NetLab VLANs and Trunking

Creating VLANs Using VTP InterVLAN Routing

Resetting the switches

On both switches, erase any pre-configured VLAN information or startup-config file. Switch#delete flash:vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch#erase startup-config Switch#reload

Router and Interface Types

The routers used in this lab were Cisco 2621s. This means that the interface types are: FastEthernet 0/0 FastEthernet 0/1 (not used) Serial 0/0 Serial 0/1 Depending upon the routers you use, your interface types may differ (e.g. FastEthernet 0 and Serial 0). Also, if you are using routers with standard Ethernet interfaces (10 Mbps) instead of FastEthernet interfaces (100 Mbps), this may change some of the outputs and routing table metrics shown in this lab.

Keeping output from interrupting keyboard input

The command logging synchronous configure the console 0 port to keep debug and other output messages from interrupting keyboard input. Router(config)#line console 0 Router(config-line)#logging synchronous

Changing the default timeout

By default, after 10 minutes if there is no input via the console, the user will be logged off. Although a good idea in production environment, in a lab environment this can be somewhat annoying. To turn-off the automatic timeout feature, we use the command: exec-timeout minutes [seconds], setting both the minutes and seconds to 0. Router(config)#line console 0 Router(config-line)#exec-timeout 0 0

Configuring VLANs There are two way to manage VLANs on multiple switches: Using VTP Without using VTP We will use VTP to create the VLANs on the VTP server switch which will propagate the VLAN information to the VTP client switch. Without VTP, adding and deleting VLANs would have to be configured on each switch. With or without VTP, the individual interfaces on each switch must still be configured for any VLAN other than the default VLAN, VLAN 1.

Configuring the Basics

Configuring the IP addresses and VTY passwords on each switch allows you to telnet from switch to the other. Remember, switches are layer 2 devices and do not perform routing. Switch1 Switch>ena Switch#conf t Switch(config)#host Switch1 Switch1(config)#line con 0 Switch1(config-line)#logg sync Switch1(config-line)#exec-time 0 0 Switch1(config)#enable secret class Switch1(config)#line vty 0 4 Switch1(config-line)#password cisco Switch1(config-line)#login Switch1(config-line)#exit Switch1(config)#interface vlan 1 Switch1(config-if)#ip add 172.16.1.3 255.255.255.0 Switch1(config-if)#no shutdown Switch1(config)#ip default-gateway 172.16.1.1

Switch2 Switch>ena Switch#conf t Switch(config)#host Switch2 Switch2(config)#line con 0 Switch2(config-line)#logg sync Switch2(config-line)#exec-time 0 0 Switch2(config)#enable secret class Switch2(config)#line vty 0 4 Switch2(config-line)#password cisco Switch2(config-line)#login Switch2(config)#interface vlan 1 Switch2(config-if)#ip add 172.16.1.2 255.255.255.0 Switch2(config-if)#no shutdown Switch2(config)#ip default-gateway 172.16.1.1

Router1 Router#conf t Router(config)#host Router1 Router1(config)#enable secret class Router1(config)#line con 0 Router1(config-line)#logg sync Router1(config-line)#exec-time 0 0 Router1(config)#line vty 0 4 Router1(config-line)#password cisco Router1(config-line)#login

Using Spanning Tree Protocol to Locate Active Link

There are two links between Switch1 and Switch2. We will use STP to see which link is in Forwarding state on both switches, and which switch has one of its links it Blocking state.

Switch1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0011.5cd1.bc00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 32769 (priority 32768 sys-id-ext 1) Address 0011.5cd1.bc00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Sts --FWD FWD FWD Cost --------19 19 100 Prio.Nbr -------128.2 128.3 128.4 Type -------------------------------P2p P2p Shr

Interface ---------------Fa0/2 Fa0/3 Fa0/4

Switch2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0011.5cd1.bc00 Cost 19 Port 2 (FastEthernet0/2) Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 32769 (priority 32768 sys-id-ext 1) Address 0013.6012.42c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Desg Sts --FWD BLK FWD Cost --------19 19 100 Prio.Nbr -------128.2 128.3 128.5 Type -------------------------------P2p P2p Shr

Interface ---------------Fa0/2 Fa0/3 Fa0/5

Notice that Fa0/3 on Switch2 is in Blocking state. So the active link between Switch1 and Switch2 is Fa0/2 on both switches.

Configuring VTP
It is generally a good idea to configure any VTP client and transparent switches before they join a network. By default, Cisco switches are VTP servers. By configuring the switch as a VTP client or VTP transparent switch before connecting it to the network keeps it from possibly incorrectly propagating VTP server information. We will configure Switch2 as the client. We will use the vlan database command, but notice that the IOS will recommend that you use the config mode option. We will use the config mode when we configure Switch2. Switch2 Switch2#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Switch2(vlan)#vtp client Setting device to VTP CLIENT mode. Switch2(vlan)#vtp domain group1 Changing VTP domain name from NULL to group1 Switch2(vlan)#vtp password cisco Setting device VLAN database password to cisco Switch2(vlan)#? VLAN database editing buffer manipulation commands: abort Exit mode without applying the changes apply Apply current changes and bump revision number exit Apply changes, bump revision number, and exit mode no Negate a command or set its defaults reset Abandon current changes and reread current database show Show database information vlan Add, delete, or modify values associated with a single VLAN vtp Perform VTP administrative functions. Switch2(vlan)#exit In CLIENT state, no apply attempted. Exiting.... Verify VTP Information on Switch1 Switch2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : group1 VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xEA 0xA2 0x1B 0x04 0x6E 0x98 0xE6 0x3A Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Switch2#

Switch1 You will now configure Switch1 as the VTP server. This will be done in global configuration mode.

Switch1(config)#vtp ? domain Set the name of the VTP administrative domain. file Configure IFS filesystem file where VTP configuration is stored. interface Configure interface as the preferred source for the VTP IP updater address. mode Configure VTP device mode password Set the password for the VTP administrative domain pruning Set the adminstrative domain to permit pruning version Set the adminstrative domain to VTP version Switch1(config)#vtp Device mode already Switch1(config)#vtp Changing VTP domain Switch1(config)#vtp Setting device VLAN mode server VTP SERVER. domain group1 name from NULL to group1 password cisco database password to cisco

Switch1(config)#vlan ? WORD ISL VLAN IDs 1-1005 internal internal VLAN Switch1(config)#vlan 10 Switch1(config-vlan)#? VLAN configuration commands: are Maximum number of All Route Explorer hops for zero if none specified) backupcrf Backup CRF mode of the VLAN bridge Bridging characteristics of the VLAN exit Apply changes, bump revision number, and exit media Media type of the VLAN mtu VLAN Maximum Transmission Unit name Ascii name of the VLAN no Negate a command or set its defaults parent ID number of the Parent VLAN of FDDI or Token private-vlan Configure a private VLAN remote-span Configure as Remote SPAN VLAN ring Ring number of FDDI or Token Ring type VLANs said IEEE 802.10 SAID shutdown Shutdown VLAN switching state Operational state of the VLAN ste Maximum number of Spanning Tree Explorer hops (or zero if none specified) stp Spanning tree characteristics of the VLAN tb-vlan1 ID number of the first translational VLAN for zero if none) Switch1(config-vlan)#name Accounting Switch1(config-vlan)#exit Switch1(config)#vlan 20 Switch1(config-vlan)#name Marketing Switch1(config-vlan)#exit Switch1(config)#vlan 30 Switch1(config-vlan)#name Engineering Switch1(config-vlan)#end

this VLAN (or

mode

Ring type VLANs

for this VLAN

this VLAN (or

Verify VTP Information on Switch1 Switch1#show vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 64 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : group1 VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xC5 0x5B 0x12 0x16 0xDA 0xF6 0x54 0x6D Configuration last modified by 172.16.1.3 at 3-1-93 00:49:05 Local updater ID is 172.16.1.3 on interface Vl1 (lowest numbered VLAN interface found) Switch1#
Switch1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 10 Accounting active 20 Marketing active 30 Engineering active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN ---1 10 20 30 VLAN ---1002 1003 1004 1005 Type ----enet enet enet enet Type ----fddi tr fdnet trnet SAID ---------100001 100010 100020 100030 SAID ---------101002 101003 101004 101005 MTU ----1500 1500 1500 1500 MTU ----1500 1500 1500 1500 Parent -----Parent -----RingNo -----RingNo -----BridgeNo -------BridgeNo -------Stp ---Stp ---ieee ibm BrdgMode -------BrdgMode -------Trans1 -----0 0 0 0 Trans1 -----0 0 0 0 Trans2 -----0 0 0 0 Trans2 -----0 0 0 0

Remote SPAN VLANs ------------------------------------------------------------------------------

Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------

Switch1# Verify VLAN Information on Switch2 Notice that the VLAN names and numbers for Accounting, Marketing and Engineering have been propagated to the client VTP switch, Switch2.

