Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:04,589 --> 00:00:08,000 This is a free, complete course for the CCNA. 2 00:00:08,000 --> 00:00:12,250 If you like these videos, please subscribe\n 3 00:00:12,250 --> 00:00:17,089 Also, please like and leave a comment, and\n 4 00:00:20,399 --> 00:00:26,839 In this video we will continue with the topic\n 5 00:00:26,839 --> 00:00:32,939 In the last video, Day 16, we covered the\n 6 00:00:32,939 --> 00:00:37,079 what their purpose is, and the most basic\nVLAN configurations. 7 00:00:37,079 --> 00:00:42,859 However, that’s not really enough information,\n 8 00:00:42,859 --> 00:00:44,840 to be able to understand and use VLANs. 9 00:00:44,840 --> 00:00:49,089 That’s what we’ll cover in today’s video. 10 00:00:49,088 --> 00:00:52,109 So let’s take a look at what we’ll cover, exactly. 11 00:00:52,109 --> 00:00:56,850 This will be a fairly long video I think,\n 12 00:00:56,850 --> 00:00:59,390 First of all, what is a trunk port? 13 00:00:59,390 --> 00:01:02,378 I mentioned trunk ports briefly in the last\nvideo. 14 00:01:02,378 --> 00:01:08,189 Whereas an access port belongs to a single\n 15 00:01:10,540 --> 00:01:13,900 Next, what is the purpose of trunk ports? 16 00:01:16,680 --> 00:01:20,840 Next I will talk about 802.1Q encapsulation. 17 00:01:20,840 --> 00:01:26,390 This is an additonal tag added to an Ethernet\n 18 00:01:28,319 --> 00:01:34,519 Next, we’ll go into trunk port configuration,\n 19 00:01:36,599 --> 00:01:40,079 Finally, we’ll cover ‘router on a stick’. 20 00:01:40,079 --> 00:01:44,700 It’s a bit of an odd name, but this is something\n 21 00:01:44,700 --> 00:01:49,890 It’s a more efficient way of performing\n 22 00:01:49,890 --> 00:01:52,820 a separate router interface for every VLAN. 23 00:01:56,219 --> 00:02:01,230 For a quick review, here is the network topology\n 24 00:02:01,230 --> 00:02:03,939 There is a single switch, and three VLANs. 25 00:02:03,939 --> 00:02:10,679 All of the switch interfaces are access ports\n 26 00:02:13,699 --> 00:02:18,500 Three interfaces are used to connect to the\n 27 00:02:18,500 --> 00:02:22,169 For this video, let’s use a different network\ntopology. 28 00:02:22,169 --> 00:02:27,169 Here’s the network topology we’ll start\nwith for this lesson. 29 00:02:27,169 --> 00:02:29,939 This time, there are two switches used. 30 00:02:29,939 --> 00:02:36,250 Note that VLAN10, the VLAN for the engineering\n 31 00:02:36,250 --> 00:02:42,030 This is very common, as departments in a company\n 32 00:02:42,030 --> 00:02:45,930 You might have some engineers on one\n 33 00:02:47,199 --> 00:02:50,819 We are still using only access ports. 34 00:02:50,819 --> 00:02:57,599 There are two links between SW1 and SW2, one\n 35 00:02:57,599 --> 00:03:02,629 There must be a link in VLAN10 between the\n 36 00:03:02,629 --> 00:03:09,299 to both SW1 and SW2, and also because the\n 37 00:03:12,449 --> 00:03:17,869 As for the link in VLAN30, it is necessary\n 38 00:03:21,539 --> 00:03:25,479 There is no link in VLAN20 between SW1 and\nSW2. 39 00:03:25,479 --> 00:03:30,489 This is because there are no PCs in VLAN20\nconnected to SW1. 40 00:03:30,490 --> 00:03:38,730 PCs in VLAN20 can still reach PCs connected\n 41 00:03:38,729 --> 00:03:41,049 Let me demonstrate that inter-VLAN routing. 42 00:03:41,050 --> 00:03:47,430 Let’s say this PC in VLAN20 wants to send\n 43 00:03:49,460 --> 00:03:54,400 It will send the frame with a destination\n 44 00:03:54,400 --> 00:03:58,260 R1 then forwards it back to SW2. 45 00:03:58,259 --> 00:04:04,500 Note that this traffic arrived at SW2 on the\n 46 00:04:04,500 --> 00:04:10,479 so it forwards it to SW1 on the VLAN10 connection\n 47 00:04:12,370 --> 00:04:19,189 So, you can see that, even though there isn’t\n 48 00:04:19,189 --> 00:04:24,449 PC in VLAN20 can still send traffic to the\n 49 00:04:27,478 --> 00:04:33,379 In a small network with few VLANs, it is possible\n 50 00:04:33,379 --> 00:04:37,399 when connecting switches to switches, and\nswitches to routers. 51 00:04:37,399 --> 00:04:42,128 However, when the number of VLANs increases,\nthis is not viable. 52 00:04:42,129 --> 00:04:47,009 It will result in wasted interfaces, and often\n 53 00:04:48,990 --> 00:04:55,418 You can use 'trunk ports' to carry traffic from\n 54 00:04:55,418 --> 00:05:00,459 Once again, these are different than access ports, which belong to 55 00:05:00,459 --> 00:05:04,998 Let’s take a quick look at how trunk ports\nwork. 