Further VLAN Trunking1

Introduction

You should now be familiar with the basic concepts of creating VLANs, assigning switchports to VLANs and creating trunk links between network devices.
In this tutorial, you will learn how to allow only certain VLANs to pass data over the trunk link, and how to set up a trunk link between a switch and a router in order to allow inter-VLAN routing.

Topology

  1. Create the topology shown in the diagram below, and assign the IP addresses shown in the table below to the PC host devices.

PC0 / 172.16.10.5 / 255.255.255.0 / 172.16.1.1
PC1 / 172.16.20.6 / 255.255.255.0 / 172.16.1.1
PC2 / 172.16.10.6 / 255.255.255.0 / 172.16.1.1
PC3 / 172.16.20.7 / 255.255.255.0 / 172.16.1.1

Creating the VLANs

  1. Create two VLANs on both switches and assign the relevant ports to the VLANs based on the table below:

Switch0 / Switch1
VLAN10 – Staff / FA0/5 / FA0/5
VLAN20 – Student / FA0/6 / FA0/6
  1. Make sure each port assigned to the VLANs has had its mode changed to access.
  2. Switch0(config)# int fa 0/5
  3. Switch0(config-if)# switchport mode access
  4. Make sure each port is assigned to its relevant VLAN:
  5. Switch0(config)# int fa 0/5
  6. Switch0(config-if)# switchport access vlan 10

Repeat steps 3 and 4 for each port that needs to be assigned to a VLAN on both switches.

Creating the trunk link

  1. Use FA0/1 on Switch0 and FA0/1 on Switch1 to act as the trunk link by using a crossover cable for both FA0/1 ports.
  2. Change FA0/1 on both switches to trunk links:
  3. Switch0# conf t
  4. Switch0(config)# int fa 0/1
  5. Switch0(config-if)# switchport mode trunk
  6. Change the native VLAN on Switch0 from VLAN1 to VLAN99
  7. Switch0(config-if)# switchport native vlan 99

Repeat Steps 5, 6 & 7 on Switch1 as well.

Trunk only VLANs 1, 10, 20 and 99

Traffic from all VLANs is allowed on the trunk links by default, so in order to restrict trunking to only certain VLANs you must deny all VLANs trunk access, and then allow only those that are to be trunked.

  1. Access the trunk link on Switch0.
  2. Switch0(config)# int fa 0/1
  3. Remove all VLANs from the trunk link.
  4. Switch0(config-if)# switchport trunk allowed vlan none
  5. Now allow only VLANs 1, 10, 20 and 99.
  6. Switch0(config-if)# switchport trunk allowed vlan add 1
  7. Switch0(config-if)# switchport trunk allowed vlan add 10
  8. Switch0(config-if)# switchport trunk allowed vlan add 20
  9. Switch0(config-if)# switchport trunk allowed vlan add 99

Repeat steps 8-10 on Switch 1 too.

Trunk between Switch0 and Router0

  1. Change FA0/2 on Switch 0 to be a trunk port:
  2. Switch0# conf t
  3. Switch0(config)# int fa 0/2
  4. Switch0(config-if)# switchport mode trunk

Use sub-interfaces on FA0/0 on Router0 to provide trunk links for VLANs 10, 20 and the native VLAN.

  1. Router# config t
  2. Router(config)# int fa 0/0.1
  3. Router(config-subif)# encapsulation dot1q 1 native
  4. Router(config-subif)# ip address 172.16.1.1 255.255.255.0
  5. Router(config)# int fa 0/0.10
  6. Router(config-subif)# encapsulation dot1q 10
  7. Router(config-subif)# ip address 172.16.10.1 255.255.255.0
  8. Router(config-subif)# exit
  9. Router(config)# int fa 0/0.20
  10. Router(config-subif)# encapsulation dot1q 20
  11. Router(config-subif)# ip address 172.16.20.1 255.255.255.0
  12. Router(config-subif)# int fa 0/0
  1. Turn Router0 FA0/0 port on
  2. Router0(config-if)# no shutdown

Configure a routing protocol on Router0

  1. Configure EIGRP on Router0 using a Process ID of 1 and set routing up for network 172.16.0.0
  2. Router0(config)# router eigrp 1
  3. Router(config-router)# network 172.16.0.0

Assign Switch0 a default gateway

  1. Give Switch0 a default-gateway of 172.16.1.1 so that it and all hosts passing data through Switch0 can communicate to the router.
  2. Switch0(config)# ip default-gateway 172.16.1.1

Repeat step 14 on Switch1.

Assign an IP address to VLAN1 on the switches

In order to manage the switches VLAN1 (which is acting as the management VLAN) needs to have an IP address (one per switch).

  1. Assign an IP address of 172.16.1.2 to VLAN1 on Switch0.
  2. Switch0(config)# int vlan1
  3. Switch0(config-if)# ip address 172.16.1.2 255.255.255.0
  4. Switch0(config-if)# no shutdown
  5. Assign an IP address of 172.16.1.3 to VLAN1 on Switch1.
  6. Switch1(config)# int vlan1
  7. Switch1(config-if)# ip address 172.16.1.3 255.255.255.0
  8. Switch1(config-if)# no shutdown

Test connectivity

  • Test connectivity of the network by
  • PING from host to host on the same VLAN
  • PING from host to host on different VLANs
  • Telnet from a host to VLAN1 on the switches
  • To do this you will need to assign a password and the secret password to the telnet lines on the switches

End of tutorial

LWWNIvailo Chakarov