Computer Networking Macedonia VLAN’s, VTP, InterVLAN Routing, (And if there is enough time - STP)

Presenter Delyan Genkov, PhD, Principal Assistant Professor at Technical University of Gabrovo, Bulgaria CCNA, CCNP, CCAI, CCSI#33190 Working at Lirex BG Ltd – Gold Cisco Partner Instructor and Main Contact in the first Bulgarian Cisco Networking Academy since

VLAN Virtual Local Area Networks Main goal – to divide the network into smaller parts

Why to divide a LAN? Benefits:  Decreases unnecessary traffic  Limits broadcasts  Allows the network to grow  Increases security Drawbacks  More complicated and expensive devices  More administrator’s knowledge required

Traditional network division Depends on geographic locations (Sometimes) requires more router interfaces Do not allows movement

VLAN division Position independent Allows easy movement Increases security (if properly configured) May use one or more router interfaces

Two or more VLANs on a single switch? Possible, but not common Functions as two or more separate switches I use this when there are free ports and I need another switch in the same rack The true power is when you use more switches

VLAN’s have Mandatory number (VLAN ID)  1 – 1024 Standard VLANs  1001 – 1024 are reserved  1025 – 4096 – Extended VLANs (SP) Optional name (Default VLAN0001, …) Type (Ethernet) MTU (Typical 1500) and so on.

VLAN tasks Create the VLANs in switch memory Assign ports to VLANs Types of ports:  Access – resides in only one VLAN  Voice VLAN – an additional VLAN for access port  Trunk – allows packets for more than one VLAN

Typical scenario Access ports – connects computers Trunk ports – connects switches Routers?

VLAN Tagging IEEE 802.1q (4bytes) - Standard ISL (30 bytes) – Cisco proprietary IEEE 802.1q preferred Native VLAN – no tag Native VLAN must match in both ends

Tagging and Untagging

Cisco defaults Only VLAN 1 exists All ports are assigned in VLAN 1 All VLANs are allowed on a Trunk (you can change this) Native VLAN on all trunks is VLAN 1 Security recommendation: Do not leave computers in the native VLAN!

Deleting a VLAN If you delete a VLAN and the switch have ports, assigned to it – these ports remains in a non-existing VLAN and are shutdown. The right way is – first to reassign these ports in an existing VLAN, then to delete the VLAN.

VTP VLAN Trunking Protocol – Cisco Proprietary What was the main tasks when you configure VLANs?  Creating VLANs into the switch memory  Assign ports into VLANs VTP can assist you in the first task, but you still have to complete the second task

Imagine a network with 100 switches Instead of logging 100 times in every switch and configure a VLAN, with VTP you can do it on a single switch But be careful – with VTP you can stop the whole network with one command (or even with one connection)

VTP Switch modes Server Client Transparent There must be at least one server, preferably two

Another VTP Parameters VTP Version – 1, 2 or 3 VTP Domain name VTP Password – optional VTP Pruning Configuration Revision

VTP Pruning

VTP Defaults VTP mode: Server VTP Domain Name: null VTP Password: null VTP Version: 1 Configuration Revision: 0

Correct action You configure new VLAN on the server It increases configuration revision All other switches learns for the change All other gets new VLAN information and increases the configuration revision

Incorrect action You have a production and test networks You get a switch from test network and delete all the test VLANs, except VLAN 1 You forgot to reset the configuration revision You connect the new switch to the production network

InterVLAN Routing When you need to pass traffic between VLANs Not necessary in an ISP, probably needed in an organizational network Needs Layer 3 device(s) Normally every VLAN is separate IP network

Three common scenarios Separate interface for every VLAN “Router-on-a-stick” Using a Layer 3 switch

Separate interfaces Router doesn’t have to know IEEE 802.1q Every interface is connected to an access port in correct VLAN Every interface is a Default Gateway for it’s VLAN

Router-on-a-Stick One Routers interface, connected to a trunk port Router must speak 802.1q You must create subinterfaces for every VLAN with an IP address for default gateway The single interface may create bottleneck

Layer 3 switch Uses virtual interfaces There is no practical limitation for VLANs count Most scalable and fastest solution Sometimes may not fulfill all the requirements (i.e. BGP routing with the ISP’s)

Spanning Tree Protocol IEEE 802.1D Enables redundant topologies Blocks the redundant links, enables only one If using for two or more links between two switches, Etherchannel is preferrable But STP allows circular or more complex topologies

Redundant topologies

Broadcast Storm

Spanning Tree Protocol

Избор на Root Bridge

Bridge Identifier (BID) По – малкият идентификатор печели

Link Cost

Port Roles

Port states

Rapid STP (IEEE 802.1w)

Using STP with VLANs MSTP, PVST+, RPVST+