1 00:00:00,320 --> 00:00:00,420 Okay. 2 00:00:00,970 --> 00:00:02,090 So let's do a test. 3 00:00:02,110 --> 00:00:06,160 What happens if we move one of these ports into a different VLAN? 4 00:00:06,520 --> 00:00:10,120 Now earlier when I was doing this test, I had some problems in three. 5 00:00:10,720 --> 00:00:16,780 So what I'm going to do is I'm going to shut gigabit zero two down and gigabit to zero three. 6 00:00:17,200 --> 00:00:22,010 So the only interfaces that are now up are zero zero and zero one. 7 00:00:22,030 --> 00:00:27,970 In this topology, just to start with a simple network. 8 00:00:28,900 --> 00:00:30,160 To make a point. 9 00:00:30,280 --> 00:00:32,500 So those interfaces are up, up. 10 00:00:32,500 --> 00:00:34,810 The other interfaces are down. 11 00:00:35,710 --> 00:00:43,390 What I'll also do actually is just shut down any other interfaces to make sure that things converge 12 00:00:43,390 --> 00:00:43,990 quicker. 13 00:00:45,040 --> 00:00:46,300 So shut down. 14 00:00:48,160 --> 00:00:49,210 That range. 15 00:00:50,760 --> 00:00:52,740 And this range of interfaces. 16 00:00:53,580 --> 00:00:55,680 Show IP interface. 17 00:00:55,680 --> 00:00:56,550 Brief. 18 00:00:57,270 --> 00:00:58,650 Also shut down. 19 00:01:00,940 --> 00:01:03,670 Gigabit 3/023. 20 00:01:03,670 --> 00:01:06,880 So show IP interface brief. 21 00:01:07,960 --> 00:01:12,070 All interfaces are shut down except for those two interfaces. 22 00:01:12,070 --> 00:01:15,520 So gigabit zero zero gigabit zero one. 23 00:01:17,860 --> 00:01:20,590 Is rather one able to ping rather to. 24 00:01:20,620 --> 00:01:21,670 Yes, it is. 25 00:01:22,120 --> 00:01:33,070 But if we put this interface gigabit is zero one into VLAN two, what will happen with the pings. 26 00:01:33,370 --> 00:01:36,910 So switch port access vlan two. 27 00:01:37,180 --> 00:01:40,360 Now before I press enter, notice the ping succeeds. 28 00:01:40,600 --> 00:01:43,510 I'll repeat this 100 times. 29 00:01:48,340 --> 00:01:53,290 And then hit enter on the switchboard access VLAN command. 30 00:01:53,320 --> 00:01:55,960 Notice the pings are starting to time out. 31 00:01:56,890 --> 00:02:03,850 So as soon as I moved the port from one VLAN to another, the devices are not able to communicate with 32 00:02:03,850 --> 00:02:04,510 each other. 33 00:02:05,950 --> 00:02:13,780 So spanning tree shows that gigabit zero one is still in the learning phase of spanning tree. 34 00:02:13,780 --> 00:02:18,130 So we'll wait for a while for spanning tree to converge and then do the test again. 35 00:02:18,370 --> 00:02:25,000 But what I'd like you to see is these two devices were in the same subnet and in the same VLAN and they 36 00:02:25,000 --> 00:02:26,410 were able to ping each other. 37 00:02:26,620 --> 00:02:33,580 As soon as we moved one port to a different VLAN they were no longer able to ping each other. 38 00:02:34,710 --> 00:02:40,500 Spanning trees forwarding on VLAN two on port gigabit to zero one. 39 00:02:40,770 --> 00:02:44,100 It's also forwarding on gigabit zero zero. 40 00:02:45,850 --> 00:02:47,140 On VLAN one. 41 00:02:50,390 --> 00:02:58,340 So if we use the show spending tree summary command, we can see that VLAN one is forwarding, VLAN 42 00:02:58,340 --> 00:02:59,590 two is forwarding. 43 00:02:59,600 --> 00:03:01,340 There are no blocking ports. 