WEBVTT 0:00:03.120000 --> 0:00:07.040000 In this video for our CCNA Bootcamp, I'd like to just do a quick review 0:00:07.040000 --> 0:00:08.900000 of virtual lands. 0:00:08.900000 --> 0:00:11.420000 So first of all, we know that what was a virtual land, a virtual land 0:00:11.420000 --> 0:00:12.880000 is a broadcast domain. 0:00:12.880000 --> 0:00:18.300000 So if I decide that I have my switch right here and I've got these ports 0:00:18.300000 --> 0:00:23.900000 which are connected to a set of devices, maybe a bunch of devices all 0:00:23.900000 --> 0:00:27.560000 in the same department, and I've got another set of ports on that same 0:00:27.560000 --> 0:00:32.180000 switch connected to other devices, printers, fast machines, laptops, but 0:00:32.180000 --> 0:00:34.340000 these are in a different department. 0:00:34.340000 --> 0:00:37.620000 And I decided that for security purposes, which is usually the primary 0:00:37.620000 --> 0:00:40.220000 reason, I want to keep these guys separate. 0:00:40.220000 --> 0:00:42.980000 So from a layer three perspective, I want to start by putting them in 0:00:42.980000 --> 0:00:44.440000 different networks. 0:00:44.440000 --> 0:00:57.520000 Maybe these people here will be in the 2020-2020 So keep them separate 0:00:57.520000 --> 0:00:59.040000 from layer three, right? 0:00:59.040000 --> 0:01:01.460000 That way I can implement access lists or something. 0:01:01.460000 --> 0:01:04.020000 And then at layer two, I just use VLANs. 0:01:04.020000 --> 0:01:10.780000 I say, okay, you guys, you'll be in VLAN, how about 10, and you guys here, 0:01:10.780000 --> 0:01:14.560000 all these ports can be in VLAN 20. 0:01:14.560000 --> 0:01:19.200000 Okay? And if you recall from your review, using VLANs or configuring VLANs 0:01:19.200000 --> 0:01:21.020000 is a two-step process. 0:01:21.020000 --> 0:01:25.120000 Number one, we typically configure or create the VLAN at global configuration 0:01:25.120000 --> 0:01:29.980000 level. Then we go to the interface, usually using interface range if we 0:01:29.980000 --> 0:01:33.940000 want to do a variety of interfaces at once, and we apply the VLAN there 0:01:33.940000 --> 0:01:35.780000 to the interface. 0:01:35.780000 --> 0:01:40.260000 Some switches will allow you to skip step number one. 0:01:40.260000 --> 0:01:43.400000 Some switches will allow you to go right to the interface and apply a 0:01:43.400000 --> 0:01:45.360000 VLAN that doesn't even exist. 0:01:45.360000 --> 0:01:49.920000 And once it sees that, it will dynamically create the VLAN for you. 0:01:49.920000 --> 0:01:51.360000 But don't guarantee that. 0:01:51.360000 --> 0:01:55.080000 Don't bank on that, because not all switches have that behavior. 0:01:55.080000 --> 0:02:01.560000 All right, so the legacy method, which you'll probably see less and less 0:02:01.560000 --> 0:02:05.780000 and less over the years, was to go into VLAN database mode from privilege 0:02:05.780000 --> 0:02:08.480000 exec mode and configure your VLAN there. 0:02:08.480000 --> 0:02:12.680000 Even if you have a switch that still supports that, which is unlikely, 0:02:12.680000 --> 0:02:14.660000 it's not advisable to do that. 0:02:14.660000 --> 0:02:19.220000 Several other switching features will not work if your VLAN has been configured 0:02:19.220000 --> 0:02:20.420000 in VLAN database mode. 0:02:20.420000 --> 0:02:24.540000 So it's better just to go into global configuration, configure your VLAN 0:02:24.540000 --> 0:02:28.900000 there, which is simply just the command VLAN and the VLAN number. 