Switch2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 Accounting active 20 Marketing active 30 Engineering active

Configuring Trunking
Some switches, such as the 2900XL switch supports both ISL and IEEE 802.1q trunking. By default, the 2900XL uses ISL, so when connecting to a switch that only supports 802.1Q, it is important to be sure to change the trunking encapsulation to 802.1Q (dot1q). (DO NOT CONFIGURE THE 2900XL COMMANDS BELOW. THIS IS ONLY AN EXAMPLE.) 2900XL(config)#inter fa 0/1 2900XL(config-if)#switchport mode trunk 2900XL(config-if)#switchport trunk encapsulation ? dot1q Interface uses only 802.1q trunking encapsulation when trunking isl Interface uses only ISL trunking encapsulation when trunking 2900XL(config-if)#switchport trunk encapsulation dot1q Note: On some switches, the switchport trunk encapsulation command must be done before the switchport mode trunk command. If the switchport mode trunk command returns an error, use the switchport trunk encapsulation command first.

Configuring 2950: Trunking The 2950 supports only 802.1Q trunking protocol, so we only need to configure the interface for trunking. Remember from viewing STP information that the active link on both switches is Fa0/2.

Cisco switches use DTP (Dynamic Trunking Protocol). By default on the 2950 switches, interfaces are set to dynamic desirable. This means that two ports that are set to this default, will automatically trunk between them.

Verify DTP by using show interface switchport: Switch1#show inter fa 0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none

10

Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none Switch1#

Switch2#show inter fa 0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Switch2# Verify Trunking on both switches: Switch1#show interface trunk Port Fa0/2 Fa0/3 Port Fa0/2 Fa0/3 Port Fa0/2 Fa0/3 Mode desirable desirable Encapsulation 802.1q 802.1q Status trunking trunking Native vlan 1 1

Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1,10,20,30 1,10,20,30

11

Port Fa0/2 Fa0/3 Switch1#

Vlans in spanning tree forwarding state and not pruned 1,10,20,30 1,10,20,30

Switch2#show interface trunk Port Fa0/2 Fa0/3 Port Fa0/2 Fa0/3 Port Fa0/2 Fa0/3 Port Fa0/2 Fa0/3 Switch2# Mode desirable desirable Encapsulation 802.1q 802.1q Status trunking trunking Native vlan 1 1

Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1,10,20,30 1,10,20,30 Vlans in spanning tree forwarding state and not pruned 1,10,20,30 none

Even though the ports are trunking, we will configure the interface on both switches to permanent trunking mode. Remember, the 2950 supports only 802.1Q trunking protocol, so we do not need to configure the trunking encapsulation. Switch1(config)#inter fa 0/2 Switch1(config-if)#switchport mode trunk Switch2(config)#inter fa 0/2 Switch2(config-if)#switchport mode trunk

Examine the change in the switchport information: Switch1#show inter fa 0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk <Output omitted> Verify that trunking is still occurring: Switch1#show interface trunk Port Mode Fa0/2 on Fa0/3 desirable <Output omitted> Encapsulation 802.1q 802.1q Status trunking trunking Native vlan 1 1

Verify communications by pinging the other switch: Switch1#ping 172.16.1.2

12

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms Switch1# Note: Why did the first ping fail? The ICMP Echo Request timed out waiting for the ARP Reply.

13

Assigning Ports to VLANs

By default, all ports are assigned to VLAN 1, the default VLAN.
Switch1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 10 Accounting active 20 Marketing active 30 Engineering active

Assign the ports to the following VLANs on both switches: VLAN 1: Fa 0/1 through Fa 0/4 VLAN 10: Fa 0/5 VLAN 20: Fa 0/6 Fa 0/20 VLAN 30: Fa 0/21 Switch1(config)#inter fa 0/5 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan 10 Switch1(config-if)#exit On the 2950 there is the interface range command which allows you to configure a range of ports. Switch1(config)#inter range fa 0/6 - 20 Switch1(config-if-range)#switchport mode access Switch1(config-if-range)#switchport access vlan 20 Switch1(config-if-range)#exit Switch1(config)#inter fa 0/21 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan 30 Switch1(config-if)#end Switch1# VLAN 1 is the default VLAN so these interfaces do not need to be assigned. Verify the VLAN information on Switch1.
Switch1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/4, Fa0/22, Fa0/23 Fa0/24 10 Accounting active Fa0/5 20 Marketing active Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20 30 Engineering active Fa0/21

