VLANs Module 2. 2 VLANs VLANs Trunking VLAN Trunking Protocol (VTP)

VLANsVLANs

Module 2Module 2

2

VLANs

VLANsTrunkingVLAN Trunking Protocol (VTP)

3

VLANs

4

VLANs and Physical Boundaries

5

VLANs

Virtual LANs segment a switched network based on Organisation function, project teams, applications (end-to-end)Or Geographic, location (local vlans)Reconfiguration through softwareBroadcast domain existing within a defined no. of switches

6

VLANs control broadcasts

7

When NOT to VLAN

8

Types of VLANs

When scaling VLANs in the switch block, there are two basic methods of defining the VLAN boundaries:End-to-end VLANs

(no longer recommended by Cisco due to management and STP concerns , goal is maintain 80% of traffic on end-to-end VLAN, old 80/20 rule)

Local VLANs (generally geographic in nature – follow the 20/80

rule)

9

End to End VLANs

10

End-to-End VLANs

11

Local/Geographical VLANs

12

VLAN Types

The two common approaches to assigning VLAN Membership are:Static VLANs

Port based – VLAN assigned to port

Dynamic VLANsCreated & controlled via S/W packages CW2000, VLAN

Management Policy Server VMPS

13

Static VLANs

14

Dynamic VLAN

15

show vlan

CIS-2900-ServerFarm>show vlanVLAN Name Status Ports---- -------------------------------- --------- -----------------1 default active2 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active10 VLAN0010 active50 SeverFarm active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, <output omitted) Fa0/21, Fa0/221002 fddi-default active<text omitted>

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0<Text omitted>

16

show vlan brief

CIS-2900-ServerFarm>show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -----------------

1 default active

2 VLAN0002 active

3 VLAN0003 active

4 VLAN0004 active

5 VLAN0005 active

10 VLAN0010 active

50 SeverFarm active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

<output omitted)

Fa0/21, Fa0/22

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

17

show run

Switch# show running-config!interface FastEthernet0/1 switchport access vlan 50!interface FastEthernet0/2 switchport access vlan 50!interface FastEthernet0/3 switchport access vlan 50!interface FastEthernet0/4 switchport access vlan 50

18

VLANs

• VLANs

• Trunking

• VLAN Trunking Protocol (VTP)

19

Trunking

20

Access and Trunk Links

21

Trunk Links

Without trunking

With trunking

22

ISL (Frame Encapsulation)

Ethernet Frame1500 bytes plus 18 byte header

(1518 bytes)

Standard NIC cards and networking devices don’t understand this giant frame. A Cisco switch must remove this encapsulation before sending the frame out on an access link.

23

2-byte TPID

2-byte TCI

802.1q

SA and DA MACs

SA and DA MACs

802.1q Tag

Type/Length Field

Data (max 1500 bytes)

CRCNewCRC

NIC cards and networking devices can understand this “baby giant” frame (1522 bytes). However, a Cisco switch must remove this encapsulation before sending the frame out on an access link.

Tag Protocol Identifier

Tag Control Info (includes VLAN ID)

24

Trunking

• Before attempting to configure a VLAN trunk on a port, you should to determine what encapsulation the port can support.

switch(config-if)# switchport trunk encapsulation ?

25

Trunking

A trunk is a point-to-point link between:Two switchesA switch and a router

Trunks carry traffic of multiple VLANs Cisco supports one or both of these

Trunking protocols:IEEE 802.1Q (dot1q)ISL (Cisco proprietary)

26

Configuring Trunking

Switch(config)# interface fastethernet 0

Switch(config-if)# switchport mode [access | multi | trunk]

Switch(config-if)# switchport trunk encapsulation {isl|dot1q}

Switch(config-if)# switchport trunk allowed vlan remove vlan-list

Switch(config-if)# switchport trunk allowed vlan add vlan-list

• By default, all VLANS, 1-1005 transported automatically

27

Router

interface FastEthernet0/1.1 encapsulation dot1Q 1 ip address 172.30.1.1 255.255.255.0 ip access-group 100 in ip helper-address 172.30.50.50 no ip directed-broadcast!interface FastEthernet0/1.2 encapsulation dot1Q 2 ip address 172.30.2.1 255.255.255.0 ip access-group 102 in ip helper-address 172.30.50.255 ip helper-address 172.30.50.10

no ip directed-broadcast

28

VLANs

• VLANs

• Trunking

• VLAN Trunking Protocol (VTP)

29

VTP

30

VLAN Trunking Protocol

• VTP maintains VLAN configuration consistency across the entire network.

• VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis.

• Further, VTP allows you to make centralized changes that are communicated to all other switches in the network.

31

VTP

• Create VLANs on the VTP Server

• Those VLANs get sent to other client switches

• On the client switches, you can now assign ports to those vlans.

• Cannot create vlans on the client switches like you could previously before configuring the switch to be a VTP client.

32

VTP

• All switches in the same management domain share their VLAN information with each other, and a switch can participate in only one VTP management domain.

• Switches in different domains do not share VTP information.

• Using VTP, switches advertise: – Management domain – Configuration revision number – Known VLANs and their specific parameters

33

VTP

• Switches can be configured not to accept VTP information.

• These switches will forward VTP information on trunk ports in order to ensure that other switches receive the update, but the switches will not modify their database, nor will the switches send out an update indicating a change in VLAN status. – This is referred to as transparent mode.

34

VTP

• By default, management domains are set to a nonsecure mode, meaning that the switches interact without using a password.

• Adding a password automatically sets the management domain to secure mode. – A password must be configured on every

switch in the management domain to use secure mode.

35

VTP

• The VTP database contains a revision number.

• Each time a change is made, the switch increments the revision number

36

VTP

• A higher configuration revision number indicates that the VLAN information that is being sent is more current then the stored copy.

• Any time a switch receives an update that has a higher configuration revision number, the switch will overwrite the stored information with the new information being sent in the VTP update.

37

VTP Modes

• Switches can operate in any one of the following three VTP modes: – Server– Client– Transparent

38

VTP Modes

• Server - If you configure the switch for server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain.

• VTP servers:– advertise their VLAN configuration to other switches

in the same VTP domain– synchronize the VLAN configuration with other

switches based on advertisements received over trunk links.

– Recommended you have at least 2 VTP servers in case one goes down

• This is the default mode on the switch.

39

VTP Modes

• Client - VTP clients behave the same way as VTP servers. However, you cannot create, change, or delete VLANs on a VTP client.

40

VTP Modes

• Transparent - VTP transparent switches do not participate in VTP.

• A VTP transparent switch does not advertise its VLAN configuration, and does not synchronize its VLAN configuration based on received advertisements.– However, in VTP Version 2, transparent

switches do forward VTP advertisements that the switches receive out their trunk ports.

41

Configuring VTP

Switch# vlan database

Switch(vlan)# vtp domain domain-name

Switch(vlan)# vtp {server | client | transparent}

Optional:

Switch(vlan)# vtp password password

Switch(vlan)# vtp v2-mode (version2)

Example:

ALSwitch# vlan database

ALSwitch(vlan)# vtp domain corp

ALSwitch(vlan)# vtp client

42

Summary

• VLANs

• Trunking

• VLAN Trunking Protocol (VTP)