Solved: Re: When I setup a port for Trunk mode, how do I assign that tru

joealbergo · ‎05-27-2010

I am doing this lab for practice in Packet Tracer --- I am studying CCENT. The lab comes set up with a few VLANS, 3 switches and 6 pcs.

I do "show vlan" and I see that the only port not on the list of VLAN's is my fa0/3 port which I have the mode set to trunk.

I hope you can help - thanks in advance.

-Joe

Jon Marshall · ‎05-27-2010

You don't assign the trunk port to a vlan. When you create a trunk port by default it allows all vlans, that is why you do not see the port allocated to any

one vlan.

You can limit the vlans allowed on a trunk by using the "switchport trunk allowed vlan " command.

If you want to see which vlans are currently allowed on the trunk do a "sh interface trunk".

Jon

View solution in original post

Jon Marshall · ‎05-27-2010

joealbergo wrote:

What does this mean when.

Vlans in spanning tree forwarding state and not pruned

... and then it displays certain VLAN ID's -

It means that STP (spanning tree) has not blocked for any of those vlans listed and that VTP has not pruned any of those vlans.

VTP pruning is used where you have for example 2 switches connected together. You create a trunk link between the 2 switches and by default all vlans are allowed across. Lets say you have 10 vlans on both switches. But on sw2 you only have ports allocated into 8 of those vlans ie. traffic for the other 2 vlans is not needed by sw2 because it has no members of those 2 vlans. Without VTP pruning any broadcast and unknown unicast traffic will still be sent across the trunk link for those vlans. With VTP pruning enabled traffic is not sent for those 2 vlans to sw2 because there is no need.

So VTP pruning is a kind of efficiency mechanism.

Jon

View solution in original post

Jon Marshall · ‎05-27-2010

joealbergo wrote:

Also,

by default all VLAN ID's are allowed.

However for better practice do I want to only allow the VLAN ID's that I am using on the network for best practice?

-and-

If the default VLAN 1 is still allowed, can that cause disruption?

It is best practice to only allow the vlans across the trunk link that you want. To do this you can use the "switchport trunk allowed vlan " interface command to control which vlans are allowed across the trunk link.

Vlan 1 is special on Cisco switches. Even if you don't include it in the allowed list it is still used by Cisco switches to exchange management protocols such as CDP/VTP/PagP.

Jon

View solution in original post

Jon Marshall · ‎05-27-2010

Joseph

Just going over what you said the way I understand it is ---- if I had 5 switches trunked together and all VLAN's were allowed across the 5.

If I have 1 switch (out of the 5) that had different VLAN's setup - - -

Then the Pruning would automatically eliminate the un-needed broadcasts/anon.unicasts from being sent to - that 1 switches VLANs, except the 2 (Example: 2 of the 10 VLANS) that it has assigned to it's ports. (That are in use)

While the remaining 4 switches with ALL the VLANs assigned to the ports will still receive them.

Am I following you?

Yes you are following me Just to clarify though -

sw1 -> sw2 -> sw3 -> sw4 -> sw5

if you had the above setup and sw3 was the switch that did not need traffic for the 2 vlans but all the others did then it could not be pruned because if sw2 wanted to send traffic for one of the 2 vlans to sw4 you would have to allow the traffic across sw3.

if on the other hand it was sw5 that did not need traffic for the 2 vlans then yes it could be pruned off the trunk link between sw4 -> sw5.

Access Mode VLAN: 99 (Management&Native) <-----------------------WHAT IS THIS?
Trunking Native Mode VLAN: 99 (Management&Native) <------------------------WHAT IS THIS?

the native vlan is a big subject in itself. The native vlan is the one vlan that does not have a vlan tag in the frame. When frames are sent across trunk links each frame has a vlan tag attached to it so that the receiving switch knows which vlan this frame is for. The vlan tag among other things contains the vlan ID. If a frame is in the native vlan it doesn't have a tag in the frame so it is important that both ends of the trunk link agree on the native vlan.

By default vlan 1 is the native vlan but it looks like this has been changed on your switches. Make sure the native vlan is the same on both ends of the trunk link.

Jon

View solution in original post

Jon Marshall · ‎05-27-2010

You don't assign the trunk port to a vlan. When you create a trunk port by default it allows all vlans, that is why you do not see the port allocated to any

one vlan.

You can limit the vlans allowed on a trunk by using the "switchport trunk allowed vlan " command.

If you want to see which vlans are currently allowed on the trunk do a "sh interface trunk".

Jon

joealbergo · ‎05-27-2010

Jon,

Thank you very much for your rapid and accurate answer - I really appreciate that a lot.

I guess I am going to have to continue looking over this lab.

The completion of the lab is when I can ping from one PC to another - through the VLAN's

---

Thanks again.

joealbergo · ‎05-27-2010

What does this mean when.

Vlans in spanning tree forwarding state and not pruned

... and then it displays certain VLAN ID's -

Jon Marshall · ‎05-27-2010

joealbergo wrote:

What does this mean when.