14

Configure Switch2 Switch2(config)#inter fa 0/5 Switch2(config-if)#switchport mode access Switch2(config-if)#switchport access vlan 10 Switch2(config-if)#exit On the 2950 there is the interface range command which allows you to configure a range of ports. Switch2(config)#inter range fa 0/6 - 20 Switch2(config-if-range)#switchport mode access Switch2(config-if-range)#switchport access vlan 20 Switch2(config-if-range)#exit Switch2(config)#inter fa 0/21 Switch2(config-if)#switchport mode access Switch2(config-if)#switchport access vlan 30 Switch2(config-if)#end VLAN 1 is the default VLAN so these interfaces do not need to be assigned. Verify the VLAN information on Switch1.
Switch2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/4, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Accounting active Fa0/5 20 Marketing active Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20 30 Engineering active Fa0/21

Why should we use both of these commands? Switch2(config)#inter fa 0/5 Switch2(config-if)#switchport mode access Switch2(config-if)#switchport access vlan 30 The switchport mode access command makes the switchport permanent access (non-trunking). So even if the other side of the link was configured for trunking, this port would not trunk. Remember, DTP default on the 2950 switch is dynamic desirable, which means if a switch was connected to this port it would become a trunking interface. Switch2#show interface fa 0/5 switchport Name: Fa0/5 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Off <Output omitted>

15

Configuring Inter-VLAN Routing

First, lets configure a trunk on the Switch1 going to the 2621 router. Switch1(config)#inter fa 0/1 Switch1(config-if)#switchport mode trunk Configuring Inter-VLAN Routing: 2621 Router Now, lets configure the 2621 router to support trunking and Inter-VLAN routing. VLAN 1 is the default VLAN. We will need to configure a subinterface on the physical FastEthernet port on the router for each VLAN or subnet. We will use a common configuration practice of using the VLAN number for the subinterface. Router1(config)#inter fa 0/1 Router1(config-if)#no shutdown Router1(config-if)#interface fa 0/1.1 Router1(config-subif)#encapsulation dot1q 1 Router1(config-subif)#ip add 172.16.1.1 255.255.255.0 Router1(config-subif)#exit Router1(config)#interface fa 0/1.10 Router1(config-subif)#encapsulation dot1q 10 Router1(config-subif)#ip add 172.16.10.1 255.255.255.0 Router1(config-subif)#exit Router1(config)#interface fa 0/1.20 Router1(config-subif)#encapsulation dot1q 20 Router1(config-subif)#ip add 172.16.20.1 255.255.255.0 Router1(config-subif)#exit Router1(config)#interface fa 0/1.30 Router1(config-subif)#encapsulation dot1q 30 Router1(config-subif)#ip add 172.16.30.1 255.255.255.0 Router1(config-subif)#end Router1#

Router1#show ip interface brief Interface IP-Address FastEthernet0/1 unassigned FastEthernet0/1.1 172.16.1.1 FastEthernet0/1.10 172.16.10.1 FastEthernet0/1.20 172.16.20.1 FastEthernet0/1.30 172.16.30.1 Router1#

OK? YES YES YES YES YES

Method unset manual manual manual manual

Status up up up up up

Protocol up up up up up

Router1#show ip route 172.16.0.0/24 is subnetted, 4 subnets C 172.16.30.0 is directly connected, FastEthernet0/1.30 C 172.16.20.0 is directly connected, FastEthernet0/1.20 C 172.16.10.0 is directly connected, FastEthernet0/1.10 C 172.16.1.0 is directly connected, FastEthernet0/1.1 Router1#

