Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,829 --> 00:00:04,160 Welcome to Jeremy’s IT Lab. 2 00:00:04,160 --> 00:00:07,640 This is a free, complete course for the CCNA. 3 00:00:07,640 --> 00:00:11,639 If you like these videos, please subscribe to follow along with the series. 4 00:00:11,639 --> 00:00:16,400 Also, please like and leave a comment, and share the video to help spread this free series 5 00:00:16,400 --> 00:00:17,640 of videos. 6 00:00:17,640 --> 00:00:20,660 Thanks for your help. 7 00:00:20,660 --> 00:00:24,189 This video will once again cover the topic of VLANs.. 8 00:00:24,189 --> 00:00:28,410 Although we’ve already covered the most important basics about VLANs, there are still 9 00:00:28,410 --> 00:00:32,470 a few more things you should know about VLANs for your CCNA. 10 00:00:32,470 --> 00:00:37,229 This is going to be a long video again, so let’s get right into it. 11 00:00:37,229 --> 00:00:40,190 First off, here are the topics that will be covered in this video. 12 00:00:40,190 --> 00:00:45,370 First off, a little addition to the previous video, I will show you how to use the concept 13 00:00:45,370 --> 00:00:51,410 of a native VLAN on a router when using router on a stick for inter-VLAN routing. 14 00:00:51,410 --> 00:00:56,629 Next up, we will look at a few wireshark captures to see the dot1q tag. 15 00:00:56,629 --> 00:01:00,930 Wireshark is a great tool for network engineers, so I plan to use it at various points in this 16 00:01:00,930 --> 00:01:04,299 series to help you understand these topics. 17 00:01:04,299 --> 00:01:09,450 After that we’ll look at the final method of inter-VLAN routing, which is Layer 3 switching, 18 00:01:09,450 --> 00:01:11,480 also known as multilayer switching. 19 00:01:11,480 --> 00:01:17,960 I’ve always told you that switches are Layer 2 devices and don’t use IP addresses, however 20 00:01:17,960 --> 00:01:22,610 many modern switches are actually Layer 3 capable as well, and I’ll talk about that 21 00:01:22,610 --> 00:01:25,510 in today’s video. 22 00:01:25,510 --> 00:01:30,170 Next up are two topics which have actually been removed from the CCNA exam topics list. 23 00:01:30,170 --> 00:01:36,890 DTP, the dynamic trunking protocol, and VTP, VLAN trunking protocol. 24 00:01:36,890 --> 00:01:41,200 I was planning to cover these in this video, but due to the length of the video I’ll 25 00:01:41,200 --> 00:01:43,610 reserve a separate video for them. 26 00:01:43,610 --> 00:01:47,729 Although these have both been removed from the exam topics list, I think it will probably 27 00:01:47,729 --> 00:01:53,000 be important for you to understand these topics at least at a basic level for your CCNA, and 28 00:01:53,000 --> 00:01:56,890 you may actually see some questions about them in your exam even though they have been 29 00:01:56,890 --> 00:01:58,840 removed from the topics list. 30 00:01:58,840 --> 00:02:04,060 However, I will give just a basic overview of each, there is no need to go in depth. 31 00:02:04,060 --> 00:02:08,630 Before getting started, I want to say make sure that you stick around to the end of today’s 32 00:02:08,630 --> 00:02:14,280 quiz, from now on I’ll be featuring one BONUS question from Boson ExSim, Boson’s 33 00:02:14,280 --> 00:02:16,730 set of practice exams for the CCNA. 34 00:02:16,730 --> 00:02:18,480 Look forward to that. 35 00:02:18,480 --> 00:02:22,900 If you want to get a copy of Boson ExSim for yourself, by the way, follow the link in the 36 00:02:22,900 --> 00:02:24,830 video description. 37 00:02:24,830 --> 00:02:29,870 No other practice exams help you get ready for the real exam like Boson ExSim, so if 38 00:02:29,870 --> 00:02:35,920 you can I highly recommend getting and using it to prepare for your exam. 39 00:02:35,920 --> 00:02:41,470 So let’s move on to the first point, using the Native VLAN feature on a router. 40 00:02:41,470 --> 00:02:46,209 I said in the previous lecture video that best practice is to set the native VLAN to 41 00:02:46,209 --> 00:02:51,010 an unused VLAN, as the native VLAN feature can cause some security issues. 42 00:02:51,010 --> 00:02:55,209 I will talk more about network security later in the course, by the way. 43 00:02:55,209 --> 00:03:01,239 However, if you want to use the native VLAN feature, let’s see how to use it on a router. 44 00:03:01,239 --> 00:03:04,290 The native VLAN feature does have one benefit. 45 00:03:04,290 --> 00:03:08,470 Because frames in the native VLAN aren’t tagged, it’s more efficient, each frame 46 00:03:08,470 --> 00:03:14,319 is smaller so it allows the device to send more frames per second. 47 00:03:14,319 --> 00:03:21,400 In the previous video, I set the native VLAN to 1001 on SW1’s G0/0 interface, and SW2’s 48 00:03:21,400 --> 00:03:24,010 G0/0 and G0/1 interfaces. 49 00:03:24,010 --> 00:03:31,980 So, just for this demonstration let’s set them back to a used VLAN, VLAN10 on all trunks. 50 00:03:31,980 --> 00:03:35,990 There are 2 methods of configuring the native VLAN on a router, let’s take a quick look 51 00:03:35,990 --> 00:03:38,140 at both. 52 00:03:38,140 --> 00:03:44,260 First up, you can use the command ENCAPSULATION DOT1Q, followed by the vlan-id, followed by 53 00:03:44,260 --> 00:03:46,150 NATIVE. 