Let us look at how different vendors will configure these VLANs in their different syntaxes and let us start with cisco to configure an access port you go into the interface and then say the switch port mode is accessed and the access vlan is vlan 10 in this example on the slide to configure trunk port you say that the encapsulation is 80.1 queue the mod is strong you're going to be using trunk mode on this port and in trunk mode you're allowing these particular vlans 10 20 and 30. note that in this configuration for the access and trunk ports you have not mentioned the words tagged or untagged but it's going to send untagged normal frames on the access port and it's going to create tags for vlan 10 20 and 30 on the trunk port cisco has some missed features that we strongly recommend that you disable first one is a vtp vlan trunking protocol this was created for switches to tell each other about which vlans exist and so that they can automatically add them we strongly recommend you do not do this and manage the vlans that you want on the different switches yourself so to turn this off on your ioss you have the option to say vtp mode off in this case the switch will ignore any vtp frames that it receives it will also not forward them at all older versions of ios had only the option vtp mode transparent where the switch itself will ignore any vtp frames but it would still forward them through the different ports we recommend you turn it off completely and if you can't make sure that the switch is set to vtp mode transparent the other one is dynamic tracking protocol and this is where the switch will automatically detect if the port on the other side is in access mode or is in trunk mode and then it will try and automatically configure its port we strongly recommend that you disable this and explicitly choose for each port do you want it in access mode or do you want it in trunk mode and you can also tell it to not negotiate at all so let us look at cisco nx os differences the cisco nexus switches run nx os not ios and there are layer 3 switches which could make a very good choice for a core router they can be set so that the configuration assumes that most ports will be used as rooted layers reports which is our preferences or as switched layer 2 ports to set the default to what we prefer you could say no system default switch port then after setting this it means that any ports that you want to be switched you want to designate these ports as layer 2 ports you must set it explicitly so that it does the switching but before applying the same access or trunk configuration that we've seen in the ios slides previously so for example for ethernet one stroke 10 you set the switch port command which tells nexus that you want this to be a layer 2 port and then you say switch port access vlan 10. note that setting this system default does not change how the switch operates what changes is the fact that the interfaces come with no switchboard by default it assumes that you want them as rooted ports and if this is going to be inside your core and we said you're rooting your core then this is what we want we want to have it as no switchport by default the only reason you would have some switched ports in your core router is because you have for example servers which we said you should locate inside your car for redundancy and backup purposes because that's where you'll have power and yet you may not have a separate server switch so we've seen cases where you're forced to use some ports on your core switch as server ports so you could have the server vlan on the switch in the scenario where you're doing virtualization and you want to have multiple virtual hosts with their different networks maybe public versus private on the same physical virtualization host then you could set it as a trunk port and then you trans fix that ranking on the linux server there are other differences between nx os and ios and the first one which we are very happy about is support for vtp commands and the protocol itself is disabled by default somehow you might receive a nexus where these features are on so it means you can type vtp commands or you can type vtp configuration like vtp mode off what we recommend is that you just disable it completely with no feature vtp so that the switch has no idea about vtp we also like that dynamic tracking protocol is not available even as an option so you can't add it on later and the only vlan tracking protocol is the standard based 802.1 queue the cisco proprietary is not on nx os which is also very good lastly nx os will reserve a different set of vlans from ios nx os reserves about 128 vlans and it's usually the last ones you cannot change the number of vlans that it reserves but you can move the range around by telling it where the minimum the starting vlan is but since it picks the last ones we we recommend that you leave it as is and we don't even list the command to do that here so now let us look at an alternative configuration from hp in this case to configure that access or trunk port you do not go on a port by port basis and tell the switch what that port does you instead go to the vlan configuration and then for access spots you tell it which ports that vlan should be untagged on and then for trunk ports you tell each which ports that vlan should be tagged on note that you haven't mentioned that term access or trunk but it will generate 80.1 queue target frames for the ports that you specify are tagged in this case one and two are your trunk ports and this configuration would be compatible with the equivalent configuration on cisco so if you had a cisco on one side hp on the other side and you use the different languages to create your trunk and access ports it will work many vendors will pick something similar to either hp's way of doing things or cisco's way of doing things and let us look at an example of juniper for juniper inside the configuration you set the bridge family and the interface mode you set it to access for an access port and if you set it to access you give a VLAN ID that it's going to use inside access mode and then for trunk mode it's almost the same. It's just that you say the interface mode is trunk and instead of a single vlan id you give it a list which is um in square brackets and then you have the different vlans and in this case it's going to create tags for vlans 10 20 and 30 on the trunk port and the accessport will participate in vlan 10 with untagged frames so this is very similar to what cisco do however some vendors will do something that is totally different from either what cisco and juniper do an example is given with net gear here so you have the interface name and you create primary vlan id so you say vlan pv id 10 and that tells the switch that any incoming frames that do not have a tag will be put into VLAN 10. then you can tell it to accept only untagged frames and then you specify which VLANs this switch participates in so VLAN participation include 10 and what that means is any outgoing frames through that port to the device at the end will have originally come from vlan 10. to configure transport you can specify that you only want tagged frames with that first line accept frame vlan only and then you have to specify which vlans it can send outgoing frames on so in this case it contains outgoing frames that belong to VLAN 10 vlan 20 or vlan 30. this is very similar to the statement for an accessport except that you have multiple VLANs specified then additionally you have to tell it to tag the packets for VLAN 10s 20 and 30. so this is very different. Additionally this does not disable VLAN 1. So if you want to disable VLAN 1 you have to say vlan no participation inside vlan 1 as we show in the note at the bottom. And if you want to turn that back on we show you how to do it as well. So the moral of the story is as long as your switch supports 802.1 q tagging it will be able to exchange vlans with other different vendors you just have to learn or read your switches documentation to figure out exactly how they do it and once you've read the documentation you understand how to create an access port and how to create a trunk port and then the configuration will match everything else as a last example we're going to look at a linux server using netplan this would be for example a newish ubuntu that uses netplan to configure their interfaces in this case you have the configuration and then under ethernet you have the physical ethernet interfaces you can have ip address configuration then under vlans you create your vlans the name of the vlan does not have to have the id but we recommend it so that it's easy when you look at the interface output to tell which vlan you're talking about now under the vlan configuration you specify the id this is the tag that will be assigned to packets that come out of this vlan and you have the link which specifies the physical interface that this vlan is connected to and then you can have ip address so if you wanted a virtual machine to be on vlan 10 on this particular host you could make sure that the virtual machine is connected to vlan 10 instead of to the physical ethernet interface note that in this case um on the vlan interfaces themselves like vlan 10 the packets will be untagged they only get an 802.1q tag on the physical ethernet interface so this way your virtualization host does not have to add tags to the packets it will just send and receive normal untagged packets but any packets that come from onto that vlan 10 interface and then leaving the machine will get an id of 10 added to the tag and anything which comes in with a tag of 10 will be dropped onto the vlan interface different linux distributions have different ways of configuring this but in general you create the vlan the vlan interface and you specify which physical interface that vlan is valid on and the configuration syntax might look different especially from the command line when you're verifying it with the ip command it will show similar output so this is an example of how you could do it using a UNIX machine.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.