Category: Networking

1. What is EtherChannel?

EtherChannel is a link aggregation technology used to combine multiple physical links into a single logical link. It improves bandwidth, redundancy, and load balancing between switches, routers, or servers.

✅ Increases bandwidth by combining links (e.g., 2x1Gbps = 2Gbps).
✅ Provides redundancy—if one link fails, traffic continues on the others.
✅ Prevents loops because it appears as one logical connection to Spanning Tree Protocol (STP).

EtherChannel Protocols

EtherChannel can be configured using two protocols:

Protocol	Description	Modes Available
PAgP (Port Aggregation Protocol)	Cisco proprietary. Ensures both sides agree before forming an EtherChannel.	Auto, Desirable
LACP (Link Aggregation Control Protocol – IEEE 802.3ad)	Open standard, works with non-Cisco devices.	Passive, Active

EtherChannel can also be manually configured (static mode) without PAgP or LACP.

---

2. EtherChannel Configuration

A. Verify Requirements Before Configuration

✔ All ports must have the same speed and duplex settings.
✔ All ports must be in the same VLAN (if access ports) or trunk mode (if trunk ports).
✔ STP treats the EtherChannel as one logical link, preventing loops.

---

B. Configure EtherChannel Using LACP (Recommended for Open Standard)

Scenario: Create an EtherChannel with Gi0/1 and Gi0/2 using LACP.

interface range GigabitEthernet0/1 - 2
  channel-group 1 mode active   # LACP mode (Active initiates negotiation)
  channel-protocol lacp         # (Optional) Ensures only LACP is used
  exit

interface Port-channel 1
  switchport mode trunk         # Configure as trunk if needed
  switchport trunk allowed vlan 10,20,30
  exit

📌 Active Mode ensures the switch actively tries to form an EtherChannel.

Other LACP mode options:

Mode	Description
active	Actively tries to form EtherChannel.
passive	Waits for the other side to initiate.

---

C. Configure EtherChannel Using PAgP (Cisco Proprietary)

Scenario: Create an EtherChannel with Gi0/3 and Gi0/4 using PAgP.

interface range GigabitEthernet0/3 - 4
  channel-group 2 mode desirable   # PAgP mode
  channel-protocol pagp
  exit

interface Port-channel 2
  switchport mode access           # Use access mode if needed
  switchport access vlan 20
  exit

Other PAgP mode options:

Mode	Description
desirable	Actively tries to form EtherChannel.
auto	Waits for the other side to initiate.

---

D. Configure Static EtherChannel (Manual, No Protocols)

If you don’t want LACP or PAgP, you can configure a static EtherChannel:

interface range GigabitEthernet0/5 - 6
  channel-group 3 mode on         # Forces EtherChannel (No LACP/PAgP)
  exit

interface Port-channel 3
  switchport mode trunk
  switchport trunk allowed vlan 10,30
  exit

📌 Mode “on” means no negotiation—both sides must be manually configured.

---

3. Verify and Troubleshoot EtherChannel

Check EtherChannel Status

show etherchannel summary

• Displays all EtherChannel groups and their status.
• Look for “SU” (Layer 2, working) or “SD” (Down).

Check Detailed Interface Information

show interfaces port-channel 1

• Verifies if traffic is flowing properly.

Check Which Ports Are in the EtherChannel

show etherchannel port-channel

Check for Configuration Mismatches

show spanning-tree active

• Ensures STP is treating the EtherChannel as a single logical link.

---

4. Troubleshooting EtherChannel Issues

Issue	Possible Cause	Solution
Port-channel is down (SD)	Speed, duplex, VLAN, or trunk settings don’t match.	Ensure all interfaces have the same config.
EtherChannel not forming	Mismatched modes (e.g., auto-auto in PAgP or passive-passive in LACP).	Use desirable-active (LACP) or desirable-auto (PAgP).
Traffic not passing through	VLANs missing on trunk port-channel.	Use switchport trunk allowed vlan add X.
High CPU utilization	Flapping links due to mismatches.	Check logs with show logging.

---

5. Best Practices for EtherChannel

✅ Use LACP (IEEE standard) instead of PAgP (Cisco proprietary).
✅ Always verify settings on both ends before enabling EtherChannel.
✅ Avoid using mode “on” unless you are sure both sides match.
✅ Use “active” and “passive” for LACP, or “desirable” and “auto” for PAgP.
✅ Check EtherChannel consistency (show etherchannel summary).

---

Conclusion

EtherChannel is an efficient way to improve bandwidth and redundancy in a network. Proper configuration using LACP, PAgP, or static mode ensures reliable link

VLAN and trunking issues can cause communication failures between devices in different VLANs. Below is a step-by-step guide to diagnose and resolve VLAN and trunking problems.

---

1. Check VLAN Configuration

Issue: Devices in the same VLAN cannot communicate.

Solution:

• Verify the VLAN exists on the switch:bashCopyEditshow vlan brief
• If the VLAN is missing, create it:bashCopyEditconfigure terminal vlan 10 name Sales exit
• Ensure the ports are assigned to the correct VLAN:bashCopyEditshow interfaces GigabitEthernet0/1 switchport
  • If needed, assign the correct VLAN:bashCopyEditinterface GigabitEthernet0/1 switchport mode access switchport access vlan 10
• If the device still cannot communicate, check if the VLAN is allowed on the trunk.

---

2. Verify Trunk Links

Issue: Devices in different VLANs cannot communicate across switches.

Solution:

• Check if the port is in trunk mode:bashCopyEditshow interfaces trunk
  • If the port is missing, it is not operating as a trunk.
• Enable trunk mode manually:bashCopyEditinterface GigabitEthernet0/1 switchport mode trunk
• Check if VLANs are allowed on the trunk:bashCopyEditshow interfaces trunk
  • If VLANs are missing, allow them manually:bashCopyEditinterface GigabitEthernet0/1 switchport trunk allowed vlan 10,20,30

---

3. Check Native VLAN Mismatch

Issue: Trunk is up, but VLAN traffic is not passing correctly.

Solution:

• Verify native VLANs on both ends of the trunk:bashCopyEditshow interfaces trunk
  • If one switch has VLAN 1 as native and another has VLAN 99, packets may be dropped.
• Fix the mismatch by setting the same native VLAN on both switches:bashCopyEditinterface GigabitEthernet0/1 switchport trunk native vlan 99

---

4. Check Spanning Tree (STP) Blocking

Issue: Some VLANs work, others don’t.

Solution:

• Check if STP is blocking the trunk port:bashCopyEditshow spanning-tree interface GigabitEthernet0/1
• If a port is in blocking mode, try:bashCopyEditshow spanning-tree vlan 10
  • If STP is incorrectly blocking the trunk, consider changing the STP priority:bashCopyEditspanning-tree vlan 10 priority 4096
  • If needed, manually enable the port:bashCopyEditinterface GigabitEthernet0/1 no shutdown

---

5. Check Inter-VLAN Routing Issues

Issue: Devices in different VLANs cannot communicate.

Solution:

• If VLANs need to communicate, a router or Layer 3 switch is required.
• Verify if SVIs (Switched Virtual Interfaces) are configured:bashCopyEditshow ip interface brief
• If missing, create an SVI for each VLAN:bashCopyEditinterface vlan 10 ip address 192.168.10.1 255.255.255.0 no shutdown
• Ensure the default gateway is set on end devices:
  • If VLAN 10 uses 192.168.10.1, set this as the gateway.

---

6. Check VTP Configuration

Issue: VLANs are not propagating between switches.

