Vlan Trunks

hand plugging or unplugging cable in network switchVlans are a popular way for a network administrator to segment a layer-2 switched network by configuring the local Ethernet switches with Vlan IDs and then placing the selected ports into the designated Vlans. This is great for local administration of a single switch. However, what if the requirement is for the Vlan to span the entire network of one thousand switches? The solution requires Vlan trunking and a VTP management domain.

Learn about LAN switched networks and Vlans at Udemy.com.

When configuring Vlans on an Ethernet switch, the ports can be either an access port, which directly connects to a host or as a trunk port, which connects to another switch. An access port can only accept and forward packets from one Vlan, whereas a trunk port accepts and forwards packets from two or more Vlans.

A trunk port is a point-to-point link to another switch or router that forwards traffic to several destinations. Trunk ports therefore carry information from several Vlans across the same physical link this allows Vlans to span the network. However, for a packet to leave its local switch where the Vlans are known – local vlan-database – there has to be some way in which the packet’s Vlan membership can be determined by another switch.

The way an Ethernet network handles this is through tagging the individual packets with a Vlan id. Every packet entering the Vlan port on the local switch is tagged with a Vlan identifier. So every packet that is in a Vlan will carry with it a special tag declaring its local Vlan id that other switches on the network can inspect and forward accordingly. The switch does this by placing a tag in one of the fields in the Ethernet frame.

So what is an Ethernet frame? A data packet on an Ethernet link or LAN is actually an Ethernet packet and it has an Ethernet frame as the payload. An Ethernet frame can be represented as in diagram below.

vlan

An Ethernet frame as depicted above has the very first field as the Destination MAC address, the second Field is the Source MAC address. However, there is another field of interest that is the frame following the MAC Source address this frame is called the 802.1q tag.

The 802.1q tag contains the 802.1p priority code (3 bits) and the 12-bit Vlan identifier, which gives a possible range of 0-4096, however two are reserved leaving 4094 valid Vlan id.

This Vlan identifier is how an Ethernet frame can be marked to be different from other frames. The Vlan tag defines its Vlan membership. Now the network switch when receiving a packet can look inside and check the frames value for not just the source and destination addresses but also the Vlan ID. Additionally, administrators can now group hosts from different network segments many switches away from one another into the same virtual LAN as if they were sitting on the same local switch. This is all possible by assigning a Vlan ID to the 802.1q packet.

Learn more about switches and LANs at Udemy.com

By default, a Trunk port carries traffic for all Vlans whilst maintaining the separation of the packet stream by referencing the 802.1q tag. A trunk port can also carry untagged non-vlan traffic from other sources across the same link whist still maintaining the separation of packets across the trunk link. It manages this by assigning untagged non-vlan traffic a default Vlan ID. This default Vlan ID is the native Vlan of the switch, which defaults to Vlan 1. All non-vlan packets leaving the switch through the trunk port will be tagged with the native Vlan ID. Native Vlan ID’s must match across the link and should match throughout the network.

To configure a trunk port requires that the port is defined as a trunk port as follows;

switch# configure terminal

switch(config)# interface ethernet 3/1

switch(config-if)# switchport mode trunk

 

Trunk ports accept and forward packets from all Vlans by default however they can be configured to block specific Vlans through configuration.

switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport trunk allow vlan 15-20

When configuring trunk links the administrator must take into account the status and configuration of the port on the switch at the other end of the link. This is the cause of many link failures, when the ports at either end of a link are mismatched.

Switch vendors tend to make the ports auto-sense the neighbour port’s status and they will automatically negotiate to become a trunk port if they sense a trunk port at the other side. A trunk port can have several states, trunking, non-trunking or auto-negotiate. To auto-negotiate, a link with a neighbour then dynamic trunking protocol must be enabled.

When a network grows, maintaining and administering a Vlan architecture becomes a burden as Vlan configuration information has to be configured and updated across all the switches in the network. Administrators then need to use VTP (Vlan Trunking Protocol) or something similar in order to maintain consistency across the network. VTP assists in maintaining, renaming, updating, creating and deleting Vlans on a network wide basis. VTP minimizes configuration inconsistencies such as incorrect names or Vlan types.

VTP works on the model of having one master or active switch on which the administrator makes the configuration changes. The master switch then updates all the other switches in the network. In order to use VTP, switches need to be placed in a management domain, called a VTP domain. Switches become members of the domain by sharing the same VTP domain name. A switch can only be in one VTP management domain.

In order to build and administer a large Vlan design that can span a network an administrator needs to configure Vlan trunks and VTP.

Learn more about switched networks with a Udemy.com course