54 00:03:46,150 --> 00:03:50,530 This tells the router that this subinterface belongs to the native VLAN, and it will function 55 00:03:50,530 --> 00:03:53,440 just like the native VLAN on a switch. 56 00:03:53,440 --> 00:03:58,200 It will assume untagged frame belong to the native VLAN, and frames sent in the native 57 00:03:58,200 --> 00:04:00,690 VLAN will not be tagged. 58 00:04:00,690 --> 00:04:05,241 The second option is to not use a subinterface at all, but just configure the IP address 59 00:04:05,241 --> 00:04:09,610 for the native VLAN on the physical interface of the router. 60 00:04:09,610 --> 00:04:13,510 The ENCAPSULATION DOT1Q command is not necessary in this case. 61 00:04:13,510 --> 00:04:16,608 Okay, let’s look at each option. 62 00:04:16,608 --> 00:04:19,798 First, I will configure the first option. 63 00:04:19,798 --> 00:04:20,988 Here it is. 64 00:04:20,988 --> 00:04:28,860 On the g0/0.10 interface, I configured ENCAPSULATION DOT1Q 10 NATIVE. 65 00:04:28,860 --> 00:04:33,349 Note that this is the complete topology from the previous lecture video, so the IP address 66 00:04:33,349 --> 00:04:35,379 is already configured. 67 00:04:35,379 --> 00:04:40,990 The only change is that I added NATIVE to the encapsulation dot1q command. 68 00:04:40,990 --> 00:04:45,750 Let’s take this opportunity to look at a wireshark capture to demonstrate the native 69 00:04:45,750 --> 00:04:47,449 VLAN. 70 00:04:47,449 --> 00:04:56,190 This PC in VLAN20 has an IP address of 192.168.1.65, and this PC in VLAN10 has an IP address of 71 00:04:56,190 --> 00:04:59,379 192.168.1.1. 72 00:04:59,379 --> 00:05:05,030 I will use wireshark to monitor this connection between R1 and SW2. 73 00:05:05,030 --> 00:05:09,189 Wireshark will capture all frames on this connection, in both directions, so we can 74 00:05:09,189 --> 00:05:11,639 take a look at what traffic is passing through. 75 00:05:11,639 --> 00:05:17,619 Let’s send that ping. We will first look at the capture of the ICMP echo request message 76 00:05:17,619 --> 00:05:20,819 as it goes from SW2 to R1. 77 00:05:20,819 --> 00:05:25,960 It will be in VLAN20, and it’s being sent to R1 for inter-VLAN routing. 78 00:05:25,960 --> 00:05:32,690 Here’s the wireshark capture for the ICMP echo request as it goes from SW2 to R1. 79 00:05:32,690 --> 00:05:36,930 First off, you can see the source and destination IP addresses here. 80 00:05:36,930 --> 00:05:41,119 Now let’s look at the Ethernet header encapsulating the IP packet. 81 00:05:41,119 --> 00:05:43,559 Specifically, look here. 82 00:05:43,559 --> 00:05:51,520 Type: 802.1Q virtual LAN, and notice the hexadecimal 8100 value here. 83 00:05:51,520 --> 00:05:57,030 I said in the previous video that dot1q is inserted after the source MAC address field, 84 00:05:57,030 --> 00:06:00,120 and that is where the TYPE field usually goes. 85 00:06:00,120 --> 00:06:04,729 This here is the ‘TPID’ field of the dot1q tag. 86 00:06:04,729 --> 00:06:09,619 Under it, these are the rest of the fields of the 802.1Q tag. 87 00:06:09,619 --> 00:06:13,120 First is the PCP, priority code point. 88 00:06:13,120 --> 00:06:18,340 It has a value of 0, so no special priority is given to this frame. 89 00:06:18,340 --> 00:06:22,169 Under it is the DEI, drop eligible indicator. 90 00:06:22,169 --> 00:06:28,259 Again, a value of 0, so it won’t be dropped during times of network congestion. 91 00:06:28,259 --> 00:06:34,059 Next is the most important field, the VLAN ID, which is 20, as you would expect. 92 00:06:34,059 --> 00:06:38,990 The PC that sent the ping is in VLAN 20, and it’s not the native VLAN so that’s why 93 00:06:38,990 --> 00:06:40,990 this frame is tagged. 94 00:06:40,990 --> 00:06:45,990 Finally, under that is the normal TYPE field of the Ethernet header, indicating that an 95 00:06:45,990 --> 00:06:49,080 IPv4 packet is encapsulated. 96 00:06:49,080 --> 00:06:56,539 It normally comes after the SOURCE MAC ADDRESS field, but now the dot1q tag is between them. 97 00:06:56,539 --> 00:07:01,929 Next let’s look at the ICMP echo request going from R1 back to SW2. 98 00:07:01,929 --> 00:07:06,689 It will now be in VLAN10, because the destination is in VLAN10. 99 00:07:06,689 --> 00:07:14,479 VLAN10 is configured as the native VLAN on both R1 and SW2, so let’s see what’s different. 100 00:07:14,479 --> 00:07:20,849 Here’s the exact same ICMP echo request, the exact same layer 3 packet, as it is sent 101 00:07:20,849 --> 00:07:22,889 from R1 to SW2. 102 00:07:22,889 --> 00:07:24,749 What’s different? 103 00:07:24,749 --> 00:07:29,129 It has been encapsulated with a new Ethernet header, but this Ethernet header doesn’t 104 00:07:29,129 --> 00:07:31,059 have a dot1q tag. 105 00:07:31,059 --> 00:07:33,729 This is the native VLAN function at work. 106 00:07:33,729 --> 00:07:39,800 Both R1 and SW2 understand that untagged frames belong to VLAN10, so there is no need to tag 107 00:07:39,800 --> 00:07:43,379 each frame with dot1q. 108 00:07:43,379 --> 00:07:47,889 That ICMP echo request will continue to the destination, untagged all the way because 109 00:07:47,889 --> 00:07:52,800 VLAN10 is configured as the native VLAN on all devices. 