Los Medanos College

Download Report

Transcript Los Medanos College 

VLANs
VLANs
VLANs
Trunking
VLAN Trunking Protocol (VTP)
2
VLANs
3
VLANs and Physical
Boundaries
4
VLANs
Virtual LANs segment a switched network based on
Organisation function, project teams, applications (end-to-end)
Or Geographic, location (local vlans)
Reconfiguration through software
Broadcast domain existing within a defined no. of switches
5
VLANs control broadcasts
6
When NOT to VLAN
7
Types of VLANs
When scaling VLANs in the switch block,
there are two basic methods of defining the
VLAN boundaries:
End-to-end VLANs
 (no longer recommended by Cisco due to
management and STP concerns , goal is maintain
80% of traffic on end-to-end VLAN, old 80/20 rule)
Local VLANs
 (generally geographic in nature – follow the 20/80
rule)
8
End to End VLANs
9
End-to-End VLANs
10
Local/Geographical VLANs
11
VLAN Types
The two common approaches to assigning VLAN
Membership are:
Static VLANs
 Port based – VLAN assigned to port
Dynamic VLANs
 Created & controlled via S/W packages CW2000, VLAN
Management Policy Server VMPS
12
Static VLANs
13
Dynamic VLAN
14
show vlan
CIS-2900-ServerFarm>show vlan
VLAN Name
---- -------------------------------1
default
2
VLAN0002
3
VLAN0003
4
VLAN0004
5
VLAN0005
10
VLAN0010
50
SeverFarm
1002 fddi-default
<text omitted>
Status
Ports
--------- ----------------active
active
active
active
active
active
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
<output omitted)
Fa0/21, Fa0/22
active
VLAN Type SAID
MTU
Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ----1
enet 100001
1500 0
0
15
<Text omitted>
show vlan brief
CIS-2900-ServerFarm>show vlan brief
VLAN Name
---- -------------------------------1
default
2
VLAN0002
3
VLAN0003
4
VLAN0004
5
VLAN0005
10
VLAN0010
50
SeverFarm
1002
1003
1004
1005
fddi-default
token-ring-default
fddinet-default
trnet-default
Status
Ports
--------- ----------------active
active
active
active
active
active
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
<output omitted)
Fa0/21, Fa0/22
active
active
active
active
16
show run
Switch# show running-config
!
interface FastEthernet0/1
switchport access vlan 50
!
interface FastEthernet0/2
switchport access vlan 50
!
interface FastEthernet0/3
switchport access vlan 50
!
interface FastEthernet0/4
switchport access vlan 50
17
VLANs
• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)
18
Trunking
19
Access and Trunk Links
20
Trunk Links
Without trunking
With trunking
21
ISL (Frame Encapsulation)
Ethernet Frame
1500 bytes plus 18 byte header
(1518 bytes)
Standard NIC cards and networking devices don’t understand
this giant frame. A Cisco switch must remove this
encapsulation before sending the frame out on an access link.
22
802.1q
NIC cards and networking devices can understand this “baby
giant” frame (1522 bytes). However, a Cisco switch must
remove this encapsulation before sending the frame out on an
access link.
SA and DASA and
802.1q
DA
MACs
MACsTag
Type/Length
Field
Data (max 1500
bytes)
2-byte TPID
Tag Protocol Identifier
2-byte TCI
Tag Control Info (includes
VLAN ID)
CRC
New
CRC
23
Trunking
• Before attempting to configure a VLAN
trunk on a port, you should to determine
what encapsulation the port can
support.
switch(config-if)# switchport trunk
encapsulation ?
24
Trunking
A trunk is a point-to-point link between:
Two switches
A switch and a router
Trunks carry traffic of multiple VLANs
Cisco supports one or both of these
Trunking protocols:
IEEE 802.1Q (dot1q)
ISL (Cisco proprietary)
25
Configuring Trunking
Switch(config)# interface fastethernet 0
Switch(config-if)# switchport mode [access | multi | trunk]
Switch(config-if)# switchport trunk encapsulation {isl|dot1q}
Switch(config-if)# switchport trunk allowed vlan remove vlan-list
Switch(config-if)# switchport trunk allowed vlan add vlan-list
• By default, all VLANS, 1-1005 transported automatically
26
Router
interface FastEthernet0/1.1
encapsulation dot1Q 1
ip address 172.30.1.1 255.255.255.0
