Trunking for Only Some VLANs

Wendell
By Wendell November 2, 2015 10:30

VLAN trunks between Cisco Catalyst switches support all VLANs known to the switches. Then add a new VLAN, and the trunk supports it. Is that a good idea? In this post, you will get a chance to practice that common task – configuring ports into VLANs – while setting up a trunk to support only the VLANs used at the present, so that new VLANs are not automatically allowed to send traffic over a trunk.

Requirements

Your job: Configure appropriate interfaces as trunks to pass traffic between PC’s, while supporting those VLANs only.

This lab begins with all the interfaces shown in Figure 1 working, because the cables have been connected, and the switches default to bring up the interfaces. However, you need to add the correct interfaces into the VLANs shown in the figure. Additionally, you must decide what commands to add to make sure the link between the switches trunks, and that the link does not depend on any trunking negotiation to do so. Finally, you must make sure that the trunk supports only the two VLANs show in the figure (plus the native VLAN) until someone else comes back to change the configuration.

The specific rules for this lab are:

  • Configure the interfaces connected to PCs to be access interfaces in the correct VLAN
  • Configure the link between switches to statically act a trunk (that is, do not rely on trunk negotiation)
  • Configure to restrict the trunk to support only the native VLAN and the other VLANs shown in the figure
  • Do not configure settings not needed for this lab.

Figure 1: Two Switches – Point-to-Point

 

Initial Configuration

The two switches begin with basically default configuration and a hostname. The two examples here emphasize that point, with confirmation that the ports are enabled (no shutdown).

Example 1: SW1 Config

 

Example 1: SW2 Config

 

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

If you do try this lab beyond just writing the answers on paper or in a text editor, give PC1 and PC3 an IP address in the same subnet. Likewise, for PC2 and PC4. Because this lab uses no routers or layer 3 switches, once working, the PCs in the same VLAN should be able to ping each other, but they should not be able to ping PCs in other VLANS.

Also, if you want to test for the restriction to support only VLANs 100 and 200, once you test all the pings, reconfigure the switches to put the PC1 and PC3 ports into a new VLAN (300). Then try to ping PC3 from PC1 again; it should now fail, because the trunk does not forward VLAN 300 traffic.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

 

Network and Host Info:

No changes as compared to the lab exercises.

 

Initial Trunking Config Change for VIRL

The switches need one additional command to be correct at the initial starting point. VIRL uses an IOS image for Layer 2 switches that requires that the type of trunking be configured. The command added to both switches G0/3 interfaces, which is already added to the .VIRL file, is:

Many switches, like the 2960 access switches many people use for CCNA labbing at home, would not require this extra command.

 

Handy Host Commands:

To see PC IP address: ifconfig eth0

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

 

Answers: OSPF Interface Config 1
Answers: Trunking for Only Some VLANs
Wendell
By Wendell November 2, 2015 10:30
Write a comment

3 Comments

  1. Mike November 2, 21:14

    ! for both switches
    !
    int gi0/1
    switchport mode access
    switchport access vlan 100

    int gi0/2
    switchport mode access
    switchport access vlan 200

    int gi0/3
    switchport mode trunk
    switchport trunk allowed vlan except 2-99,101-199,201-4094

    ! other option (simpler, less VLAN ID typing)
    int gi0/3
    switchport trunk allowed vlan none
    switchport trunk allowed vlan 1,100,200

    Reply to this comment
  2. gigi November 17, 18:02

    Collin

    From definition 802.1q native VLAN can be default VLAN 1. If both switches agree !

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories