LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.

Slides:



Advertisements
Similar presentations
Virtual Trunk Protocol
Advertisements

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Virtual LANs.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
VLAN Trunking protocol- Chapter 4
1 27-Jun-15 S Ward Abingdon and Witney College VLAN Trunking protocol CCNA Exploration Semester 3 Chapter 4.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
Virtual LANs. VLAN Overview Segmentation Flexibility Security 3rd floor 2nd floor 1st floor SALESHRENG A VLAN = A broadcast domain = Logical network (subnet)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
VLAN Trunking Protocol
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.
VLAN Trunking Protocol (VTP)
Building Cisco Multilayer Switched Networks (BCMSN)
VLAN Trunking Protocol (VTP)
Chapter 9 Virtual LANs (VLANs). Setup 1 Setup 2.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2002, Cisco Systems, Inc. All rights reserved..
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs.
VTP VLAN Trunking Protocol Create once and send to the other switches.
Switching Basics and Intermediate Routing CCNA 3 Chapter 8.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Switching Topic 2 VLANs.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Virtual Local Area Networks (VLANs) Part II
Switching Topic 3 VTP. Agenda VTP basics Components Frames and advertisements Domains and revision numbers VTP operations VTP pruning VTP issues.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 VLAN Trunking Protocol Cisco Networking Academy.
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
W&L Page 1 CCNA CCNA Training 2.5 Describe how VLANs create logically separate networks and the need for routing between them Jose Luis.
VLAN Trunking Protocol
Unit 9 LANs Chapters NT2640.U9.PS1
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
VLAN Trunking Protocol (VTP)
Cisco 3 - Switch Perrine. J Page 12/4/2016 Chapter 9 Which protocol is Cisco proprietary and designed to carry traffic from multiple VLANs? A Q.
1 15-Mar-16 VLAN Trunking protocol CCNA Exploration Semester 3 Chapter 4.
Presented BY Kanav Dev Singh B.Tech I.T (8 Th sem)
VTP VLAN Trunking Protocol Create once and send to the other switches. VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition,
Exploration 3 Chapter 4. What is VTP? VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Instructor Materials Chapter 2: Scaling VLANs
Chap 4 – Implement VTP Learning Objectives
Switching and VLANs.
© 2002, Cisco Systems, Inc. All rights reserved.
Switching and VLANs.
Instructor Materials Chapter 6: VLANs
VLAN Trunking Protocol
Introduction to Networking
Chapter 2: Scaling VLANs
VLAN Trunking Protocol
Routing and Switching Essentials v6.0
Switching and VLANs.
Chapter 3: Implementing VLAN Security
Chapter 2: Scaling VLANs
Presentation transcript:

LAN Switching Virtual LANs

Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected devices that when any of the devices sends a broadcast frame, all the other devices get a copy of the frame Without VLANs, a switch considers all its interfaces to be in the same broadcast domain

Network with Two VLANs

Reasons for separating hosts into different VLAN To create more flexible designs that group users by department, or by groups that work together, instead of by physical location To segment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch To enforce better security by keeping hosts that work with sensitive data on a separate VLAN To separate traffic sent by an IP phone from traffic sent by PCs connected to the phones

Trunking

ISL and 802.1Q Inter-Switch Link (ISL) IEEE 802.1Q Trunking protocols provide several features, most importantly that they define headers, which identify the VLAN ID.

ISL ISL is Cisco proprietary, it can be used only between two Cisco switches that support ISL. Some newer Cisco switches do not support ISL, instead supporting only 802.1Q ISL Header

IEEE 802.1Q 802.1Q is the more popular trunking protocol 802.1Q does not actually encapsulate the original frame in another Ethernet header and trailer. Instead, 802.1Q inserts an extra 4-byte VLAN header into the original frame’s header

ISL and 802.1Q Compared Both trunking protocols support the same number of VLANs (4094) VLAN IDs 1–1005 are considered to be normal range VLANs, whereas values higher than 1005 are called extended range One final key difference between ISL and 802.1Q relates to a feature called the native VLAN Q defines one VLAN on each trunk as the native VLAN, whereas ISL does not use the concept

IP Subnets and VLANs All the devices in a VLAN need to be in the same subnet Devices in different VLANs need to be in different subnets As with all IP subnets, for a host in one subnet to forward packets to a host in another subnet, at least one router must be involved

Routing Between VLANs

VLAN Trunking Protocol (VTP) VLAN Trunking Protocol (VTP) provides a means by which Cisco switches can exchange VLAN configuration information VTP advertises about the existence of each VLAN based on its VLAN ID and the VLAN name VTP does not advertise the details about which switch interfaces are assigned to each VLAN

VTP Server and Client VLAN are created on a switch called a VTP server. The VTP server then distributes VLAN configuration changes through VTP messages, sent only over ISL and 802.1Q trunks VTP servers and clients choose whether to react to a received VTP update and update their VLAN configurations based on whether the VLAN database configuration revision number increases. Each time a VTP server modifies its VLAN configuration, the VTP server increments the current configuration revision number by 1

VTP Update Process

VTP Updates VTP servers and clients also send periodic VTP messages every 5 minutes, in case any newly added switches need to know the VLAN configuration. When a new trunk comes up, switches can immediately send a VTP message asking the neighboring switch to send its VLAN database.

