Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:05,000 So let’s do a test 2 00:00:05,000 --> 00:00:07,000 what happens if we move one of these ports into a different VLAN? 3 00:00:07,000 --> 00:00:11,000 Now earlier when I was doing this test I had some problem in GNS3. 4 00:00:11,000 --> 00:00:18,000 So what I’m gonna do is I’m gonna shut g0/2 down and g0/3. 5 00:00:18,000 --> 00:00:23,000 So the only interfaces that are now up are 0/0 and 0/1 6 00:00:23,000 --> 00:00:31,000 in this topology, just to start with a simple network to make a point. 7 00:00:31,000 --> 00:00:35,000 So those interfaces are up, up the other interfaces are down. 8 00:00:35,000 --> 00:00:41,000 What I'll also do actually is to shutdown any other interfaces 9 00:00:41,000 --> 00:00:45,000 to make sure the things converge quicker. 10 10 00:00:45,000 --> 00:00:53,000 So I'll shut down that range and this range of interfaces 11 11 00:00:53,000 --> 00:01:04,000 sh ip int brief also shut down gigabit 3/0 - 3 12 12 00:01:04,000 --> 00:01:07,000 So sh ip interface brief 13 13 00:01:07,000 --> 00:01:13,000 All our interfaces are shutdown except for those 2 interfaces 14 14 00:01:13,000 --> 00:01:16,000 so gigabit 0/0, gigabit 0/1 15 15 00:01:16,000 --> 00:01:21,000 Is router 1 able to ping router 2? 16 16 00:01:21,000 --> 00:01:32,000 Yes it is but if we put this interface gigabit 0/1 into VLAN 2 17 17 00:01:32,000 --> 00:01:34,000 what will happen with the pings? 18 18 00:01:34,000 --> 00:01:38,000 So switchport access vlan 2 19 19 00:01:38,000 --> 00:01:44,000 now before I present here, notice the ping succeeds I'll repeat this 100 times. 20 20 00:01:44,000 --> 00:01:54,000 And then hit enter on the switchport access VLAN command. 21 21 00:01:54,000 --> 00:01:57,000 Notice the pings are starting to time out 22 22 00:01:57,000 --> 00:02:01,000 so as soon as I moved the port from 1 VLAN to another 23 23 00:02:01,000 --> 00:02:05,000 the devices are not able to communicate with each other. 24 24 00:02:05,000 --> 00:02:10,000 sh spanning tree shows that 25 25 00:02:10,000 --> 00:02:14,000 gigabit 0/1 is still in the learning phase of Spanning Tree 26 26 00:02:14,000 --> 00:02:18,000 so we'll wait for a while for Spanning Tree to converge and then do the test again. 27 27 00:02:18,000 --> 00:02:24,000 But what I’d like you to see is this, 2 devices were in the same subnet 28 28 00:02:24,000 --> 00:02:27,000 and at the same VLAN and they were able to ping each other 29 29 00:02:27,000 --> 00:02:32,000 as soon as we moved one port to different VLAN 30 30 00:02:32,000 --> 00:02:34,000 they were no longer able to ping each other. 31 31 00:02:34,000 --> 00:02:41,000 Spanning Tree is forwarding on the VLAN 2 on port gigabit 0/1 32 32 00:02:41,000 --> 00:02:48,000 it’s also forwarding on gigabit 0/0 on VLAN 1. 33 33 00:02:48,000 --> 00:02:55,000 So if we use the sh spanning tree summary command 34 34 00:02:55,000 --> 00:02:58,000 we can see that VLAN 1 is forwarding 35 35 00:02:58,000 --> 00:03:02,000 VLAN 2 is forwarding, there are no blocking ports 36 36 00:03:02,000 --> 00:03:08,000 yet router 1 is not able to ping router 2 37 37 00:03:08,000 --> 00:03:14,000 and router 2 is not able to ping router 1. 38 38 00:03:14,000 --> 00:03:17,000 Because they are in separate VLANs. 