Chap 2 - Defining VLANs

8/13/2019 Chap 2 - Defining VLANs

1/28

1Chapter 2

Chapter 2 - Defining VLANsObjectives

Describe issues with 802.1Q Native VLANs andexplain how to resolve those issues.

Describe trunk link problems and explain how to

solve those. Identify common problems with VTP configuration.

Describe best practices for using VTP in the

Enterprise Composite Network Model.


2/28

2Chapter 2

Normal Range VLANs

Used in small- and medium-sized business and enterprise networks.

Identified by a VLAN ID between 1and 1005.

IDs 1002through 1005are reserved for Token Ring and FDDI VLANs.

IDs 1and 1002to 1005are automatically created and cannot be removed.

Configurations are stored within a VLAN database file, called vlan.dat. The

vlan.dat file is located in the flash memory of the switch.

The VLAN trunking protocol(VTP), which helps manage VLAN configurationsbetween

switches, can only learn normal range VLANs and stores them in theVLAN database file.


3/28

3Chapter 2

Extended Range VLANs

Enable service providers to extend theirinfrastructure to a greater number of customers.Some global enterprises could be large enough to needextended range VLAN IDs.

Are identified by a VLAN ID between 1006 and 4094.

Supports fewer VLAN features than normal range

VLANs.Are saved in the running configuration file.

VTP does not learn extended range VLANs.


4/28

4Chapter 2

VLAN Types

Computer

Computer

Computer

ManagementVLAN 99

172.17.99.10/24

DataVLAN 20

172.17.20.22/24

DataVLAN 20

172.17.20.25/24

VoiceVLAN 30

172.17.30.26/24

VoiceVLAN 30

172.17.30.23/24

Fa0/1

Fa0/1

Fa0/4

Fa0/3

Fa0/3Fa0/18 Fa0/18

Fa0/6 Fa0/6

Data user data, with the switching blockVoice VoIP telephonyManagement device management for administratorsNative supports untagged traffic (802.1q only)


5/28

5Chapter 2

VoIP traffic requires:

Assured bandwidth to ensure voice quality

Transmission priority over other types of networktraffic

Ability to be routed around congested areas onthe network

Delay of less than 150 milliseconds (ms) across thenetwork

Voice VLAN


6/28

6Chapter 2

802.1Q Native VLAN Considerations

Native VLAN must match at ends of trunk otherwise frames will leakfrom one VLAN to another it will merge traffic between the mis-

matched VLANs.

By default the native VLAN will be VLAN1 - Avoid using VLAN 1 formanagement purposes.

Eliminate native VLANs from 802.1Q trunks by making the nativeVLAN an unused VLAN.


7/287Chapter 2

802.1Q Tagging

802.1Q does not encapsulate the original frame, but modifies the Ethernettype field by adding a Tag Control Information (TCI) field.

A TCI contains a 12-bit VLAN identifier (VID), uniquely identifying theVLAN to which the frame belongs (4,096 VLANs max, with 0 and 4095reserved).

Because inserting this header changes the frame, 802.1Q encapsulationforces a recalculation of the original FCS field in the Ethernet trailer.


8/288Chapter 2

Inter-switch Link (ISL)

Supports multiple Layer 2 protocols (Ethernet, TokenRing, FDDI, and ATM).

Supports PVST.

Does not use a native VLAN, so it encapsulates everyframe.

Encapsulation process leaves original frames unmodified.


9/289Chapter 2

CDP and Mismatched Native VLANs

Instances where unmatching VLAN IDs are reportedbetween two devices are displayed in the console

In this example, a mismatch is reported on Ethernet1/0 with native VLAN 5 and router1 Ethernet 2/3with native VLAN 27:

%NATIVE_VLAN_MISMATCH: nativeVLAN mismatch discovered onEthernet1/0 (5), with router1Ethernet2/3 (27)


10/2810Chapter 2

Dynamic Trunk Protocol (DTP)

What is DTP?Automates ISL/802.1Q trunkconfiguration

Operates between switches

Does not operate on routers

Not supported on 2900XL or 3500XL

DTP states on ISL/dot1Q trunkingport can be set to:

auto

on

offdesirable

non-negotiate


11/2811Chapter 2

Switchport Mode Access-permanent non-trunking mode,

regardless of neighbouring interface settings.

Switchport Mode Trunkpermanent trunking mode,regardless of neighbouring interface settings.

Switchport Mode Dynamic Desirableactively tries toconvert the port to a trunk if the neighbouring interface isset to trunk, desirable or auto.

Switchport Mode Dynamic Autoport is willing to convertto a trunk if neighbouring interface is set to trunk ordesirable.

Switchport Nonegotiateport does not generate DTPframes, and must be manually configured.

DTP Trunking Modes


12/2812Chapter 2

Resolving Trunk Link Problems

When using DTP, ensure that both ends of the linkare in the same VTP domain.

Ensure that the trunk encapsulation type configuredon both ends of the link is valid.

DTP should be turned off on links where trunking isnot required.

Best practice is to configure trunkand

nonegotiatewhere trunks are required.


13/2813Chapter 2

VLAN Trunking Protocol (VTP)

Before discussing VTP, it is important to understand that VTP is notnecessary in order to configure VLANsor Trunkingon CiscoSwitches.

VTP is a Cisco proprietary protocol that allows VLAN configurationto be consistently maintained across a common administrative

domain.

VTP minimisesthe possible configuration inconsistencies that arisewhen changes are made.

Additionally, VTP reduces the complexity of managing andmonitoring VLAN networks, allowing changes on one switch to bepropagated to other switches via VTP.

On most Cisco switches, VTP is running and has certain defaults

already configured.


14/2814Chapter 2

VTP Operation

Fa0/1

Fa0/1 Fa0/2

S1

Computer

Computer

PC1

172.17.10.21/24

Fa0/11

Fa0/6

Computer

PC2172.17.20.22/24

PC3172.17.30.23/24

Fa0/18S2

Computer

Computer

PC4172.17.10.24/24

Fa0/11

Fa0/6

Computer

PC5172.17.20.25/24

PC6172.17.30.26/24

Fa0/18S3

Fa0/2

Computer

VTP allows a network manager to makes changes on a switch that isconfigured as a VTP server. The VTP server distributes and

synchronizes VLAN information to VTP-enabled switches throughoutthe switched network,

VTP stores VLAN configurations in the VLAN database called vlan.dat.

1. CreateVLAN 40 on

S1 VTPserver

VLAN 40

VLAN 40

2. VTP propagates VLAN 40to S2 & S3 VTP clients


15/2815Chapter 2

Default VTP Configuration

Sh vtp status


16/2816Chapter 2

VTP Domains

S1

S2 S3

S4

S5 S6

cisco2cisco1

VTP allowsseparation of a

network into smallermanagement domainsto help reduce VLANmanagement

Until the VTP domainname is specified,VLANs cannot becreated or modified ona VTP server, and VLAN

information is notpropagated over thenetwork.

VTP D i N P ti


17/2817Chapter 2

VTPAdvert

VTPAdvert

VTP Domain Name Propagation

S1

S2 S3

cisco2

Computer

Server

Client Client

Null0 Null0

Null0

cisco2cisco2

cisco2

1. The network managerconfigures the VTP domainname as cisco2 on the VTPserver switch S1.

2. The VTP server sends out a

VTP advertisement with thenew domain name embeddedinside.

3. The S2 and S3 VTP client

switches update their VTPconfiguration to the newdomain name.


18/2818Chapter 2

VTP Revision Number

The configuration revision number is a 32-bit numberthat indicates the levelof revision for a VTP frame.

The default configuration number for a switch is zero.

Each time a VLAN is added or removed, the configuration revision number isincremented. Each VTP device tracks the VTP configuration revision numberthat is assigned to it.