44 00:03:03,550 --> 00:03:12,910 Yet rather one is not able to ping rather two and rather two is not able to ping rather one. 45 00:03:13,920 --> 00:03:19,920 Because they are in separate vlans is rather too aware that it's in a separate VLAN. 46 00:03:22,670 --> 00:03:30,230 The answer is no because no tagging information or no VLAN information is going to be sent on this port. 47 00:03:30,500 --> 00:03:34,910 It's an access port, so we just have standard Ethernet frames. 48 00:03:37,200 --> 00:03:44,250 There is no VLAN port information transmitted on any of the frames going out of that port. 49 00:03:47,400 --> 00:03:52,020 Now to prove this, let's add some IP addresses onto switch one. 50 00:03:52,590 --> 00:03:56,550 So interface VLAN one IP address ten one one. 51 00:03:57,030 --> 00:03:58,800 Let's make it two, five, four. 52 00:04:00,750 --> 00:04:01,780 And then interface. 53 00:04:01,800 --> 00:04:09,150 VLAN two IP address ten 12254 with a mosque. 54 00:04:09,690 --> 00:04:10,580 Now I need to know. 55 00:04:10,620 --> 00:04:11,880 Shut both of those. 56 00:04:11,880 --> 00:04:14,850 So go back onto vlan one and no, shut it. 57 00:04:17,290 --> 00:04:21,260 So these are layers three switched virtual interfaces on the switch. 58 00:04:21,279 --> 00:04:27,070 We are basically creating a layer three IP address on the switch for the relevant VLAN. 59 00:04:27,160 --> 00:04:30,670 So as an example, the switch can ping rather one. 60 00:04:31,690 --> 00:04:33,070 On VLAN one. 61 00:04:33,160 --> 00:04:41,110 It lost the first ping because of ARP but switch one can ping right of one it can't ping router two 62 00:04:41,110 --> 00:04:46,390 because router two needs to be configured with the right IP address for VLAN two. 63 00:04:46,420 --> 00:04:50,950 But before I do that, notice when I do a CAPTCHA under that port. 64 00:04:54,150 --> 00:05:00,450 Traffic from the switch to the rudder is untagged. 65 00:05:00,480 --> 00:05:03,000 It's a standard Ethernet frame. 66 00:05:03,210 --> 00:05:04,370 IP traffic. 67 00:05:04,380 --> 00:05:06,240 There is no tagging at all. 68 00:05:07,710 --> 00:05:18,930 And as a last test, what I'll do is configure right a two so interface f0/0 IP address ten .1.2.2. 69 00:05:20,010 --> 00:05:22,440 So I've moved it from one subnet to another. 70 00:05:24,340 --> 00:05:25,870 Paying 2 to 2. 71 00:05:27,090 --> 00:05:31,350 The switch can ping rather to on this port. 72 00:05:32,470 --> 00:05:33,940 Is the traffic tagged? 73 00:05:37,610 --> 00:05:41,840 So do the ping a gain full time for ICMP traffic. 74 00:05:42,080 --> 00:05:45,170 Notice there is no tagging information at all. 75 00:05:45,200 --> 00:05:47,180 It's just standard Ethernet. 76 00:05:47,570 --> 00:05:50,360 So what is the summary of this test? 77 00:05:50,840 --> 00:05:56,690 The PCs in the topology are unaware of VLAN traffic. 78 00:05:57,230 --> 00:06:00,410 These are access ports or untagged ports. 79 00:06:02,020 --> 00:06:03,370 In other words, a two, two, two, one. 80 00:06:03,370 --> 00:06:05,980 Q Tagging is not used on these ports. 81 00:06:06,460 --> 00:06:07,780 Can write a one ping router of. 82 00:06:09,190 --> 00:06:10,180 So can it ping ten. 83 00:06:10,180 --> 00:06:11,230 One, two, two. 84 00:06:11,590 --> 00:06:19,330 At the moment it won't be able to because the routers don't have default routes configured. 85 00:06:19,990 --> 00:06:29,410 So I'm going to turn off IP routing on these routers to turn them into PCs or dumb devices and type 86 00:06:29,440 --> 00:06:30,970 IP default gateway. 