Solution:

• Verify VTP mode:bashCopyEditshow vtp status
  • Ensure one switch is in VTP Server mode and others are in VTP Client mode.
• If VLANs are not syncing, try resetting the VTP revision number:bashCopyEditvtp mode transparent vtp mode client

---

7. Check for DTP Issues (If Trunk is Not Forming)

Issue: Trunk mode is not working.

Solution:

• Verify the DTP mode on both ends:bashCopyEditshow interfaces switchport
• If both ports are dynamic auto, no trunk will form. Change one side to dynamic desirable:bashCopyEditinterface GigabitEthernet0/1 switchport mode dynamic desirable
• If connecting to a non-Cisco switch, disable DTP:bashCopyEditswitchport mode trunk switchport nonegotiate

---

8. Restart the Trunking Process (Last Resort)

If all configurations are correct but the VLAN is still not passing traffic, restart the trunk port:

interface GigabitEthernet0/1
  shutdown
  no shutdown

---

Summary of Key Troubleshooting Commands

Command	Purpose
show vlan brief	Checks if VLANs exist on the switch.
show interfaces trunk	Verifies which ports are in trunk mode.
show interfaces switchport	Displays VLAN and trunk settings on an interface.
show spanning-tree interface Gi0/1	Checks if STP is blocking the port.
show vtp status	Confirms VTP domain, mode, and VLAN propagation.
show ip interface brief	Verifies if SVI (inter-VLAN routing) is configured.
show cdp neighbors	Confirms if the switch is connected to the expected devices.

---

Best Practices to Avoid VLAN and Trunk Issues

✅ Manually configure trunk ports (switchport mode trunk).
✅ Disable DTP (switchport nonegotiate) unless auto-negotiation is needed.
✅ Ensure native VLANs match on both ends of a trunk.
✅ Use show interfaces trunk to verify allowed VLANs.
✅ Check STP (show spanning-tree) to prevent VLAN blocking.

If DTP is not forming trunks as expected, you need to check for common misconfigurations and conflicts. Below is a systematic troubleshooting guide.

---

1. Verify the Current Trunking Status

Issue: The trunk is not forming.

Solution:

Use the following command to check if the port is in trunk mode:

show interfaces trunk

• If the port is missing from the output, it means the trunk did not form.

Also, check the interface mode with:

show interfaces GigabitEthernet0/1 switchport

• Look for Administrative Mode and Operational Mode.
• Ensure the port is not in access mode if you expect it to be a trunk.

---

2. Check the DTP Mode on Both Ends

Issue: Two switches are not forming a trunk.

Solution:

Use:

show running-config interface GigabitEthernet0/1

Verify that both ports are using compatible DTP modes.

Local Mode	Remote Mode	Trunk Formed?
Trunk	Trunk / Dynamic Desirable / Dynamic Auto	✅ Yes
Dynamic Desirable	Trunk / Dynamic Desirable / Dynamic Auto	✅ Yes
Dynamic Auto	Dynamic Auto	❌ No (Both are passive)
Access	Any Mode	❌ No

👉 If both ports are set to dynamic auto, change one to dynamic desirable or trunk:

interface GigabitEthernet0/1
  switchport mode dynamic desirable

---

3. Check for DTP Being Disabled (nonegotiate)

Issue: Trunk is not forming even though the correct mode is set.

Solution:

Check if DTP negotiation is disabled:

show running-config interface GigabitEthernet0/1

If you see switchport nonegotiate, DTP is disabled.

👉 If needed, remove the nonegotiate command:

interface GigabitEthernet0/1
  no switchport nonegotiate

---

4. Verify VLANs Allowed on the Trunk

Issue: Trunk is formed, but some VLANs are missing.

Solution:

Check which VLANs are allowed on the trunk:

show interfaces trunk

If some VLANs are missing, allow them manually:

interface GigabitEthernet0/1
  switchport trunk allowed vlan add 10,20,30

---

5. Check Native VLAN Mismatch

Issue: Trunk forms, but communication issues occur between VLANs.