Vlans in spanning tree forwarding state and not pruned

... and then it displays certain VLAN ID's -

It means that STP (spanning tree) has not blocked for any of those vlans listed and that VTP has not pruned any of those vlans.

VTP pruning is used where you have for example 2 switches connected together. You create a trunk link between the 2 switches and by default all vlans are allowed across. Lets say you have 10 vlans on both switches. But on sw2 you only have ports allocated into 8 of those vlans ie. traffic for the other 2 vlans is not needed by sw2 because it has no members of those 2 vlans. Without VTP pruning any broadcast and unknown unicast traffic will still be sent across the trunk link for those vlans. With VTP pruning enabled traffic is not sent for those 2 vlans to sw2 because there is no need.

So VTP pruning is a kind of efficiency mechanism.

Jon

joealbergo · ‎05-27-2010

Wow! Wonderful, okay.

Just going over what you said the way I understand it is ---- if I had 5 switches trunked together and all VLAN's were allowed across the 5.

If I have 1 switch (out of the 5) that had different VLAN's setup - - -

Then the Pruning would automatically eliminate the un-needed broadcasts/anon.unicasts from being sent to - that 1 switches VLANs, except the 2 (Example: 2 of the 10 VLANS) that it has assigned to it's ports. (That are in use)

While the remaining 4 switches with ALL the VLANs assigned to the ports will still receive them.

Am I following you?

------------------------------------------------- ALSO------------------------------------------------

Why am I unable to ping - what else can I be missing? I am now 75% percent complete with the Activity. I just do not see where the problem exists. I have checked my interface mode trunk and they are all set to trunk. My VLAN's allowed are all the same across the board with the 3 switches. (1,10,20,30,99)

Here is the output from S3#show interface fa0/3 switchport

Name: Fa0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 99 (Management&Native) <-----------------------WHAT IS THIS?
Trunking Native Mode VLAN: 99 (Management&Native) <------------------------WHAT IS THIS?
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

-------------------------------------------------------------

I hope that I am not going to far out of hand with these questions. I appreciate all of your knowledge and time --- Ill be here to respond.

Jon Marshall · ‎05-27-2010

Joseph

Just going over what you said the way I understand it is ---- if I had 5 switches trunked together and all VLAN's were allowed across the 5.

If I have 1 switch (out of the 5) that had different VLAN's setup - - -

Then the Pruning would automatically eliminate the un-needed broadcasts/anon.unicasts from being sent to - that 1 switches VLANs, except the 2 (Example: 2 of the 10 VLANS) that it has assigned to it's ports. (That are in use)

While the remaining 4 switches with ALL the VLANs assigned to the ports will still receive them.

Am I following you?

Yes you are following me Just to clarify though -

sw1 -> sw2 -> sw3 -> sw4 -> sw5

if you had the above setup and sw3 was the switch that did not need traffic for the 2 vlans but all the others did then it could not be pruned because if sw2 wanted to send traffic for one of the 2 vlans to sw4 you would have to allow the traffic across sw3.

if on the other hand it was sw5 that did not need traffic for the 2 vlans then yes it could be pruned off the trunk link between sw4 -> sw5.

Access Mode VLAN: 99 (Management&Native) <-----------------------WHAT IS THIS?
Trunking Native Mode VLAN: 99 (Management&Native) <------------------------WHAT IS THIS?

the native vlan is a big subject in itself. The native vlan is the one vlan that does not have a vlan tag in the frame. When frames are sent across trunk links each frame has a vlan tag attached to it so that the receiving switch knows which vlan this frame is for. The vlan tag among other things contains the vlan ID. If a frame is in the native vlan it doesn't have a tag in the frame so it is important that both ends of the trunk link agree on the native vlan.

By default vlan 1 is the native vlan but it looks like this has been changed on your switches. Make sure the native vlan is the same on both ends of the trunk link.

Jon

joealbergo · ‎05-27-2010

Super Awesome!

Jon Marshall

You are the greatest... thank you kindly -

Ill be back on here again...

I will keep in touch

..and I do follow what you mean about the switch prune order... makes perfect sense.

joealbergo · ‎05-27-2010

Also,

by default all VLAN ID's are allowed.

However for better practice do I want to only allow the VLAN ID's that I am using on the network for best practice?

-and-

If the default VLAN 1 is still allowed, can that cause disruption?

Jon Marshall · ‎05-27-2010

joealbergo wrote:

Also,

by default all VLAN ID's are allowed.

However for better practice do I want to only allow the VLAN ID's that I am using on the network for best practice?

-and-

If the default VLAN 1 is still allowed, can that cause disruption?

It is best practice to only allow the vlans across the trunk link that you want. To do this you can use the "switchport trunk allowed vlan " interface command to control which vlans are allowed across the trunk link.

Vlan 1 is special on Cisco switches. Even if you don't include it in the allowed list it is still used by Cisco switches to exchange management protocols such as CDP/VTP/PagP.

Jon

When I setup a port for Trunk mode, how do I assign that trunk port to a VLAN?