Note: A VTP domain name change does not increment the revisionnumber. Instead, it resets the revision number to zero.


19/2819Chapter 2

VTP Message Types

Clients request VLANinformation from serversusing the advertisementrequest.

Subset advertisementscontaindetailed information about VLANs andare sent by servers in response to anadvertisement request from a client.

Server and client switchesissue summaryadvertisementsevery 5minutes. Servers informneighbor switches whatthey believe to be thecurrent VTP revisionnumber


20/2820Chapter 2

VTP Operation - Server

VTP servers can create, modify, delete VLAN and VLANconfiguration parameters for the entire domain.

VTP servers save VLAN configuration information in theswitch NVRAM.

VTP servers send VTP messages out to all trunk ports.


21/2821Chapter 2

VTP Operation - Client

VTP clients cannot create, modify, or delete VLAN information.

The only role of VTP clients is to process VLAN changes and send VTPmessages out all trunk ports.

The VTP client maintains a full list of all VLANs within the VTP domain,but it does notstore the information in NVRAM.

Any changes made must be received from a VTP server advertisement.


22/2822Chapter 2

VTP Operation - Transparent

Switches in VTP transparent mode forward VTP advertisements butignore information contained in the message.

A transparent switch will not modify its database when updates arereceived, nor will the switch send out an update indicating a change in its

own VLAN status.

Except for forwarding VTP advertisements, VTP is disabled on atransparent switch.

There is also an off VTP mode in which switches behave the same as in

the VTP transparent mode, except VTP advertisements are notforwarded.

VTP P i


23/2823Chapter 2

VTP Pruning

Fa0/1

Fa0/1 Fa0/2

S1

Computer

Computer

PC1VLAN 10

Fa0/11

Fa0/6

Computer

PC2VLAN 20

PC3VLAN 10

Fa0/18 S2

Computer

Computer

PC4VLAN 20

Fa0/11

Fa0/6

Computer

PC5VLAN 20

PC6VLAN 20

Fa0/18S3Fa0/2

VTP pruning prevents unnecessary flooding of broadcastinformation from oneVLAN across all trunks in a VTP domain.

VTP pruning permits switches to negotiate which VLANs are assigned to ports atthe other end of a trunk and, hence, prune the VLANs that are not assigned toports on the remote switch.

Pruning is disabled by default. VTP pruning is enabled using the vtp pruningglobal

configuration command on the VTP Server.

l VTP h


24/28

24Chapter 2

Implementing VTP in theEnterprise Composite Network Model

Plan VTP domain boundaries.

Have only one or two VTP servers.

Configure a VTP password.

Manually configure the VTP domain name on alldevices.

When setting up a new domainConfigure VTP client switches first so that they participatepassively

When cleaning up an existing VTP domainConfigure passwords on servers first because clients mayneed to maintain current VLAN information until the server

is verified as complete.


25/28

25Chapter 2

Summary

802.1Q native VLAN can cause security issues.

Configure the native VLAN to be an unused VLAN.

Some trunk link configuration combinations can

result in problems on the link. Best practice is to configure trunks statically rather

than with DTP

Misconfiguration of VTP can give unexpected

results.

Make only one or two VTP servers; keep theremainder as clients.


26/28

26Chapter 2

Chapter 2 - Defining VLANsObjectives

Describe issues with 802.1Q Native VLANs andexplain how to resolve those issues.

Describe trunk link problems and explain how to

solve those. Identify common problems with VTP configuration.

Describe best practices for using VTP in theEnterprise Composite Network Model.


27/28

27Chapter 2

Self Check

1. What is the danger of mismatched native VLANs?

2. What is the default native VLAN?

3. In a DTP configuration, what elements determinewhether or not an operational trunk link is formedas well as the type of trunk the link becomes?

4. Name 4 VTP modes and describe their VTP roles.

5. What is a VTP Bomb?


28/28

Any

Questions?

Chap 2 - Defining VLANs

Documents

Transcript of Chap 2 - Defining VLANs