switch(config-vlan)# name HR - Define VLAN 20 (e.g., for IT department):
Switch(config)# vlan 20 Switch(config-vlan)# name IT
- Define VLAN 10 (e.g., for HR department):
- Assign switch ports to VLANs:
- For VLAN 10 (HR), assign port 1:
Switch(config)# interface range fa0/1 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 - For VLAN 20 (IT), assign port 2:
Switch(config)# interface fa0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20
- For VLAN 10 (HR), assign port 1:
Step 2: Configure Trunking Between Switches
- Connect two switches via a crossover cable.
- Configure trunking on the link:
- On Switch A (connected to port fa0/1):
SwitchA(config)# interface fa0/1 SwitchA(config-if)# switchport mode trunk - On Switch B (connected to port fa0/2):
SwitchB(config)# interface fa0/2 SwitchB(config-if)# switchport mode trunk
- On Switch A (connected to port fa0/1):
- Verify trunking configuration:
This command displays active trunk links and their allowed VLANs.SwitchA# show interfaces trunk SwitchB# show interfaces trunk
Step 3: Verify VLAN and Trunking Functionality
- Ping between devices in different VLANs:
- Connect a PC to a port assigned to VLAN 10 (HR) and another PC to VLAN 20 (IT).
- If trunking is configured correctly, devices in different VLANs should not communicate directly.
- Check VLAN assignments:
This command lists all VLANs and their associated ports.SwitchA# show vlan brief
Scientific Explanation of VLANs and Trunking
What Are VLANs?
VLANs are logical subdivisions of a physical network, created to group devices based on function, department, or security requirements rather than physical location. Here's one way to look at it: a company might separate its finance, HR, and IT departments into VLANs 10, 20, and 30, respectively. Devices in the same VLAN can communicate directly, while devices in different VLANs require a router or Layer 3 switch to route traffic between them.
How Trunking Works
Trunking enables a single physical link to carry traffic for multiple VLANs. This is achieved using IEEE 802.1Q, a protocol that adds a 4-byte tag to Ethernet frames. The tag includes:
- Priority Code Point (PCP): Determines traffic priority.
- Canonical Format Identifier (CFI): Reserved for future use.
- VLAN Identifier (VID): Specifies the VLAN to which the frame belongs.
When a frame enters a trunk port, the switch examines the VID tag. If the VLAN is allowed on the trunk, the frame is forwarded; otherwise, it is dropped. This ensures that only authorized VLANs traverse the trunk link.