Solution:

Verify the native VLAN on both switches:

show interfaces trunk

If one switch has VLAN 1 as native and another has VLAN 99, packets might be dropped.

👉 To fix, match the native VLAN on both sides:

interface GigabitEthernet0/1
  switchport trunk native vlan 99

---

6. Check for Trunking with Non-Cisco Devices

Issue: Trunk is not forming with a non-Cisco switch.

Solution:

DTP is Cisco-proprietary and does not work with non-Cisco switches.

• Manually set the port to trunk mode and disable DTP:

interface GigabitEthernet0/1
  switchport mode trunk
  switchport nonegotiate

👉 This forces the trunk without DTP negotiation.

---

7. Restart the Trunking Process (Last Resort)

Issue: All configurations are correct, but the trunk is still not working.

Solution:

Try resetting the trunking interface:

interface GigabitEthernet0/1
  shutdown
  no shutdown

This restarts the trunk and can force re-negotiation.

---

Summary of Key Troubleshooting Commands

Command	Purpose
show interfaces trunk	Checks which ports are operating as trunks.
show interfaces switchport	Displays DTP mode, VLAN settings, and negotiation status.
show running-config interface Gi0/1	Checks if nonegotiate is enabled.
show vlan brief	Ensures VLANs are properly assigned.
show cdp neighbors	Confirms neighboring Cisco devices.

---

Best Practices to Avoid DTP Issues

✅ Manually set trunk mode (switchport mode trunk) instead of relying on DTP.
✅ Disable DTP (switchport nonegotiate) to prevent unauthorized trunking.
✅ Ensure Native VLANs match on both ends of the trunk.
✅ Use show interfaces trunk to verify allowed VLANs.

. What is DTP?

Dynamic Trunking Protocol (DTP) is a Cisco-proprietary protocol that automates trunk formation between switches. It allows switch ports to dynamically negotiate whether they should be in access mode or trunk mode, reducing the need for manual configuration.

Key Features of DTP:

✅ Automatically forms trunks between Cisco switches.
✅ Negotiates trunking mode without manual intervention.
✅ Supports 802.1Q and ISL (Cisco’s older VLAN tagging protocol).
✅ Can be disabled for security to prevent unauthorized trunking.

---

2. DTP Modes

DTP has four operating modes:

Mode	Description	Effect When Connected to Another Switch
Trunk	Forces the port into trunk mode	Always trunks, regardless of the other switch’s mode.
Access	Forces the port into access mode	Never forms a trunk.
Dynamic Auto	Passively waits for a trunk request but does not initiate one	If the other switch is dynamic auto, no trunk forms. If desirable/trunk, a trunk forms.
Dynamic Desirable	Actively tries to form a trunk	If the other switch is trunk, desirable, or auto, a trunk forms.

---

3. DTP Mode Interaction

Local Mode →	Trunk	Access	Dynamic Auto	Dynamic Desirable
Trunk	✅ Trunk	❌ Access	✅ Trunk	✅ Trunk
Access	❌ Access	❌ Access	❌ Access	❌ Access
Dynamic Auto	✅ Trunk	❌ Access	❌ Access	✅ Trunk
Dynamic Desirable	✅ Trunk	❌ Access	✅ Trunk	✅ Trunk

🚨 Important Note: If both ports are set to Dynamic Auto, no trunk will form because neither initiates the trunk negotiation.

---

4. Configuring DTP

Enable Trunking with DTP (Dynamic Desirable)

bashCopyEditinterface GigabitEthernet0/1
  switchport mode dynamic desirable
  exit

👉 This makes the port actively negotiate a trunk.

---

Enable Passive DTP (Dynamic Auto)

bashCopyEditinterface GigabitEthernet0/2
  switchport mode dynamic auto
  exit

👉 This port will form a trunk only if the other switch actively requests it.