56 00:05:04,999 --> 00:05:10,820 So, now I’ve replaced those separate connections\n 57 00:05:10,819 --> 00:05:14,810 between SW1 and SW2, and SW2 and R1. 58 00:05:14,810 --> 00:05:19,360 However, to make it more clear, let’s add\nthose colors back. 59 00:05:19,360 --> 00:05:24,028 Okay, so now you can see which VLANs are allowed\non each trunk. 60 00:05:24,028 --> 00:05:29,569 Remember, these are single physical connections,\n 61 00:05:30,918 --> 00:05:38,778 Let’s say this PC in VLAN10 wants to send\n 62 00:05:38,778 --> 00:05:42,819 It sends the traffic to SW2, which then sends\nit to SW1. 63 00:05:45,589 --> 00:05:49,938 How does SW1 know which VLAN the traffic belongs\nto? 64 00:05:49,939 --> 00:05:55,689 Both VLANs 10 and 30 are allowed on the interface\n 65 00:05:55,689 --> 00:05:59,139 SW1 know which VLAN it belongs to? 66 00:06:02,199 --> 00:06:05,889 Switches will ‘tag’ all frames that they\nsend over a trunk link. 67 00:06:05,889 --> 00:06:09,560 This allows the receiving switch to know which\n 68 00:06:09,560 --> 00:06:14,800 In fact, another name for a trunk port is\n 69 00:06:14,800 --> 00:06:18,559 an access port is an ‘untagged’ port. 70 00:06:18,559 --> 00:06:22,680 Frames sent over access ports aren’t tagged,\n 71 00:06:22,680 --> 00:06:25,778 interface belongs to a single VLAN. 72 00:06:25,778 --> 00:06:31,308 If a frame arrives on a switchport in VLAN10,\n 73 00:06:31,309 --> 00:06:35,699 Let’s talk about those VLAN tags. 74 00:06:35,699 --> 00:06:44,788 There are two main trunking protocols: ISL\n 75 00:06:49,050 --> 00:06:55,389 ISL is an old Cisco proprietary protocol,\n 76 00:06:55,389 --> 00:07:02,809 802.1Q. Dot1q is an industry standard\n 77 00:07:02,809 --> 00:07:06,379 Electrical and Electronics Engineers). 78 00:07:10,980 --> 00:07:15,020 That’s Ethernet, another industry standard\nprotocol. 79 00:07:15,019 --> 00:07:17,978 You will probably NEVER use ISL in the real\nworld. 80 00:07:17,978 --> 00:07:21,968 Even modern Cisco equipment doesn’t support\nit. 81 00:07:21,968 --> 00:07:25,279 For the CCNA, you only need to learn dot1q. 82 00:07:25,279 --> 00:07:31,259 You should know what ISL is, but you don’t\n 83 00:07:31,259 --> 00:07:36,449 Okay here’s an old slide, back from Day\n5 on Ethernet switching. 84 00:07:36,449 --> 00:07:40,288 Do you remember the fields of the Ethernet\nheader and trailer? 85 00:07:40,288 --> 00:07:44,649 If you don’t, I recommend going back to\n 86 00:07:44,649 --> 00:07:46,939 time explaining it all again here. 87 00:07:46,939 --> 00:07:52,620 However, the reason I am showing this is because\n 88 00:07:52,620 --> 00:07:54,649 two fields of the Ethernet header. 89 00:07:54,649 --> 00:07:58,050 So, here’s just the Ethernet header. 90 00:07:58,050 --> 00:08:04,408 Dot1q inserts a 4-byte, or 32-bit field between\n 91 00:08:07,199 --> 00:08:12,588 As you can see here, the dot1q tag is inserted\n 92 00:08:12,588 --> 00:08:15,478 or length fields of the Ethernet header. 93 00:08:18,800 --> 00:08:25,300 As I just said, the 802.1Q tag is inserted\n 94 00:08:27,829 --> 00:08:31,658 The tag is 4 bytes, or 32 bits, in length. 95 00:08:31,658 --> 00:08:34,740 The tag consists of two main fields. 96 00:08:34,740 --> 00:08:43,349 Those are the Tag Protocol Identifier, TPID,\n 97 00:08:43,349 --> 00:08:46,280 The TCI itself consists of three sub-fields. 98 00:08:46,279 --> 00:08:51,240 Let’s quickly take a look at each field\nof the dot1q tag. 99 00:08:51,240 --> 00:08:57,399 Here’s a diagram of the dot1q tag format,\nthanks to wikipedia. 100 00:08:57,399 --> 00:09:03,539 Notice that it can be divided into two halves,\n 101 00:09:03,539 --> 00:09:12,429 Also, the TCI can be divided into three sub\n 102 00:09:12,429 --> 00:09:17,159 Okay first up lets look at the TPID field. 103 00:09:17,159 --> 00:09:25,579 The field is 16 bits, or 2 bytes, in length,\n 104 00:09:25,580 --> 00:09:31,400 The TPID is ALWAYS set to a value of 0x8100. 105 00:09:31,399 --> 00:09:39,519 Remember, 0x just means hexadecimal, so the actual\n 106 00:09:41,328 --> 00:09:48,799 Each hexadecimal digit is 4 bits, so 4 x 4\n 107 00:09:48,799 --> 00:09:54,818 This value of 8 1 0 0 indicates that the frame\nis dot1q-tagged. 108 00:09:54,818 --> 00:09:59,028 As I just showed you, the dot1q tag comes\n 109 00:10:00,659 --> 00:10:04,159 This is where the TYPE field is usually located. 110 00:10:04,159 --> 00:10:09,769 When the switch sees this value of 8 1 0 0\n 111 00:10:09,769 --> 00:10:14,929 Okay, that’s all for the TPID field. 112 00:10:14,929 --> 00:10:20,489 Next up let’s look at the first field of\n 113 00:10:24,669 --> 00:10:30,929 It is used for Class of Service, CoS, which\n 114 00:10:31,929 --> 00:10:39,309 Don’t worry about this field too much, just\n 115 00:10:39,309 --> 00:10:43,778 Next up is the DEI, Drop Eligible Indicator. 116 00:10:43,778 --> 00:10:47,039 This field is just a single bit in length. 117 00:10:47,039 --> 00:10:51,410 It is used to indicate frames that can be\n 118 00:10:51,410 --> 00:10:55,349 makes sure more important network traffic\ngets through. 119 00:10:55,350 --> 00:10:59,500 Once again, you don’t really need to worry\n 120 00:10:59,500 --> 00:11:01,919 know the name and it’s basic purpose. 121 00:11:01,919 --> 00:11:08,969 Okay, finally is a very important field, the\n 122 00:11:11,328 --> 00:11:15,919 It is the field that actually identifies the\n 123 00:11:15,919 --> 00:11:20,479 this is the most important field of the dot1q\ntag. 124 00:11:20,480 --> 00:11:26,460 Because this field is 12 bits in length, that\n 125 00:11:26,460 --> 00:11:30,379 2 to the power of 12 equals 4096. 126 00:11:30,379 --> 00:11:37,889 However, the first and last VLANs, 0 and 4095,\n 127 00:11:37,889 --> 00:11:44,509 Therefore, the actual range of VLANs that\n 128 00:11:44,509 --> 00:11:49,470 By the way, Cisco’s proprietary ISL, which\n 129 00:11:49,470 --> 00:11:55,889 over trunk connections, also uses a VLAN range\nof 1 to 4094. 130 00:11:55,889 --> 00:12:00,360 As I mentioned before, however, you don’t\n 131 00:12:00,360 --> 00:12:04,399 completely replaced by the industry standard\ndot1q. 132 00:12:04,399 --> 00:12:09,000 So, those are the fields of the dot1q tag. 133 00:12:09,000 --> 00:12:13,399 Take a look at this diagram, do you remember\n 134 00:12:15,089 --> 00:12:19,449 If you want to read a little bit about dot1q,\n 135 00:12:21,970 --> 00:12:26,899 Okay let me talk about the VLAN ranges a little\nbit more. 136 00:12:26,899 --> 00:12:33,860 The range of VLANs, which as I mentioned is\n 137 00:12:33,860 --> 00:12:41,050 'normal VLANs', which are numbered from 1 to\n 138 00:12:44,970 --> 00:12:49,920 Some older devices cannot use the extended\n 139 00:12:49,919 --> 00:12:53,519 that modern switches will support the extended\nVLAN range. 140 00:12:53,519 --> 00:12:58,269 I work with Cisco switches a lot in my job,\n 141 00:12:58,269 --> 00:13:03,110 doesn’t support the entire range, from 1\nto 4094. 142 00:13:03,110 --> 00:13:07,759 Just be aware that some older switches might\n 143 00:13:07,759 --> 00:13:12,439 Okay, so let’s look at this diagram once again. 144 00:13:12,440 --> 00:13:18,820 So, this PC in VLAN10 wants to send\n 145 00:13:18,828 --> 00:13:24,219 The traffic goes to SW2, which then forwards\n 146 00:13:26,519 --> 00:13:32,940 SW1 receives the frame, and because the destination\n 147 00:13:34,309 --> 00:13:40,250 Remember, a standard layer 2 switch like this\n 148 00:13:40,250 --> 00:13:45,970 it will not forward traffic between VLANs. 149 00:13:45,970 --> 00:13:48,870 Let me introduce another concept of dot1q. 150 00:13:48,870 --> 00:13:52,438 Dot1q has a feature called the NATIVE VLAN. 151 00:13:52,438 --> 00:13:56,938 Cisco’s ISL does not have this feature,\nby the way. 152 00:13:56,938 --> 00:14:02,559 The native VLAN is VLAN 1 by default on all\n 153 00:14:04,049 --> 00:14:08,948 It’s important to remember that this has\n 154 00:14:08,948 --> 00:14:11,588 a global configuration on the switch. 155 00:14:11,589 --> 00:14:15,660 Now, what exactly does the native VLAN do? 156 00:14:15,659 --> 00:14:20,860 The switch does not add an 802.1Q tag to frames\n 157 00:14:20,860 --> 00:14:25,068 It will forward the frame normally, without\n 158 00:14:25,068 --> 00:14:29,620 So, what does the receiving switch do when\n 159 00:14:31,250 --> 00:14:35,448 When a switch receives an untagged frame on\n 160 00:14:36,730 --> 00:14:41,680 So, it’s very important that the native\n 161 00:14:41,679 --> 00:14:47,208 Switches will still forward traffic if there\n 162 00:14:51,429 --> 00:14:55,539 This time, let’s say I’ve configured the\n 163 00:14:57,929 --> 00:15:01,509 Let’s follow some traffic on the same path\nas usual. 164 00:15:01,509 --> 00:15:05,999 This PC sends the traffic to SW2. 