110 00:07:52,800 --> 00:07:58,309 When this PC in VLAN10 sends the ICMP echo reply, it will be untagged until it reaches 111 00:07:58,309 --> 00:08:05,490 R1, which will then tag it in VLAN20, and send it back to the PC that sent the request. 112 00:08:05,490 --> 00:08:08,770 Now let’s take a quick look at the second method of configuring the native VLAN on a 113 00:08:08,770 --> 00:08:14,270 router, which is simply configuring the IP address on the router’s physical interface, 114 00:08:14,270 --> 00:08:19,280 no need for a subinterface or the encapsulation dot1q command. 115 00:08:19,280 --> 00:08:20,740 Here is how to configure it. 116 00:08:20,740 --> 00:08:25,419 First, I used ‘NO INTERFACE G0/0.10’. 117 00:08:25,419 --> 00:08:27,419 This deletes the subinterface. 118 00:08:27,419 --> 00:08:33,729 Then, I entered interface configuration mode from G0/0, and simply configured the appropriate 119 00:08:33,729 --> 00:08:37,400 IP address on the interface. 120 00:08:37,400 --> 00:08:45,170 To help you visualize it, here is the output of SHOW RUNNING-CONFIG for G0/0 and its subinterfaces. 121 00:08:45,170 --> 00:08:49,830 First off, these commands here on the physical interface are there by default, I didn’t 122 00:08:49,830 --> 00:08:51,350 configure them. 123 00:08:51,350 --> 00:08:55,470 The physical interface is configured normally with an IP address. 124 00:08:55,470 --> 00:08:59,350 This will be used for the native VLAN, VLAN10. 125 00:08:59,350 --> 00:09:04,680 The other subinterfaces are just like we configured them in the previous video, with the encapsulation 126 00:09:04,680 --> 00:09:08,410 dot1q command and their own IP address. 127 00:09:08,410 --> 00:09:11,310 This will function just like the first option we saw. 128 00:09:11,310 --> 00:09:18,020 SW2 will send VLAN10 packets in untagged frames to R1, and R1 will send them in untagged 129 00:09:18,020 --> 00:09:20,740 frames also. 130 00:09:20,740 --> 00:09:25,360 As I said before, it is recommended that you just change the native VLAN to an unused VLAN 131 00:09:25,360 --> 00:09:30,090 for security purposes, but if you want to use the native VLAN, it’s important to know 132 00:09:30,090 --> 00:09:34,240 how to do it on a router, so these are two methods you can use. 133 00:09:34,240 --> 00:09:37,300 You might also need to know this for your exam, by the way. 134 00:09:37,300 --> 00:09:40,680 Here’s the network diagram once again. 135 00:09:40,680 --> 00:09:43,680 We have one router, and two switches. 136 00:09:43,680 --> 00:09:47,700 Or I should say, two Layer 2 switches. 137 00:09:47,700 --> 00:09:51,640 This is the icon we’ve been using for regular Layer 2 switches. 138 00:09:51,640 --> 00:09:55,130 But let me introduce you to another type of switch. 139 00:09:55,130 --> 00:10:00,210 This is the icon I will use for what is called a Layer 3 switch, also known as a multilayer 140 00:10:00,210 --> 00:10:02,040 switch. 141 00:10:02,040 --> 00:10:06,630 From now on I will use either term, Layer 3 switch or multilayer switch. 142 00:10:06,630 --> 00:10:08,870 You should know both. 143 00:10:08,870 --> 00:10:14,360 By the way, these are the official Cisco icons for a layer 2 switch and a layer 3 switch, 144 00:10:14,360 --> 00:10:20,030 but I think the ones I use in my videos look cleaner and more modern. 145 00:10:20,030 --> 00:10:24,200 First let’s review exactly what a multilayer switch does. 146 00:10:24,200 --> 00:10:28,830 A multilayer switch is capable of both switching AND routing. 147 00:10:28,830 --> 00:10:31,130 It is Layer 3 aware. 148 00:10:31,130 --> 00:10:36,590 A regular layer 2 switch is NOT layer 3 aware, it doesn’t think at all about IP addresses 149 00:10:36,590 --> 00:10:39,120 or anything above Layer 2. 150 00:10:39,120 --> 00:10:43,650 It only cares about Layer 2 information like MAC addresses. 151 00:10:43,650 --> 00:10:47,760 You can assign IP addresses to its interfaces like a router. 152 00:10:47,760 --> 00:10:52,480 Previously we haven’t assigned any IP addresses to switches, only routers. 153 00:10:52,480 --> 00:10:57,450 With a Layer 3 switch, you can configure ‘routed ports’, which function like an interface 154 00:10:57,450 --> 00:10:59,430 on a router. 155 00:10:59,430 --> 00:11:05,300 Not just physical interfaces, but you can also create virtual interfaces for each VLAN, 156 00:11:05,300 --> 00:11:07,880 and assign IP addresses to those interfaces. 157 00:11:07,880 --> 00:11:12,900 These are not separate physical interfaces, but virtual interfaces in the 158 00:11:12,900 --> 00:11:18,450 software of the switch that can be used to route traffic at Layer 3. 159 00:11:18,450 --> 00:11:23,550 You can configure routes, like static routes, on a multilayer switch, just like a router. 160 00:11:23,550 --> 00:11:28,340 Finally, it can be used for inter-VLAN routing. 161 00:11:28,340 --> 00:11:31,850 So far, we have looked at two methods of inter-VLAN routing. 162 00:11:31,850 --> 00:11:37,090 The first one, in day 16’s video, was using one connection for each VLAN between the router 163 00:11:37,090 --> 00:11:38,870 and switch. 164 00:11:38,870 --> 00:11:43,180 This works, but if you have many VLANs you probably won’t have enough interfaces on 165 00:11:43,180 --> 00:11:45,300 your router. 