CCNA 200-301 Thread 4. Mastering VLAN Configuration and Management

Mark Bartolo

3 min read
CCNA 200-301 Thread 4. Mastering VLAN Configuration and Management
Photo by Jonathan / Unsplash

Welcome back friends and fellow network enthusiasts! In our previous article, we covered the fundamentals of VLANs and how to configure them using the Cisco IOS CLI. Here, we go deeper in on VLAN configuration and management.

Understanding Tagged and Untagged VLAN Traffic

When it comes to VLAN traffic, there are two main types: tagged and untagged. Untagged traffic is handled by access ports, which are designed for devices that can't process VLAN tags, such as computers and printers. To configure a port in access mode, use the command switchport mode access. For example, to assign a port to VLAN 10 for untagged computer traffic, you would enter switchport access vlan 10.

On the other hand, tagged traffic is managed by trunk ports, which preserve VLAN tags for inter-switch communication. This allows devices in the same VLAN but on different switches to communicate seamlessly. To configure a trunk port, use the command switchport mode trunk. For instance, if you want phones to send voice data tagged with VLAN 11, you would use switchport voice vlan 11.

Mastering Switch-to-Switch Connections

When connecting switches, it's important to understand the limitations of access mode and the benefits of trunk ports.

Problem: Access mode is not suitable for carrying multiple VLANs across links, as it can lead to VLAN information being lost. This can cause issues like traffic being reassigned to the wrong VLAN, disrupting communication between devices.

Trunk ports are the solution to this problem. They are essential for carrying multiple VLANs across switch links while preserving VLAN tags, ensuring proper communication between devices in different VLANs across switches.

Configuring a Trunk Port

To configure a trunk port to carry traffic for multiple VLANs, e.g. VLANs 10 and 11, below is the recommended order of commands:

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11
 no shutdown

Let's break down these commands:

  1. interface GigabitEthernet0/1: Specifies the interface you're configuring.
  2. switchport trunk encapsulation dot1q: Sets the trunking encapsulation to 802.1Q (required on some switch models).
  3. switchport mode trunk: Changes the interface mode to trunk.
  4. switchport trunk allowed vlan 10,11: Specifies which VLANs are allowed on the trunk (optional but recommended for security).
  5. no shutdown: Ensures the interface is enabled.

A Practical Configuration Example

Let's solidify our understanding of VLAN configuration using Access Port Configuration. To configure a port for both computer traffic in VLAN 10 and voice traffic in VLAN 11, you would use the following commands:

switchport mode access
switchport access vlan 10
switchport voice vlan 11

Although it's not a trunk port, it's still a correct way for configuring an access port that carries traffic for a single VLAN (VLAN 10) (plus an optional voice VLAN, VLAN 11).

Verification and Troubleshooting Techniques

Knowing how to verify your VLAN configuration and troubleshoot issues is crucial for maintaining a healthy network. Here are some essential commands to keep in your toolkit:

  • show interface f0/1: Checks the status of a specific interface and ensures it is in the "up up" state for data transmission.
  • show interface f0/1 switchport: Displays VLAN assignments and operational mode for an interface.
  • show vlan: Confirms ports are assigned to the correct VLANs for proper network segmentation.
  • show interface trunk: Displays trunking status and allowed VLANs for managing inter-switch links.
  • show mac address-table: Shows MAC addresses learned on each VLAN to troubleshoot connectivity issues.

The Importance of Routing Between VLANs

One current limitation of VLANs is that devices in different VLANs cannot communicate without routing. They are like siloed islands with no traffic between them. For example, a PC in VLAN 10 cannot talk to a server in VLAN 13. The solution to this problem is to implement routing to enable inter-VLAN communication. We will cover the detailed configuration of inter-VLAN routing in a future article, so stay tuned!

Happy networking!

Read more