165 00:15:05,999 --> 00:15:11,490 It will send the traffic to SW1, but because\n 166 00:15:14,539 --> 00:15:20,250 The untagged frame arrives at SW1, which assumes\n 167 00:15:20,250 --> 00:15:23,839 forwards it to the destination. 168 00:15:23,839 --> 00:15:28,580 This time, let’s look at if there is a native\n 169 00:15:28,580 --> 00:15:33,339 On SW2’s interface I’ve configured VLAN10\nas the native VLAN. 170 00:15:33,339 --> 00:15:39,259 However, on SW1’s interface I’ve configured\n 171 00:15:41,990 --> 00:15:45,500 Up to the point the traffic reaches SW1, it’s\nthe same. 172 00:15:45,500 --> 00:15:50,220 However, when SW1 receives the frame this\nis what it will think. 173 00:15:51,919 --> 00:15:54,469 Therefore, it must belong to VLAN30. 174 00:15:54,470 --> 00:15:57,899 But, the destination is in VLAN10, not VLAN30. 175 00:15:57,899 --> 00:16:00,068 So, I won’t forward the frame. 176 00:16:00,068 --> 00:16:04,549 So, I think you can see why it is important\n 177 00:16:06,289 --> 00:16:11,719 Let’s look at another reason why it’s\n 178 00:16:11,720 --> 00:16:18,028 This time, this PC in VLAN10 wants to reach\nthis PC in VLAN30. 179 00:16:18,028 --> 00:16:24,308 The PC sends the frame to SW2, which forwards\n 180 00:16:27,230 --> 00:16:31,649 However, VLAN30 is the native VLAN of SW1. 181 00:16:31,649 --> 00:16:36,679 When this frame tagged with VLAN30 arrives,\n 182 00:16:36,679 --> 00:16:39,620 not forward it to the destination. 183 00:16:39,620 --> 00:16:44,580 Because it expects all traffic in VLAN 30\n 184 00:16:44,580 --> 00:16:48,690 will consider the frame to be an error, and\nnot forward it. 185 00:16:48,690 --> 00:16:52,860 So once again, make sure the native VLAN matches\non each switch! 186 00:16:52,860 --> 00:16:57,480 Okay, let’s finally get into the configuration\nof trunk ports. 187 00:16:57,480 --> 00:17:01,938 I’ve added the interface numbers to the\n 188 00:17:01,938 --> 00:17:11,139 So, we will be configuring G0/0 on SW1,\n 189 00:17:15,910 --> 00:17:20,450 First let’s look at the most basic trunk\n 190 00:17:22,950 --> 00:17:28,809 After entering interface configuration mode,\n 191 00:17:28,809 --> 00:17:31,899 manually configure the interface as a trunk. 192 00:17:31,900 --> 00:17:35,990 However, in this case we got an error message. 193 00:17:35,990 --> 00:17:40,970 Command rejected, an interface whose trunk\n 194 00:17:44,650 --> 00:17:48,220 Many modern switches do not support Cisco’s\nISL at all. 195 00:17:51,130 --> 00:17:56,660 Even though ISL is a proprietary Cisco protocol,\n 196 00:17:58,849 --> 00:18:04,829 However, switches that do support both dot1q\n 197 00:18:04,829 --> 00:18:09,619 example) have a trunk encapsulation of ‘Auto’\nby default. 198 00:18:09,619 --> 00:18:15,399 To manually configure the interface as a trunk\n 199 00:18:18,900 --> 00:18:24,540 On switches that only support dot1q, this\nis not necessary. 200 00:18:24,539 --> 00:18:28,759 After you set the encapsulation type, you\n 201 00:18:28,759 --> 00:18:32,549 So, let’s see how to set the encapsulation\ntype. 202 00:18:32,549 --> 00:18:37,279 You use the SWITCHPORT TRUNK ENCAPSULATION\ncommand. 203 00:18:37,279 --> 00:18:40,309 I used the question mark to see the options. 204 00:18:40,309 --> 00:18:44,200 There are dot1q, isl, and negotiate. 205 00:18:44,200 --> 00:18:47,650 Negotiate sets it to AUTO mode, so we cant\nchoose that. 206 00:18:47,650 --> 00:18:52,500 I will talk more about AUTO mode in the next\n 207 00:18:52,500 --> 00:18:54,779 questions I will answer them there. 208 00:18:54,779 --> 00:19:00,369 I set the encapsulation to dot1q, and then\n 209 00:19:02,410 --> 00:19:08,050 On switches that only support dot1q, you will\n 210 00:19:08,049 --> 00:19:13,659 but on some switches you will need to set\n 211 00:19:13,660 --> 00:19:18,190 I used the SHOW INTERFACES TRUNK command to\nconfirm. 212 00:19:18,190 --> 00:19:21,519 First up, the trunk interfaces are listed\nhere. 213 00:19:21,519 --> 00:19:26,200 'Mode on' means that the interface was manually\n 214 00:19:26,200 --> 00:19:30,950 In the next lecture we will look at how a\n 215 00:19:30,950 --> 00:19:34,390 configuration, but we’ll forget about that\nfor the moment. 216 00:19:34,390 --> 00:19:40,710 Encapsulation is dot1q as we configured, status\n 217 00:19:40,710 --> 00:19:44,620 mentioned before, is the default of 1. 218 00:19:44,619 --> 00:19:48,299 Under that, the VLANs allowed on the trunk\nare displayed. 219 00:19:48,299 --> 00:19:53,769 By the default, ALL VLANs, 1 to 4094, are\nallowed on the trunk. 