Connecting VLAN Trunks with ISL

Problem

You want to connect an InterSwitch Link (ISL) VLAN trunk to your router.

Solution

The following set of commands allows you to connect an ISL trunk to your router:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#speed 100
Router1(config-if)#full-duplex
Router1(config-if)#exit
Router1(config)#interface FastEthernet0/0.1
Router1(config-subif)#encapsulation isl 1
Router1(config-subif)#ip address 172.25.1.5 255.255.255.0
Router1(config-subif)#exit
Router1(config)#interface FastEthernet0/0.2
Router1(config-subif)#encapsulation isl 2
Router1(config-subif)#ip address 172.16.2.1 255.255.255.0
Router1(config-subif)#exit
Router1(config)#interface FastEthernet0/0.3
Router1(config-subif)#encapsulation isl 574
Router1(config-subif)#ip address 10.22.1.2 255.255.255.0
Router1(config-subif)#exit
Router1(config)#end
Router1#

 

Discussion

A trunk is a point-to-point link containing one ore more Virtual LANs (VLANs). The main purpose of a trunk is to save physical interfaces. Without VLANs, if you wanted to connect two LAN segments into a router, you would need two Ethernet interfaces. Unfortunately, this does not scale well. It is relatively common for a switch to support many VLANs. So there is a clear advantage to using trunks to bundle the VLANs together into a single link.

While trunks carry traffic for many different VLANs, they are able to keep them separate by tagging each frame with the unique identification number for the appropriate VLAN. This allows traffic from multiple LAN segments to share the same physical link without any danger of frames leaking onto the wrong segment. When a network device receives a tagged frame from a trunk link, it removes the tag, and then forwards the frame to the appropriate LAN segment as a normal frame.

When you connect a router to a trunk, it can route Layer 3 packets between the various VLANs on the trunk. Because of the VLAN tagging scheme, Layer 2 frames cannot pass from one VLAN to another. So, without a router device of some kind, there is no way to interconnect the VLANs. The configuration where a router is connected to a trunk, to allow routing between the different VLANs, is often called a "router on a stick" because the router routes its packets back out onto the same physical interface that it received them through.

Cisco routers support two main trunking protocols, ISL and 802.1Q. ISL is a Cisco proprietary protocol, so you can only use it between Cisco devices. Conversely, 802.1Q is an IEEE open standard that is supported by most manufacturers of network hardware. Recipe 16.13 shows how to configure an 802.1Q trunk interface on a router.

Unfortunately, the 802.1Q open standard reached the market some time after the initial demand for trunking protocols. So most manufacturers of Layer 2 switching equipment developed their own proprietary standards to fill the void. Cisco developed ISL. All newer Cisco equipment now supports 802.1Q, but there are still many older Catalyst switches that cannot support the open standard, so ISL is your only choice with this equipment. In any case, Cisco's ISL support is generally more mature and stable than its 802.1Q implementations. So while we generally recommend working with open standards where possible, ISL is still clearly the more viable option in some networks.

The first step when configuring a trunk on a router is to select a physical LAN interface to connect the trunk to. In general, we don't recommend using anything slower than a Fast Ethernet interface for this purpose:

Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#speed 100
Router1(config-if)#full-duplex

As you can see, there is no special configuration necessary on the physical interface.

Then you need to create one subinterface on this physical interface for each different VLAN. Because each VLAN represents a different Layer 3 network, you need to give each of the subinterfaces IP addresses from the corresponding IP subnets:

Router1(config)#interface FastEthernet0/0.1
Router1(config-subif)#encapsulation isl 1
Router1(config-subif)#ip address 172.25.1.5 255.255.255.0

The encapsulation command associates this subinterface with a particular ISL VLAN number. ISL VLAN numbers can have any value between 1 and 1,000. With this subinterface configured, the router is now able to route packets for any devices on this VLAN, exactly as if it were directly connected to the physical LAN segment.

The show vlans command displays information about all of the VLANs configured on the router:

Router1#show vlans 

Virtual LAN ID: 1 (Inter Switch Link Encapsulation)

 vLAN Trunk Interface: FastEthernet0/0.1 

 Protocols Configured: Address: Received: Transmitted:
 IP 172.25.1.5 203626 342261

Virtual LAN ID: 2 (Inter Switch Link Encapsulation)

 vLAN Trunk Interface: FastEthernet0/0.2 

 Protocols Configured: Address: Received: Transmitted:
 IP 172.16.2.1 0 153807

Virtual LAN ID: 574 (Inter Switch Link Encapsulation)

 vLAN Trunk Interface: FastEthernet0/0.3 

 Protocols Configured: Address: Received: Transmitted:
 IP 10.22.1.2 0 6

Router1#

We have configured this router to support three different VLANs, each with its own subinterface and its own IP address. The subinterface number does not necessarily need to correspond to the VLAN ID, as we have assigned VLAN number 574 to subinterface FastEthernet0/0.3. But if you make it a general rule to always keep the subinterface number the same as the VLAN number, it will make maintenance and troubleshooting considerably simpler in a large network.

It is useful to remember that you don't need to create a distinct subinterface for every VLAN on the switch. There may be some VLANs on this switch that you don't wish to terminate on the router. In this case, the router will simply ignore any frames that are tagged with VLAN numbers that it doesn't support.

You can use the show interfaces command to see information about the trunking configuration of a particular subinterface:

Router1#show interfaces FastEthernet0/0.3
FastEthernet0/0.3 is up, line protocol is up 
 Hardware is AmdFE, address is 0001.9670.b780 (bia 0001.9670.b780)
 Internet address is 10.22.1.2/24
 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ISL Virtual LAN, Color 574.
 ARP type: ARPA, ARP Timeout 04:00:00
Router1#

This shows the encapsulation type (ISL) and the VLAN number (574), along with the interface's IP address information.

Cisco added support for IP unnumbered addressing of VLAN subinterfaces in Version 12.2(4)T:

Router1(config)#interface FastEthernet0/0.1
Router1(config-if)#ip unnumbered Loopback0

 

See Also

Recipe 16.13

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net