Requirements for VTP Requirements for VTP to Work Between Two Switches: – The link between the switches must be operating as a VLAN trunk (ISL or 802.1Q) – The two switches’ case-sensitive VTP domain name must match – If configured on at least one of the switches, the two switches’ case-sensitive VTP password must match

VTP domain The VTP domain name provides a design tool by which engineers can create multiple groups of VTP switches, called domains, whose VLAN configurations are autonomous. To do so, the engineer can configure one set of switches in one VTP domain and another set in another VTP domain Switches in the different domains will ignore each other’s VTP messages. VTP domains allow engineers to break up the switched network into different administrative domains. For example, in a large building with a large IT staff, one division’s

VTP Transparent Mode Transparent mode gives a switch autonomy from the other switches VTP transparent mode switches can configure VLANs. However, unlike servers, transparent mode switches never update their VLAN databases based on incoming VTP messages

Storing VLAN Configuration When VTP clients and servers store VLAN configuration—specifically, the VLAN ID, VLAN name, and other VTP configuration settings—the configuration is stored in a file called vlan.dat in flash memory Cisco IOS does not put this VLAN configuration in the running-config file or the startup-config file No command exists to view the VTP and VLAN configuration directly; instead, you need to use several show commands to list the information about VLANs and VTP output.

VTP Pruning Cisco switches flood broadcasts in each active VLAN out all trunks However, in most campus networks, many VLANs exist on only a few switches, but not all switches. Therefore, it is wasteful to forward broadcasts over all trunks, causing the frames to arrive at switches that do not have any ports in that VLAN Pruning means that the appropriate switch trunk interfaces do not flood frames in that VLAN

VTP Pruning

Configure a new VLAN To configure a new VLAN, follow these steps: – From configuration mode, use the vlan vlan-id global configuration command to create the VLAN and to move the user into VLAN configuration mode. – (Optional) Use the name name VLAN subcommand to list a name for the VLAN. If not configured, the VLAN name is VLANZZZZ,where ZZZZ is the 4-digit decimal VLAN ID.

Configure a new VLAN To configure a VLAN for each access interface, follow these steps: – Use the interface command to move into interface configuration mode for each desired interface. – Use the switchport access vlan id-number interface subcommand to specify the VLAN number associated with that interface. – (Optional) To disable trunking on that same interface, ensuring that the interface is an access interface, use the switchport mode access interface subcommand.

Vlan Lab

switchport mode

Network with Two Switches and Three VLANs

Trunking Configuration and show Commands

Expected Trunking Operational Mode

Controlling Which VLANs Can Be Supported on a Trunk The allowed VLAN list feature provides a mechanism for engineers to administratively disable a VLAN from a trunk. By default, switches include all possible VLANs (1–4094) in each trunk’s allowed VLAN list switchport trunk allowed vlan {add | all | except | remove} vlan-list switchport trunk allowed vlan except interface subcommand adds VLANs 1 through 99 and 201 through 4094 to the existing allowed VLAN list on that trunk

Switches preventing traffic Switch has other reasons to prevent a particular VLAN’s traffic from crossing a trunk – A VLAN has been removed from the trunk’s allowed VLAN list. – A VLAN does not exist, or is not active, in the switch’s VLAN database (as seen with the show vlan command). – A VLAN has been automatically pruned by VTP. – A VLAN’s STP instance has placed the trunk interface into a state other than a Forwarding State.

VLANs supported over a trunk VLANs in the allowed VLAN list on the trunk VLANs in the previous group that are also configured and active (not shut down) on the switch VLANs in the previous group that are also not pruned and are in an STP Forwarding State

Allowed VLAN List

Allowed VLAN List change

Trunking to Cisco IP Phones

Securing VLANs and Trunking Administratively disable the unused interface, using the shutdown interface subcommand. Prevent trunking from being negotiated when the port is enabled by using the switchport nonegotiate interface subcommand to disable negotiation, or the switchport mode access interface subcommand to statically configure the interface as an access interface. Assign the port to an unused VLAN, sometimes called a parking lot VLAN, using the switchport access vlan number interface subcommand.

Configure VTP Configure the VTP mode using the vtp mode {server | client} global configuration command. Configure the VTP (case-sensitive) domain name using the vtp domain domain-name global configuration command. (Optional) On both clients and servers, configure the same case-sensitive password using the vtp password password-value global configuration command. (Optional) Configure VTP pruning on the VTP servers using the vtp pruning global configuration command. (Optional) Enable VTP version 2 with the vtp version 2 global configuration command.

Verkefni

VTP data Where VTP Clients and Servers Store VLAN- Related Configuration:

Configuring Transparent Mode Configuring VTP transparent mode is simple: Just issue the vtp mode transparent command in global configuration mode. You do not need a domain name or a password.

Determining Why VTP Is Not Currently Working Step 1 Confirm the switch names, topology (including which interfaces connect which switches), and switch VTP modes. Step 2 Identify sets of two neighboring switches that should be either VTP clients or servers whose VLAN databases differ with the show vlan command. Step 3 On each pair of two neighboring switches whose databases differ, verify the following: – a. At least one operational trunk should exist between the two switches (use the show interfaces trunk, show interfaces switchport, or show cdp neighbors command). – b. The switches must have the same (case-sensitive) VTP domain name (show vtp status). – c. If configured, the switches must have the same (case-sensitive) VTPpassword (show vtp password). – d. While VTP pruning should be enabled or disabled on all servers in the same domain, having two servers configured with opposite pruning settings does not prevent the synchronization process. Step 4 For each pair of switches identified in Step 3, solve the problem by either troubleshooting the trunking problem or reconfiguring a switch to correctly match the domain name or password.

VTP Troubleshooting

Spanning Tree Protocol