166 00:11:45,300 --> 00:11:50,420 The second method was router on a stick, which uses a single trunk connection which carries 167 00:11:50,420 --> 00:11:55,630 traffic from all VLANs between the switch and router for inter-VLAN routing. 168 00:11:55,630 --> 00:12:00,910 This is efficient in terms of the number of interfaces, just one, but in a busy network 169 00:12:00,910 --> 00:12:05,590 all of the traffic going to the router and back to the switch can cause network congestion. 170 00:12:05,590 --> 00:12:10,970 So, in large networks, a multilayer switch is the preferred method of inter-VLAN routing. 171 00:12:10,970 --> 00:12:13,530 Let’s see how it works. 172 00:12:13,530 --> 00:12:20,110 Here is the topology again, now let’s replace SW2 with a multilayer switch. 173 00:12:20,110 --> 00:12:22,210 There we go. 174 00:12:22,210 --> 00:12:24,300 And now let’s make one more change. 175 00:12:24,300 --> 00:12:30,950 I’ve replaced the trunk link between SW2 and R1 with a point-to-point Layer 3 link, 176 00:12:30,950 --> 00:12:34,380 we will no longer run VLANs across this. 177 00:12:34,380 --> 00:12:40,570 I’ll talk about this link later and assign IP addresses to R1’s G0/0 interface and 178 00:12:40,570 --> 00:12:45,450 SW2’s G0/1 interface. But for now let’s focus on the inter-VLAN routing done 179 00:12:45,450 --> 00:12:48,000 on SW2. 180 00:12:48,000 --> 00:12:52,660 For review, when we used router on a stick for inter-VLAN routing, traffic being routed 181 00:12:52,660 --> 00:12:58,430 between VLANs was sent to R1 first, and then sent back to SW2, and then forwarded to the 182 00:12:58,430 --> 00:13:00,360 destination. 183 00:13:00,360 --> 00:13:06,090 For example, if this PC in VLAN20 wants to ping this PC in VLAN10, the traffic would 184 00:13:06,090 --> 00:13:08,460 follow a path like this. 185 00:13:08,460 --> 00:13:17,470 From the PC to SW2, from SW2 to R1, tagged in VLAN20, from R1 to SW2, tagged in VLAN10, 186 00:13:17,470 --> 00:13:22,110 from SW2 to SW1, tagged in VLAN10, and finally to the destination. 187 00:13:22,110 --> 00:13:25,980 However, SW2 is a multilayer switch. 188 00:13:25,980 --> 00:13:29,930 It doesn’t have to send the traffic to R1 for inter-VLAN routing. 189 00:13:29,930 --> 00:13:34,030 It can do that with something called ‘Switch Virtual Interfaces’. 190 00:13:34,030 --> 00:13:41,500 SVIs (or Switch Virtual Interfaces) are the virtual interfaces you can assign IP addresses to 191 00:13:41,500 --> 00:13:44,529 i n a multilayer switch. 192 00:13:44,529 --> 00:13:50,279 Configure each PC to use the SVI (NOT the router) as their gateway address. 193 00:13:50,279 --> 00:13:54,890 When using router on a stick, the router was used as the PC’s gateway. 194 00:13:54,890 --> 00:13:58,360 This time, we will use the switch’s SVIs instead. 195 00:13:58,360 --> 00:14:03,580 To send traffic to different subnets/VLANs, the PCs will send traffic to the switch, and 196 00:14:03,580 --> 00:14:07,870 the switch will route the traffic. 197 00:14:07,870 --> 00:14:11,490 These are the SVIs I configured on SW2. 198 00:14:11,490 --> 00:14:16,440 These are the same IP addresses I configured on R1 when doing router on a stick, the last 199 00:14:16,440 --> 00:14:18,800 usable IP address in each subnet. 200 00:14:18,800 --> 00:14:23,291 So, these are already configured on each PC as their gateway addresses, so there’s no 201 00:14:23,291 --> 00:14:27,220 need to change the PC configurations. 202 00:14:27,220 --> 00:14:31,940 Now let’s take a look at the path the traffic between these two PCs takes this time. 203 00:14:31,940 --> 00:14:34,230 The frame arrives at SW2. 204 00:14:34,230 --> 00:14:38,780 The destination is in the 192.168.1.0/26 subnet. 205 00:14:38,780 --> 00:14:45,530 SW2 now has its own routing table, so it looks up the destination in the routing table, and 206 00:14:45,530 --> 00:14:49,140 sees that the destination is connected to its VLAN10 SVI. 207 00:14:49,140 --> 00:14:52,280 So, the traffic is now routed to VLAN10. 208 00:14:52,280 --> 00:14:57,620 If SW2 doesn’t have the destination MAC address in its MAC address table, it will 209 00:14:57,620 --> 00:15:00,500 flood the frame to all VLAN10 interfaces. 210 00:15:00,500 --> 00:15:06,190 But, let’s assume it has already learned the MAC address, so it forwards it to SW1 211 00:15:06,190 --> 00:15:09,070 over its trunk interface, tagged as VLAN10. 212 00:15:09,070 --> 00:15:12,630 SW1 then forwards it to the destination. 213 00:15:12,630 --> 00:15:18,350 Now, what if the hosts want to reach destinations outside of the LAN? 214 00:15:18,350 --> 00:15:23,760 For example, I’ve added a cloud connected to R1 to represent the Internet. 215 00:15:23,760 --> 00:15:28,800 Because SW2 is their default gateway, any packets destined outside of their subnet will 216 00:15:28,800 --> 00:15:31,320 be sent to SW2. 217 00:15:31,320 --> 00:15:35,860 But our previous router on a stick configurations for the connection between SW2 and R1 will 218 00:15:35,860 --> 00:15:38,030 no longer work. 219 00:15:38,030 --> 00:15:43,710 In addition to configuring virtual interfaces, SVIs, on multilayer switches, we can also 220 00:15:43,710 --> 00:15:48,560 configure their physical interfaces to operate like a router interface, rather than 221 00:15:48,560 --> 00:15:49,590 a switchport. 