---

Disable DTP (For Security)

DTP can be a security risk if an attacker plugs in a switch and forces a trunk. To disable it:

bashCopyEditinterface GigabitEthernet0/3
  switchport mode trunk
  switchport nonegotiate
  exit

👉 This forces the port into trunk mode but stops DTP messages from being sent.

---

5. When to Use or Disable DTP?

✅ Use DTP when:

• You have Cisco switches and want automatic trunk formation.
• You need dynamic VLAN management with VTP.

❌ Disable DTP when:

• You want better security (to prevent VLAN hopping attacks).
• Your network includes non-Cisco switches (since DTP is Cisco-proprietary).

VTP (VLAN Trunking Protocol) has evolved over time, with VTP version 3 introducing significant improvements over VTP version 2. Below is a comparison of both versions.

---

1. Key Differences Between VTP v2 and VTP v3

Feature	VTP v2	VTP v3
VLAN Range Support	Supports VLANs 1-1005	Supports VLANs 1-4094 (full range)
Private VLANs	Not supported	✅ Supports private VLANs
VTP Modes	Server, Client, Transparent	Server, Client, Transparent, Off
Server Authorization	Any VTP server can modify VLANs	✅ Only a primary server can modify VLANs
Extended VLAN Support (1006-4094)	❌ No	✅ Yes
VTP Pruning	Yes	✅ Improved pruning efficiency
Security	No authentication improvements	✅ Supports hidden passwords for security
MD5 Hashing for Authentication	Yes	✅ Yes (Improved)
Multiple Spanning Tree (MST) Support	No	✅ Yes

---

2. When to Use VTP v3?

VTP v3 is ideal when:
✅ You need extended VLANs (1006-4094) support.
✅ You want to improve security and prevent accidental VLAN changes.
✅ You are using Private VLANs in your network.
✅ You need better MST (Multiple Spanning Tree) support.
✅ You want more control over which switches can modify VLANs (Primary Server Feature).

---

3. How to Upgrade from VTP v2 to VTP v3

Before upgrading, ensure:
✅ All switches support VTP v3 (older switches may not).
✅ The switch is running VTP Server Mode.
✅ The VTP domain name is configured correctly.

Step-by-Step Upgrade to VTP v3

Enable VTP v3 on the Server Switch

configure terminal

vtp version 3

exit

Set a Primary VTP Server

vtp primary

This switch now has exclusive rights to make VLAN changes.

Verify the Upgrade

show vtp status

Ensure Clients Are Syncing

show vlan brief

---

4. Summary: Should You Upgrade to VTP v3?

✅ YES, if:

• You need VLANs 1006-4094.
• You use Private VLANs.
• You want stronger security and better control over VLAN changes.

❌ NO, if:

• Your network has older switches that do not support VTP v3.
• You prefer manual VLAN configuration using VTP Transparent Mode.

When VLANs are not propagating correctly in a VTP environment, it’s important to check for misconfigurations. Below are common issues and troubleshooting steps.

---

1. Check VTP Mode and Domain Name

Issue: VLANs are not syncing between switches.

Solution:

• Ensure all switches have the same VTP domain name and password:bashCopyEditshow vtp status
  • If the domain name is different, update it:bashCopyEditvtp domain MyNetwork
• Ensure the VTP mode is correct (at least one switch should be in server mode).bashCopyEditvtp mode server

---

2. Verify Trunk Links

Issue: VTP advertisements are not passing between switches.

Solution:

• Check if the trunk is up and operational:bashCopyEditshow interfaces trunk
• If a port is not in trunk mode, enable it:bashCopyEditinterface GigabitEthernet0/1 switchport mode trunk switchport trunk allowed vlan all exit
• Ensure Native VLAN matches on both ends of the trunk:bashCopyEditshow interfaces trunk
  • If needed, change it:bashCopyEditswitchport trunk native vlan 99

---

3. Check VTP Version

Issue: Switches running different VTP versions may not sync.

