Blackboard test/quiz

Bell0216

chapter_3_vlan.pdf

Home >Computer Science homework help >Blackboard test/quiz

VLANs

LAN Switching and Wireless – Chapter 3

Dr. C. BouSaba

Objectives

� Explain the role of VLANs in a converged network.

� Explain the role of trunking VLANs in a converged network.

� Configure VLANs on the switches in a converged network topology.

� Troubleshoot the common software or hardware misconfigurations associated with VLANs on switches in a converged network topology.

Role of VLANs in a Converged Network

VLANs Requirements

� Need to split up broadcast domains to make good use of bandwidth

� People in the same department may need to be grouped together for access to servers

� Security: restrict access by certain users to some areas of the LAN

� Provide a way for different areas of the LAN to communicate with each other

� 2 Solutions:

–Using Routers

–Using Switches

Solution using routers

� Divide the LAN into subnets

� Use routers to link subnets

BUT

� Routers are expensive

� Routers are slower than switches

� Subnets are restricted to limited physical areas

� Subnets are inflexible

Solution using VLANs

� VLAN membership can be by function and not by location

� VLANs managed by switches

� Router needed for communication between VLANs

VLANs

� All hosts in a VLAN have addresses in the same subnet. A VLAN is a subnet.

� Broadcasts are kept within the VLAN. A VLAN is a broadcast domain.

� The switch has a separate MAC address table for each VLAN. Traffic for each VLAN is kept separate from other VLANs.

� Layer 2 switches cannot route between VLANs.

VLAN numbers

� VLAN 1: default Ethernet LAN, all ports start in this VLAN.

� VLANs 1002 – 1005 automatically created for Token Ring and FDDI

� Numbers 2 to 1001 can be used for new VLANs

� Up to 255 VLANs on Catalyst 2960 switch

� Extended range 1006 – 4094 possible but fewer features

VLAN information

� VLAN information is stored in the VLAN database.

� vlan.dat in the flash memory of the switch.

Port based

� Each switch port intended for an end device is configured to belong to a VLAN.

� Any device connecting to that port belongs to the port’s VLAN.

� There are other ways to assig VLANs but this is the normal way.

� Ports that link switches can be configured to carry traffic for all VLANs (trunking)

Types of VLANs

� Data or user VLAN

� Voice VLAN

� Management VLAN

� Native VLAN

� Default VLAN

Data VLAN

� Carry files, e-mails, shared application traffic, most user traffic.

� Separate VLAN for each group of users.

Voice VLAN

� Use with IP phone.

� Phone acts as a switch too.

� Voice traffic is tagged, given priority.

� Data not tagged, no priority.

Management VLAN

� Has the switch IP address.

� Used for telnet/SSH or web access for management purposes.

� Better not to use VLAN 1 for security reasons.

Native VLAN

� For backward compatibility with older systems.

� Relevant to trunk ports.

� Trunk ports carry traffic from multiple VLANs.

� VLAN is identified by a “tag” in the frame.

� Native VLAN does not have a tag.

Default VLAN

� VLAN 1 on Cisco switches.

� Carries CDP and STP (spanning tree protocol) traffic.

� Initially all ports are in this VLAN.

� Do not use it for data, voice or management traffic for security reasons.

Static VLAN

� The normal type. Port configured to be on a VLAN. Connected device is on this VLAN.

� VLAN can be created using CLI command, given number and name.

� VLAN can be learned from another switch.

� If a port is put on a VLAN and the VLAN does not exist, then the VLAN is created.

Static VLAN (Port-centric)

� If VLAN 20 did not exist before – then it does now.

Voice VLAN

� Configured for voice VLAN and data VLAN.

Dynamic VLAN

� Not widely used.

� Use a VLAN Membership Policy Server (VMPS).

� Assign a device to a VLAN based on its MAC address.

� Connect device, server assigns VLAN.

� Useful if you want to move devices around.

� Managing broadcast domains with VLANs

Role of VLANs in a Converged Network

Traffic between VLANs

� Layer 2 switch keeps VLANs separate.

� Router can route between VLANs. It needs to provide a default gateway for each VLAN as VLANs are separate subnets.

� Layer 3 switch has a switch virtual interface (SVI) configured for each VLAN. These act like router interfaces to route between VLANs.