0:02:28.900000 --> 0:02:31.520000 And then optionally, you don't have to do this. 0:02:31.520000 --> 0:02:35.480000 Give it a name. That way, somebody who looks at your config later on can 0:02:35.480000 --> 0:02:38.340000 identify what the purpose of that VLAN is. 0:02:38.340000 --> 0:02:42.460000 If they go into the show VLAN output and they see VLAN 2, VLAN 30, VLAN 0:02:42.460000 --> 0:02:45.920000 99, they'll have no idea what it leads VLANs me. 0:02:45.920000 --> 0:02:47.400000 Why are they here? 0:02:47.400000 --> 0:02:51.720000 Well, if you say VLAN 2, and then you say name payroll, VLAN 30, name 0:02:51.720000 --> 0:02:56.220000 marketing. Well, now that will show up in the output of show VLAN and 0:02:56.220000 --> 0:02:59.220000 people will have a better understanding of why you create that VLAN in 0:02:59.220000 --> 0:03:03.920000 the first place and where it connects to. 0:03:03.920000 --> 0:03:09.020000 Okay, so terminology wise, an access port is a switching port that's configured 0:03:09.020000 --> 0:03:11.100000 for only one VLAN. 0:03:11.100000 --> 0:03:14.760000 By default, when you configure a port as an access port, it will be in 0:03:14.760000 --> 0:03:22.140000 VLAN 1. So here we see where we've configured the interface as an access 0:03:22.140000 --> 0:03:25.600000 port. So there's no possibility of trunking. 0:03:25.600000 --> 0:03:29.800000 Once a port is configured as a switch port mode access, it will not trunk, 0:03:29.800000 --> 0:03:33.880000 even if it's connected to a device on the other side that's trying to 0:03:33.880000 --> 0:03:37.860000 trunk. Switch port access says, nope, I'm not allowed to do that. 0:03:37.860000 --> 0:03:41.800000 And then to place that access port into a VLAN of your choosing, you use 0:03:41.800000 --> 0:03:47.700000 the switch port access VLAN command, like switch port access VLAN 99 would 0:03:47.700000 --> 0:03:49.820000 put that port into VLAN 99. 0:03:49.820000 --> 0:03:54.240000 And like I said, a lot of Cisco switches, if VLAN 99 did not already exist, 0:03:54.240000 --> 0:04:02.380000 it would dynamically be created simply by doing this. 0:04:02.380000 --> 0:04:05.620000 And verification of your VLANs is very simple. 0:04:05.620000 --> 0:04:09.700000 Just show VLAN or show interface switch port. 0:04:09.700000 --> 0:04:15.120000 So just to give a quick demonstration of this, I'm going to go into one 0:04:15.120000 --> 0:04:16.800000 of our switches here. 0:04:16.800000 --> 0:04:22.380000 So the first thing I'd want about is does the switch have any existing 0:04:22.380000 --> 0:04:27.340000 VLANs? Show VLAN. 0:04:27.340000 --> 0:04:29.540000 And we can see it has the default VLAN. 0:04:29.540000 --> 0:04:35.640000 And it has some of these reserved unsupported VLANs. 0:04:35.640000 --> 0:04:38.700000 These are from way back in the old days and for the last couple decades, 0:04:38.700000 --> 0:04:41.600000 you just can't use them anymore. 0:04:41.600000 --> 0:04:51.900000 So if we're going to create a VLAN, we could say VLAN 99, name payroll, 0:04:51.900000 --> 0:04:59.440000 show VLAN. And there we see VLAN 99 described as payroll. 0:04:59.440000 --> 0:05:02.800000 However, knows that there's no listing of ports after that. 0:05:02.800000 --> 0:05:06.580000 See, normally if there were any ports that were actively using VLAN 99, 0:05:06.580000 --> 0:05:08.120000 it would show up somewhere right here. 0:05:08.120000 --> 0:05:09.640000 And we don't see that. 0:05:09.640000 --> 0:05:12.980000 So that could mean one of two things. 0:05:12.980000 --> 0:05:17.160000 It could mean that there are no ports on this switch, which are carrying 0:05:17.160000 --> 0:05:20.980000 traffic for VLAN 99. 0:05:20.980000 --> 0:05:26.560000 But if that were the case, then this would not say active, that would 0:05:26.560000 --> 0:05:30.720000 say inactive. So if you see inactive, that means, hey, I know the VLAN 0:05:30.720000 --> 0:05:34.360000 exists on me, but I have no interfaces which are carrying that VLAN. 0:05:34.360000 --> 0:05:37.040000 So active, hmm, what does that mean? 0:05:37.040000 --> 0:05:41.740000 Well, the combination of active, but this right here being blank, means 0:05:41.740000 --> 0:05:45.560000 I don't have any access ports carrying that VLAN. 0:05:45.560000 --> 0:05:50.640000 But I probably do have a trunk port, because remember, by default, if 0:05:50.640000 --> 0:05:55.360000 you have a VLAN trunk, all the VLANs that are known on that switch are 0:05:55.360000 --> 0:05:57.860000 carried by that trunk. 