Solution:

• Check the VTP version:bashCopyEditshow vtp status
• If versions do not match, change them:bashCopyEditvtp version 2

---

4. Check VTP Revision Number

Issue: A newly added switch with a higher revision number could erase VLANs.

Solution:

• Check the VTP Revision Number on all switches:bashCopyEditshow vtp status
• If a switch has a high revision number but incorrect VLANs, reset it:bashCopyEditvtp mode transparent vtp mode server # (or client if required)
  • This resets the revision number to 0.

---

5. Verify VTP Pruning

Issue: VLANs are not being propagated to all switches.

Solution:

• Check if VTP pruning is enabled:bashCopyEditshow vtp status
• If necessary, disable VTP pruning:bashCopyEditno vtp pruning

---

6. Check VTP Password

Issue: If a password is set on one switch but not on others, VLANs won’t sync.

Solution:

• Check if a VTP password is set:bashCopyEditshow vtp password
• If needed, set the same password on all switches:bashCopyEditvtp password Cisco123

---

7. Test VLAN Synchronization

Issue: VLANs still not syncing after troubleshooting.

Solution:

• Try manually adding a VLAN on the VTP server and check if it propagates to the clients:bashCopyEditconfigure terminal vlan 50 name Test_VLAN exit
• Then verify on a client switch:bashCopyEditshow vlan brief
  • If the VLAN does not appear, go through the previous troubleshooting steps again.

---

Summary of Key Troubleshooting Commands

Command	Description
show vtp status	Displays VTP domain, mode, revision number, and version.
show vtp password	Checks if a VTP password is set.
show interfaces trunk	Verifies if trunks are correctly configured.
show vlan brief	Checks if VLANs are propagating.
vtp mode transparent → vtp mode server	Resets the VTP revision number.

---

Best Practices to Avoid VTP Issues

✅ Use VTP Transparent Mode unless central management of VLANs is necessary.
✅ Reset the revision number when adding new switches to the network.
✅ Secure VTP with passwords to prevent unauthorized VLAN changes.
✅ Monitor trunk links to ensure VTP messages are transmitted properly.

In VLAN configurations, trunking allows multiple VLANs to be transmitted over a single physical link between switches. Trunking can be set up using static trunking or dynamic trunking.

---

1. Static Trunking

Static trunking means manually configuring a switch port as a trunk. This ensures that the port remains in trunk mode, allowing multiple VLANs to pass through it.

Advantages of Static Trunking

✅ More secure (prevents unauthorized devices from negotiating trunks).
✅ No risk of dynamic negotiation failures.
✅ Preferred in enterprise networks for stability.

Configuration of Static Trunking (Cisco Switch Example)

bashCopyEditinterface GigabitEthernet0/1
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  switchport trunk native vlan 99
  exit

👉 This command sets GigabitEthernet0/1 as a static trunk, allowing VLANs 10, 20, and 30, and setting VLAN 99 as the native VLAN.

---

2. Dynamic Trunking (DTP – Dynamic Trunking Protocol)

Dynamic trunking allows ports to negotiate whether to become a trunk or remain an access port. Cisco switches use DTP (Dynamic Trunking Protocol) to automate trunk formation.

DTP Modes

Mode	Behavior
Access	Forces the port into access mode (no trunking).
Trunk	Forces the port into trunk mode (like static trunking).
Dynamic Auto	Waits for the other side to initiate trunking but does not actively negotiate.
Dynamic Desirable	Actively tries to negotiate trunking with the other device.

Configuration of Dynamic Trunking (Cisco Example)

interface GigabitEthernet0/2
  switchport mode dynamic desirable
  exit

👉 The desirable mode will actively try to establish a trunk if the other side supports it.

interface GigabitEthernet0/3
  switchport mode dynamic auto
  exit

👉 The auto mode waits for the other side to initiate trunking. If both sides are set to auto, the trunk will not form.