87 00:06:31,090 --> 00:06:37,930 And in this case, the default gateway of router two will be this IP address on router one. 88 00:06:39,020 --> 00:06:40,360 No IP routing. 89 00:06:40,370 --> 00:06:45,020 That's a command that turns an expensive router into a dumb device. 90 00:06:45,590 --> 00:06:49,670 IP Default Gateway ten .1.12254. 91 00:06:50,600 --> 00:06:55,760 So rather one has a default gateway configured. 92 00:06:56,390 --> 00:06:58,340 Can it ping its default gateway? 93 00:06:59,760 --> 00:07:00,850 Yes, it can. 94 00:07:00,870 --> 00:07:03,600 Can it ping rather to. 95 00:07:04,920 --> 00:07:06,370 At the moment it can. 96 00:07:06,390 --> 00:07:10,980 And the reason why is that on the switches. 97 00:07:13,550 --> 00:07:14,810 IP routing. 98 00:07:15,980 --> 00:07:17,810 Is configured by default. 99 00:07:18,140 --> 00:07:26,060 However, if I typed no IP routing, which is true on a lot of switches, the pings will not succeed 100 00:07:26,060 --> 00:07:32,930 because the switch is not doing into VLAN routing to enable into VLAN routing on a layer three switch 101 00:07:32,930 --> 00:07:40,460 such as this or a physical switch, you need the IP routing command to route between the VLANs. 102 00:07:41,150 --> 00:07:53,930 So to prove this on rather to I'll do a debug IP ICMP so we can see if ICMP traffic is getting to the 103 00:07:53,930 --> 00:07:54,470 router. 104 00:07:54,740 --> 00:07:56,030 Do the ping again. 105 00:07:56,330 --> 00:07:58,970 And notice there are the echo replies. 106 00:07:59,540 --> 00:08:03,350 We can do something similar on router one. 107 00:08:06,100 --> 00:08:07,810 And there are the echo replies. 108 00:08:09,950 --> 00:08:13,520 Debug IP packet will give us low level information. 109 00:08:13,640 --> 00:08:16,040 I'll repeat this only once. 110 00:08:16,460 --> 00:08:19,850 So we'll send one ping which succeeded over there. 111 00:08:20,690 --> 00:08:28,580 And what you can see is the packet was rooted out of the router and sent to the destination is an IP 112 00:08:28,580 --> 00:08:29,300 packet. 113 00:08:29,900 --> 00:08:38,150 So in other words, these end devices connected to a switch are unaware that the switch is using VLANs. 114 00:08:39,289 --> 00:08:44,300 The configuration of the switches as follows show run interface gigabit zero zero. 115 00:08:44,750 --> 00:08:50,540 That port is using default config, which is which means that it's an access port in VLAN one gigabit 116 00:08:50,620 --> 00:08:53,510 zero two is an access port in VLAN two. 117 00:08:53,840 --> 00:09:02,570 IP writing is enabled and we've configured layer three IP addresses on the two VLANs to allow the switch 118 00:09:02,570 --> 00:09:08,660 to rot between the two VLANs configured, which in turn allows router one and router two to communicate 119 00:09:08,660 --> 00:09:09,470 with each other. 120 00:09:10,040 --> 00:09:17,090 Now if router one and router three are put into the same VLAN and router two and router four put into 121 00:09:17,090 --> 00:09:23,690 the same VLAN, that kind of information needs to be communicated from one switch to another using a 122 00:09:23,810 --> 00:09:24,860 2 to 1 key. 123 00:09:24,860 --> 00:09:27,740 So this port needs to be configured as a trunk port. 124 00:09:27,740 --> 00:09:30,380 So let's prove that and then configure it.