220 00:19:53,769 --> 00:19:58,549 However, for security purposes, we might want\n 221 00:19:58,549 --> 00:20:03,329 trunk, so we’ll look at that configuration next. 222 00:20:03,329 --> 00:20:07,929 Next up is VLANs allowed and active in management\ndomain. 223 00:20:07,930 --> 00:20:13,539 This includes the default VLAN of 1, as well\n 224 00:20:15,299 --> 00:20:22,589 Note that, although VLAN1, which exists by\n 225 00:20:22,589 --> 00:20:26,220 which I showed you in the previous lecture\nvideo, do not. 226 00:20:26,220 --> 00:20:29,960 As I mentioned before, don’t worry about\n 227 00:20:31,930 --> 00:20:37,039 The last field of the SHOW INTERFACES TRUNK\n 228 00:20:39,170 --> 00:20:44,039 I’ll talk about this in a future lecture,\n 229 00:20:46,950 --> 00:20:51,059 Here is the command to configure the VLANs\nallowed on a trunk. 230 00:20:51,059 --> 00:20:55,639 SWITCHPORT TRUNK ALLOWED VLAN, and then there\nare some options. 231 00:20:55,640 --> 00:20:59,250 WORD allows you to simply configure the list\nof VLANs allowed. 232 00:21:01,579 --> 00:21:08,519 So, I used the command SWITCHPORT TRUNK ALLOWED\n 233 00:21:08,519 --> 00:21:13,960 Notice that the SHOW INTERFACES TRUNK command\n 234 00:21:16,720 --> 00:21:19,610 Now let’s take a look at the ADD option. 235 00:21:19,609 --> 00:21:23,549 This allows you to add allowed VLANs to the\n 236 00:21:23,549 --> 00:21:29,859 Currently VLANs 10 and 30 are allowed, let’s\n 237 00:21:29,859 --> 00:21:33,990 hosts in VLAN20 are connected to SW1. 238 00:21:33,990 --> 00:21:39,690 This time I used the command SWITCHPORT TRUNK\n 239 00:21:39,690 --> 00:21:45,590 The SHOW INTERFACES TRUNK command now shows\n 240 00:21:48,200 --> 00:21:53,490 Note that, because I haven’t actually created\n 241 00:21:53,490 --> 00:21:59,250 displayed in the VLANs allowed and active\n 242 00:21:59,250 --> 00:22:02,200 Next up I’ll show you the ‘remove’ option. 243 00:22:02,200 --> 00:22:06,539 VLAN20 isn’t necessary on this trunk, so\nlet’s remove it. 244 00:22:06,549 --> 00:22:11,289 I used the command SWITCHPORT TRUNK ALLOWED\nVLAN REMOVE 20. 245 00:22:11,289 --> 00:22:17,000 Now, as you can see, VLAN20 has been removed\n 246 00:22:21,150 --> 00:22:23,170 Next up lets look at the ALL option. 247 00:22:23,170 --> 00:22:28,210 I think this one is fairly obvious, but lets\ntake a look anyway. 248 00:22:28,210 --> 00:22:32,840 This time I used the command SWITCHPORT TRUNK\nALLOWED VLAN ALL. 249 00:22:32,839 --> 00:22:35,589 Now all VLANs are allowed on the trunk. 250 00:22:35,589 --> 00:22:41,859 This is the same as the default state, as\n 251 00:22:41,859 --> 00:22:44,719 Next up lets look at the EXCEPT option. 252 00:22:44,720 --> 00:22:47,789 It allows all VLANS except the ones you specify. 253 00:22:51,339 --> 00:22:58,730 I used the command SWITCHPORT TRUNK ALLOWED\n 254 00:22:58,730 --> 00:23:08,420 As you can see it allows all VLANs except\n 255 00:23:08,420 --> 00:23:15,460 Okay, finally let’s look at the NONE option,\n 256 00:23:15,519 --> 00:23:21,839 This time I used the command SWITCHPORT TRUNK\n 257 00:23:23,779 --> 00:23:28,190 This effectively allows no traffic to pass\n 258 00:23:28,190 --> 00:23:31,000 settings we want for this network. 259 00:23:33,420 --> 00:23:37,940 SW1 has hosts in VLAN 10 and VLAN 30 connected\nto it. 260 00:23:37,950 --> 00:23:42,580 No hosts in VLAN20 are connected, so there’s\n 261 00:23:44,009 --> 00:23:49,359 So, let’s set the allowed VLANs to 10 and\n30 like we did before. 262 00:23:52,490 --> 00:23:56,640 Now the only VLANs allowed on the trunk are\nVLANs 10 and 30. 263 00:23:56,640 --> 00:24:01,500 The reason to do this is for security purposes,\n 264 00:24:03,839 --> 00:24:09,949 Also, for network performance purposes, this\n 265 00:24:09,950 --> 00:24:13,549 and such in other VLANs won’t be sent over\nthe trunk. 266 00:24:13,549 --> 00:24:17,919 Now, I said I’d show you how to change the\nnative VLAN. 267 00:24:17,920 --> 00:24:23,960 For security purposes, it is best to change\n 268 00:24:23,960 --> 00:24:28,029 Network security will be explained more in-depth\n 269 00:24:28,029 --> 00:24:32,599 This video is already getting long so I won’t\n 270 00:24:32,599 --> 00:24:38,019 about limiting unnecessary traffic in the\n 271 00:24:38,019 --> 00:24:42,990 Also, remember to make the native VLAN match\nbetween switches. 272 00:24:42,990 --> 00:24:46,650 Now let’s look at how to change the native\nVLAN. 