VLANs and Trunking

Disclaimer:
===========
All the text written here is sometimes my interpretation of data and sometimes exact words
written in different websites, tutorials, white paper, books and other online and offline sources.
This text is mainly for my personal reference. Thanks.

- VLAN creates segments into a broadcast domain.
- How it works is as follows:
a. Suppose you have 3 to 4, (say 4) switches interconnected and each switch has 10 hosts connected to each other.
b. Now all these 40 hosts are in single broadcast domain. If any one host sends a packet destined to 255.255.255.255,
everyone else will receive it. Lot of protocols (such as DHCP) work on broadcast mechanisms. You always wish
restrict the size of broadcast domain. VLANs can do that and in such a way that you would not have to move
a single machine from its place.
c. You first start-off by logically defining groups into your network. Such as administration, engineering,
hr, etc. Then you assign a particular subnet (ip-prefix) to each of them. Suppose you created 3
different subnets in your network. Now machines, each one of them, will be assigned those ip addresses.
d. Also, suppose the machines are already hooked up to these switches (to switch ports).
Now there exists a basic task. Assigning each of these ports to proper VLAN.
e. This tasks can be achieved in primarily two ways. Either network admin manually assigns these ports to VLANs
or he defines a database on a server mapping user machines MAC address to a VLAN.
f. We will take the first approach (for simplicity). Second one is infact more automated and simpler.
g. Login to each switch and fire these commands:
switch> enable
switch# conf t
switch(config)# vlan 10 name RED
switch(config)# vlan 20 name GREEN
switch(config)# vlan 30 name BLUE
RED, GREEN, BLUE are the names of the VLANs.
Now, we have to go to each of the interfaces and ask it to become part of a particular VLAN. A port cannot
be a part of two VLANs at a time.
switch(config)# int f0/0
switch(config-if)# switchport access vlan 10
switch(config-if)# end
Now we have to identify the ports through which the switches are interconnected. Also, identify the links
on which a particular VLAN could be travelling. For simplicity, we assumer all VLANs travel on all
inter-connecting links (also called trunk links). Now what we are going to do is enable trunking on trunk
links.
switch(config)# int f0/15
switch(config-if)# switchport trunk encapsulation dot1q
Here dot1q is the encapsulation protocol IEEE802.1Q.
switch(config-if)# switchport trunk allowed vlan 10,20,30
switch(config-if)# switchport mode trunk
We allowed the VLANs which are allowed to be travelling on these links and finally enabled the trunking.

h. After doing this on all the interfaces, you should be able to ping machines from each other (belonging to
same VLANs. For across VLAN access, you would have to configure a router/gateway and all the across VLAN
communication will go through that gateway.

Security Systems

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees