Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Objectives Problems with large LANs VLAN (Virtual LAN) Example

Objectives
VLANs
ƒ
Explain the role of VLANs in a converged network.
ƒ
Explain the role of trunking VLANs in a converged
network.
ƒ
Configure VLANs on the switches in a converged
network topology
topology.
LAN Switching and Wireless – Chapter 3
2
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
1
Cisco Public
Problems with large LANs
VLAN (Virtual LAN)
ƒ A Router is used to reduce the size of broadcast domains
and implement security between workgroups
ƒ A VLAN logically segments a LAN into separate
broadcast domains
ƒ Users are grouped geographically
ƒ VLANs are configured on switches (i.e. layer 2)
ƒ Each switch port is assigned to a VLAN
ƒ Frames can only be switched between ports that
belong to the same VLAN
ƒ A better solution:
ƒ Hence, a broadcast is confined to a single VLAN
ƒ Implement
VLANs on
switches
ƒ The admin configures the same VLANs on each switch
ƒ Each VLAN is identified with a unique number and,
optionally, a name,
3
Example: 3 VLANs on a single switch
e.g. VLAN 1, VLAN 20, VLAN 99, Sales VLAN
4
Example: 3 VLANs on a single switch
ƒ The switch is configured with three VLANs:
10
VLAN 10, VLAN 20, VLAN 30
ƒ Each switch port is assigned to one of these
VLANs
ƒ Each user device is a member of one VLAN,
depending upon which switch port it is
connected to
20
ƒ Change the VLAN membership by connecting
the device to another port, or assigning the port
to another VLAN
30
5
6
1
Example: 3 VLANs on a single switch
Example: 3 VLANs on 3 switches
ƒ If there is no router on the LAN, then traffic
cannot pass between VLANs. All devices can
be on the same IP subnet.
ƒ To communicate between devices on separate
VLANs,, there must be a router on the LAN and
each VLAN must be configured with a different
IP subnet.
ƒ The Router routes packets between the VLANs
and can also implement security (ACLs).
ƒ Instead of a router, you could use a Layer 3
switch.
7
8
Example: 3 VLANs on 3 switches
VLAN ID ranges
ƒ Without VLANs, users are grouped
geographically
ƒ Each VLAN is identified with a number
ƒ With VLANs, users can be grouped logically
ƒ Normal Range VLANs
VLAN ID between 1 and 1005.
Configurations are stored within a VLAN
database file, called vlan.dat, stored in flash.
ƒ All VLANs are implemented across all switches
ƒ If traffic is to be allowed between the VLANs:
The LAN must include a Layer 3 network
device
ƒ Extended Range VLANs
VLAN ID between 1006 and 4094
Intended for ISP use
Support limited features
Each VLAN must use a different IP subnet
ƒ Each VLAN is a separate broadcast domain
9
Default configuration for Cat 2960
Creating a VLAN and assigning ports
Switch#show vlan brief
VLAN Name
Status
Ports
---- --------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
Switch#
ƒ IDs 1002 through 1005 are reserved for Token
Ring and FDDI VLANs.
ƒ VLAN 1 and 1002 through 1005 automatically
created and cannot be deleted or renamed.
10
11
! Create VLANs
vlan 10
name Faculty
vlan 20
name Students
exit
!
! Add ports to the VLANs
int fa0/6
switchport mode access
switchport access vlan 20
int fa0/11
switchport mode access
switchport access vlan 20
int fa0/18
switchport mode access
switchport access vlan 10
exit
ƒ Computers in the
same VLAN must
also be configured
to be in the same
subnet
12
2
Some VLAN terminology
Configuring a Management VLAN
ƒ Data VLAN (or user VLAN)
ƒ The Management VLAN is used to configure the switch
remotely using Telnet or SSH
Can carry only user-generated traffic
ƒ Default VLAN (VLAN 1)
ƒ Whichever VLAN is assigned an IP address
All switch ports become a member of the default
VLAN after the initial boot up of the switch.