273 00:24:46,650 --> 00:24:53,470 The command to change the native VLAN is SWITCHPORT\n 274 00:24:56,950 --> 00:25:04,200 As you can see, the native VLAN has now been\nchanged to 1001. 275 00:25:04,200 --> 00:25:08,819 After configuring this trunk port, I did the SHOW VLAN BRIEF 276 00:25:08,819 --> 00:25:14,679 Notice that G0/0 is not listed anywhere. Not in VLAN10 or 277 00:25:14,680 --> 00:25:18,420 even though those are the VLANs allowed on the trunk. 278 00:25:18,420 --> 00:25:24,300 This is because the SHOW VLAN BRIEF command shows the access ports 279 00:25:24,299 --> 00:25:26,819 not the trunk ports that allow each VLAN. 280 00:25:26,920 --> 00:25:32,360 Use the SHOW INTERFACES TRUNK command instead to confirm trunk 281 00:25:32,359 --> 00:25:36,799 Now that we’ve seen the configurations\n 282 00:25:39,450 --> 00:25:45,140 On SW2’s G0/0 interface, we must allow VLANs\n10 and 30. 283 00:25:45,140 --> 00:25:51,500 On SW2’s G0/1 interface, however, we must\nallow VLAN 20 as well. 284 00:25:51,500 --> 00:25:58,200 Here are the configurations for SW2’s G0/0\n 285 00:25:58,200 --> 00:26:02,019 These are the same as before, so I won’t go\nthrough each one. 286 00:26:02,019 --> 00:26:06,500 You can pause the video if you want to take a look\n 287 00:26:06,500 --> 00:26:10,440 Now let’s move on to G0/1, which is connected\nto R1. 288 00:26:10,440 --> 00:26:13,720 Okay, here are the configurations. 289 00:26:13,720 --> 00:26:20,539 Almost identical to G0/0, except I allowed\n 290 00:26:20,549 --> 00:26:27,259 Now, both G0/0 and G0/1 are displayed in the\n 291 00:26:27,259 --> 00:26:32,379 So, that’s all for the switch configurations\nfor this lesson. 292 00:26:32,380 --> 00:26:35,660 However, you may be wondering about the router. 293 00:26:35,660 --> 00:26:40,100 In the previous lecture, we used three separate\n 294 00:26:40,099 --> 00:26:45,789 R1, and assigned a separate IP address to\neach one on R1. 295 00:26:45,789 --> 00:26:50,319 Each one served as the default gateway address\n 296 00:26:50,319 --> 00:26:55,019 However, now we are using only one physical\n 297 00:26:55,019 --> 00:26:58,789 So, we must use ‘subinterfaces’ on\nR1. 298 00:27:01,960 --> 00:27:05,250 First of all, look at the title of the slide. 299 00:27:05,250 --> 00:27:08,569 ROUTER ON A STICK, also written as ROAS. 300 00:27:08,569 --> 00:27:13,500 It’s a bit of a strange name, but it’s\n 301 00:27:13,500 --> 00:27:18,460 routing, as there is only a single physical\n 302 00:27:18,460 --> 00:27:22,190 and it looks like a ‘stick’ on the network\ntopology diagram. 303 00:27:22,190 --> 00:27:29,519 So, in this case that one physical interface\n 304 00:27:29,519 --> 00:27:33,079 It’s connected to G0/1 on SW2. 305 00:27:33,079 --> 00:27:39,539 But, we can actually divide this one physical\n 306 00:27:39,539 --> 00:27:44,500 which will allow us to perform inter-VLAN\n 307 00:27:47,680 --> 00:27:58,500 G0/0.10 for VLAN10, G0/0.20 for VLAN20, and\nG0/0.30 for VLAN30. 308 00:27:58,500 --> 00:28:04,509 These three logical subinterfaces are really\n 309 00:28:04,509 --> 00:28:11,859 to SW2’s G0/1 interface, but they can operate\n 310 00:28:11,859 --> 00:28:15,990 Before we look at the router configurations,\n 311 00:28:18,809 --> 00:28:25,190 We already configured G0/1 as a trunk, and\n 312 00:28:25,190 --> 00:28:31,230 That’s all you need to do on the switch, configure\n 313 00:28:31,230 --> 00:28:35,710 Now let’s look at the router configurations. 314 00:28:37,329 --> 00:28:43,079 First, make sure the interface is enabled\n 315 00:28:46,059 --> 00:28:48,700 Next up is the first subinterface. 316 00:28:48,700 --> 00:28:52,789 Notice how to enter subinterface configuration\nmode. 317 00:28:56,410 --> 00:29:00,860 This subinterface number does not have to\nmatch the VLAN number. 318 00:29:00,859 --> 00:29:06,229 However it is highly recommended that they\n 319 00:29:06,230 --> 00:29:11,400 If each subinterface’s number matches the\n 320 00:29:14,690 --> 00:29:20,269 The next command after that is ENCAPSULATION\n 321 00:29:22,539 --> 00:29:27,759 This tells the router to treat any arriving\n 322 00:29:27,759 --> 00:29:31,390 as if they arrived on this sub interface. 323 00:29:31,390 --> 00:29:36,820 If a frame arrives tagged with VLAN10, R1\n 324 00:29:39,619 --> 00:29:45,509 It will also tag all frames leaving this subinterface\n 325 00:29:45,509 --> 00:29:53,640 Finally, after the encapsulation dot1q command,\n 326 00:29:53,640 --> 00:29:56,870 Once again, I have assigned the last usable\n 327 00:29:56,869 --> 00:30:00,529 And that’s all for this subinterface. 