Goals:
● Understand Dynamic Trunking Protocol
● Create trunk connections dynamically
● Test the trunk connections
Requirements:
2 Cisco switches, with configurations from Labs 1 - 10
2 PCs with COM port, Ethernet ports
Cisco rollover cable
2 Ethernet cables
1 Ethernet Crossover cable
Notes for 2900XL switch and Packet Tracer users.
1. 2900XL switches (2912/2924) do not support Dynamic Trunking Protocol (DTP). Static trunk configuration is required to create trunk ports. However, if you are studying for the CCNA exam, you may have DTP questions that relate to 2950/2960 switches. You should study this lab even if you cannot perform it. The concept, though important, is not difficult to understand. Interestingly, Cisco advises that switch are more secure if DTP is disabled from all switch interfaces.
Furthermore, 2900XL switches support two trunking protocols: ISL and 802.1q. The 2950 and later models only support 802.1q. ISL, a proprietary Cisco protocol, is the default trunking protocol for 2900XL switches, but it can be changed. To configure a trunk interface for 802.1q, use the encapsulation command:
labsw[x](config)# interface fa0/[y]
labsw[x](config)# switchport trunk encapsulation dot1q
If you are feeling cheated, don’t. In a far distant lab on Ethernet sub-interfaces, you will have to configure the encapsulation on the router interface, and it’s the same command.
2. Packet Tracer switches do not perform like real switches. The developers of Packet Tracer apparently used a different “default” configuration to force students to configure trunking interfaces. The difference can be seen in the show interface fa0/x switchport command.
An actual 2950 switch has a default interface configuration of “dynamic desirable,” meaning that it will first try to create a trunk connection when a device is connected to it.
A 2950 Packet Tracer switch has a default interface configuration of “dynamic auto,” meaning that it will not attempt to create a trunk connection, but will create one if another switch initiates the process.
This is a common issue for network simulators. Writing a network simulator is a balance between features and cost. To include every IOS feature in a simulator can be very expensive, and the developers usually focus on the most important features. As we said about using Cisco hardware in Building Your CCNA® Lab, “Since it is real Cisco hardware, it performs exactly like … real Cisco hardware.” However, Packet Tracer will provide the hands-on experience required to pass the exam.
The major difference can be managed by configuration. To configure a Packet Tracer switch to act like a real switch, make the following configuration change to interfaces Fa0/23 and Fa0/24 (Note: it is our intention to always use the last interfaces as trunk ports. If you have a 12 port switch, use ports 11 and 12 as trunk ports.):
Labsw[x](config)interface fa0/23 (or 24)
Labsw[x](config)switchport mode dynamic desirable
(If you made the configuration changes above, save the running-config to the startup-config.)
That being said, it is strongly advised that any switch in a production environment never be configured to allow dynamic trunk creation. DTP should be disabled on every port, either by making the port an access port, or by configuring a port as a trunk port (only when needed). Dynamic trunking is considered insecure. However, it is important to understand DTP, so we are going to ignore that advice for these labs.
Another less important difference between an actual 2950 switch and a Packet Tracer is the lack of support for all show running-config commands. You should know by now that show running-config will display the entire switch configuration. Cisco IOS can limit the text in a show command by using various qualifiers. One very convenient command is show running-config interface fa0/x. This reduces the time spent scrolling through the configuration to find the desired configuration. We will begin to use the command exclusively when we are discussing the configuration of a specific interface. Packet Tracer users will need to use show running-config and scroll to the appropriate interface.
If you are just beginning to study switches, the paragraphs above may be confusing. However, it is important for those who use 2900XL switches and/or Packet Tracer to understand why their switches do not behave as described in this lab, and more importantly, understand how real hardware performs.
So after a long discussion about the differences between switches and simulators, on to the actual lab.
Dynamic Trunking Protocol
Cisco has designed switches and IOS to function in a simple network with no additional configuration. This is true for both access ports and trunk ports. Cisco IOS supports a feature called “Dynamic Trunking Protocol” (DTP) that allows switches to pass data between the switches without configuring the interfaces.
