CCNP SWITCH Implementiong Vlan Trunk
-
Upload
chetan666123 -
Category
Documents
-
view
58 -
download
12
description
Transcript of CCNP SWITCH Implementiong Vlan Trunk
Cisco certification training
Instructor:- ASHOK TAMBE
Contac us :- 9930157345 ashok tambe
Training for
CCNA,CCNP,
CCNA SECURITY
CCIP,
MPLS, BGP, IPV6
NETWORK+, SEURITY+
Instructor:- ASHOK TAMBE
Cisco certification training
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
https://www.facebook.com/Networkingwanschool
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
Implementing Trunking in Cisco Campus Network
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Trunks carry the traffic for multiple VLANs across a single physical link
(multiplexing). Trunking is used to extend Layer 2 operations across an
entire network, such as end-to-end VLANs, as shown in Figure
The host in VLAN 2 can communicate with the host in VLAN 2 in the
other switch over the single trunk link, the same as a host in VLAN 1 can
communicate with a host in another switch in VLAN 1.
Implementing Trunking in Cisco Campus Network
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Implementing Trunking in Cisco Campus Network
• Definition of a VLAN Trunk
–A trunk is a point-to-point link between one or more Ethernet
switch interfaces and another networking device, such as a router
or a switch.
–Ethernet trunks carry the traffic of multiple VLANs over a single
link.
–A VLAN trunk allows you to extend the VLANs across an entire
network.
–Cisco supports IEEE 802.1Q for coordinating trunks on Fast
Ethernet and Gigabit Ethernet interfaces. (for Cisco and Non-
Cisco devices)
–inter-switch link (ISL) (Cisco proprietary)
• A VLAN trunk does not belong to a specific VLAN, rather it is a conduit
for VLANs between switches and routers.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
What Problem Does a Trunk Solve?
• In the figure 1, you see the standard topology used in this chapter, except
instead of the VLAN trunk that you are used to seeing between switches S1 and
S2, there is a separate link for each subnet.
–There are four separate links connecting switches S1 and S2, leaving
three fewer ports to allocate to end-user devices.
–Each time a new subnetwork is considered, a new link is needed for each
switch in the network.
• In the figure 2, the network topology shows a VLAN trunk connecting switches
S1 and S2 with a single physical link. figure 1 figure 2
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Trunking protocol
To allow a switchport that connect two switches to carry more than one
VLAN, it must be configure as a trunk.
If frames from a single VLAN traverse a trunk link, a trunking protocol
must mark the frame to identify its associated VLAN as the frame is
placed onto the trunk link.
The receiving switch then knows the frame’s VLAN origin and can
process the frame accordingly.
On the receiving switch, the VLAN ID (VID) is removed when the frame
is forwarded onto an access link associated with its VLAN.
A Trunk in Action
4) Switch S3 receives these frames and strips off the VLAN IDs and forwards them as untagged frames to PC4 on VLAN 10 and PC6 on VLAN 30.
2) Switch S2 tags these frames with the appropriate VLAN ID and then forwards the frames over the trunk to switch S1.
3) Switch S1 reads the VLAN ID on the frames and broadcasts them to each port configured to support VLAN 10 and VLAN 30.
1) In the figure, PC1 on VLAN 10 and PC3 on VLAN 30 send broadcast frames to switch S2.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Trunking protocol
The cisco switches support following two trunking protocols
• Inter-Switch Link (ISL): A Cisco proprietary trunking encapsulation
• IEEE 802.1Q: An industry-standard trunking method
Because ISL protocol is obsolete, this course focuses only on 802.1Q
Today only 802.1Q is used. However, legacy networks may
still use ISL, and it is useful to learn about each type of trunk
port. An 802.1Q trunk port supports simultaneous tagged and
untagged traffic. An 802.1Q trunk port is assigned a default PVID, and all
untagged traffic travels on the port default PVID.
All untagged traffic and tagged traffic with a null VLAN ID are
assumed to belong to the port default PVID.
A packet with a VLAN ID equal to the outgoing port default PVID
is sent untagged. All other traffic is sent with a VLAN tag.
802.1q will NOT perform any operations on frames that are
forwarded out access ports.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 802.1Q Frame Tagging
• Significantly less overhead than the ISL.