328 00:30:00,529 --> 00:30:03,789 Then I did the same thing with the other two\nsubinterfaces. 329 00:30:03,789 --> 00:30:09,960 Again, I made the subinterface and VLAN numbers\n 330 00:30:09,960 --> 00:30:15,370 of each subnet as the IP address of the subinterface. 331 00:30:15,369 --> 00:30:20,009 If you confirm with the SHOW IP INTERFACE\n 332 00:30:20,009 --> 00:30:25,220 subinterfaces appears, as well as the physical\n 333 00:30:25,220 --> 00:30:29,559 itself has no IP address assigned to it. 334 00:30:29,559 --> 00:30:31,919 And here is the routing table. 335 00:30:31,920 --> 00:30:36,019 Notice the connected and local routes are\n 336 00:30:36,019 --> 00:30:39,150 to regular physical interfaces. 337 00:30:39,150 --> 00:30:46,600 When R1 sends frames out of these subinterfaces,\n 338 00:30:46,599 --> 00:30:54,219 For example, if a packet arrives destined\n 339 00:30:54,220 --> 00:30:58,600 the packet out of it’s G0/0 interface tagged\nwith VLAN20. 340 00:30:58,599 --> 00:31:04,819 Okay, let’s review the important points\nabout router on a stick. 341 00:31:04,819 --> 00:31:10,559 ROAS is used to route between multiple VLANs\n 342 00:31:12,180 --> 00:31:16,130 The switch interface is configured as a regular\ntrunk. 343 00:31:16,130 --> 00:31:19,830 The router interface is configured using subinterfaces. 344 00:31:19,829 --> 00:31:25,069 You configure the VLAN tag and IP address\non each subinterface. 345 00:31:25,069 --> 00:31:29,769 The router will behave as if frames arriving\n 346 00:31:29,769 --> 00:31:32,990 subinterface configured with that VLAN tag. 347 00:31:32,990 --> 00:31:38,680 Finally, the router will tag frames sent out\n 348 00:31:42,250 --> 00:31:46,319 Now that we have configured the router, let’s\n 349 00:31:46,319 --> 00:31:50,059 routing works with these subinterfaces. 350 00:31:50,059 --> 00:31:55,769 This PC in VLAN10 is trying to reach this\nPC in VLAN30. 351 00:31:58,059 --> 00:32:04,809 SW2 sends the frame on its G0/1 interface\n 352 00:32:04,809 --> 00:32:12,879 R1 receives it on its G0/0 interface, identifying\n 353 00:32:15,910 --> 00:32:27,120 The destination is in the subnet 192.168.1.128/26,\n 354 00:32:27,119 --> 00:32:31,069 so it sends the frame out of its G0/0 interface. 355 00:32:31,069 --> 00:32:37,119 It tags it as VLAN30 because that is what\n 356 00:32:37,119 --> 00:32:42,489 SW2 then forwards it to SW1, tagging it as\n 357 00:32:42,490 --> 00:32:45,529 SW1 then forwards the frame to the destination. 358 00:32:45,529 --> 00:32:50,450 Okay, let’s quickly review before moving\non to today’s quiz. 359 00:32:50,450 --> 00:32:55,340 I think I say this after every video these\n 360 00:32:56,339 --> 00:33:01,089 Please rewatch certain parts of the video\n 361 00:33:01,089 --> 00:33:05,250 materials to help you practice and review\nas well. 362 00:33:05,250 --> 00:33:09,029 First off, we answered the question WHAT IS\nA TRUNK PORT? 363 00:33:09,029 --> 00:33:14,599 It’s a switch interface that carries traffic\n 364 00:33:14,599 --> 00:33:17,809 We also answered what the purpose of a trunk\nport is. 365 00:33:17,809 --> 00:33:23,109 It allows switches to forward traffic from\n 366 00:33:23,109 --> 00:33:27,609 instead of having to use a separate physical\n 367 00:33:27,609 --> 00:33:34,049 I also introduced 802.1Q encapsulation, which\n 368 00:33:34,049 --> 00:33:39,329 and is used to identify which VLAN the frame\n 369 00:33:39,329 --> 00:33:44,629 I showed how to configure trunk ports on a\n 370 00:33:44,630 --> 00:33:47,700 type, allowed VLANs, and native VLAN. 371 00:33:47,700 --> 00:33:53,210 Finally, I showed you how to configure ROUTER\n 372 00:33:53,210 --> 00:33:58,900 subinterfaces on a single physical interface,\n 373 00:33:58,900 --> 00:34:03,830 VLANs and subnets to be routed without having\n 374 00:34:04,829 --> 00:34:07,319 It’s like a trunk port on a router. 375 00:34:07,319 --> 00:34:12,210 Finally, let’s move on to today’s quiz. 376 00:34:14,878 --> 00:34:21,269 You want to configure SW1 to send VLAN10 frames\n 377 00:34:29,378 --> 00:34:33,860 B, switchport trunk allowed vlan 10. 378 00:34:33,860 --> 00:34:37,909 C, switchport trunk allowed vlan add 10. 379 00:34:37,909 --> 00:34:42,500 D, switchport trunk native vlan 10. 380 00:34:42,500 --> 00:34:49,380 Pause the video to think about your answer. 