Cisco switches support two different uses for Ethernet interfaces: access and trunk. The previous labs configured and tested access ports, or ports that support connections to devices that are not Cisco switches. Access ports carry data for devices in a single VLAN. A VLAN is a broadcast domain consisting of ports configured for that VLAN.
Trunk ports on Cisco switches are used to carry data for multiple VLANs between switches. Consider labsw1 and labsw2, which were configured in previous labs. Trunking allows a port in VLAN 200 on labsw1, for example, to communicate with a port in VLAN 200 on labsw2.
Dynamic Trunking Protocol (DTP) creates trunk connections automatically, or “dynamically”, when two switches are connected to each other. DTP is the default, or “out-of-the-box” configuration for every interface on a 2950/2960 switch.
To display the switchport mode on each switch, use the following command: show interface switchport. (Interfaces Fa0/23 and Fa0/24 should have the default configuration and should not be connected.)
1. labsw1[or 2]#show interface FastEthernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
.
(lines omitted)
Even though the interface has not been configured, the interface Administrative Mode is “dynamic desirable”, meaning that
- The interface considers trunking to be the preferred mode, or “desirable”, though it will also be an access port if connected to a device that is not a switch.
- The interface will dynamically negotiate with another switch to create a trunk connection.
- The operational mode is down, because the interface is down, down.
Compare with the Administrative Mode of interface Fa0/1, configured as an access port and assigned to VLAN 200.
2. labsw1[or 2]#show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 200 (Acct)
(lines omitted)
Configuring interface Fa0/1 as an access port disabled Dynamic Trunking Protocol. The Administrative Mode is no longer “dynamic desirable.” Instead, Administrative Mode is now “static access” and Negotiation of Trunking is “Off.” Connecting interface Fa0/1 to another switch will not create a trunk port. (Unfortunately, Packet Tracer switches do not change the display of these parameters when the switch is configured. However, it is just the display. Interfaces on Packet Tracer switches will perform as they should when configured as access ports.)
For the following exercise, connect labsw1, Fa0/24, and labsw2, Fa0/24 with an Ethernet crossover cable. (Note: Connections between Cisco switches once exclusively required an Ethernet crossover cable. Newer model switches, such as the 2960 switch, have auto-mdix, and can auto-detect the cable type. For the exam, all connections between switches should be made with crossover cable.) After the connecting the switches, observe the following:
The interface status of the port on each switch: up, up
3. labsw1# show interface Fa0/24
FastEthernet0/24 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0009.43cb.3018 (bia 0009.43cb.3018)
.
(lines omitted)
4. labsw2# show interface Fa0/24
FastEthernet0/24 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000a.8ae6.5198 (bia 000a.8ae6.5198)
.
(lines omitted)
Because the Administrative Mode of each port was “dynamic desirable”, both interfaces became trunk ports when connected. Note that the trunking mode is “desirable,” meaning that it was created by DTP, not by configuring the interface as trunk ports. (Note: Another area where Packet Tracer will differ. Mode will show “on”.) In addition, notice the VLANs supported by the trunk connection. VLANs 1 - 4094 are allowed (yes, 4094 VLANs. If you actually have 4094 VLANs in your network, then, wow.) However, only VLANs 1, 200-203 are active. These are the only VLANs that have been created in this network.
5. labsw1# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1,200-203
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,200-203
6. labsw2# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1,200-203
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,200-203
Display the switchport mode of each interface.
7. labsw1[or 2]#show interface Fa0/24 switchport
name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
(lines omitted)
Compare Steps 11, 12 displays to the display from Step 3. The Operational mode has changed from “down” to “trunk” because the interface is now “up, up.” The interfaces have become trunk connections. The trunk will support all VLANs from VLAN 1 to VLAN 4094, but currently only VLANs 1, 200, 201, 202 and 203 are active.
Review the VLAN port assignments on labsw1 and labsw2. First, notice that interface Fa0/24 on each switch is no longer in VLAN1. A trunk port is not associated with a single VLAN, since it carries data for all VLANs.
