Quick VLAN question

rakemrakem Member Posts: 800
This is more of a general question regarding VLANs.

Most switches come defaulted with every port in VLAN1 so you can just plug everything in and away you go.

The problem with that is VLAN1 is meant to be the management VLAN1 and it most cases can't be modified.


So anyway my question is, if you set all ports on all switches to a different VLAN, (say VLAN2) everything would work just as easily as when the ports were in VLAN1 right?

Like there wouldn't be any need to setup trunking between switches or any routing between VLANs because all ports are in VLAN2.

is that correct?

cheers!
CCIE# 38186
showroute.net

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    That is correct.
    An expert is a man who has made all the mistakes which can be made.
  • tech-airmantech-airman Member Posts: 953
    rakem wrote:
    This is more of a general question regarding VLANs.

    Most switches come defaulted with every port in VLAN1 so you can just plug everything in and away you go.

    The problem with that is VLAN1 is meant to be the management VLAN1 and it most cases can't be modified.


    So anyway my question is, if you set all ports on all switches to a different VLAN, (say VLAN2) everything would work just as easily as when the ports were in VLAN1 right?

    Like there wouldn't be any need to setup trunking between switches or any routing between VLANs because all ports are in VLAN2.

    is that correct?

    cheers!

    rakem,

    It depends. Exactly how many switches are involved?
  • APAAPA Member Posts: 959
    If no trunk links are formed between switches then uplink ports would only carry traffic for VLAN2 you need trunk links between switches to carry traffic for multiple VLANs.........

    How would you manage your switches via the management IP on VLAN1?? Remember VLAN 1 by default is the native VLAN and isn't tagged through 802.1q trunks anyway....... If you created management addresses on VLAN2 however you would overcome this issue..... :D

    Which brings me to my next point..... If you set all ports to VLAN2 and no trunk links were formed.... How would you route between VLAN1 & VLAN2??? You need a trunk link to the external router (router-on-a-stick) or SVI's setup on the multi-layer switch to route between both VLANs.......

    If you were talking about setting all ports on an out of the box switch (one switch only) to the same vlan well then yes it as long as all clients have the same addressing structure they will be able to see each other and will be able to route out as long as the default gateway has an interface on the same VLAN and the clients can see it...... :D

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Just to add to what has already been stated, vlan 1 is the default VLAN and is not intended to be the management VLAN. It is a best practice to use some other VLAN for your management VLAN and also to move any access ports off of VLAN 1. I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.
    The only easy day was yesterday!
  • bighornsheepbighornsheep Member Posts: 1,506
    dtlokee wrote:
    I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.

    Correct me if I am wrong, but removing vlan 1 from the trunk should imply that the native vlan is changed as well, otherwise CDP and STP will not function properly because they pass traffic through vlan 1, is that right?
    Jack of all trades, master of none
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    It's an odd thing, even though you remove VLAN 1, it will still forward VTP, DTP, CDP and other type management protocols across the link in a point-to-point fashion on VLAN, just no transit traffic will be allowed to be sent.
    The only easy day was yesterday!
  • APAAPA Member Posts: 959
    dtlokee wrote:
    I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.

    Correct me if I am wrong, but removing vlan 1 from the trunk should imply that the native vlan is changed as well, otherwise CDP and STP will not function properly because they pass traffic through vlan 1, is that right?

    Nope removing vlan 1 from the trunk does not affect CDP or any other management protocols that natively carry information over it.... It does not change the native vlan either as with trunks the native is always vlan 1 unless you manually use 'switchport trunk native vlan (id)' which you would be doing on every link partner if you did change it as the trunks wouldn't form correctly if link partners have different native vlans.

    When removing vlans from trunk links via "switchport trunk allowed vlan" you are stating the data traffic that is allowed to traverse the trunk...... CDP,PAgP traffic is considered Management traffic so it will still traverse the trunk link. :D

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • bighornsheepbighornsheep Member Posts: 1,506
    dtlokee wrote:
    It's an odd thing, even though you remove VLAN 1, it will still forward VTP, DTP, CDP and other type management protocols across the link in a point-to-point fashion on VLAN, just no transit traffic will be allowed to be sent.

    very interesting....where can I read more about this?

    quite counter-intuitive, no?
    Jack of all trades, master of none
  • APAAPA Member Posts: 959
    Cisco Press BCMSN Chap 4 covers it.....

