Overclock.net › Forums › Software, Programming and Coding › Networking & Security › VLAN Trunk question?
New Posts  All Forums:Forum Nav:

VLAN Trunk question?

post #1 of 19
Thread Starter 
I completely understand VLANs on one single switch and how they work.

However please explain in some dummy fashion answers to the following questions:

1. I want to connect switch 1 to switch 2. I know a normal uplink will not pass VLAN information between switches. I know I need to use a trunk. Do I need a trunk on just one switch or both switches? Do I connect the trunks together? Or do I just need one trunk and if so from what switch?

2. Tagging.... while I understand what tagging is but adding a tag of the VLAN number into the frame, I am not sure what should be tagged and what should be untagged, what is the difference to a switch, especially a trunk connection? WHere does tagging come in exactly in letting two switches communicate? Write it as if I was a dummy.

3. Lastly.... If I wanted to trunk my 24pt Cisco switch to my Netgear 8pt switch and both support 802.1q what do I need to do so that VLAN information is passed between both switches?

Thanks. I am trying to figure out VLANs a tid bit better.

I will definitely be handing out rep!
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #2 of 19
1) Both ends of the connection between switches will need to be configured as trunks
2) Any traffic in a switched VLAN environment should be tagged. Switches will assign a tag to traffic coming from an access port configured for a particular VLAN.
3) Configure the VLANs on both devices. If you were in a full Cisco environment you can use VTP to propagate the VLAN database between switches.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #3 of 19
Basically what beers said. Though i would like to add on #2. You would set the native vlan on these trunks and any traffic that doesn't have a VLAN tag, would get tagged with that.
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
post #4 of 19
Quote:
Originally Posted by Poseiden View Post

Basically what beers said. Though i would like to add on #2. You would set the native vlan on these trunks and any traffic that doesn't have a VLAN tag, would get tagged with that.

But that is a big security risk, then anyone can plug into a trunk port and will get network connectivity. In a home environment it's ok, but I wouldn't use "switchport trunk native vlan" at all.
post #5 of 19
Thread Starter 
Thanks all so far. Getting clearer for sure. Please keep sending advice. I can almost garauntee that others will read this and find it useful!
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #6 of 19
Quote:
Originally Posted by herkalurk View Post

But that is a big security risk, then anyone can plug into a trunk port and will get network connectivity. In a home environment it's ok, but I wouldn't use "switchport trunk native vlan" at all.

Even if you don't set one, they are default set to native vlan 1 (at least on Cisco switches).

And as far as people going and plugging straight into the trunk port, that's also why you should have physical security on the devices so people don't walk into a server room and just unplug stuff. Plus that would be pretty noticeable since a whole network segment would go down.

And as quoted from Cisco's own material
Quote:
When a Cisco switch trunk port receives untagged frames it forwards those frames to the native VLAN. As you may recall, the default native VLAN is VLAN 1. When you configure an 802.1Q trunk port, a default Port VLAN ID (PVID) is assigned the value of the native VLAN ID. All untagged traffic coming in or out of the 802.1Q port is forwarded based on the PVID value. For example, if VLAN 99 is configured as the native VLAN, the PVID is 99 and all untagged traffic is forward to VLAN 99. If the native VLAN has not been reconfigured, the PVID value is set to VLAN 1.
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
post #7 of 19
Thread Starter 
Quote:
Originally Posted by Poseiden View Post

Even if you don't set one, they are default set to native vlan 1 (at least on Cisco switches).
And as far as people going and plugging straight into the trunk port, that's also why you should have physical security on the devices so people don't walk into a server room and just unplug stuff. Plus that would be pretty noticeable since a whole network segment would go down.
And as quoted from Cisco's own material
Quote:
When a Cisco switch trunk port receives untagged frames it forwards those frames to the native VLAN. As you may recall, the default native VLAN is VLAN 1. When you configure an 802.1Q trunk port, a default Port VLAN ID (PVID) is assigned the value of the native VLAN ID. All untagged traffic coming in or out of the 802.1Q port is forwarded based on the PVID value. For example, if VLAN 99 is configured as the native VLAN, the PVID is 99 and all untagged traffic is forward to VLAN 99. If the native VLAN has not been reconfigured, the PVID value is set to VLAN 1.

Right ... so you have no choice. Its automatically tagged as VLAN 1. Gotcha errr Cisco errr you both haha.
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #8 of 19
Not an error, just don't configure Vlan 1. If vlan 1 goes nowhere, then you don't care that anyone can plug in. As for port security, that would be difficult to assign mac screens on all ports. Either that or use 802.1x auth.
post #9 of 19
Quote:
Originally Posted by herkalurk View Post

Not an error, just don't configure Vlan 1. If vlan 1 goes nowhere, then you don't care that anyone can plug in. As for port security, that would be difficult to assign mac screens on all ports. Either that or use 802.1x auth.

As from cisco's material, it is best practice to get things out of VLAN 1 for security purposes since it is commonly known as being the default. And as far as setting up port security, not hard at all, even for switches with a huge range of ports.

Simple 3 commands needed (for cisco devices of course):
Code:
interface range fax/x-x
switchport port-security
switchport port-security mac-address sticky
(optional)switchport port-security maximum #

With that simple block of commands, you can configure 1 to however many ports you need to all at once to allow only 1 to however many device to be allowed on that port (access port, mind you). That would prevent people from bringing their own switches and screwing stuff up.

This is getting a bit outside the main topic though....
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
post #10 of 19
Thread Starter 
So a good practice would be to assign a port to vlan 1 (which all are defaulted) for management reasons, and every other port to VLAN 2 or whatever you want for access reasons?
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › VLAN Trunk question?