0:05:57.860000 --> 0:06:06.980000 And we can test that by typing the command show interface trunk. 0:06:06.980000 --> 0:06:09.640000 Ah, we don't have any. 0:06:09.640000 --> 0:06:13.640000 Okay, so it looks like nothing's going to carry this. 0:06:13.640000 --> 0:06:16.800000 Usually it would say inactive. 0:06:16.800000 --> 0:06:21.260000 But this is a virtualized switch, which operates a little bit differently 0:06:21.260000 --> 0:06:23.060000 than a real physical switch. 0:06:23.060000 --> 0:06:28.820000 But the main point is, if you have any access ports in that VLAN, they 0:06:28.820000 --> 0:06:30.400000 would show up right here. 0:06:30.400000 --> 0:06:35.360000 I'll demonstrate that. 0:06:35.360000 --> 0:06:38.060000 Show IP interface brief. 0:06:38.060000 --> 0:06:40.600000 What have we got that we can play with? 0:06:40.600000 --> 0:06:44.860000 All right, interface gigabit two slash one. 0:06:44.860000 --> 0:06:48.740000 Switch port mode access. 0:06:48.740000 --> 0:06:53.980000 Switch port access VLAN 99. 0:06:53.980000 --> 0:07:01.020000 And now when we do show VLAN, we can see that VLAN 99 does indeed have 0:07:01.020000 --> 0:07:07.520000 an interface after it, which is an access port. 0:07:07.520000 --> 0:07:10.180000 So that is how you do that. 0:07:10.180000 --> 0:07:16.580000 Another way that you can verify that is if you have an interface in question, 0:07:16.580000 --> 0:07:20.340000 you say, hmm, I wonder if this interface is an access port. 0:07:20.340000 --> 0:07:23.340000 I wonder what VLAN this interface is carrying. 0:07:23.340000 --> 0:07:30.080000 You can do show interface, like gig two slash one. 0:07:30.080000 --> 0:07:33.880000 Now, if I just hit enter right now, I will not get the answers to those 0:07:33.880000 --> 0:07:37.220000 questions. The questions of, is this an access port? 0:07:37.220000 --> 0:07:39.200000 What VLANs on this port? 0:07:39.200000 --> 0:07:45.080000 Just the show interfaces by itself just shows me like statistics and errors. 0:07:45.080000 --> 0:07:48.500000 But if I do that exact same command, I put the keyword of switch port 0:07:48.500000 --> 0:07:49.800000 at the end of it. 0:07:49.800000 --> 0:07:52.360000 Now we get all different output. 0:07:52.360000 --> 0:07:58.160000 And we can see that administratively, this has been configured to be a 0:07:58.160000 --> 0:08:00.180000 static access port. 0:08:00.180000 --> 0:08:03.940000 So if you ever see a lab in the lab says configure interface blah, blah, 0:08:03.940000 --> 0:08:06.220000 blah, blah, as a static access port. 0:08:06.220000 --> 0:08:11.360000 That means translation configure switch port mode access. 0:08:11.360000 --> 0:08:15.020000 Switch port mode access converts it into a static access port. 0:08:15.020000 --> 0:08:17.360000 Operationally, what's it doing? 0:08:17.360000 --> 0:08:21.760000 Because it could be configured one way, but not actually doing that. 0:08:21.760000 --> 0:08:23.600000 It could be operating a different way. 0:08:23.600000 --> 0:08:27.240000 In this case, we can see, yes, it is also operating as a static access 0:08:27.240000 --> 0:08:32.520000 port and says right down here, if I am a static access port, which I am, 0:08:32.520000 --> 0:08:36.500000 I will be in VLAN 99, the payroll VLAN. 0:08:36.500000 --> 0:08:41.820000 So that was a result of show interfaces, the interface you are interested 0:08:41.820000 --> 0:08:48.120000 in, followed by the switch port keyword. 0:08:48.120000 --> 0:08:54.160000 And that concludes this video on the basics of what VLANs are and configuring 0:08:54.160000 --> 0:08:56.420000 and applying VLANs to an interface.