Presentation is loading. Please wait.

Presentation is loading. Please wait.

Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.

Similar presentations

Presentation on theme: "Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1."— Presentation transcript:

1 Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1

2 Overview : Next Four weeks  Part 1: VLAN design  Cisco design principles  Private VLANs  Part 2: Redundancy at Layer 1 and Layer2  Issues with Redundant Links  Spanning Tree Protocol  RSPT  MST  Part3: High Availability  Etherchannel at layer 2 and layer 3  Part 4: Security at Layer 2

3 Part1 Overview  Extent of VLAN  VLAN concepts  Native VLAN  Untagged Frames  VTP Pruning  DTP  Layer 3 Switching

4 Review: VLANs  Number of VLANs dependent on  traffic patterns,  application types,  segmenting common workgroups,  and network management requirements  Cisco recommends  One-to-one correspondence between VLANs and IP subnets  VLANs not extend beyond the Layer 2 domain of the distribution switch  Keep broadcasts and unnecessary movement of traffic out of the core block  Two major approaches  Local  End-to-End or Campus wide

5 What Is an End-to-End VLAN? 5  Users are grouped into VLANs independent of physical location.  Every VLAN is made available to every access switch across the network.  If users are moved within the campus, their VLAN membership remains the same.  The 80/20 rule  The 20/80 rule 

6 End-to-End or Campus-wide VLANs 6.

7 Geographic or Local VLANs 7.

8 VLAN Types Management VLAN 99 Data VLAN 20 Data VLAN 20 Voice VLAN 30 Voice VLAN 30 Fa0/1 Fa0/4 Fa0/3 Fa0/18 Fa0/6 Data – user data, with the switching block Voice – VoIP telephony Management – device management for administrators Native – supports untagged traffic (802.1q only)

9 Different Native VLANs  A native VLAN mismatch will merge traffic between VLANs.

10 Untagged Frames  Native VLAN frames are carried over the trunk link untagged.  Untagged frames on 802.1Q trunk forwarded to any ports in the native VLAN, which could be a security issue

11 VTP Virtual Trunk Protocol  Centralized VLAN management  VTP server switch propagates VLAN database to VTP client switches  Four modes:  Server: updates clients and servers  Client: receive updates— cannot make changes  Transparent:  V1: let updates pass through  V2: Forwards updates  Off: ignores VTP updates

12 VTP issues: VLANs Disappear from Network VTP Bomb occurs when a VTP Server with a Higher Revision of the VTP Database (Albeit Loaded with Potentially Incorrect Information) Is Inserted into the Production VTP Domain Causing the Loss of VLAN Information on All Switches in That VTP Domain

13 Dynamic Trunk Protocol (DTP) DTP synchronizes the trunking mode on link ends Switchport Mode Trunk permanent trunking mode, regardless of neighbouring interface settings. Switchport Mode Dynamic Desirable – actively tries to convert the port to a trunk if the neighbouring interface is set to trunk, desirable or auto. Switchport Mode Dynamic Auto – port is willing to convert to a trunk if neighbouring interface is set to trunk or desirable. Switchport Nonegotiate – port does not generate DTP frames, and must be manually configured.

14 VTP Pruning Fa0/1 Fa0/2 S1 PC1 VLAN 10 Fa0/11 Fa0/6 PC2 VLAN 20 PC3 VLAN 10 Fa0/18 S2 PC4 VLAN 20 Fa0/11 Fa0/6 PC5 VLAN 20 PC6 VLAN 20 Fa0/18 S3 Fa0/2 Prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. Permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and, hence, prune the VLANs that are not assigned to ports on the remote switch. Pruning is disabled by default. Enabled on server S2(config) # vtp pruning

15 VLAN Design: Best Practices  For the local VLANs model, limit 1-3 VLANs per access switch and limit those VLANs to only a couple access switches and the distribution switches.  Avoid using VLAN 1 as the “blackhole” for all unused ports.  Try to separate voice, data, management, default, and blackhole VLANs  In the local VLANs model, avoid VTP (use transparent mode).  Turn off DTP on trunk ports and configure them manually  Manually configure access ports that are not intended to be trunks by using the switchport mode host command.  disables EtherChannel, disables trunking, and enables PortFast)  Prevent all data traffic from VLAN 1.  Avoid Telnet on management VLANs, use SSH instead.

16 Multilayer Switching  Switch that operates at multiple layers of OSI model: Layer 2 switching Layer 3 switching Layer 4 switching Low latency High-speed scalability Supports QoS Supports VoIP

17 Layer-3 Switch Fa0/1 S2 PC1 (VLAN 10) Fa0/11 PC2 (VLAN 20) PC3 (VLAN 30) Fa0/18 S3S1 Fa0/1 Fa0/6 Fa0/2 Fa0/3 Fa0/1 Fa0/4Fa0/3 Fa0/4 Fa0/2Fa0/3 Some switches can perform Layer 3 functions, replacing the need for dedicated routers to perform basic routing on a network. Multilayer switches are capable of performing inter-VLAN routing. To enable routing functions: VLAN interfaces on the switch need to be configured with the appropriate IP addresses that match the subnet that the VLAN is associated with on the network. The multilayer switch also must have IP routing enabled.

18 Inter VLAN Routing Using L3 Switch Management VLAN 99 Student VLAN 20 Student VLAN 20 Guest VLAN 30 Guest VLAN 30 Fa0/1 Fa0/3 Fa0/18 Fa0/6 SVI VLAN20 SVI VLAN30 SVI VLAN99 Switch Virtual Interface (SVI) is a logical interface configured for a specific VLAN, and is used by layer 3 switches to route between VLANs or to provide IP host connectivity to a switch. S1 VLAN Interfaces – Default Gateway to VLAN 99 – Default Gateway to VLAN 20 – Default Gateway to VLAN 30

19 Layer-3 Switch SVI Configuration Fa0/1 S2 PC1 (VLAN 10) Fa0/11 PC2 (VLAN 20) PC3 (VLAN 30) Fa0/18 S3S1 Fa0/1 Fa0/6 Fa0/2 Fa0/3 Fa0/1 Fa0/4Fa0/3 Fa0/4 Fa0/2Fa0/3 S1(config)#int vlan 10 S1(config-if)#ip add S1(config-if)#int vlan 20 S1(config-if)#ip add S1(config-if)#int vlan 30 S1(config-if)#ip add S1(config)#ip routing S1(config)#exit S1#sh ip route is subnetted, 3 subnets C is directly connected, Vlan10 C is directly connected, Vlan20 C is directly connected, Vlan30 Configure SVI Addresses: Configure Routing:

20 Layer-3 Switch Routed Port Configuration Fa0/1 S2 PC1 (VLAN 10) Fa0/11 PC2 (VLAN 20) PC3 (VLAN 30) Fa0/18 S3S1 Fa0/1 Fa0/6 Fa0/2 Fa0/3 Fa0/1 Fa0/4Fa0/3 Fa0/4 Fa0/2Fa0/3 Configure Routed Port: Fa0/0 R1 Fa0/5 S1(config)#int fa0/5 S1(config-if)#no switchport S1(config-if)#ip add S1(config-if)#no sh S1(config-if)#exit S1(config)#router eigrp 1 S1(config-router)#network Physical switch port with Layer 3 capability Not associated with any VLAN Serves as the default gateway for devices out that switch port Layer 2 port functionality must be removed before it can be configured

21 Next Week  Work posted on web page  Work on your group project

Download ppt "Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1."

Similar presentations

Ads by Google