Ch. 3 VLANs (Virtual LANs)w3.ualg.pt/~jjose/cisco/CCNA3/ccna3-ch3.pdf · •VLANs address...
Transcript of Ch. 3 VLANs (Virtual LANs)w3.ualg.pt/~jjose/cisco/CCNA3/ccna3-ch3.pdf · •VLANs address...
Ch. 3 – VLANs (Virtual LANs)
Rick Graziani [email protected] 2
VLAN introduction
• VLANs provide segmentation based on broadcast domains.
• VLANs logically segment switched networks based on the functions,
project teams, or applications of the organization regardless of the
physical location or connections to the network.
• All workstations and servers used by a particular workgroup share the
same VLAN, regardless of the physical connection or location.
.
Rick Graziani [email protected] 3
VLAN introduction
• VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations.
• VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.
• Switches may not bridge any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain.
• Traffic should only be routed between VLANs.
.
Rick Graziani [email protected] 4
Broadcast domains with VLANs and routers
• A VLAN is a broadcast domain created by one or more switches.
• The network design above creates three separate broadcast
domains.
.
Rick Graziani [email protected] 5
VLAN
operation
Two VLANs
� Two Subnets
Switch 1172.30.1.21
255.255.255.0
VLAN 1
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
Important notes on VLANs:
1. VLANs are assigned on the switch port. There is no “VLAN”
assignment done on the host.
2. In order for a host to be a part of that VLAN, it must be assigned an IP
address that belongs to the proper subnet.
Remember: VLAN = Subnet
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
.
Rick Graziani [email protected] 6
Broadcast domains with VLANs and routers
• 1) With or without VLANs. However this can be and example of no VLANS.
• 3) Using VLANs. Switch is configured with the ports on the appropriate VLAN.
• What are the broadcast domains in each?
One link per VLAN or a single VLAN
Trunk (later)
2) With or
without
VLANs
1) With
VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
Rick Graziani [email protected] 7
VLANs Characteristics
Rick Graziani [email protected] 8
Types of Vlans
• Data Vlan - VLAN that is configured to carry only user-
generated traffic.
• Defaut Vlan – Vlan 1, All switch ports become a member
of the default VLAN after the initial boot up of the switch.
• Native Vlan – Vlan 99, A native VLAN is assigned to an
802.1Q trunk port. An 802.1Q trunk port supports traffic
coming from many VLANs.
• Management Vlan - is any VLAN you configure to access
the management capabilities of a switch. VLAN 1 would
serve as the management VLAN if you did not proactively
define a unique VLAN to serve as the management VLAN.
Rick Graziani [email protected] 9
Voice Vlans
• Imagine you are receiving an emergency call and suddenly the quality
of the transmission degrades so much you cannot understand what the
caller is saying. VoIP requires:
– Assured bandwidth to ensure voice quality
– Transmission priority over other types of network traffic
– Ability to be routed around congested areas on the network
– Delay of less than 150 milliseconds (ms) across the network
Rick Graziani [email protected] 10
VLAN operation
• Each switch port can be assigned to a different VLAN.
• Ports assigned to the same VLAN share broadcasts.
• Ports that do not belong to that VLAN do not share these broadcasts.
.
Rick Graziani [email protected] 11
VLAN operation
• Dynamic membership VLANs are created through network management software. (Not as common as static VLANs)
• Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port.
• As a device enters the network, it queries a database within the switch for a VLAN membership.
.
Rick Graziani [email protected] 12
Voice VLAN
• Voice VLAN - A port is configured to be in voice mode so that it can support an IP phone attached to it. Before you configure a voice VLAN on the port, you need to first configure a VLAN for voice and a VLAN for data.
• It is assumed that the network has been configured to ensure that voice traffic can be transmitted with a priority status over the network.
command mls qos trust cos
ensures that voice traffic is
identified as priority traffic.
Rick Graziani [email protected] 13
Layer 3 Forwarding
• SVI (switch virtual interface)
• SVI is a logical interface configured for a specific VLAN.
You need to configure an SVI for a VLAN if you want to
route between VLANs or to provide IP host connectivity to
the switch.
Rick Graziani [email protected] 14
VLAN Tagging
• VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
– Trunk link: As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header.
• This header information designates the VLAN membership of each packet.
• The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address.
• Upon reaching the destination node (Switch) the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device.
• Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications.
• 12 bits of VLAN ID (VID) - VLAN identification numbers; supports up to 4096 VLAN IDs.
.
Rick Graziani [email protected] 15
VLAN Tagging
• VLAN Tagging is used when a single link needs to carry
traffic for more than one VLAN.
No VLAN Tagging
VLAN Tagging
.
Rick Graziani [email protected] 16
VLAN Tagging
• There are two major methods of frame tagging, Cisco proprietary Inter-Switch Link (ISL) and IEEE 802.1Q.
• An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic
• In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and all transmitted packets are sent with an ISL header.
.
Rick Graziani [email protected] 17
DTP
• Dynamic Trunking Protocol (DTP) is a Cisco proprietary
protocol.
• Switches from other vendors do not support DTP.
• DTP is automatically enabled on a switch port when certain
trunking modes are configured on the switch port.
• DTP supports both ISL and 802.1Q trunks.
Rick Graziani [email protected] 18
Trunking Modes
• On (default)
– The command used is switchport mode trunk. The local port is considered to be in an unconditional (always on) trunking state.
• Dynamic auto
– The command used is switchport mode dynamic auto.
• Dynamic desirable
– DTP frames are sent periodically to the remote port. The command used is switchport mode dynamic desirable.
• Turn off DTP
– local port does not send out DTP frames to the remote port. Use the
command switchport nonegotiate.
Rick Graziani [email protected] 19
VLAN Trunks
Rick Graziani [email protected] 20
VLAN Trunks
Rick Graziani [email protected] 21
Vlan Trunks
Rick Graziani [email protected] 22
Creating VLANs
• Assigning access ports (non-trunk ports) to a specific VLAN
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan vlan_number
• Create the VLAN:
Switch#vlan database
Switch(vlan)#vlan vlan_number
Switch(vlan)#exit
.
Rick Graziani [email protected] 23
Creating VLANs
• Assign ports to the VLAN
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
• access – Denotes this port as an access port and not a trunk link (later)
.
Rick Graziani [email protected] 24
VLANs.
Rick Graziani [email protected] 25
Managing Vlans
Rick Graziani [email protected] 26
Configuring Ranges of VLANs
SydneySwitch(config)#interface fastethernet 0/5
SydneySwitch(config-if)#switchport access vlan 2
SydneySwitch(config-if)#exit
SydneySwitch(config)#interface fastethernet 0/6
SydneySwitch(config-if)#switchport access vlan 2
SydneySwitch(config-if)#exit
SydneySwitch(config)#interface fastethernet 0/7
SydneySwitch(config-if)#switchport access vlan 2
vlan 2
.
Rick Graziani [email protected] 27
Deleting VLANs
Switch(config-if)#no switchport access vlan vlan_number
• When a VLAN is deleted, all ports assigned to that VLAN
become inactive. The ports will, however, remain
associated with the deleted VLAN until assigned to a
new VLAN.
.
Rick Graziani [email protected] 28
Manage Ports
Rick Graziani [email protected] 29
Delete VLANS
• no vlan vlan-id to remove VLAN 20
• delete flash:vlan.dat
Rick Graziani [email protected] 30
Configure Trunk
Rick Graziani [email protected] 31
Verify Trunk Configuration
Rick Graziani [email protected] 32
Managing Trunk Configuration