---

3. Key Differences: Static vs. Dynamic Trunking

Feature	Static Trunking	Dynamic Trunking (DTP)
Configuration	Manually set to trunk mode	Uses DTP to negotiate trunking
Security	More secure	Less secure (vulnerable to VLAN hopping attacks)
Stability	Always trunk	May fail to negotiate a trunk
Best Use Cases	Enterprise networks, high-security environments	Simple setups or mixed vendor environments

Best Practice Recommendation

🔹 Disable DTP on all trunk ports and configure static trunking for security.
🔹 Use switchport nonegotiate to prevent DTP from running:

interface GigabitEthernet0/4
  switchport mode trunk
  switchport nonegotiate
  exit

1. What is 802.1Q?

IEEE 802.1Q is the standard for VLAN tagging in Ethernet networks. It allows multiple VLANs to exist on a single physical network by inserting a VLAN tag in the Ethernet frame header. This tagging enables switches to distinguish between VLANs and forward traffic accordingly.

Key Features of 802.1Q:

• Adds a 4-byte VLAN tag to Ethernet frames.
• Supports up to 4094 VLANs (VLAN IDs 1-4094).
• Trunk links carry multiple VLANs between switches.
• Defines a Native VLAN (untagged traffic).

---

2. What is a Native VLAN?

A Native VLAN is the VLAN that carries untagged traffic on a trunk port. Any frame received without a VLAN tag is assumed to belong to the Native VLAN of that trunk.

By default, VLAN 1 is the Native VLAN on most switches, but best practice is to change it to another VLAN for security reasons.

Example Configuration (Changing the Native VLAN):

bashCopyEditinterface GigabitEthernet0/1
  switchport mode trunk
  switchport trunk native vlan 99
  exit

👉 This sets VLAN 99 as the Native VLAN for trunk port GigabitEthernet0/1.

---

3. What is an Allowed VLAN?

An Allowed VLAN is a VLAN that is explicitly permitted on a trunk link. By default, all VLANs are allowed on a trunk, but administrators can restrict the VLANs allowed on a specific trunk port to enhance security and reduce unnecessary traffic.

Example Configuration (Restricting Allowed VLANs on a Trunk Port):

bashCopyEditinterface GigabitEthernet0/2
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  exit

👉 This command allows only VLANs 10, 20, and 30 on trunk port GigabitEthernet0/2.

---

Summary of Key Concepts

Concept	Description
802.1Q	Standard for VLAN tagging on Ethernet frames.
Native VLAN	The VLAN for untagged traffic on a trunk port (default is VLAN 1).
Allowed VLANs	VLANs that are explicitly permitted on a trunk link.

A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network that allows multiple networks to exist within the same physical infrastructure. VLANs enhance network performance, security, and manageability by grouping devices logically rather than based on physical location.

Benefits of VLANs

How to Configure VLANs

Step 1: Define VLANs on a Switch

Access the switch using the CLI (Command Line Interface) or Web GUI.

Enter privileged EXEC mode:enable

Enter global configuration mode:configure terminal

Create a VLAN and assign it a number:

vlan 10
name Sales
exit

for additional VLANs as needed.

Step 2: Assign Ports to VLANs

Enter interface configuration mode for a specific port:

interface GigabitEthernet0/1

Assign the port to VLAN 10 (Access Mode):

switchport mode access switchport

access vlan 10

exit

Repeat for other interfaces and VLANs as needed.

Step 3: Configure Trunk Ports (for VLAN Communication Between Switches)

Enter interface configuration mode for the uplink port:

Edit interface GigabitEthernet0/24

Set the port as a trunk:

switchport mode trunk

switchport trunk allowed vlan 10,20,30

exit

Step 4: Verify VLAN Configuration

Check VLAN assignments:

show vlan brief

Check trunk status:

show interfaces trunk

Verify VLAN connectivity using ping or other network tools.