Quick VLAN question

This is more of a general question regarding VLANs.

Most switches come defaulted with every port in VLAN1 so you can just plug everything in and away you go.

The problem with that is VLAN1 is meant to be the management VLAN1 and it most cases can't be modified.

So anyway my question is, if you set all ports on all switches to a different VLAN, (say VLAN2) everything would work just as easily as when the ports were in VLAN1 right?

Like there wouldn't be any need to setup trunking between switches or any routing between VLANs because all ports are in VLAN2.

is that correct?

cheers!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

That is correct.

tech-airman

rakem wrote:

This is more of a general question regarding VLANs.

Most switches come defaulted with every port in VLAN1 so you can just plug everything in and away you go.

The problem with that is VLAN1 is meant to be the management VLAN1 and it most cases can't be modified.

So anyway my question is, if you set all ports on all switches to a different VLAN, (say VLAN2) everything would work just as easily as when the ports were in VLAN1 right?

Like there wouldn't be any need to setup trunking between switches or any routing between VLANs because all ports are in VLAN2.

is that correct?

cheers!

rakem,

It depends. Exactly how many switches are involved?

APA

If no trunk links are formed between switches then uplink ports would only carry traffic for VLAN2 you need trunk links between switches to carry traffic for multiple VLANs.........

How would you manage your switches via the management IP on VLAN1?? Remember VLAN 1 by default is the native VLAN and isn't tagged through 802.1q trunks anyway....... If you created management addresses on VLAN2 however you would overcome this issue.....

Which brings me to my next point..... If you set all ports to VLAN2 and no trunk links were formed.... How would you route between VLAN1 & VLAN2??? You need a trunk link to the external router (router-on-a-stick) or SVI's setup on the multi-layer switch to route between both VLANs.......

If you were talking about setting all ports on an out of the box switch (one switch only) to the same vlan well then yes it as long as all clients have the same addressing structure they will be able to see each other and will be able to route out as long as the default gateway has an interface on the same VLAN and the clients can see it......

dtlokee

Just to add to what has already been stated, vlan 1 is the default VLAN and is not intended to be the management VLAN. It is a best practice to use some other VLAN for your management VLAN and also to move any access ports off of VLAN 1. I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.

bighornsheep

dtlokee wrote:

I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.

Correct me if I am wrong, but removing vlan 1 from the trunk should imply that the native vlan is changed as well, otherwise CDP and STP will not function properly because they pass traffic through vlan 1, is that right?

dtlokee

It's an odd thing, even though you remove VLAN 1, it will still forward VTP, DTP, CDP and other type management protocols across the link in a point-to-point fashion on VLAN, just no transit traffic will be allowed to be sent.

APA

bighornsheep wrote:

dtlokee wrote:

I will also remove VLAN 1 from all trunk links with the "switchport trunk allowed vlan remove 1" to prevent broadcasts in VLAN 1 from spanning the entire switch block.

Correct me if I am wrong, but removing vlan 1 from the trunk should imply that the native vlan is changed as well, otherwise CDP and STP will not function properly because they pass traffic through vlan 1, is that right?

Nope removing vlan 1 from the trunk does not affect CDP or any other management protocols that natively carry information over it.... It does not change the native vlan either as with trunks the native is always vlan 1 unless you manually use 'switchport trunk native vlan (id)' which you would be doing on every link partner if you did change it as the trunks wouldn't form correctly if link partners have different native vlans.

When removing vlans from trunk links via "switchport trunk allowed vlan" you are stating the data traffic that is allowed to traverse the trunk...... CDP,PAgP traffic is considered Management traffic so it will still traverse the trunk link.

bighornsheep

dtlokee wrote:

It's an odd thing, even though you remove VLAN 1, it will still forward VTP, DTP, CDP and other type management protocols across the link in a point-to-point fashion on VLAN, just no transit traffic will be allowed to be sent.

very interesting....where can I read more about this?

quite counter-intuitive, no?

APA

Cisco Press BCMSN Chap 4 covers it.....

States that the traffic is classed as management traffic and still traverses the trunk link.

dtlokee

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swvlan.html#wp1150302

rakem

tech-airman wrote:

rakem,

It depends. Exactly how many switches are involved?

four switches will be involved. All ports on every switch will be VLAN2. I will create a management interface on VLAN2 so i don't need to worry about VLAN1 at all.