(lines omitted)
8. labsw1[or 2]# show vlan
VLAN Name Status Ports
---- ----------- --------- -------------------------------
1 default active Fa0/9, Fa0/10,..Fa0/23
200 Acct active Fa0/1, Fa0/5
201 Admin active Fa0/2, Fa0/6
202 Backbone active Fa0/3, Fa0/7
203 VLAN0203 active Fa0/4, Fa0/8
Testing the VLANs
The following interfaces should be in the same VLANs
VLAN labsw1 labsw2
200 Fa0/1 Fa0/1
201 Fa0/2 Fa0/3
202 Fa0/3 Fa0/5
203 Fa0/4 Fa0/7
Connect PC1 to labsw1, and PC2 to labsw2, using interfaces in the table above that are in the same VLAN. From PC1 (192.168.1.2), use the ping 192.168.1.3 command to test connectivity. Each ping attempt should be successful. (Note: if you test between multiple interfaces on these switches, you may have to clear the mac-address-table between each test: labswx# clear mac-address-table dynamic.
Verify that VLAN boundaries are maintained between the switches. Connect PC1 and PC2 to the following interfaces, and repeat the ping test above. Each attempt should fail.
Labsw1 interface VLAN Labsw2 interface VLAN
Fa0/1 200 Fa0/3 201
Fa0/2 201 Fa0/5 202
Fa0/3 202 Fa0/7 203
Fa0/4 203 Fa0/1 200
Testing connectivity to the switches
It is also now possible to telnet from PC1 or PC2 to either of the switches, or to telnet from labsw1 to labsw2. To perform these tests, make sure you connect PC1 and/or PC2 to an interface in VLAN 1 (why is that?)
9. labsw1#telnet 192.168.1.76
Trying 192.168.1.76 ... Open
User Access Verification
Password: (cisco) (Password not displayed)
labsw2>
Terminate the connection
11. labsw2 > exit
It should also be possible to test and telnet from both PC1 and PC2 to either switch.
Connect PC1 to labsw1, interface Fa0/10, VLAN 1 (or any interface in VLAN 1)
Connect PC2 to labsw2, interface Fa0/9, VLAN 1
From both PC1 and PC2:
12. C:>\ping 192.168.1.75
13. C:>\ping 192.168.1.76
14. C:>\telnet 192.168.1.75 (sign on and exit after connecting)
15. C:>\telnet 192.168.1.76 (sign on and exit after connecting)
For Extra Credit
Actually, this is not extra credit, though it not covered very often. We are going to assign an interface to VLAN 200, but we are not going to make it an access port. Configure interface Fa0/22 in VLAN 200, but do not configure it as an access port.
1a. labsw1(config)#int fa0/22
2a. labsw1(config-if)#switchport access vlan 200
3a. labsw1(config-if)#Cntl_Z
Verify that interface fa0/22 is now actually in VLAN 200.
(lines omitted)
4. labsw1# show vlan
VLAN Name Status Ports
---- ----------- --------- -------------------------------
1 default active Fa0/9, Fa0/10,..Fa0/23
200 Acct active Fa0/1, Fa0/5, Fa0/22
201 Admin active Fa0/2, Fa0/6
202 Backbone active Fa0/3, Fa0/7
203 VLAN0203 active Fa0/4, Fa0/8
Disconnect the Ethernet crossover cable from labsw1, Fa0/24, and connect it to Fa0/22. When the ports have synchronized, verify the trunk connections on labsw1. Interface Fa0/22 has become a trunk port even though it was assigned to VLAN 200.
5. labsw1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/22 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/22 1-4094
Port Vlans allowed and active in management domain
Fa0/22 1,200-203
Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,200-203
Display the VLAN port assignments again, and notice that Fa0/22 is no longer in VLAN 200. It has become a trunk port, and therefore is no longer associated with a single VLAN. Also notice the interface Fa0/24 is now back in VLAN1, since it is no longer a trunk port.
6. labsw1# show vlan
(lines omitted)
VLAN Name Status Ports
---- ----------- --------- -------------------------------
1 default active Fa0/9, Fa0/10,..Fa0/24
200 Acct active Fa0/1, Fa0/5
201 Admin active Fa0/2, Fa0/6
202 Backbone active Fa0/3, Fa0/7
203 VLAN0203 active Fa0/4, Fa0/8
Until an interface is configured as an access port with the command "switchport mode access" it is not an access port. It will still create a trunk dynamically.