39 39 00:03:17,000 --> 00:03:21,000 Is router 2 aware that it’s in a separate VLAN? 40 40 00:03:21,000 --> 00:03:27,000 The answer is no because no tagging information 41 41 00:03:27,000 --> 00:03:33,000 or no VLAN information is gonna being sent on this port it’s an access port. 42 42 00:03:33,000 --> 00:03:35,000 So we just a standard Ethernet frames. 43 43 00:03:35,000 --> 00:03:41,000 There is no VLAN port information transmitted 44 44 00:03:41,000 --> 00:03:45,000 on any of the frames going out on that port. 45 45 00:03:45,000 --> 00:03:49,000 Now to prove this. 46 46 00:03:49,000 --> 00:03:53,000 Let’s add some IP addresses into switch 1 47 47 00:03:53,000 --> 00:03:58,000 so interface vlan 1 ip address 10.1.1. 48 48 00:03:58,000 --> 00:04:07,000 Let’s make it 254 and then interface vlan 2 ip address 10.1.2.254 49 49 00:04:07,000 --> 00:04:12,000 for the mask, now need to no shut both of those 50 50 00:04:12,000 --> 00:04:16,000 so go back to vlan 1 and no shut it. 51 51 00:04:16,000 --> 00:04:22,000 So these are layer 3 Switch Virtual Interfaces on the switch. 52 52 00:04:22,000 --> 00:04:26,000 we are basically creating a layer 3 IP address 53 53 00:04:26,000 --> 00:04:28,000 on the switch for the relevant VLAN 54 54 00:04:28,000 --> 00:04:34,000 so as an example, this switch can ping router 1 on VLAN 1 55 55 00:04:34,000 --> 00:04:36,000 it lost the first ping because of ARP 56 56 00:04:36,000 --> 00:04:38,000 but switch 1 can ping router 1 57 57 00:04:38,000 --> 00:04:43,000 it can’t ping router 2 because router 2 58 58 00:04:43,000 --> 00:04:47,000 needs to be configured with the right IP address for VLAN 2 59 59 00:04:47,000 --> 00:04:51,000 but before I do that notice when I do a capture on that port 60 60 00:04:51,000 --> 00:05:01,000 traffic from the switch to the router is untagged 61 61 00:05:01,000 --> 00:05:05,000 it's a standard Ethernet frame IP traffic 62 62 00:05:05,000 --> 00:05:10,000 there is no tagging at all and as a last test 63 63 00:05:10,000 --> 00:05:14,000 what I’ll do is configure router 2 64 64 00:05:14,000 --> 00:05:19,000 so interface f0/0 ip address 10.1.2.2 65 65 00:05:19,000 --> 00:05:23,000 so I’ve moved it from 1 subnet to another. 66 66 00:05:23,000 --> 00:05:32,000 Ping 2.2 the switch can ping router 2 on this port. 67 67 00:05:32,000 --> 00:05:40,000 Is the traffic tagged? So do the ping again. 68 68 00:05:40,000 --> 00:05:46,000 Filter for ICMP traffic, notice there is no tagging information at all. 69 69 00:05:46,000 --> 00:05:48,000 It’s just standard Ethernet. 70 70 00:05:48,000 --> 00:05:51,000 So what is the summary of this test? 71 71 00:05:51,000 --> 00:05:57,000 Their PCs in the topology are unaware of VLAN traffic 72 72 00:05:57,000 --> 00:06:01,000 these are access ports or untagged ports. 73 73 00:06:01,000 --> 00:06:07,000 In other words 802.1Q tagging is not used on these ports. 74 74 00:06:07,000 --> 00:06:09,000 Can router 1 ping router 2? 75 75 00:06:09,000 --> 00:06:12,000 so cannot ping 10.1.2.2 76 76 00:06:12,000 --> 00:06:14,000 at the moment it won’t be able to 77 77 00:06:14,000 --> 00:06:20,000 because the routers don’t have default routes configured. 