Interswitch connectivity involves connecting multiple switches to form a larger network, allowing devices connected to different switches to communicate as if they were on the same switch. This process relies on several key concepts: trunk ports, 802.1Q, and native VLAN.
a. Trunk Ports
Trunk ports are switch ports configured to carry traffic for multiple VLANs (Virtual Local Area Networks). They are used for connecting switches to each other or to other network devices that require access to multiple VLANs.
Function:
Tagging: Trunk ports tag the traffic with VLAN identifiers, enabling the separation and identification of VLANs across multiple switches.
Multiplexing: They allow multiple VLANs to be carried over a single physical link, reducing the number of physical connections required between switches.
Configuration Example:
On Cisco switches, configuring a port as a trunk port looks like this:
Firstly, let’s start by creating a VLAN:
SW1(config)#vlan 10
SW1(config-vlan)#name Orbit
SW1(config-vlan)#exit
SW2(config)#vlan 10
SW2(config-vlan)#name orbit
SW2(config-vlan)#exit
Configure connected interfaces to the correct VLAN:
SW1(config)#interface fa0/1
SW1(config-if)#switchport access vlan 10
SW2(config)#interface fa0/2
SW2(config-if)#switchport access vlan 10
The next step is to create a trunk between the two switches.
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode trunk
SW2(config-if)#exit
SW2(config)#interface fa0/1
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit
Read More on VLAN Trunking here
b. 802.1Q
The IEEE 802.1Q is a networking standard that defines the VLAN tagging process on Ethernet frames. It specifies how VLAN information is added to frames so that traffic from different VLANs can be distinguished as it travels across trunk links.
Process:
Tagging: When a frame is sent from a device within a VLAN, the switch adds an 802.1Q tag to the frame. This tag contains the VLAN ID (VID), which identifies the VLAN to which the frame belongs.
Untagging: When the frame reaches its destination switch, the tag is removed before the frame is forwarded to devices within the destination VLAN.
example configuration:
Frame Structure:
Original Ethernet Frame: [Destination MAC | Source MAC | EtherType | Payload | FCS]
802.1Q Tagged Frame: [Destination MAC | Source MAC | 802.1Q Tag | EtherType | Payload | FCS]
802.1Q Tag Components:
TPID (Tag Protocol Identifier): A fixed value of 0x8100 indicating the presence of an 802.1Q tag. This tag is used to identify and distinguish VLAN tagged frames in Ethernet networks. It helps network devices understand how to process and route the VLAN traffic effectively.
The TPID serves as a marker that informs switches and routers that the frame contains VLAN information and that it should be processed accordingly. This plays a crucial role in achieving efficient and secure communication within VLANs, ensuring that network traffic is appropriately segregated and managed according to specific requirements.
TCI (Tag Control Information): TCI is crucial for managing the flow of data packets within a network and ensuring efficient communication between devices. It provides the necessary guidelines and instructions for handling tagged information, allowing for seamless transmission and reception of data across different network nodes.
Proper utilization of TCI can significantly enhance network performance and stability, making it an indispensable component in modern networking technologies.
Priority Code Point (PCP): Used for Quality of Service (QoS). For example, in a network environment, packets with a higher PCP value may receive preferential treatment over packets with a lower PCP value when it comes to resource allocation and network traffic prioritization. This can help ensure that critical data such as voice or video streams are delivered with minimal delay and jitter.
DEI (Drop Eligible Indicator): This helps indicate frames eligible to be dropped in the presence of congestion. It suggests that these frames may be discarded as a strategy in managing network congestion to enhance overall performance and throughput. The DEI aids network devices in making informed choices about which frames can be safely dropped without notably affecting the quality of service.
VLAN ID (VID): Identifies the VLAN, allowing up to 4096 VLANs (12-bit field). VLAN ID (VID) also serves as a crucial identifier within the network infrastructure, ensuring efficient segregation and management of traffic across multiple VLANs. With the capacity to accommodate up to 4096 unique VLANs, the 12-bit field for VLAN ID fosters robust network scalability and flexibility to meet diverse deployment requirements.
c. Native VLAN
The native VLAN is the default VLAN assigned to untagged traffic on a trunk port. It is used to handle frames that arrive on a trunk port without an 802.1Q tag.
The native VLAN can be manually configured on a trunk port to ensure consistency across a network and avoid potential VLAN hopping or security risks associated with untagged traffic. It is important to choose a specific VLAN for the native VLAN to prevent any unintended communication or interference with other VLANs on the network.
Function:
Compatibility: Ensures compatibility with devices or networks that do not support VLAN tagging.
Traffic Segregation: Keeps untagged traffic separate from tagged VLAN traffic.
Configuration Example:
On Cisco switches, setting the native VLAN looks like ths:
SW1(config)#interface GigabitEthernet0/1
SW1(config)#switchport trunk native vlan 10
Special Considerations:
Security Risk: If not properly managed, the native VLAN can pose a security risk. VLAN hopping attacks can exploit the native VLAN by sending untagged or double-tagged packets.
Consistency: Ensure the native VLAN is consistent across all interconnected trunk ports to prevent traffic misrouting.
Interswitch Connectivity Process Summary
Establish Physical Links:
Connect switches using appropriate physical media (e.g., Ethernet cables, fiber optic cables).
Configure Trunk Ports:
Configure the interconnecting ports as trunk ports on each switch to carry multiple VLANs.
Example:
SW1(config)#interface GigabitEthernet0/1
SW1(config)#switchport mode trunk
Implement 802.1Q Tagging:
Enable 802.1Q tagging on trunk ports to ensure VLAN traffic is correctly tagged and identified across switches.
Example:
SW1(config)#interface GigabitEthernet0/1
SW1(config)#switchport trunk encapsulation dot1q
Set Native VLAN:
Configure the native VLAN for untagged traffic on each trunk port.
Example:
SW1(config)#interface GigabitEthernet0/1
SW1(config)#switchport trunk native vlan 10
Verify Configuration:
Use commands to verify trunk status and VLAN tagging (e.g., show interfaces trunk on Cisco switches).
Lastly; ensure the correct VLANs are allowed on the trunk port.
Overall, interswitch connectivity is essential for building scalable, segmented, and efficient networks. Trunk ports facilitate the transport of multiple VLANs across a single physical link, 802.1Q provides a standard method for tagging VLAN traffic, and the native VLAN ensures compatibility with untagged traffic. Proper configuration and management of these elements enable seamless and secure communication between switches, maintaining network segmentation and performance.