• As opposed to the 30 bytes added by ISL, 802.1Q inserts only
an additional 4 bytes into the Ethernet frame.
• The 802.1Q tag is inserted by the switch before sending across
the trunk.
• The switch removes the 802.1Q tag before sending it out a non
trunk link.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 802.1Q Frame Tagging
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 802.1Q Frame Tagging
The 802.1Q Ethernet frame header contains the following fields:
• Dest: Destination MAC address (6 bytes)
• Src: Source MAC address (6 bytes)
• Tag: Inserted 802.1Q tag (4 bytes, detailed here):
• EtherType(TPID): Set to 0x8100 to specify that the 802.1Q tag follows.
• PRI: 3-bit 802.1p priority field.
• CFI: Canonical Format Identifier; is always set to 0 for Ethernet switches and to 1 for
Token Ring-type networks.
• VLAN ID: 12-bit VLAN field. Of the 4096 possible VLAN IDs, the maximum number of
possible VLAN configurations is 4094. A VLAN ID of 0 indicates priority frames, and value
4095 (FFF) is reserved. CFI, PRI, and VLAN ID are represented as Tag Control information
(TCI) fields.
• Len/Etype: 2-byte field specifying length (802.3) or type (Ethernet II).
• Data: Data itself.
• FCS: Frame check sequence (4 bytes).
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 802.1Q Frame Tagging
IEEE 802.1Q uses an internal tagging mechanism that modifies the original frame ,
recalculates the CRC value for the entire frame with the tag, and inserts the new
CRC value in a new FCS.
ISL, in comparison, wraps the original frame and adds a second FCS that is built
only on the header information but does not modify the original frame FCS.
IEEE 802.1p redefined the three most significant bits in the 802.1Q tag to allow for
prioritization of the Layer 2 frame.
If a non-802.1Q-enabled device or an access port receives an 802.1Q
frame, the tag data is ignored and the packet is switched at Layer 2 as a
standard Ethernet frame. This allows for the placement of Layer 2
intermediate devices, such as unmanaged switches or bridges, along the
802.1Q trunk path
To process an 802.1Q tagged frame, a device must enable a maximum
transmission unit (MTU) of 1522 or higher.
Baby giants are frames that are larger than the standard MTU of 1500 bytes
but less than 2000 bytes. Because ISL and 802.1Q tagged frames increase
the MTU beyond 1500 bytes, switches consider both frames as baby giants.
ISL-encapsulated packets over Ethernet have an MTU of 1548 bytes, whereas
802.1Q has an MTU of 1522 bytes.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
802.1Q Frame Tagging
Ethernet frame size before tagging & after tagging
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Understanding Native VLAN in 802.1Q Trunking
802.1Q trunks define a native VLAN for frames that are not tagged by default.
Switches transmit any Layer 2 frames from a native VLAN on the trunk port
untagged, as shown in Figure
The receiving switch forwards all untagged packets to its native VLAN.
The native VLAN is the default VLAN configuration of the port. When the port is not
trunking, the access VLAN configuration defines the native VLAN.
In the case of Cisco switches, the default native VLAN is VLAN 1, and you can
configure any other VLAN as the native VLAN.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Understanding Native VLAN in 802.1Q Trunking
In an ISL trunk port, all received packets are expected to be
encapsulated with an ISL header, and all transmitted packets
are sent with an ISL header.
Native (non-tagged) frames received from an ISL trunk
port are dropped.
ISL is no longer a recommended trunk port mode, and it is
not supported on a number of Cisco switches
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
It is important that the 802.1Q trunk port between two devices have the same native
VLAN configuration on both sides of the link. If there is a native VLAN mismatch on
an 802.1Q link, CDP (if used and functioning) issues a Native VLAN Mismatch error.
On select versions of Cisco IOS Software, CDP might not be transmitted or will be
automatically turned off if VLAN1 is disabled on the trunk.
In addition, if there is a native VLAN mismatch on either side of an 802.1Q link,
Layer 2 loops might occur because VLAN1 STP bridge protocol data units (BPDU)
are sent to the IEEE STP MAC address (0180.c200.0000) untagged.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Trunking operation
• Trunking protocols were developed to effectively manage the transfer of frames from different VLANs on a single physical link.