381 00:34:49,380 --> 00:34:53,659 The answer is D, switchport trunk native VLAN10. 382 00:34:53,659 --> 00:35:00,119 A, encapsulation dot1q 10 is used on a router\n 383 00:35:01,639 --> 00:35:06,069 B and C are used to modify the VLANs allowed\non the trunk. 384 00:35:06,070 --> 00:35:11,210 D is used to specify the native VLAN, and\n 385 00:35:17,320 --> 00:35:22,070 After modifying the VLANs allowed on a trunk\n 386 00:35:25,130 --> 00:35:29,260 A, switchport trunk allowed vlan default. 387 00:35:29,260 --> 00:35:33,870 B, switchport trunk allowed vlan all. 388 00:35:33,869 --> 00:35:38,469 C, switchport trunk allowed vlan none. 389 00:35:38,469 --> 00:35:45,869 Or D, switchport trunk allowed vlan 1 and\n1001 to 1005. 390 00:35:45,869 --> 00:35:52,500 Pause the video to think about your answer. 391 00:35:52,500 --> 00:35:57,070 The answer is B, switchport trunk allowed\nVLAN all. 392 00:35:57,070 --> 00:36:02,850 By default all VLANs are allowed on a trunk\n 393 00:36:02,849 --> 00:36:05,110 will return it to the default state. 394 00:36:05,110 --> 00:36:11,490 Answer D, by the way, lists the VLANs that\n 395 00:36:11,489 --> 00:36:14,429 different than the VLANs allowed on a trunk\nby default. 396 00:36:18,599 --> 00:36:23,299 You try to configure an interface on a Cisco\n 397 00:36:23,300 --> 00:36:27,019 mode trunk, but the command is rejected. 398 00:36:27,019 --> 00:36:29,650 Which command might fix this issue? 399 00:36:33,360 --> 00:36:39,140 B, switchport trunk encapsulation 802.1q. 400 00:36:39,139 --> 00:36:44,809 C, switchport trunk encapsulation dot1q. 401 00:36:44,809 --> 00:36:49,150 Or D, switchport trunk encapsulation auto. 402 00:36:49,150 --> 00:36:55,119 Pause the video to think about your answer. 403 00:36:55,119 --> 00:37:00,019 The answer is C, switchport trunk encapsulation\ndot1q. 404 00:37:00,019 --> 00:37:06,480 On Cisco switches that support both 802.1Q\n 405 00:37:06,481 --> 00:37:10,830 you want to manually configure the interface\n 406 00:37:10,829 --> 00:37:16,569 encapsulation type with SWITCHPORT TRUNK\nENCAPSULATION DOT1Q. 407 00:37:16,570 --> 00:37:20,740 You could use ISL instead, but ISL is almost\nnever used. 408 00:37:24,889 --> 00:37:30,569 Which field of the 802.1Q tag identifies the\n 409 00:37:40,980 --> 00:37:46,820 Pause the video to think about your answer. 410 00:37:49,460 --> 00:37:57,460 VID stands for VLAN ID, it is 12 bits long\n 411 00:37:57,460 --> 00:38:05,329 TPID stands for tag protocol identifier, and\n 412 00:38:09,269 --> 00:38:15,139 PCP stands for priority code point and is\n 413 00:38:16,809 --> 00:38:21,719 D, VLN, is not a real field of the 802.1Q\ntag. 414 00:38:21,719 --> 00:38:27,619 Let’s go to the last question, question\n5. 415 00:38:27,619 --> 00:38:34,019 You configured switchport trunk allowed vlan\n 416 00:38:34,019 --> 00:38:39,639 appear in the Vlans allowed and active in\n 417 00:38:43,530 --> 00:38:48,120 A, VLAN10 doesn’t exist on the switch. 418 00:38:51,079 --> 00:38:59,619 C, the command should be switchport trunk\n 419 00:39:01,900 --> 00:39:07,760 Pause the video to think about your answer. 420 00:39:07,760 --> 00:39:12,490 The answer is A, VLAN10 doesn’t exist on\nthe switch. 421 00:39:12,489 --> 00:39:17,459 If a VLAN doesn’t exist on the switch, even\n 422 00:39:17,460 --> 00:39:22,780 appear in the 'Vlans allowed and active in\n 423 00:39:27,130 --> 00:39:32,590 Okay, so as always there will be supplementary\n 424 00:39:32,590 --> 00:39:36,620 There will be flash cards to use with the\n 425 00:39:39,199 --> 00:39:43,500 There will also be a packet tracer practice\n 426 00:39:45,610 --> 00:39:49,240 That will be in a separate video. 427 00:39:49,239 --> 00:39:55,789 Before finishing this video, I want to think\n 428 00:39:55,789 --> 00:40:05,500 Thank you to Charlsetta, Lito, Yonatan, Mike,\n 429 00:40:07,949 --> 00:40:14,379 Sorry if I pronounced your names incorrectly,\n 430 00:40:14,380 --> 00:40:20,750 Extra shoutout to Boson software, I absolutely\n 431 00:40:20,750 --> 00:40:27,269 network simulator, check out the links in\n 432 00:40:28,849 --> 00:40:32,750 Please subscribe to the channel, like the\n 433 00:40:32,750 --> 00:40:36,099 with anyone else studying for the CCNA. 434 00:40:36,099 --> 00:40:38,699 If you want to leave a tip, check the links\nin the description. 435 00:40:38,699 --> 00:40:44,849 I'm also a Brave verified publisher and accept\n 36279