1 / 18

S7C4 – VLANs

S7C4 – VLANs. VLAN Details. Problems with Layer 2 Switching. Results in flat network structure Every device sees every pack transmitted Security All users have access to all devices Multiple paths to destinations Do not allow for redundant paths

eugene
Download Presentation

S7C4 – VLANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. S7C4 – VLANs VLAN Details

  2. Problems with Layer 2 Switching • Results in flat network structure • Every device sees every pack transmitted • Security • All users have access to all devices • Multiple paths to destinations • Do not allow for redundant paths • Are not capable of intelligent load balancing

  3. VLAN Characteristics • All VLAN members are in same broadcast domain • Logical subnet • Devices can exist any place in switch block • Membership usually based on port number • Can be dynamically assigned based on MAC • End-to-end throughout switch fabric • Can span several wiring closets or buildings

  4. VLANs Solve Problems • Efficient bandwidth utilization • Traffic routed between switches with router • Security • Forces layer 3 routing process to occur • Access lists • Load balancing • Layer 3 device determines best path • Isolation of problem components • Router keeps problems from propagating

  5. End-to-End VLAN • Users grouped into VLANs independent of physical location • All users have same 80/20 traffic flow pattern • As user moves, VLAN membership remains the same • Each VLAN has a common set of security requirements for all members

  6. Local VLANs • Range from single switch in a wiring closet to an entire building • Multiple paths to destinations • Maximum scalability by keeping the VLAN within a switch block

  7. VLAN Memberships • Static • Port-based – assigning a port to a VLAN • As device enters network, it assumes port’s VLAN • Requires administrator to make a port-to-VAN assignment for new connection when move is maDE • Dynamic • CiscoWorks 2000 or SWSI • As device enters network, it queries database for VLAN membership • Not covered in this course

  8. Configuring Static VLANs • Switch#vlan database • Switch(vlan)# vlan vl# name vlname • Switch (config)#int 1/1 • Switch (config-if)# switchport mode access • Switch (config-if)# switchport access vlan vl# • CLI • Set vlan vl# name vlname • Set vlan vl# mod#/portlist

  9. Verifying VLAN ConfigurationVLAN Identification • Show vlan • Displays each vlan number, status, and ports assigned • Identification • Frame Tagging • Places unique identifier in header of each frame • Called id or color • Used across backbone • Discarded if destination host is on same switch • VLAN hidden from end user

  10. Link Types • Access • Member of only one VLAN • Called port’s native VLAN • Can’t receive information from another VLAN • Requires router to communicate with another VLAN • Trunk • Fast Ethernet of Gigabit Ethernit (can be aggregated) • Can carry multiple VLANs • Cisco ISL or IEEE 802.1q • Does not belong to any specific VLAN • Does have a native VLAN – uses when trunk link fails

  11. ISL and 802.1q • ISL • Cisco proprietary • Can carry ethernet, tokenring, FDDI • Adds 26-byte header and 4-byte trailer to frame • 10-bit VLAN ID • 802.1q • Standardized • Embeds tagging information within frame • Adds 4-byte tag after source address field • First two bytes are 0x8100 (signifies 802.1Q tag) • Native VLAN not encapsulated with tagging information • SAID (security Association Identifier) – holds Cisco proprietary VLAN information

  12. NOTES • Dynamic Trunking Protocol – DTP • Can be manually configured for either ISL or 802.1q • Should be disables if switch has trunk line connected to router because router can’t participate in DTP negotiation protocol • Trunk Line Negotiations • Possible only if both switches belong to same VLAN Trunking Protocol management cdomain

  13. VLAN Trunk Configuration • (config)#int 1/3 • (config-if)#switchport mode trunk • (config-if)#switchport trunk encapsulation [isl | 802.1q] • (config-if)#switchport trunk allowed vlan remove vllist • (config-if)#switchport trunk allowed vlan add vllist • CLI Switch • Set trunk 3/1 [on|off |desirable|auto|nonegotiate] vlan—range [isl|dotq.1|lane|negotiate] • Dtp frames sent every 30 seconds • Clear trunk 3/1 vlan-range

  14. VTP Domains • Management Domains • Advertise attributes (revision number, known VLANs, VLAN parameters) • Server mode • Full control (default) • Client mode • Can’t create, change or delete VLANs • Transparent mode • Does not participate in VTP; does not advertise

  15. Advertisements • Management domain name • Configuration revision number • MD5 digest • Key sent with VTP when a password is assigned • Updater identity – switch sending advertisement

  16. VTP Configuration • VTP must be configured BEFORE VLAN • Switch#vlan database • Switch (vlan)# vtp domain domName • Switch (vlan)# vtp [server|client|transparent] • Switch (vlan)# password psswrd • Switch (vlan)# vtp v2-mode • CLI • Switch(enable) SET VTP DOMAIN DNAME [server|client|transparent] [password psswrd] • Switch (enable) set vtp v2 enable

  17. Confirming VTP • Show vtp domain • Shows version number, local mode, password • Show vtp counters • Shows exchange of advertisements • Show vtp statistics • Shows exchange of advertisements

  18. VTP Pruning • Disabled by default • Switch#vtp pruning • IOS • Set vtp pruning enable • Clear vtp pruneeligible vlan-range • Set vtp pruneligible vlan-range

More Related