• The trunking protocols establish agreement for the distribution of frames to the associated ports at both ends of the trunk.
• Trunk links may carry traffic for all VLANs or only specific VLANs.
• VLAN tagging information is added by the switch before it is sent across the trunk and removed by the switch before it is sent down a non-trunk link.
or 802.1Q
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
VLANs and trunking
• It is important to understand that a trunk link does not belong to a specific VLAN.
• The responsibility of a trunk link is to act as a conduit for VLANs between switches and routers (or switches and switches).
Trunk Link
Non-Trunk Links
Non-Trunk Links
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
• Trunks can be configured statically or via DTP.
• DTP provides the ability to negotiate the trunking method.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Configuring Trunking
• These commands will be explained in the following slides.
Note: On switches that
support both 802.1Q and ISL, the switchport trunk
encapsulation command
must be done BEFORE the switchport mode trunk
command.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Configuring Trunking
Switch(config-if)switchport trunk encapsulation [dot1q|isl]
• This command configures VLAN tagging on an interface if the switch supports multiple trunking protocols.
• The two options are:
– dot1q – IEEE 802.1Q
– isl – ISL
• The tagging must be the same on both ends.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Configuring Trunking
• If SwitchA can only be a 802.1.Q trunk and SwitchB can only be an ISL trunk, these two switches will not be able to form a trunk.
SwitchA(config-if)switchport mode trunk
SwitchB(config-if)switchport mode trunk
No Trunk
802.1Q only ISL only
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Configuring Trunking
• If SwitchA can only be a 802.1.Q trunk and SwitchB can be either ISL or 8021.Q trunk, configure SwitchB to be 802.1Q.
• On switches that support both 802.1Q and ISL, the switchport trunk encapsulation command must be done BEFORE the switchport mode trunk command.
SwitchA(config-if)switchport mode trunk
SwitchB(config-if)switchport mode trunk encapsulation dot1q
SwitchB(config-if)switchport mode trunk
Trunk
802.1Q
only Both ISL and 802.1Q
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Understanding DTP
Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol. Switches from other vendors do not support DTP.
–DTP is automatically enabled on a switch port when certain trunking modes are configured on the switch port.
–DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP. DTP supports both ISL and 802.1Q trunks.
–Cisco old switches and routers do not support DTP.
• Ethernet trunk interfaces support several different trunking modes.
– Access
– Dynamic desirable (default mode on Catalyst 2950 and 3550)
– Dynamic auto
– Trunk
– Non-negotiate
– dotq-tunnel (Not an option on the Catalyst 2950.)
• Using these different trunking modes, an interface can be set to trunking or nontrunking or even able to negotiate trunking with the neighboring interface.
• To automatically negotiate trunking, the interfaces must be in the same VTP domain. (VTP is discussed in the next section.)
• Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Cisco proprietary Point-to-Point Protocol.
• These various modes are configured using the switchport mode interface command
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Understanding DTP
• These various modes are configured using the switchport mode interface command.
• We have already discussed the two “non-dynamic” options:
Switch(config-if)switchport mode access
Switch(config-if)switchport mode trunk
• These options set the interface to non-trunking (access) or trunking (trunk)
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
• All of these DTP modes and their various combinations can be somewhat confusing.
• Looking at some of the basic combinations can help clarify this.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
• By default, Ethernet interfaces on most Cisco switches are set to dynamic
desirable mode. (Catalyst 2950 and 3550 switches.)
• Desirable mode will create a trunk link if the neighboring interface is set to
desirable, trunk, or auto mode.
• Because both interfaces by default are in desirable mode, this means a link
between two Cisco switches will automatically become a trunk link unless
configured otherwise.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Default:
dynamic desirable
• By default, all ports are configured as switchport mode dynamic
desirable, which means that if the port is connected to another switch with
an port configured with the same default mode (or desirable or auto), this link
will become a trunking link.
This link will become a trunking link unless one of the ports is
configured with as an access link, I.e. switchport mode access
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
29
• This figure shows the various DTP trunking modes and the results of the different combinations.
• Selecting the right combination on the two ends of the link is important, as some combinations should not be used as they will have “unexpected results”.
