0000.0000.0001
Figure 9-9 WLC Forwards LWAPP Frame to AP
the frame is a member of. If the frames from the Guest network are on VLAN 10, the tag
indicates VLAN 10; in turn, the frames from the UserNet network would be tagged with
VLAN 20. Although they ride the same wire, they are logically segmented by their VLAN
membership. The switches on either end of the “trunk link” know which VLAN frames
belong to based on their 802.1Q tag.
VLAN Membership Modes
Ports on switches are either going to be access ports that are associated with one VLAN
or trunk ports that allow traffic for more than one VLAN to traverse them provided they
are tagged by 802.1Q. The only exception to the rule is when frames are on the native
VLAN, which is discussed in the next section.
When in access mode, no VLAN tag exists; rather, the port is assigned the VLAN mem-
bership. When traffic comes off that port and is destined for another port that connects
to another switch, the 802.1Q protocol uses the VLAN membership information to create
the tag. Therefore, all traffic that is sent on a trunk link includes a tag, with the exception
of the native VLAN. But what is a native VLAN?
The native VLAN is an IEEE stipulation to the 802.1Q protocol that states that frames on
the native VLAN are not modified when they are sent over trunk links. In Cisco switches,
the default native VLAN is VLAN 1. An administrator can change this, however. Because
you can modify it, it is important to ensure that the native VLAN is the same VLAN on
both ends of the link. Because the traffic for the native VLAN is not tagged, the switches
assume that the frames are on the native VLAN. If the native VLAN is different on either
side, traffic can hop from one VLAN to another, as seen in Figure 9-10.
Packet “Hops”BroadcastKey Topicto VLAN 5on NativePKT-V1Not TaggedMismatchUser onNative VLAN 5Native VLAN 1VLAN 1Fa0/24Switch A Switch BTrunk LinkUsers onPKT-V5VLAN 5Figure 9-10 Native VLAN Mismatch
Because the native VLAN on Switch A port Fa0/24 is sent to VLAN 1, all traffic on
VLAN 1 will not be tagged. On Switch B, port Fa0/24, the native VLAN is 5. This means
that all traffic coming across the link from Switch A, without a tag, is assumed to be in
VLAN 5. When the user attached to a VLAN 1 interface on Switch A sends a broadcast, it
is forwarded across the trunk link without a tag. Switch B believes the broadcast to be for
VLAN 5 users because that is the native VLAN on that interface, and it forwards the
frame to users of VLAN 5. Again, this is to be avoided because it can be a security con-
cern in one aspect, and it can break overall connectivity in another. In the end, the easiest
way to avoid this is to ensure that both interfaces between switches are configured for the
same native VLAN.
Configuring VLANs and Trunks
To configure VLANs and trunks to support your wireless topology, first understand your
topology. By understanding your topology, you will see where to use access ports, where
to use trunk ports, and how the configuration will come together. Figure 9-11 shows a
sample topology that is used for the remainder of the configuration examples given in this
chapter.
Although a switched network has additional design aspects, do not concern yourself with
them for the CCNA wireless certification. Understand that you simply need to be profi-
cient in configuring the ports. To do so, you need to perform the following tasks:
Step 1. Create a VLAN on the switch.
Step 2. Assign ports to the VLAN that you create.
GatewayUUVLAN 10VLAN 20
Bạn đang xem 0000. - CCNA WIRELESS OFFICIAL EXAM CERTIFICATION GUIDE PART 19 POTX