222 00:15:49,590 --> 00:15:57,270 So, we can assign the subnet 192.168.1.192/30 for this point-to-point link between SW2 and 223 00:15:57,270 --> 00:16:07,230 R1, with SW2’s G0/1 interface having an IP address of 192.168.1.193, and R1’s G0/0 224 00:16:07,230 --> 00:16:12,500 interface having an IP address of 192.168.1.194. 225 00:16:12,500 --> 00:16:18,720 Then, we configure a default route on SW2 pointing toward R1, so all traffic destined 226 00:16:18,720 --> 00:16:21,720 outside of the LAN will be sent to R1. 227 00:16:21,720 --> 00:16:27,670 I already covered static routes, including default routes, in previous videos, so I won’t 228 00:16:27,670 --> 00:16:32,160 explain the concept in depth again, but I will show you the configurations once more. 229 00:16:32,160 --> 00:16:37,560 So, let’s do that, let’s get into the configurations, starting first with the point-to-point 230 00:16:37,560 --> 00:16:44,750 link between SW2 and R1, and then the SVIs on SW2. 231 00:16:44,750 --> 00:16:50,150 First off, remove R1’s router on a stick configurations and configure that new IP address 232 00:16:50,150 --> 00:16:52,940 on G0/0. 233 00:16:52,940 --> 00:17:01,290 First off, I delete each subinterface with this command, NO INTERFACE G0/0.10, .20, and .30. 234 00:17:01,290 --> 00:17:10,109 Then, I use the command DEFAULT INTERFACE G0/0, to reset G0/0 to it’s default settings. 235 00:17:10,109 --> 00:17:15,328 After that, I used SHOW IP INTERFACE BRIEF to check the interfaces. 236 00:17:15,329 --> 00:17:19,630 Notice the status of the subinterfaces, it says DELETED. 237 00:17:19,630 --> 00:17:23,769 Although we have successfully deleted the subinterfaces, they will remain here with 238 00:17:23,769 --> 00:17:26,868 a ‘deleted’ status unless we reload the router. 239 00:17:26,868 --> 00:17:31,120 That’s no problem though, so I’ll just leave them. 240 00:17:31,120 --> 00:17:36,600 Then I simply enter interface configuration mode for G0/0 and configure the new IP address, 241 00:17:36,600 --> 00:17:39,169 with a /30 subnet mask. 242 00:17:39,169 --> 00:17:45,220 I use SHOW IP INTERFACE BRIEF again, and you can see that the new IP address has been successfully 243 00:17:45,220 --> 00:17:47,880 configured. 244 00:17:47,880 --> 00:17:51,240 Now let’s look at the switch’s side of the point-to-point connection. 245 00:17:51,240 --> 00:17:58,160 First, I reset the G0/1 interface to its default setting with the DEFAULT INTERFACE command, 246 00:17:58,160 --> 00:18:03,730 because it was configured as a trunk for router on a stick because of the previous lab. 247 00:18:03,730 --> 00:18:07,309 Next up is a very important command, one you must not forget. 248 00:18:07,309 --> 00:18:09,450 IP ROUTING. 249 00:18:09,450 --> 00:18:14,119 This command enables Layer 3 routing on the switch, it lets it build its own routing table 250 00:18:14,119 --> 00:18:15,919 like a router. 251 00:18:15,919 --> 00:18:20,799 If you forget this command, your inter-VLAN routing will not work. 252 00:18:20,799 --> 00:18:26,119 Next up is another important command, NO SWITCHPORT on the interface. 253 00:18:26,119 --> 00:18:31,280 This is the command that changes the interface from a Layer 2 switchport to a Layer 3 routed 254 00:18:31,280 --> 00:18:32,789 port. 255 00:18:32,789 --> 00:18:35,929 Now you will be able to assign an IP address to it. 256 00:18:35,929 --> 00:18:45,549 So, I assigned 192.168.1.193/30, and used show IP interface brief, and as you can see 257 00:18:45,549 --> 00:18:49,539 the IP address is assigned to it just like a router interface. 258 00:18:49,539 --> 00:18:54,130 Last up is the default route pointing to R1. 259 00:18:54,130 --> 00:19:02,830 As I’ve already shown you in a previous video, the command is IP ROUTE 0.0.0.0 0.0.0.0, 260 00:19:02,830 --> 00:19:10,169 followed by the next hop, in this case 192.168.1.194, which is R1. 261 00:19:10,169 --> 00:19:16,070 I then used SHOW IP ROUTE to confirm, and you can see that SW2 now has a routing table, 262 00:19:16,070 --> 00:19:21,049 with a default route pointing to R1, and connected and local routes for the routed interface 263 00:19:21,049 --> 00:19:22,499 we configured. 264 00:19:22,499 --> 00:19:24,889 And one additional command you can use to 265 00:19:24,889 --> 00:19:31,799 confirm is SHOW INTERFACES STATUS, which I showed in a previous video on Ethernet switching. 266 00:19:31,799 --> 00:19:37,590 Notice that, in the VLAN column, instead of a VLAN number G0/1 displays ‘ROUTED’. 267 00:19:37,590 --> 00:19:43,240 Okay, now let’s move on to configure those SVIs on SW2. 268 00:19:43,240 --> 00:19:46,789 SVI configuration is very simple. 269 00:19:46,789 --> 00:19:49,970 Here are the configurations for SW2. 270 00:19:49,970 --> 00:19:56,110 Use the command INTERFACE VLAN10, for example, to create an SVI for VLAN10 and configure 271 00:19:56,110 --> 00:19:57,650 it. 272 00:19:57,650 --> 00:20:01,809 Then assign an IP address, and use NO SHUTDOWN to enable it. 273 00:20:01,809 --> 00:20:08,119 SVIs are shutdown but default, so remember to use the NO SHUTDOWN command to enable them. 274 00:20:08,119 --> 00:20:14,809 I repeated the process for VLAN20 and VLAN30, and that’s all there is to configuring SVIs, 275 00:20:14,809 --> 00:20:16,880 very simple. 