ip access-group 100 in
ip helper-address 172.30.50.50
no ip directed-broadcast
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 172.30.2.1 255.255.255.0
ip access-group 102 in
ip helper-address 172.30.50.255
ip helper-address 172.30.50.10
no ip directed-broadcast
27
VLANs
• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)
28
VTP
29
VLAN Trunking Protocol
• VTP maintains VLAN configuration consistency
across the entire network.
• VTP is a messaging protocol that uses Layer 2
trunk frames to manage the addition, deletion,
and renaming of VLANs on a network-wide
basis.
• Further, VTP allows you to make centralized
changes that are communicated to all other
switches in the network.
30
VTP
• Create VLANs on the VTP Server
• Those VLANs get sent to other client
switches
• On the client switches, you can now
assign ports to those vlans.
• Cannot create vlans on the client
switches like you could previously
before configuring the switch to be a
VTP client.
31
VTP
• All switches in the same management
domain share their VLAN information with
each other, and a switch can participate in
only one VTP management domain.
• Switches in different domains do not share
VTP information.
• Using VTP, switches advertise:
– Management domain
– Configuration revision number
– Known VLANs and their specific parameters
32
VTP
• Switches can be configured not to accept
VTP information.
• These switches will forward VTP information
on trunk ports in order to ensure that other
switches receive the update, but the switches
will not modify their database, nor will the
switches send out an update indicating a
change in VLAN status.
– This is referred to as transparent mode.
33
VTP
• By default, management domains are
set to a nonsecure mode, meaning that
the switches interact without using a
password.
• Adding a password automatically sets
the management domain to secure
mode.
– A password must be configured on every
switch in the management domain to use
secure mode.
34
VTP
• The VTP database contains a revision
number.
• Each time a change is made, the switch
increments the revision number
35
VTP
• A higher configuration revision number
indicates that the VLAN information that is
being sent is more current then the stored
copy.
• Any time a switch receives an update that has
a higher configuration revision number, the
switch will overwrite the stored information
with the new information being sent in the
VTP update.
36
VTP Modes
• Switches can operate in any one of the
following three VTP modes:
– Server
– Client
– Transparent
37
VTP Modes
• Server - If you configure the switch for server
mode, you can create, modify, and delete
VLANs, and specify other configuration
parameters (such as VTP version and VTP
pruning) for the entire VTP domain.
• VTP servers:
– advertise their VLAN configuration to other
switches in the same VTP domain
– synchronize the VLAN configuration with other
switches based on advertisements received over
trunk links.
– Recommended you have at least 2 VTP servers in
case one goes down
• This is the default mode on the switch.
38
VTP Modes
• Client - VTP clients behave the same way
as VTP servers. However, you cannot
create, change, or delete VLANs on a VTP
client.
39
VTP Modes
• Transparent - VTP transparent switches
do not participate in VTP.
• A VTP transparent switch does not
advertise its VLAN configuration, and does
not synchronize its VLAN configuration
based on received advertisements.
– However, in VTP Version 2, transparent
switches do forward VTP advertisements that
the switches receive out their trunk ports.
40
Configuring VTP
Switch# vlan database
Switch(vlan)# vtp domain domain-name
Switch(vlan)# vtp {server | client | transparent}
Optional:
Switch(vlan)# vtp password password
Switch(vlan)# vtp v2-mode (version2)
Example:
ALSwitch# vlan database
ALSwitch(vlan)# vtp domain corp
ALSwitch(vlan)# vtp client
41
Summary
• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)
42