16

Configuring Hosts In this version of NetLab we do not have the ability to configure hosts. But using our VLAN number and addressing scheme, host on the following VLANs would be configured as follows: VLAN 1 IP network address (host on this network): 172.16.1.0/24 Default Gateway: 172.16.1.1 VLAN 10 IP network address (host on this network): 172.16.10.0/24 Default Gateway: 172.16.10.1 VLAN 20 IP network address (host on this network): 172.16.20.0/24 Default Gateway: 172.16.20.1 VLAN 30 IP network address (host on this network): 172.16.30.0/24 Default Gateway: 172.16.30.1 Any communications between two VLANs (networks) would be carried over the trunk link and routed via Router1. Any communications between switches within the same VLAN, would be carried over the trunk link. Switch2#ping 172.16.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms Switch2# Switch2#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1004 ms Switch2#

17

FYI: Note regarding routing the untagged VLAN: When a routers interface is configured as a trunk link, frames received on that interface from the native VLAN on the switch enter the interface untagged. (See my article on Native VLANs.) Frames from the other non-native VLANs enter the interface tagged as ISL or 802.1Q. Configuring the routers interface as a trunk link requires the use of subinterfaces. Each VLAN is configured on a separate subinterface. Each subinterface is configured to match the proper trunking protocol on the switch (ISL or 802.1Q). This is done with the router interface command: encapsulation [ dot1q | isl ] vlan Router(config)#inter fa 0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip add 172.16.10.1 255.255.255.0 However, the router's subinterface that receives the native VLAN traffic (typically VLAN 1) must be configured to expect those frames to be untagged. This is done using the native option on that subinterface: encapsulation [ dot1q | isl ] vlan native Router(config-if)#interface fa 0/0.1 Router(config-subif)#encapsulation dot1q 1 native Router(config-subif)#ip add 172.16.1.1 255.255.255.0

Prior to IOS 12.1(3)T the router had to be configured with the native VLAN on the physical interface and non-native VLANs were configured on the subinterfaces with the ISL or 802.1Q tag. Router(config)#interface fa 0/0 Router(config-subif)#ip add 172.16.1.1 255.255.255.0 Router(config)#inter fa 0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip add 172.16.10.1 255.255.255.0

18

Final Running-Configs
Switch1#show running-config Building configuration... Current configuration : 2512 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch1 ! enable secret 5 $1$8WZx$SfZqIMHYy6DHrXO8TxMrF0 ! ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! ! interface FastEthernet0/1 switchport mode trunk no ip address ! interface FastEthernet0/2 switchport mode trunk no ip address ! interface FastEthernet0/3 no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access no ip address ! interface FastEthernet0/6 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/7 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/8 switchport access vlan 20 switchport mode access no ip address

19

! interface FastEthernet0/9 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/13 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access no ip address ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access

20

no ip address ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access no ip address ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 no ip address ! interface FastEthernet0/24 no ip address ! interface Vlan1 ip address 172.16.1.3 255.255.255.0 no ip route-cache ! ip default-gateway 172.16.1.1 ip http server ! ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 password cisco login line vty 5 15 login ! end Switch1#

Switch2#show running-config Building configuration... Current configuration : 2195 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch2 ! enable secret 5 $1$yQv3$pw/ARM8ZH7pdABy9lR2x.0 ! ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id

21

! ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access ! interface FastEthernet0/6 switchport access vlan 20 switchport mode access ! interface FastEthernet0/7 switchport access vlan 20 switchport mode access ! interface FastEthernet0/8 switchport access vlan 20 switchport mode access ! interface FastEthernet0/9 switchport access vlan 20 switchport mode access ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access ! interface FastEthernet0/13 switchport access vlan 20 switchport mode access ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access ! interface FastEthernet0/16 switchport access vlan 20

22

switchport mode access ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 172.16.1.2 255.255.255.0 no ip route-cache ! ip default-gateway 172.16.1.1 ip http server ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 password cisco login line vty 5 15 login ! ! end Switch2# Router1#show running-config Building configuration... Current configuration : 1145 bytes ! version 12.2

23

service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router1 ! enable secret 5 $1$uCkq$m1ec7.5GSXDEtNxkb85r8/ ! memory-size iomem 15 ip subnet-zero ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.1 encapsulation dot1Q 1 native ip address 172.16.1.1 255.255.255.0 ! interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 172.16.10.1 255.255.255.0 ! interface FastEthernet0/1.20 encapsulation dot1Q 20 ip address 172.16.20.1 255.255.255.0 ! interface FastEthernet0/1.30

24

encapsulation dot1Q 30 ip address 172.16.30.1 255.255.255.0 ! interface Serial0/1 no ip address shutdown ! ip classless no ip http server ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 password cisco login ! end Router1#

25