276 00:20:16,880 --> 00:20:23,190 Now, just to demonstrate one problem you might encounter, I created another SVI for a VLAN 277 00:20:23,190 --> 00:20:31,309 that doesn’t exist on the switch, VLAN40, and assigned an IP address, 40.40.40.40/24. 278 00:20:31,309 --> 00:20:35,210 I also made sure to enable it with NO SHUTDOWN. 279 00:20:35,210 --> 00:20:38,690 However, look at the SVI itself. 280 00:20:38,690 --> 00:20:40,799 It is DOWN/DOWN. 281 00:20:40,799 --> 00:20:41,870 Why is that? 282 00:20:41,870 --> 00:20:45,809 Well, it's because the VLAN doesn’t exist on the switch. 283 00:20:45,809 --> 00:20:50,659 Let’s take a look at the conditions required for an SVI to be UP/UP. 284 00:20:50,659 --> 00:20:54,360 First, the VLAN must exist on the switch. 285 00:20:54,360 --> 00:21:01,210 In this case, we haven’t created VLAN40 on the switch, so the SVI won’t become UP/UP. 286 00:21:01,210 --> 00:21:07,590 When you assign an access port to a VLAN, if the VLAN doesn’t yet exist the switch 287 00:21:07,590 --> 00:21:09,669 will automatically create the VLAN. 288 00:21:09,669 --> 00:21:15,809 However, if you create an SVI for a VLAN that doesn’t exist yet, the switch WILL NOT automatically 289 00:21:15,809 --> 00:21:17,929 create the VLAN. 290 00:21:17,929 --> 00:21:24,200 Second, the switch must have at least one access port in the VLAN in an up/up state, 291 00:21:24,200 --> 00:21:30,600 and/or one trunk port that allows the VLAN that is in an up/up state. 292 00:21:30,610 --> 00:21:36,220 For example, in the topology we’re using here, SW2 has hosts connected in VLAN10 and 293 00:21:36,220 --> 00:21:40,470 VLAN20, so their SVIs can go up. 294 00:21:40,470 --> 00:21:47,299 There are no connected hosts in VLAN30, however it has a trunk port, G0/0, which allows VLAN30 295 00:21:47,299 --> 00:21:51,580 over it, so VLAN30’s SVI is up as well. 296 00:21:51,580 --> 00:21:53,549 Okay, next rule. 297 00:21:53,549 --> 00:21:56,590 The VLAN must not be shutdown. 298 00:21:56,590 --> 00:22:01,309 Note that this is NOT the SVI, but the VLAN itself. 299 00:22:01,309 --> 00:22:07,380 You can enter VLAN configuration mode, and disable the VLAN with the SHUTDOWN command. 300 00:22:07,380 --> 00:22:12,549 If you do this, the SVI for that VLAN can’t become UP/UP. 301 00:22:12,549 --> 00:22:16,749 Note that, I think you can’t do this command in packet tracer, so you’ll need a real 302 00:22:16,749 --> 00:22:19,869 Cisco switch if you want to try this one out. 303 00:22:19,869 --> 00:22:25,779 Finally, if the SVI itself is shutdown, it obviously won’t be up/up, so make sure to 304 00:22:25,779 --> 00:22:33,009 use the NO SHUTDOWN command after you create an SVI, because they are shutdown by default. 305 00:22:33,009 --> 00:22:37,559 I used the SHOW IP ROUTE command again, and you can see connected and local routes have 306 00:22:37,559 --> 00:22:43,289 been added to the route table for the SVIs we created, all shown as directly connected 307 00:22:43,289 --> 00:22:46,169 to the SVI for each VLAN. 308 00:22:46,169 --> 00:22:50,419 Okay, so our configurations are all done. 309 00:22:50,419 --> 00:22:54,679 The next video will be a practice lab, so you can get some hands-on practice doing these 310 00:22:54,679 --> 00:22:55,850 configurations. 311 00:22:55,850 --> 00:23:00,620 If you have trouble remembering the commands, I highly recommend doing practice labs, and 312 00:23:00,620 --> 00:23:04,389 doing them multiple times, until you feel confident. 313 00:23:04,389 --> 00:23:12,509 So, if one of our PCs wants to reach a destination outside of the LAN, it will be sent to SW2, 314 00:23:12,509 --> 00:23:16,870 which will send it to R1, which will take care of it from there. 315 00:23:16,870 --> 00:23:21,320 Note that we didn’t actually configure any routes on R1 in this lab, I’m just focusing 316 00:23:21,320 --> 00:23:24,970 on inter-VLAN routing at this point. 317 00:23:24,970 --> 00:23:29,490 If one of our PCs wants to reach a destination in the LAN, but in a different subnet and 318 00:23:29,490 --> 00:23:36,299 VLAN, SW2 will do the inter-VLAN routing without having to send the traffic to R1. 319 00:23:36,299 --> 00:23:42,860 Okay, before moving on to the quiz let’s review what we covered in today’s video. 320 00:23:42,860 --> 00:23:45,990 I showed you two ways of configuring the native VLAN on a router. 321 00:23:45,990 --> 00:23:50,960 Usually, it’s best to just set the native VLAN to an unused VLAN, but if you want to 322 00:23:50,960 --> 00:23:55,739 use the native VLAN feature, you should know how to configure it on a router. 323 00:23:55,739 --> 00:24:01,159 We looked at some wireshark captures, both a dot1q-tagged frame, and one that was untagged 324 00:24:01,159 --> 00:24:03,369 because it was in the native VLAN. 325 00:24:03,369 --> 00:24:08,480 Finally, I showed you the final method of inter-VLAN routing, using a type of switch 326 00:24:08,480 --> 00:24:14,940 I hadn’t talked about before, a Layer 3 switch, also known as a multilayer switch. 