VLAN trunks between Cisco Catalyst switches support all VLANs known to the switches. Then add a new VLAN, and the trunk supports it. Is that a good idea? In this post, you will get a chance to practice that common task – configuring ports into VLANs – while setting up a trunk to support only the VLANs used at the present, so that new VLANs are not automatically allowed to send traffic over a trunk.
Requirements
Your job: Configure appropriate interfaces as trunks to pass traffic between PC’s, while supporting those VLANs only.
This lab begins with all the interfaces shown in Figure 1 working, because the cables have been connected, and the switches default to bring up the interfaces. However, you need to add the correct interfaces into the VLANs shown in the figure. Additionally, you must decide what commands to add to make sure the link between the switches trunks, and that the link does not depend on any trunking negotiation to do so. Finally, you must make sure that the trunk supports only the two VLANs show in the figure (plus the native VLAN) until someone else comes back to change the configuration.
The specific rules for this lab are:
- Configure the interfaces connected to PCs to be access interfaces in the correct VLAN
- Configure the link between switches to statically act a trunk (that is, do not rely on trunk negotiation)
- Configure to restrict the trunk to support only the native VLAN and the other VLANs shown in the figure
- Do not configure settings not needed for this lab.
Figure 1: Two Switches – Point-to-Point
Initial Configuration
The two switches begin with basically default configuration and a hostname. The two examples here emphasize that point, with confirmation that the ports are enabled (no shutdown).
Example 1: SW1 Config
hostname SW1 ! interface GigabitEthernet0/1 no shutdown ! interface GigabitEthernet0/2 no shutdown ! interface GigabitEthernet0/3 no shutdown
Example 1: SW2 Config
hostname SW2 ! interface GigabitEthernet0/1 no shutdown ! interface GigabitEthernet0/2 no shutdown ! interface GigabitEthernet0/3 no shutdown
Answer on Paper, or Maybe Test in Lab
Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.
If you do try this lab beyond just writing the answers on paper or in a text editor, give PC1 and PC3 an IP address in the same subnet. Likewise, for PC2 and PC4. Because this lab uses no routers or layer 3 switches, once working, the PCs in the same VLAN should be able to ping each other, but they should not be able to ping PCs in other VLANS.
Also, if you want to test for the restriction to support only VLANs 100 and 200, once you test all the pings, reconfigure the switches to put the PC1 and PC3 ports into a new VLAN (300). Then try to ping PC3 from PC1 again; it should now fail, because the trunk does not forward VLAN 300 traffic.