• One combination that could result in traffic being blocked from transmitting the link is if one interface is in access mode and the neighboring interface is in trunk mode.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Due to vulnerability associate with DTP always turn off DTP
negotiation using command switchport nonegotiate . & statically
configure trunk using command switchport mode trunk
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Describing Trunking Configuration Commands (cont.)
The default DTP mode is Cisco IOS and platform dependent. To determine the current DTP mode, use the show dtp interface command.
–Note that this command is not available on Catalyst 2950 and 3550 switches, but is available on Catalyst 2960 and 3560 switches.
–General best practice is to set the interface to trunk and nonegotiate when a trunk link is required. DTP should be turned off on links where trunking is not intended.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Configure an 802.1Q Trunk
• To configure a trunk on a switch port, use the switchport mode trunk command.
–When you enter trunk mode, the interface changes to permanent trunking mode, and the port enters into a DTP negotiation to convert the link into a trunk link even if the interface connecting to it does not agree to the change.
• The Cisco IOS command syntax (switchport trunk native) to specify a native VLAN other than VLAN 1 is shown in the figure.
–In the example, you configure VLAN 99 as the native VLAN.
• The command syntax (switchport trunk allowed vlan & switchport trunk allow vlan add) used to allow a list of VLANs on the trunk is shown.
–On this trunk port, allow VLANs 1,5,3,8,99
• The example configures port F0/11 on switch S1 as the trunk port. It reconfigures the native VLAN as VLAN 99 and adds 1,5,3,8,99 as allowed VLANs on port F0/11.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Switch(config)#interface fastethernet 0/11
Switch(config-if)#shutdown
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport trunk allowed vlan 1,5,3,8,99
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 99
Switch(config-if)#switchport nonegotiate
Switch(config-if)#no shutdown
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Verifying the 802.1Q Configuration
Switch#show running- config interface {fastethernet
| gigabitethernet} slot/port
Switch#show interfaces [fastethernet |
gigabitethernet] slot/port [ switchport | trunk ]
Switch#show interfaces fastEthernet 0/11 switchport
Name: fa5/8
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (trunk_only)
Trunking VLANs Enabled: 1,5,3,8,99
Pruning VLANs Enabled: 2-1001
. . .
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 Verifying the 802.1Q Configuration
Switch#show running-config interface fastethernet 0/11
Building configuration...
Current configuration:
!
interface FastEthernet0/11
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
Switch#show interfaces fastethernet 0/11 trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 99
Port Vlans allowed on trunk
Fa0/11 1,5,3,8,99
Port Vlans allowed and active in management domain
Fa0/11 1,5,3,8,99
Port Vlans in spanning tree forwarding state and not pruned
Fa0/11 1,5,3,8,99
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
• The most common problem:
–Native VLAN mismatches - Trunk ports are configured with
different native VLANs,
• For example, if one port has defined VLAN 99 as the
native VLAN and the other trunk port has defined VLAN
100 as the native VLAN.
• This configuration error generates console notifications,
causes control and management traffic to be misdirected
and, as you have learned, poses a security risk.
–Trunk mode mismatches - One trunk port is configured with
trunk mode "off" and the other with trunk mode "on".
• This configuration error causes the trunk link to stop
working.
–Allowed VLANs on trunks - The list of allowed VLANs on a
trunk has not been updated with the current VLAN trunking
requirements.
• In this situation, unexpected traffic or no traffic is being
sent over the trunk.
Common Problems with Trunks
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
1. Native VLAN Mismatches • You are a network administrator and you get a call
that the person using computer PC4 cannot connect to the internal web server, WEB/TFTP server in the figure. You learn that a new technician was recently configuring switch S3. The topology diagram seems correct, so why is there a problem?
• As soon as you connect to switch S3, the error message shown in the top highlighted area in the figure appears in your console window.
–You take a look at the interface using the show interfaces f0/3 switchport command. You notice that the native VLAN, has been set to VLAN 100 and it is inactive. –You need to reconfigure the native VLAN on the Fast Ethernet F0/3 trunk port to be VLAN 99.
• The screen output for the computer PC4 shows that connectivity has been restored to the WEB/TFTP server found at IP address 172.17.10.30.
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
2. Trunk Mode Mismatches
• In this scenario, the same problem arises: the person using
computer PC4 cannot connect to the internal web server. Why is
there a problem?
