Understanding Native VLANs: I took the CCNA and passed, however, the Native VLANs concept still trips me up. Make sure you have this down in preparation for the CCNP.
In order to fully understand the Native VLANs port configurations you must have a firm understanding of the 802.1Q standard and its fields, it has 4: Tag Protocol identifier (TPID), Priority code Point (PCP), Drop eligible indicator (DEI), and VLAN Identifier VLAN ID. In a packet structure these are at its core.
VLAN ID has only 12 bits and has 4096 unique VLANs with VLAN 1 being the default native VLAN (those who took the CCNA know this very well). VLAN 1 cannot be removed as well as VLANs 1002 – 1005.
Access ports are allowed only one VLAN per port (exception is voice VLAN of course). Any traffic that includes 802.1Q tag are not transmitted or received in this port.
- If you have a packet that is tagged with 802.1Q it will not be accepted into this port. It will be received by the trunk port. From there the Trunk will…
Trunk ports accept 802.1Q tags. They review the header information (source and destination MAC and IP), strip the 802.1Q tag and then send it to the destination MAC and VLAN as identified in the 802.1Q headers.
- The access port will now receive this packet as the packet was stripped of 802.1Q headers. Which means, the packet no longer has the 802.1Q tag.
Native VLAN: Any traffic that is advertised or received on a trunk port without the 802.1Q tags is associated to a native VLAN. Native VLAN configuration is set on a per port basis (or a group of ports using the interface range cmd). Packets received from a trunk port that do not have an 802.1Q tag will default to the Native VLAN for that trunk port interface.
- Scenario: You have a DHCP server connected to FastEthernet 0/1 and a Computer connected to FastEthernet 0/2. That computer is looking for an IP address. You want the DHCP server to allocate IP addresses to devices that connect to any port on the switch. Meaning, if you plug in any device to any switchport, they will receive an IP address of the VLAN 40 network from the DHCP server.
Here is the Network Diagram that we will be working on.
We are going to log into the DHCP server and setup the DHCP pool. In this case we are using a Cisco Router for demonstration, this doesn’t change the results. This can be a Windows server or Linux running a DHCP service, it doesn’t effect the configuration needed for the switch. I will skip the DHCP pool configuration as it does not pertain to the topic at hand.
Once we setup the DHCP pool we will then move to configuring the Switch.
The first step we need to do is create VLAN 40 with the following commands
Switch>enable
Switch#configure terminal
Switch(config)#vlan 40
Once VLAN 40 is created we will FastEthernet 0/1 (port connected to DHCP server) as a trunk port and set it to Native VLAN 40.
Here is the switchport configuration for FastEthernet 0/1 before we run any commands for this port.
Notice how the Operational Mode is static Access? This is because by default all switchports are set to Administrative mode Dynamic Desirable and Operational Mode Static Access.
Now we will run the following commands to set FastEthernet 0/1 to trunk mode and all untagged traffic to communicate to VLAN 40:
Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 40
Lets confirm the changes by running a show command: do show interface fastethernet 0/1 switchport . This command shows up the following..
Lets break down the results. Operational mode is now statically set to Trunk and Administrative Mode is also set to trunk. This is due to the switchport mode trunk command. The Trunking Native Mode is set to 40 (default), due to the switchport trunk native vlan 40 command. Any traffic that is received with no 802.1Q tagging will default to VLAN 40. Any Access ports that are set to Access mode for VLAN 40 will receive packets from untagged traffic coming into this trunk port (fastethernet 0/1). In this case it’s our DHCP server is sending packets into this trunk interface.
- We can have this DHCP server with 10 networks configured with 10 different VLANs. In that case, each network will be configured with an 802.1Q tag (on the DHCP server) and get accepted into this trunk port (fastethernet 0/1) with the switchport trunk allowed vlan vlan-id cmd. Now, what the native VLAN command does is ANY traffic that comes into this interface that is not tagged with 802.1Q fields will default to VLAN 40.
Moving on; lets configure all our ports to VLAN 40. This will essentially make VLAN 40 our “Default” VLAN. Let’s look at the current state of our VLAN association before we make any other changes.
Okay, I wil now use the below commands to configure all ports in our Switch to VLAN 40. If I leave a port in VLAN 1, whoever plugs into that port will not receive an IP address because I have not configured a DHCP server to send packets on VLAN 1. I am essentially “disabling” VLAN 1 from operating since no ports will be communicating on that VLAN. Here are the cmds
Switch(config)#interface range FastEthernet 0/1 - 24
Switch(config-if)#switchport access vlan 40
Switch(config-if)#interface range Gigabitethernet 0/1 - 2
Switch(config-if)#switchport access vlan 40
Here are the results
Now lets take a look at our interface fastethernet 0/2 which has our computer connected to it.
Its important to note that the port is set to operational mode as static Access. I did not run the switchport mode access cmd because I did not need to. By default the port is set to dynamic desirable and Static Access. Because of this, we only need the switchport access vlan-id cmd.
Lets now switch over to our PC. This was the output before we configured port FastEthernet0/2 on our Switch.
Now lets run ipconfig /release and ipconfig /renew cmds to request an IP from our DHCP server. (I had to wait 30 seconds to obtain an IP) See results below:
An addition I added a step by step instructional video for those who are visual learners.
I appreciate your support! Please comment below if you have any questions regarding this post. I am more than happy to answer any followup questions or anything that I might not have been clear on go ahead and ask away!
コメント