327 00:24:14,940 --> 00:24:21,350 By configuring SVIs, switch virtual interfaces, on a multilayer switch, you can route between 328 00:24:21,350 --> 00:24:25,299 subnets and VLANs without having to send the traffic to a router. 329 00:24:25,299 --> 00:24:29,409 It’s like having a mini router within the switch. 330 00:24:29,409 --> 00:24:35,500 These last two topics, DTP and VTP, will be left for the next lecture video. 331 00:24:35,500 --> 00:24:38,960 Let’s move on to today’s quiz. 332 00:24:38,960 --> 00:24:43,410 As I mentioned at the beginning of the video, I’m happy to announce that, after my usual 333 00:24:43,410 --> 00:24:48,269 quiz, a few simple questions to help you review what we’ve learned, I will be featuring 334 00:24:48,269 --> 00:24:53,420 one question from Boson’s ExSim, which is a fantastic set of practice exams for the 335 00:24:53,420 --> 00:24:55,279 CCNA. 336 00:24:55,279 --> 00:25:00,919 I used Boson ExSim for my CCNA and CCNP, and I really think they were what allowed me to 337 00:25:00,919 --> 00:25:03,840 pass all of my exams on the first try. 338 00:25:03,840 --> 00:25:07,360 If you want to pick up a copy of ExSim, check the link in the description. 339 00:25:07,360 --> 00:25:12,929 Let’s go on to question 1 of today’s quiz. 340 00:25:12,929 --> 00:25:19,730 Which TWO answers are valid options to configure the native VLAN on a router in a ROAS configuration? 341 00:25:19,730 --> 00:25:24,450 (select two, each answer is a complete solution). 342 00:25:24,450 --> 00:25:30,000 Instead of reading out each answer, I’ll just let you take a look at each set of commands. Here we go. 343 00:25:30,000 --> 00:25:41,350 A, B, C, and D. Pause the video to think about your answer, remember there are two valid 344 00:25:41,350 --> 00:25:48,650 options., so select two. 345 00:25:48,650 --> 00:25:56,830 The answer is B and C. B uses the ENCAPSULATION DOT1Q NATIVE command on the subinterface, 346 00:25:56,830 --> 00:26:00,889 this is one option for configuring the native VLAN on a router. 347 00:26:00,889 --> 00:26:05,859 The other option is C, to simply configure the IP address on the physical interface, 348 00:26:05,859 --> 00:26:08,369 rather than the subinterface. 349 00:26:08,369 --> 00:26:12,059 In that case, you do not need the ENCAPSULATION DOT1Q command. 350 00:26:12,059 --> 00:26:16,119 Okay, let’s go to question 2. 351 00:26:16,119 --> 00:26:24,129 You create an SVI for VLAN225 on SW1, assign an IP address, and enable it with no shutdown, 352 00:26:24,129 --> 00:26:27,169 but the interface remains down/down. 353 00:26:27,169 --> 00:26:36,210 Which TWO options might be causing this? (select two) A, VLAN225 doesn’t exist on the switch. 354 00:26:36,210 --> 00:26:43,220 B, you didn’t issue the SWITCHPORT MODE TRUNK command on VLAN225’s SVI. 355 00:26:43,220 --> 00:26:51,350 C, You didn’t issue the SWITCHPORT ACCESS VLAN 225 command on VLAN225’s SVI. 356 00:26:51,350 --> 00:26:56,499 Or D, No interfaces in VLAN225 are up/up. 357 00:26:56,500 --> 00:27:02,700 Pause the video to think about your answer. 358 00:27:02,700 --> 00:27:12,100 The answer is A and D. In order for an SVI to be up/up, the VLAN must exist on the switch, and it must have either an 359 00:27:12,109 --> 00:27:17,330 access interface in the VLAN that is up/up, or a trunk interface that allows the VLAN 360 00:27:17,330 --> 00:27:18,330 that is up/up. 361 00:27:18,330 --> 00:27:24,080 You don’t need to issue the switchport mode trunk or switchport access vlan commands. 362 00:27:24,080 --> 00:27:28,830 Let’s go to question 3, which will be the last quiz question before we take a look at 363 00:27:28,830 --> 00:27:34,240 a sample question from Boson ExSim for CCNA. 364 00:27:34,240 --> 00:27:38,609 Which command is used to configure a switch interface as a routed port? 365 00:27:38,609 --> 00:27:41,090 A, no switchport. 366 00:27:41,090 --> 00:27:46,169 B, IP Address, followed by the IP address and Subnet mask. 367 00:27:46,169 --> 00:27:48,989 C, ip routing. 368 00:27:48,989 --> 00:27:52,539 Or D, switchport mode route. 369 00:27:52,539 --> 00:27:58,369 Pause the video to think about your answer. 370 00:27:58,369 --> 00:28:01,559 The answer is A, no switchport. 371 00:28:01,559 --> 00:28:06,060 This configures the interface as a routed port, and allows you to configure an IP address 372 00:28:06,060 --> 00:28:07,409 on the interface. 373 00:28:07,409 --> 00:28:13,929 C, ip routing, is used to enable IP routing on the switch, but it doesn’t set an individual 374 00:28:13,929 --> 00:28:17,830 interface as a routed port. 375 00:28:17,830 --> 00:28:21,659 Let's go on to today's Boson ExSim practice question. 376 00:28:21,659 --> 00:28:25,659 You issue the following commands on a Catalyst 2950 switch. 377 00:28:25,659 --> 00:28:27,590 CONFIGURE TERMINAL. 378 00:28:27,590 --> 00:28:30,289 INTERFACE FASTETHERNET 0/7. 379 00:28:30,289 --> 00:28:33,330 SWITCHPORT TRUNK ENCAPSULATION DOT1Q. 380 00:28:33,330 --> 00:28:35,200 SWITCHPORT MODE TRUNK. 381 00:28:35,200 --> 00:28:38,289 SWITCHPORT TRUNK NATIVE VLAN 44. 