Posts Tagged ‘vlan’

Configuring 802.1Q Trunk Links in Cisco IOS

Monday, September 22nd, 2008

This is CCNA level stuff, here is an insight article about trunk links.

What is a trunk link?
A port in trunking mode can carry multiple vlans with two types of encapsulation, either ISL or 802.1Q.
Multiple vendors support 802.1Q, and that makes it my choice for a trunking protocol.

How does 802.1Q work?
It works by inserting a 4-byte tag in the original frame header, this contains the VLAN identification along with some other information.

Bits 16 3 1 12
TPID PRIORITY CFI VID

The TPID is the Tag Protocol Identifier, this should be set to 0x8100 for 802.1Q.
The PRIORITY is a 3-bit priority, ranges from 0 – 7.
The CFI is the Canonical Format Idicator, which means that it is used to identify if the MAC address is in canonical format or not, if it is set to 0 the address is in canonical format.

The tag is 4 bytes long, and with a 12-bit VLAN ID field, it can hold 2^12 = 4096 Vlans.
The switch will also recompute the FCS-field, since the frame is altered.

Configuration of a trunk link
Now, to configure a trunk link between two switches the following code should be suitable:

Switch(config)# interface GigabitEthernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit
Switch(config) vlan 500

The encapsulation will define the encapsulation of the trunk link to either ISL or 802.1Q.
The mode trunk will force the port into a trunking mode, where you can also choose dynamic to make switches negotiate the mode. I force all ports to their mode, always.
The vlan 500 command will create the vlan 500, this should automatically be trunked when configured on both sides.

Disallow some vlans
Sometimes we don’t wanna make a mess and let some vlans over some trunk links.
Imagine spanning a customers vlan from US to Spain by accident, or worse..
Imagine delivering layer 2 connectivity between a set of location for a customer on different vlan ID’s, delivered on a trunk link. If you aren’t careful you can end up letting private vlan traffic leak between customers.

Switch(config)# interface Gig1/0/1
Switch(config-if)# switchport trunk allowed vlan 500

This will make sure that only vlan 500 is allowed over this trunk link, even if the other side tries to negotiate another vlan from you.

Pitfalls
Make sure to use the add statement if you are adding more vlans to a trunk link.

Switch(config-if)# switchport trunk allowed vlan add 200

Or else the configuration will overwrite the old vlans you might have configured on a link.

Verification
To verify your trunk links, you can for example do this:

Switch#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 auto 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/1 500

Port Vlans allowed and active in management domain
Gi1/0/1 500

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 500

Here you can see that port Gi1/0/1 is trunking, and that vlan 500 is allowed and active over the trunk.

You can also use show vlan id;

Switch# show vlan id 500

VLAN Name Status Ports
—- ——————————– ——— ——————————-
500 VLAN500 active Gi1/0/1, Gi1/0/2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
500 enet 101545 1500 – – – – – 0 0

Remote SPAN VLAN
—————-
Disabled

Primary Secondary Type Ports
——- ——— —————– ——————————————

Switch#

Here you can see that vlan 500 is configured on the trunk link Gigabit ethernet 1/0/1 and also on 1/0/2.

That’s a little insight in 802.1Q trunking vlan links!

Configuring a trunk link between a cisco switch and linux

Thursday, September 4th, 2008

Sometimes you want to test configuration settings, and linux is a good environment to do these kinds of tests in

To configure a trunk between a cisco switch and a linux machine you first have to do the trunk configuration on the cisco switch:

switch(config)# int Gi 1/0/1
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)# switchport mode trunk
switch(config-if)# int vlan 200
switch(config-if)# ip address 10.0.0.1 255.255.255.0
switch(config-if)# no shutdown
switch(config-if)# exit
switch(config)#

Then the linux configuration for an interface eth0:
linux# /sbin/modprobe 8021q
linux# /sbin/vconfig add eth0 200
linux#/sbin/ifconfig eth0.200 10.0.0.2 netmask 255.255.255.0 up
linux# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.17 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.698 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.716 ms