Role of Trunking VLANs in a Converged Network

Trunking

� Both switches have the same 5 VLANs.

� Do you have a link for each VLAN?

� More efficient for them to share a link.

Trunking

� Traffic for all the VLANs travels between the switches on a shared trunk or backbone

Role of Trunking VLANs in a Converged Network

Switch Port Trunking Modes

Steps to Configure Trunks and VLANs

Configure trunk port

� Make a port into a trunk port and tell it which VLAN is native.

� SW1(config)#int fa0/1

� SW1(config-if)switchport mode trunk

� SW1(config-if)switchport trunk native vlan 99

� By default native VLAN is 1.

Tag to identify VLAN

� Tag is added to the frame when it goes on to the trunk

� Tag is removed when it leaves the trunk

Frame tagging IEEE 802.1Q

Dest Add Source Add Type/Len Data FCS

Dest Add Source Add Type/Len Data FCSTag

Normal

frame

Add 4-byte tag, recalculate FCS

Tag protocol ID 0x8100

Priority CFI for token ring

VLAN ID 1 - 4096

Native VLAN

� Untagged frames received on a trunk port are forwarded on to the native VLAN.

� Frame received from the native VLAN should be untagged.

� Switch will drop tagged frames received from the native VLAN. This can happen if non-Cisco devices are connected.

Dynamic trunking protocol

Mode trunk

Dynamic auto/des

Mode access

access

trunk

accessDynamic auto

Dynamic auto

trunk Dynamic desirable

Dynamic desirable

Dynamic auto/des

Dynamic desirable

Dynamic auto

trunk

Create a VLAN

� SW1(config)#vlan 20

� SW1(config-vlan)#name Finance

� SW1(config-vlan)#end

� VLAN will be saved in VLAN database rather than running config.

� If you do not give it a name then it will be called vlan0020.

Assign port to VLAN

� SW1(config)#int fa 0/14

� SW1(config-if)#switchport mode access

� SW1(config-if)#switchport access vlan 20

� SW1(config-if)#end

show vlan brief

� List of VLANs with ports

Show commands

� show vlan brief (list of VLANs and ports)

� show vlan summary

� show interfaces vlan (up/down, traffic etc)

� Show interfaces fa0/14 switchport (access mode, trunking)

Remove port from VLAN

� SW1(config)#int fa 0/14

� SW1(config-if)#no switchport access vlan

� SW1(config-if)#end

� The port goes back to VLAN 1.

� If you assign a port to a new VLAN, it is automatically removed from its existing VLAN.

Delete a VLAN

� SW1(config)#no vlan 20

� SW1(config)#end

� VLAN 20 is deleted.

� Any ports still on VLAN 20 will be inactive – not on any VLAN. They need to be reassigned.

Delete VLAN database

� Erasing the startup configuration does not get rid of VLANs because they are saved in a separate file.

� SW1#delete flash:vlan.dat

� Switch goes back to the default with all ports in VLAN 1.

� You cannot delete VLAN 1.

Configure trunk

� SW1(config)#int fa0/1

� SW1(config-if)#switchport mode trunk

� SW1(config-if)#switchport trunk native vlan 99

� SW1(config-if)#switchport trunk allowed vlan add 10, 20, 30

� SW1(config-if)#end

Trunk problems

� Both ends must have the same native VLAN.

� Both ends must be configured with trunking on or so that trunking is negotiated with the other end and comes on.

� Subnetting and addressing must be right.

� The right VLANs must be allowed on the trunk.

Configure VLANs

Troubleshoot Common Software or Hardware Misconfigurations Associated with VLANs

� Use the troubleshooting procedure to fix a common problem with VLAN configurations

Troubleshoot Common Software or Hardware Misconfigurations Associated with VLANs

Summary � VLANS

– Allows an administrator to logically group devices that act as their own network

– Are used to segment broadcast domains

– Some benefits of VLANs include

– Cost reduction, security, higher performance, better management

Summary

� Types of Traffic on a VLAN include

–Data

–Voice

–Network protocol

–Network management

� Communication between different VLANs requires using Routers

� Trunks: A common conduit used by multiple VLANS for intra- VLAN communication

� EEE 802.1Q

–The standard trunking protocol

–Uses frame tagging to identify the VLAN to which a frame belongs

–Does not tag native VLAN traffic