Down the track i will add VLAN3, once this is added then, of course, i will need to configure trunk links.

cheers guys,

tech-airman

rakem wrote:

tech-airman wrote:

rakem,

It depends. Exactly how many switches are involved?

four switches will be involved. All ports on every switch will be VLAN2. I will create a management interface on VLAN2 so i don't need to worry about VLAN1 at all.

Down the track i will add VLAN3, once this is added then, of course, i will need to configure trunk links.

cheers guys,

rakem,

You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

Sanis4life

tech-airman wrote:

rakem,

You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan

rakem

tech-airman wrote:

rakem,

You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

The switches will be connected by a fiber link. Firstly everything will be in VLAN2, which means that a trunk is not necessary to carry information between switches.

I will be creating VLAN3 on a few switches later, once that is created then i will just change the links that connect the switches to trunk links.

APA

When locking ports down via 'switchport mode access' command a port cannot become a trunk port!!!

But you must use 'switchport mode access' then 'switchport access vlan 2'

tech-airman

Sanis4life wrote:

tech-airman wrote:

rakem,

You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan

Sanis4life,

According to Cisco..

LAN Switching @ Cisco.com wrote:

Switch Port Modes
Switch ports run in either access or trunk mode. In access mode, the interface belongs to one and only one VLAN. Normally a switch port in access mode attaches to an end user device or a server. The frames transmitted on an access link look like any other Ethernet frame.

Trunks, on the other hand, multiplex traffic for multiple VLANs over the same physical link. Trunk links usually interconnect switches, as shown in Figure 26-2. However, they may also attach end devices such as servers that have special adapter cards that participate in the multiplexing protocol.

Then there's the issue of Spanning Tree Protocol between the switches which is communicated usually over trunk links. Since it was mentioned that in the future another VLAN will be added, configure at least one switch to be a VTP server and the rest to be VTP clients. Once again, those VTP advertisements will be going across trunk links.

I hope this helps.

Source:

LAN Switching @ Cisco.com - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/lanswtch.htm
Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml
Understanding VLAN Trunk Protocol (VTP) - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

Sanis4life

tech-airman wrote:

Sanis4life wrote:

tech-airman wrote:

rakem,

You can use configure all of the ports of a single managed switch to be an access port for VLAN 2. However, as soon as you connect the first managed switch to a second managed switch, that physical link between the two switches is by definition going to be a trunk. Since you mentioned "four switches will be involved," how are you planning to connect the four switches to each other?

Why would connecting two managed switches in the same vlan be called a trunk? They are access ports, therefor cannot be a trunk. A trunked port will pass multiple vlans, but in this case the access port will only pass vlan2. He can connect 4 switches together, so long as they are all on the same Vlan

Sanis4life,

According to Cisco..

LAN Switching @ Cisco.com wrote:

Switch Port Modes
Switch ports run in either access or trunk mode. In access mode, the interface belongs to one and only one VLAN. Normally a switch port in access mode attaches to an end user device or a server. The frames transmitted on an access link look like any other Ethernet frame.

Trunks, on the other hand, multiplex traffic for multiple VLANs over the same physical link. Trunk links usually interconnect switches, as shown in Figure 26-2. However, they may also attach end devices such as servers that have special adapter cards that participate in the multiplexing protocol.

Then there's the issue of Spanning Tree Protocol between the switches which is communicated usually over trunk links. Since it was mentioned that in the future another VLAN will be added, configure at least one switch to be a VTP server and the rest to be VTP clients. Once again, those VTP advertisements will be going across trunk links.

I hope this helps.

Source:
LAN Switching @ Cisco.com - http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/lanswtch.htm

Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml

Understanding VLAN Trunk Protocol (VTP) - Cisco Systems - http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

Tech-ariman,

Yes, the definitions you described are the usual way to connect switches, ie trunking, however, that is not always the case. The OP was questioning if he can connect multiple switches using vlan 2, and the answer is yes, by sw mode acc. There does not need to be any trunking involved until he adds another vlan to the mix, and then will need to change the port from an access port to a trunk port.

Anyways, I hope you understand there are more ways to connect switches then just by trunking.