Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Network Devices

advertisement 
IST 228\Ch6:Virtual LANs (VLANs)
Ethernet Errors and Problems
• Frame size errors
– Short frame
– Long frame
– Jabber
• Collision Errors
–
–
–
–
What percent collision rate is acceptable?
Late collision?
Why late collisions occur? How to prevent them?
Solutions to prevent collisions?
• Broadcasts
– How much broadcast traffic is acceptable?
– How to reduce the amount of broadcast traffic?
1
IST 228\Ch6:Virtual LANs (VLANs)
Ethernet Security Problems
• By default, all users can see all network
devices located on a physical LAN.
• Anyone can observe all network traffic by
plugging a network analyzer into a hub.
2
IST 228\Ch6:Virtual LANs (VLANs)
Solution(s)?
• Securing Switch Ports
– limiting device connections
1900s2(config)#mac-address-table permanent <MAC Address>
e0/7
– limiting communication
1900s2(config)#mac-address-table restricted static <MAC
Address> e0/6 e0/12
– limiting the number of devices
1900s2(config)#interface e/10
1900s2(config-if)#port secure max-mac-count 5
3
IST 228\Ch6:Virtual LANs (VLANs)
Solution(s)?
• Switching Methods
– Cut-Through
– Store-and-Forward
Switches
– Fragment-Free
Switching
– Adaptive Cut-Through
1900s2(config)#switching-mode
store-and-forward
4
IST 228\Ch6:Virtual LANs (VLANs)
5
Solution(s)?
• Use bridges
• Use switches
• Use routers to segment a
network (Collapsed
Backbone Approach)
• Advantages
• Disadvantages
IST 228\Ch6:Virtual LANs (VLANs)
Virtual LANs (VLAN)
• A VLAN is a logical
grouping of network
devices connected to
defined ports on
switches.
• Each VLAN is a
broadcast domain
within a layer-2
switched network,
created by assigning
ports on switches to
different subnetworks.
6
IST 228\Ch6:Virtual LANs (VLANs)
Benefits
•
•
•
•
Simplified Network Management
Broadcast Control
Security
Flexibility and Scalability
– 20% to 40% of the workforce is on move
every year.
– Implementing changes and moves constitutes
23% of the total network administration cost.
7
IST 228\Ch6:Virtual LANs (VLANs)
VLAN Membership
• Static VLANs
– the most secure
• Dynamic VLANs
– use an intelligent software to assign ports.
8
IST 228\Ch6:Virtual LANs (VLANs)
Creating VLANs on Cisco Catalyst 1900
1900s2>enable
1900s2#configure terminal
1900s2(config)#vlan 2 name engineering
1900s2(config)#vlan 3 name marketing
:
:
1900s2(config)#exit
1900s2#show vlan
9
IST 228\Ch6:Virtual LANs (VLANs)
Assigning Ports to VLANs
1900s2(config)#interface e0/2
1900s2(config)#vlan-membership static 2
1900s2(config)#exit
1900s2(config)#interface e0/3
1900s2(config)#vlan-membership static 2
1900s2(config)#exit
:
:
1900s2#show vlan
Use the show vlan [#] command to gather information about a specific vlan.
10
IST 228\Ch6:Virtual LANs (VLANs)
Link Types and Configuration
• Access Links
– A device attached to an access link is unaware of a
VLAN membership.
– Access-link devices cannot communicate with devices
outside their VLAN unless...
• Trunk links
– Switch-to-switch, switch-to-server, or switch-to-router
100- or 1000Mbps links that can carry traffic from
multiple VLANs.
– Five different states you can set for a trunk link:
•
•
•
•
•
Auto
Desirable
Nonegotiate
Off
On
11
IST 228\Ch6:Virtual LANs (VLANs)
Trunk Links
12
IST 228\Ch6:Virtual LANs (VLANs)
Configuration of Trunk links
1900s2#configure terminal
1900s2(config)#interface f0/26
1900s2(config-if)#trunk on
By default, all VLANs are enabled to be routed over this newly configured trunk
link.
1900s2(config-if)#no trunk-vlan 2
You cleared VLAN 7 from the trunk.
1900s2#show trunk a allowed-vlans
13
IST 228\Ch6:Virtual LANs (VLANs)
VLAN Trunk Protocol (VTP)
• Layer 2 messaging protocol
• Manages all changes to the VLANs across
networks.
• Any changes made to a VLAN by an
administrator are automatically propagated
by VTP to all VTP-enabled devices.
• No need for VTP if there is only a single
switch or if all switches are in the same
VLAN.
14
IST 228\Ch6:Virtual LANs (VLANs)
Using VTP
• VTP devices are organized into domains.
• Each domain must have at least one VTP server.
• Each switch can only be in one domain.
1900s2(config)#VTP domain <domain name>
• Three different modes
– Server
– Client
– Transparent
1900s2(config)#VTP client
• VTP Pruning: Reduces the number of VTP
updates that traverse a link. By default, VTP
pruning is disabled on all switches.
1900s2(config)#vtp pruning enable
1900s2(config)#delete vtp
15
IST 228\Ch6:Virtual LANs (VLANs)
Nonswitching Hubs and VLANs
• Considerations to keep in mind when implementing
hubs on a network that employs VLANs:
– If you insert a hub into a port on a switch and then
connect several devices to the hub, all the system attached
to that hub will be in the same VLAN
– If you must move a single workstation that is attached to a
hub with several workstations, you will have to physically
attach the device to another hub or switch ports in order to
change its VLAN assignment
– The more hosts attached at individual switch ports, the
greater the microsegmentation and flexibility the VLAN can
offer
16
IST 228\Ch6:Virtual LANs (VLANs)
Routers and VLANs
• Routers are used with VLANs
– to communicate each other
– to increase security
17
IST 228\Ch6:Virtual LANs (VLANs)
VLAN Identification
•
•
•
•
Inter-Switch Link (ISL)
IEEE 802.1Q
LAN emulation
802.10 (FDDI)
18
Related documents
CCNA3 Skills Exam 2
CCNA3 Skills Exam 2
ILLINOIS CENTRAL COLLEGE
ILLINOIS CENTRAL COLLEGE
The Ethernet Cheat Sheet CLI for determining how the switch is
The Ethernet Cheat Sheet CLI for determining how the switch is
Creating VLANs and Assigning Ports to VLANs on CAT 1900 and
Creating VLANs and Assigning Ports to VLANs on CAT 1900 and
Northampton Community College CISC271a – CCNA 3
Northampton Community College CISC271a – CCNA 3
Slide #9
Slide #9
(Cheat Sheet
(Cheat Sheet
Download
advertisement