• The first thing you do is check the status of the trunk ports on
switch S1 using the show interfaces trunk command.
–It reveals in the figure that there is not a trunk on interface F0/3 on
switch S1.
–You examine the F0/3 interface to learn that the switch port is in
dynamic auto mode for S1 and S3.
• You need to reconfigure the trunk mode of the Fast Ethernet F0/3
ports on switches S1 and S3.
–The top right output from switch S3 shows the commands used to
reconfigure the port and the results of the show interfaces trunk
command, revealing that interface F0/3 has been reconfigured as a
trunk.
• The output from computer PC4 indicates that PC4 has regained
connectivity to the WEB/TFTP server found at IP address
172.17.10.30.
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
3. Incorrect VLAN List • In the figure, VLAN 20 (Student) and computer PC5
have been added to the network. –The documentation has been updated to show that the VLANs allowed on the trunk are 10, 20, and 99.
• In this scenario, the person using computer PC5 cannot connect to the student e-mail server shown in the figure.
• Check the trunk ports on switch S1 using the show interfaces trunk command.
–The command reveals that the interface F0/3 on switch S3 is correctly configured to allow VLANs 10, 20, and 99. –An examination of the F0/3 interface on switch S1 reveals that interfaces F0/1 and F0/3 only allow VLANs 10 and 99. \
• You need to reconfigure the F0/1 and the F0/3 ports on switch S1 using the switchport trunk allowed vlan 10,20,99 command.
–The show interfaces trunk command is an excellent tool for revealing common trunking problems.
• The bottom figure indicates that PC5 has regained connectivity to the student e-mail server found at IP address 172.17.20.10.
Copyright© 2013 NETworkingWANschool
CCNP SWITCH 300-113
ASHOK TAMBE
4. VLAN and IP Subnets
• As you have learned, each VLAN must correspond to a
unique IP subnet. If two devices in the same VLAN have
different subnet addresses, they cannot communicate.
• In this scenario, the person using computer PC1 cannot
connect to the student web server shown in the figure.
• In the figure, a check of the IP configuration settings of
PC1 reveals the most common error in configuring
VLANs:
–an incorrectly configured IP subnet.
–The PC1 computer is configured with an IP address of
172.172.10.21, but it should have been configured with
172.17.10.21.
• The bottom screen capture reveals that PC1 has regained
connectivity to the WEB/TFTP server found at IP address
172.17.10.30.
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113 SWITCH Lab: Trunking
Objective
Assign the PCs to their own virtual LAN (VLAN), and learn how to provide connectivity
between devices across a switched LAN using trunking. For this lab, your network
design will include two PC workstations, P1PC1 and P2PC2, and four switches,
P1ASW1, P1DSW1, P2ASW2, and P2DSW2. P1ASW1 and P2ASW2 are Access layer
switches. P1DSW1 and P2DSW2 are Distribution layer switches. The Access and
Distribution layers are two of the three layers in the Cisco three-layer hierarchical
network model, which also includes the Core layer.
Lab Topology
Copyright© 2013 NETworkingWANschool Instructor:- ASHOK TAMBE
CCNP SWITCH 300-113
Lab Tasks
Task 1: Establish 802.1Q Trunking
Enable 802.1Q trunking between the DSW and ASW switches and between the two DSW switches.
The console password has been set to cisco for all devices in this lab.
1. On each ASW, assign to VLAN 1 all the ports that connect to the DSWs.
2. On each DSW, assign to VLAN 1 all the ports that connect to the ASWs.
3. On each DSW, assign to VLAN 1 all the ports that connect to the other DSW.
4. On each ASW, turn on trunking for each port that connects to the DSWs. The ASWs are 2900
series switches, which use 802.1Q trunking by default.
5. On each DSW, turn on trunking for each port that connects to the ASWs. The DSWs are 3500
series switches; configure these switches to use 802.1Q trunking.
6. On each DSW, enable trunking for each port that connects to its neighboring DSW. Use 802.1Q
trunking.
7. Issue the show interfaces interface-id switchport command to verify the trunk confi guration.
8. Configure all trunk ports to carry only VLANs 1, 99, and 1002–1005.
9. Issue the show interfaces interface-id switchport command to verify that VLANs 1, 99, and 1002–
1005 are allowed on all trunk ports.