78 78 00:06:20,000 --> 00:06:24,000 So I’m gonna turn off IP routing 79 79 00:06:24,000 --> 00:06:29,000 on this routers to turn them into PCs with dumb devices 80 80 00:06:29,000 --> 00:06:31,000 and type IP default gateway 81 81 00:06:31,000 --> 00:06:35,000 and in this case the default gateway router 2 82 82 00:06:35,000 --> 00:06:39,000 will be this IP address on router 1 83 83 00:06:39,000 --> 00:06:44,000 no IP routing that’s a command that turns an expensive router 84 84 00:06:44,000 --> 00:06:50,000 into a dumb device IP default gateway 10.1.1.254 85 85 00:06:50,000 --> 00:06:56,000 so router 1 has a default gateway configured. 86 86 00:06:56,000 --> 00:06:59,000 Can it ping its default gateway? 87 87 00:06:59,000 --> 00:07:03,000 Yes it can, can it ping router 2? 88 88 00:07:03,000 --> 00:07:10,000 At the moment it can and the reason why is that 89 89 00:07:10,000 --> 00:07:18,000 on these switches IP routing is configured by default. 90 90 00:07:18,000 --> 00:07:24,000 However, if I type no IP routing which is true on a lot of switches. 91 91 00:07:24,000 --> 00:07:30,000 The pings will not succeed because the switch is not doing Inter-VLAN routing. 92 92 00:07:30,000 --> 00:07:34,000 To enable Inter-VLAN routing on a layer 3 switch such as this 93 93 00:07:34,000 --> 00:07:39,000 or a physical switch you need the IP routing command 94 94 00:07:39,000 --> 00:07:41,000 to route between the VLANs. 95 95 00:07:41,000 --> 00:07:45,000 So to prove this on router 2 96 96 00:07:45,000 --> 00:07:55,000 I’ll do a debug ip icmp so we can see if ICMP traffic is getting to the router. 97 97 00:07:55,000 --> 00:07:59,000 Do the ping again and notice there are the echo replies 98 98 00:07:59,000 --> 00:08:08,000 we can do something similar on router 1 and there are the echo replies. 99 99 00:08:08,000 --> 00:08:14,000 debug ip packet will give us low information 100 100 00:08:14,000 --> 00:08:18,000 I repeat this only once so we'll send 1 ping 101 101 00:08:18,000 --> 00:08:20,000 which succeeded over there 102 102 00:08:20,000 --> 00:08:26,000 and what you can see is the packet was routed out of the router 103 103 00:08:26,000 --> 00:08:30,000 and sent to the destination as an IP packet. 104 104 00:08:30,000 --> 00:08:34,000 So in other words, this end devices connected to a switch 105 105 00:08:34,000 --> 00:08:38,000 are unaware that the switch is using VLANs. 106 106 00:08:38,000 --> 00:08:43,000 The configuration of the switches as follows. 107 107 00:08:43,000 --> 00:08:45,000 sh run int g0/0 108 108 00:08:45,000 --> 00:08:48,000 that port is using default config which 109 109 00:08:48,000 --> 00:08:50,000 which means that it’s an access port in VLAN 1 110 110 00:08:50,000 --> 00:08:54,000 gigabit 0/2 is an access port in VLAN 2. 111 111 00:08:54,000 --> 00:09:00,000 IP routing is enabled and we’ve configured layer 3 IP addresses 112 112 00:09:00,000 --> 00:09:05,000 on the 2 VLANs to allow the switch to route between their 2 VLANs 113 113 00:09:05,000 --> 00:09:07,000 configured which in turn allows router 1 and router 2 114 114 00:09:07,000 --> 00:09:10,000 to communicate with each other. 115 115 00:09:10,000 --> 00:09:16,000 Now if router 1 and router 3 are put into the same VLAN 116 116 00:09:16,000 --> 00:09:19,000 and router 2 and router 4 are put into the same VLAN. 117 117 00:09:19,000 --> 00:09:21,000 That kind of information needs to be communicated 118 118 00:09:21,000 --> 00:09:25,000 from 1 switch to another using 802.1Q 119 119 00:09:25,000 --> 00:09:28,000 So this port needs to be configured as a trunk port 120 120 00:09:28,000 --> 00:09:33,000 so let’s prove that and then configure it. 10870