Quiz and Flashcards: https://networkdirection.net/labsandquizzes/quizzes/cisco-ccna-quizzes/ccna-vlans
Labs: https://networkdirection.net/labsandquizzes/labs/cisco-ccna-labs/ccna-vlans
Notes
Switching
Switches traditionally operate at layer-2, although many are capable of layer-3 (routing) functions as well. At layer-2, they primarily work with Ethernet frames and MAC addresses.
When frames are sent through the network, they are rewritten by layer-3 devices. That is, the router updates the source MAC as it’s own, and the destination MAC as the next-hop.
Frame switching is the switches ability to find the right layer-2 path, and send a frame across it.
To do this, switches learn MAC addresses of devices in the network segment. These are stored in the MAC address table, along with the best interface to reach it.
The switch consults the MAC address table when it needs to forward a frame. If a MAC is not in the table, the frame is flooded, and positive results are recorded.
If entries in the MAC address table are not refreshed, they age out, meaning that they are removed from the table.
Most traffic is unicast (sent to one specific destination). Some is broadcast (sent to all endpoints in the network segment), or multicast (sent to some endpoints).
VLANs
VLANs are used to divide the network into logical parts. Think of this like mini-virtual switches.
There are many reasons to use VLANs, including security, traffic separation, and organization.
There can be up to 4094 VLANs. Cisco reserve a few VLANs for special purposes. They also break VLANs into two ranges (1-1001 is the normal range, 1006-4094 is the extended range).
VLAN 1 is the default VLAN on Cisco switches.
VTP
NOTE: VTP is not in the current CCNA exam.
VTP is a technology that you may see in the real world. It’s a protocol on Cisco switches that makes it easier to configure VLANs across many switches.
This uses a client/server model, where server switches give client switches a list of VLANs that they need to add.
For practical purposes, it’s recommended to disable VTP (set it to transparent mode).
Access vs Trunking
Layer-2 interfaces can be configured as access ports or trunk ports.
Access ports are where we connect endpoints, like workstations, printers, and some servers. The access port is configured with a single VLAN.
We also connect phones to access ports, and workstations to the phones. In this case, a special Voice VLAN is added to the port.
A trunk port is used when connecting switches together. Their purpose is to carry traffic for multiple VLANs. This is done by adding an 802.1Q tag in the Ethernet frame header. For this reason, trunking is also known as tagging.
If desired, the list of VLANs allowed on the trunk can be restricted to a specific list. This is called pruning. This is recommended for security reasons.
Trunk links have a special VLAN called the Native VLAN. This is also known as the untagged VLAN, as any traffic that doesn’t have a VLAN tag will be considered part of this VLAN. This is VLAN 1 by default.
DTP
Trunk links can be configured manually, or through Dynamic Trunking Protocol. This is a Cisco only protocol.
When used, and interface can be set to either desirable or auto mode. Desirable actively tries to build a trunk link between devices, while auto will only try if the other end tries first.
Two connected interfaces in auto mode will not form a trunk.
Command Summary
Command | Mode | Description |
show mac-address-table | Privileged Exec | Show all learned MAC addresses |
vlan <id> | Global Config | Create a new VLAN |
name <VLAN-name> | VLAN Sub-Config | Name a VLAN |
show vlan brief | Privileged Exec | Display a list of VLANs |
show vtp status | Privileged Exec | Show the current VTP config |
vtp mode transparent | Global Config | Disable VTP |
switchport mode access | Interface Config | Set a port to access mode |
switchport access vlan <id> | Interface Config | Set an access mode VLAN |
switchport voice vlan <id> | Interface Config | Set a voice VLAN on a port |
show interfaces <int> switchport | Privileged Exec | Verify switchport settings |
switchport mode trunk | Interface Config | Set a port to trunk mode |
show interface <int> trunk | Privileged Exec | Verify trunk settings |
switchport trunk allowed vlans <id> | Interface Config | Set a list of allowed VLANs on a trunk |
switchport trunk native vlan <id> | Interface Config | Set an interface’s native VLAN |
switchport mode dynamic desirable | Interface Config | Enable DTP in desirable mode |
switchport mode dynamic auto | Interface Config | Enable DTP in auto mode |
show dtp interface <int> | Privileged Exec | Show DTP details for an interface |
switchport trunk nonegotiate | Interface Config | Disable DTP on an interface |