ƒ VLAN 1 is often used, but Cisco recommend using
some other VLAN ID for security reasons.
Layer 2 control traffic
traffic, such as CDP and STP traffic
traffic,
uses VLAN 1 - this cannot be changed.
int vlan 99
name Management
ip address 172.17.99.13 255.255.255.0
exit
!
ip default-gateway 172.17.99.1
ƒ Native VLAN
Assigned to an 802.1Q trunk port. Default VLAN 1.
ƒ Management VLAN
Any VLAN you configure to access the management
capabilities of a switch by assigning it an IP address
13
Types of VLAN
14
Connecting switch to switch (backbone)
ƒ Static VLAN
- Ports on a switch are manually assigned to a
VLAN.
ƒ Dynamic VLAN
- Requires a VLAN Membership Policy Server
(VMPS), e.g. CiscoWorks
- Ports assigned to VLANs dynamically, based on the
source MAC address of the device connected to the
port.
ƒ Voice VLAN
- A port is configured to be in voice mode so that it
can support an IP phone attached to it.
15
VLAN Trunks
16
Trunking VLANs
ƒ A port is configured to be in one of two modes:
ƒ Access mode
Belongs to only one VLAN
VLAN Trunk
Connects a user to the switch
S(config if)# switchport mode access
S(config-if)#
ƒ Trunk mode
Connects to another switch or router
Belongs to all VLANs. All frames are sent across
the trunk link (backbone) to other switches
S(conig-if)# switchport mode trunk
17
18
3
Using a Multilayer switch instead of a
Router
Frame tagging
ƒ Each frame is tagged with the VLAN ID as it moves
between switches on the backbone
19
ƒ The VLAN tag is removed before being forwarded to the
destination device
20
Trunking modes
Trunking protocols
ƒ Trunking mode defines how the port negotiates
using DTP to set up a trunk link with its peer port.
There are two trunking protocols:
ƒ Inter-switch link (ISL)
Cisco proprietary, legacy trunking protocol
encapsulation isl
ƒ switchport mode trunk
ƒ 802.1Q trunking protocol
IEEE standard
VLAN ID is added to Ethernet frame header
Called 802.Q1 frame tagging
encapsulation 802.1Q
ƒ switchport mode dynamic auto
The local port is unconditionally in trunking
state.
The local port ends up in trunking state only if
the remote port trunk mode has been
configured to be On or Desirable.
ƒ switchport mode dynamic desirable
ƒ Latest Cisco switches only support 802.1Q
21
Configuring a trunk
Asks the remote switch port to go to the
trunking state
22
Summary - VLANs
ƒ Allows an administrator to logically group devices that
act as their own network
interface f0/1
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan add 10, 20, 30
ƒ Used to segment broadcast domains
ƒ Improves security
ƒ Types of Traffic on a VLAN include
Data
show interfaces fa0/1 switchport
Voice
Network protocol
Network management
ƒ Communication between VLANs requires a Router
23
ƒ Trunks carry all VLAN traffic between switches
24
4
Related documents
Northampton Community College CISC271a – CCNA 3
Northampton Community College CISC271a – CCNA 3
Packet Tracer 4.0 Activity: VLAN Trunking Objective Connect hosts
Packet Tracer 4.0 Activity: VLAN Trunking Objective Connect hosts
LAB 4
LAB 4
ESwitching_PTAct_3_5_2
ESwitching_PTAct_3_5_2
Procedural Lab Template, Student Version, Required Components
Procedural Lab Template, Student Version, Required Components
Creating VLANs and Assigning Ports to VLANs on CAT 1900 and
Creating VLANs and Assigning Ports to VLANs on CAT 1900 and
Developing a Remote Laboratory
Developing a Remote Laboratory
Configuring VLANs on a Cisco Catalyst Switch
Configuring VLANs on a Cisco Catalyst Switch
(Cheat Sheet
(Cheat Sheet
Download