    States that the traffic is classed as management traffic and still traverses the trunk link.

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • rakemrakem Member Posts: 800

    rakem,

    It depends. Exactly how many switches are involved?


    four switches will be involved. All ports on every switch will be VLAN2. I will create a management interface on VLAN2 so i don't need to worry about VLAN1 at all.

    Down the track i will add VLAN3, once this is added then, of course, i will need to configure trunk links.

    cheers guys,
    CCIE# 38186
    showroute.net
  • tech-airmantech-airman Member Posts: 953
    rakem wrote:

    rakem,

    It depends. Exactly how many switches are involved?


    four switches will be involved. All ports on every switch will be VLAN2. I will create a management interface on VLAN2 so i don't need to worry about VLAN1 at all.

    Down the track i will add VLAN3, once this is added then, of course, i will need to configure trunk links.

    cheers guys,

    rakem,

    You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?
  • Sanis4lifeSanis4life Banned Posts: 60 ■■□□□□□□□□

    rakem,

    You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

    Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan
  • rakemrakem Member Posts: 800
    rakem,

    You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?


    The switches will be connected by a fiber link. Firstly everything will be in VLAN2, which means that a trunk is not necessary to carry information between switches.

    I will be creating VLAN3 on a few switches later, once that is created then i will just change the links that connect the switches to trunk links.
    CCIE# 38186
    showroute.net
  • APAAPA Member Posts: 959
    When locking ports down via 'switchport mode access' command a port cannot become a trunk port!!!

    But you must use 'switchport mode access' then 'switchport access vlan 2'

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • tech-airmantech-airman Member Posts: 953
    Sanis4life wrote:

    rakem,

    You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

    Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan

    Sanis4life,

    According to Cisco..
    Switch Port Modes
    Switch ports run in either access or trunk mode. In access mode, the interface belongs to one and only one VLAN. Normally a switch port in access mode attaches to an end user device or a server. The frames transmitted on an access link look like any other Ethernet frame.

    Trunks, on the other hand, multiplex traffic for multiple VLANs over the same physical link. Trunk links usually interconnect switches, as shown in Figure 26-2. However, they may also attach end devices such as servers that have special adapter cards that participate in the multiplexing protocol.

    Then there's the issue of Spanning Tree Protocol between the switches which is communicated usually over trunk links. Since it was mentioned that in the future another VLAN will be added, configure at least one switch to be a VTP server and the rest to be VTP clients. Once again, those VTP advertisements will be going across trunk links.

    I hope this helps.

    Source:
    1. LAN Switching @ Cisco.com - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/lanswtch.htm
    2. Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml
    3. Understanding VLAN Trunk Protocol (VTP) - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml
  • Sanis4lifeSanis4life Banned Posts: 60 ■■□□□□□□□□
    Sanis4life wrote:

    rakem,

    You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

    Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan

    Sanis4life,

    According to Cisco..
    Switch Port Modes
    Switch ports run in either access or trunk mode. In access mode, the interface belongs to one and only one VLAN. Normally a switch port in access mode attaches to an end user device or a server. The frames transmitted on an access link look like any other Ethernet frame.

    Trunks, on the other hand, multiplex traffic for multiple VLANs over the same physical link. Trunk links usually interconnect switches, as shown in Figure 26-2. However, they may also attach end devices such as servers that have special adapter cards that participate in the multiplexing protocol.

    Then there's the issue of Spanning Tree Protocol between the switches which is communicated usually over trunk links. Since it was mentioned that in the future another VLAN will be added, configure at least one switch to be a VTP server and the rest to be VTP clients. Once again, those VTP advertisements will be going across trunk links.

    I hope this helps.

    Source:
    1. LAN Switching @ Cisco.com - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/lanswtch.htm
    2. Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml
    3. Understanding VLAN Trunk Protocol (VTP) - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

    Tech-ariman,

    Yes, the definitions you described are the usual way to connect switches, ie trunking, however, that is not always the case. The OP was questioning if he can connect multiple switches using vlan 2, and the answer is yes, by sw mode acc. There does not need to be any trunking involved until he adds another vlan to the mix, and then will need to change the port from an access port to a trunk port.

    Anyways, I hope you understand there are more ways to connect switches then just by trunking.
Sign In or Register to comment.