382 00:28:38,289 --> 00:28:41,950 Which of the following statements is true regarding VLAN traffic when it is sent over 383 00:28:41,950 --> 00:28:44,419 port FastEthernet0/7? 384 00:28:44,419 --> 00:28:46,059 Select the best answer. 385 00:28:46,059 --> 00:28:48,019 Okay, let's check each option. 386 00:28:48,019 --> 00:28:51,059 A, VLAN 1 traffic will be untagged. 387 00:28:51,059 --> 00:28:55,389 B, VLAN 44 traffic will be untagged. 388 00:28:55,389 --> 00:28:58,559 C, all VLAN traffic will be tagged. 389 00:28:58,559 --> 00:29:02,710 Or D, all VLAN traffic will be untagged. 390 00:29:02,710 --> 00:29:09,540 Please pause the video to think about your answer. 391 00:29:09,540 --> 00:29:15,639 Okay, so I think the correct answer is B, because you issued the SWITCHPORT TRUNK NATIVE 392 00:29:15,639 --> 00:29:18,059 VLAN 44 command. 393 00:29:18,059 --> 00:29:22,529 Traffic in the native VLAN will not be tagged when it is sent over a trunk interface. 394 00:29:22,529 --> 00:29:27,700 So, I think VLAN 44 traffic will be untagged. 395 00:29:27,700 --> 00:29:28,700 Let's check. 396 00:29:28,700 --> 00:29:30,370 Click 'show answer' down here. 397 00:29:30,370 --> 00:29:34,929 And as you can see, B is in fact the correct answer. 398 00:29:34,929 --> 00:29:38,539 Let's check out Boson's explanation a little bit. 399 00:29:38,539 --> 00:29:43,590 Traffic from VLAN 44 will be untagged when it is sent over port FastEthernet0/7. 400 00:29:43,590 --> 00:29:48,720 VLAN 44 traffic is untagged because it has been configured as the native VLAN by the 401 00:29:48,720 --> 00:29:52,360 SWITCHPORT TRUNK NATIVE VLAN 44 command. 402 00:29:52,360 --> 00:29:54,919 By default, the native VLAN is VLAN 1. 403 00:29:54,919 --> 00:30:01,289 So, by default A would be the correct answer, but we changed it to 44. 404 00:30:01,289 --> 00:30:05,740 You can issue the SWITCHPORT TRUNK NATIVE VLAN (vlan-id) command to change the native 405 00:30:05,740 --> 00:30:06,740 VLAN. 406 00:30:06,740 --> 00:30:12,409 Okay, here are explanations for why the incorrect options are incorrect. 407 00:30:12,409 --> 00:30:16,440 It also says you can issue the SHOW INTERFACES TRUNK command to display the list of ports 408 00:30:16,440 --> 00:30:21,299 that are configured for trunking, the native VLAN for each port, and list of currently 409 00:30:21,299 --> 00:30:24,409 allowed VLANs for each trunk port. 410 00:30:24,409 --> 00:30:28,909 And here is an example, down here, after we have changed the native VLAN to 44. 411 00:30:28,909 --> 00:30:33,720 Okay, there are also references here, to Cisco's official cert guide. 412 00:30:33,720 --> 00:30:40,519 This is volume 1, chapter 8, about Ethernet virtual LANs, VLANs. 413 00:30:40,519 --> 00:30:42,429 And some Cisco documentation. 414 00:30:42,429 --> 00:30:47,039 I will leave links to these in the description of the video, so if you want some further 415 00:30:47,039 --> 00:30:53,059 reading about VLAN trunks, dot1q, please check those links in the description for further 416 00:30:53,059 --> 00:30:54,059 reading. 417 00:30:54,059 --> 00:30:58,139 Okay, so that's all for today's Boson ExSim practice question. 418 00:30:58,139 --> 00:31:02,119 If you want to get a copy of Boson ExSim, and I highly recommend you do, they are fantastic 419 00:31:02,119 --> 00:31:06,849 practice exams, please follow the link in the video description. 420 00:31:06,849 --> 00:31:11,070 As usual, there will be supplementary materials for this video. 421 00:31:11,070 --> 00:31:14,450 There will be a review flashcard deck to use with the software ‘Anki’. 422 00:31:14,450 --> 00:31:18,529 Download the deck from the link in the description. 423 00:31:18,529 --> 00:31:22,799 There will also be a packet tracer practice lab to help you practice the configurations 424 00:31:22,799 --> 00:31:24,320 from this video. 425 00:31:24,320 --> 00:31:28,169 That will be in a separate video. 426 00:31:28,169 --> 00:31:32,509 Before finishing this video, I want to give a shoutout to all of my JCNP-level channel 427 00:31:32,509 --> 00:31:33,999 members. 428 00:31:33,999 --> 00:31:39,979 Thank you to C Mohd, Johan, And then I’m sorry, but the next person displays only as 429 00:31:39,979 --> 00:31:41,409 Channel failed to load. 430 00:31:41,409 --> 00:31:46,059 If this is you, please let me know and I will try to ask YouTube to fix it. 431 00:31:46,059 --> 00:31:56,159 Okay, continuing on, thank you to Mark, Aleksa, Miguel, Yousif, Samil, Boson Software (the creators of ExSim), Sidi, 432 00:31:56,159 --> 00:32:03,940 Magrathea, Devin, Charlsetta, Lito, Yonatan, Mike, Aleksander, and Vance. 433 00:32:03,940 --> 00:32:10,120 Sorry if I pronounced your name wrong, but thank you so much for your support. 434 00:32:10,120 --> 00:32:12,320 Thank you for watching. 435 00:32:12,320 --> 00:32:16,230 Please subscribe to the channel, like the video, leave a comment, and share the video 436 00:32:16,230 --> 00:32:19,570 with anyone else studying for the CCNA. 437 00:32:19,570 --> 00:32:21,929 If you want to leave a tip, check the links in the description. 438 00:32:21,929 --> 00:32:28,889 I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the 439 00:32:28,889 --> 00:32:29,889 Brave browser. 440 00:32:29,889 --> 00:32:31,040 That's all for now. 42393