CCNA 3 Module 2 Introduction to Classless Routing
Download
Report
Transcript CCNA 3 Module 2 Introduction to Classless Routing
CCNP 3 v4 Module 2
Defining VLANs
© 2003, Cisco Systems, Inc. All rights reserved.
1
Objectives
• Implementing VLANs
• Supporting Multiple VLANs on a Single
Trunk
• Propagating VLAN info with VTP
© 2003, Cisco Systems, Inc. All rights reserved.
2
Overview
• This module defines the purpose of VLANs and
how VLAN implementation can simplify network
management, troubleshooting and improve
network performance.
• How switches share VLAN database info
• Which VLANs will span the entire campus
network and which VLANs will stay local
• We will look at the difference between access
ports for one VLAN and trunk ports for multiple
VLANs
© 2003, Cisco Systems, Inc. All rights reserved.
3
VLANs in the Campus Network
© 2003, Cisco Systems, Inc. All rights reserved.
4
What is an End-to-End VLAN?
• The term end-to-end VLAN refers to a
single VLAN associated with switch ports
that are widely dispersed throughout an
enterprise network
• Traffic for end-to-end VLANs is carried
over “trunk” links that support multiple
VLANs.
© 2003, Cisco Systems, Inc. All rights reserved.
5
End-to-end VLANs
• An end-to-end VLAN has these characteristics:
– The VLAN is geographically dispersed throughout
the network.
– Users are grouped into the VLAN regardless of
physical location.
– As a user moves throughout a campus, VLAN
membership of that user remains the same.
– Users are typically associated with a given VLAN for
network management reasons.
– All devices on a given VLAN typically have
addresses on the same IP subnet.
© 2003, Cisco Systems, Inc. All rights reserved.
6
End-to-end VLANs
• A VLAN represents a Layer 3 segment, therefore
end-to-end VLANs allow a single Layer 3
segment to be geographically dispersed
throughout the network.
–Remember, 1 VLAN equals 1 IP Subnet
• When implementing end-to-end VLANs make
sure that all switches know of all VLANs.
• VLANs in general also allow for Layer 3 access
control at routed interfaces by way of ACLs.
© 2003, Cisco Systems, Inc. All rights reserved.
7
Local VLANs
© 2003, Cisco Systems, Inc. All rights reserved.
8
What is a Local VLAN?
• In the past, network designers attempted to
implement the 80/20 rule when designing
networks.
–80 percent of traffic was local to the LAN, VLAN or
subnet and 20 percent of traffic was destined to remote
networks
• This paradigm has changed to the 20/80 rule.
–20 percent local and 80 percent remote
• VLANs that have boundaries based upon
campus geography rather than organizational
function are called "local VLANs."
© 2003, Cisco Systems, Inc. All rights reserved.
9
Local VLANs
• Here are some local VLAN characteristics and
usage guidelines:
– Local VLANs should be created with physical
boundaries in mind, rather than job functions of the
users on the end devices.
– Traffic from a local VLAN is routed to reach
destinations on other networks.
– A single VLAN does not extend beyond the Building
Distribution submodule.
– VLANs on a given access switch should not be
advertised to all other switches in the network.
© 2003, Cisco Systems, Inc. All rights reserved.
10
VLAN Configuration Modes
• VLANs are created in either global configuration
or VLAN Database mode on most IOS-software
based switches.
–Global configuration mode is the preferred method
since it is more familiar and Database mode is being
deprecated.
• In VLAN configuration mode a the VTP revision
number is incremented every time you create or
delete a VLAN.
• VLAN Database mode is session based and
increments the VTP revision number by one no
matter how many VLANs you create or destroy!
© 2003, Cisco Systems, Inc. All rights reserved.
11
Global vs. Database Mode
© 2003, Cisco Systems, Inc. All rights reserved.
12
VLAN Database Mode Warning
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
VLAN 2 added:
Name: VLAN0002
Switch(vlan)#abort
Aborting....
Switch(vlan)#vlan 2
VLAN 2 added:
Name: VLAN0002
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#
From VLAN database mode you can either:
•exit
•apply
•abort
When you abort no changes are made
© 2003, Cisco Systems, Inc. All rights reserved.
13
What are VLAN Access Ports?
• To associate a device with a VLAN, the
switchport the device connects to must be
associated with a single VLAN.
–This is an “access port”
• Switchports can statically be assigned to a VLAN
via the ‘switchport mode access’ command or
dynamically assigned to a VLAN based on the
MAC address that will connect to that switchport
• In order to assign dynamic VLANs, switch query
a VLAN Membership Policy Server (VMPS) which
has a database of MAC addresses and their
associated VLANs.
–This is also know as static vs. dynamic VLANs
© 2003, Cisco Systems, Inc. All rights reserved.
14
Access Ports and Trunk Ports
Access port
Trunk ports
© 2003, Cisco Systems, Inc. All rights reserved.
Trunk ports
15
Benefits of Local VLANs
• Local VLANs are part of the Enterprise
Composite Model design.
• VLANs used at the Access layer should
extend no further then their associated
distribution switch.
• Access control mechanisms
© 2003, Cisco Systems, Inc. All rights reserved.
16
Benefits of Local VLANs
•
Implementing the Enterprise Composite Model
using local VLANs provides the following
benefits:
– Deterministic traffic flow: The simple layout provides
a predictable Layer 2 and 3 traffic path.
– Finite failure domain: The number of devices per
VLAN is kept small
– High availability: Local VLAN traffic can be passed to
multiple distribution layer switches
– Ease of Management: Local VLANs, typically
confined to the Building Access submodule and with
DHCP, machines can easily be moved from VLAN to
VLAN.
© 2003, Cisco Systems, Inc. All rights reserved.
17
VLAN Implementation Commands
Switch# config t
Switch(config)#interface range fa0/1 - 8
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
Switch(config-if-range)#exi
Switch(config)#interface range fa0/9 - 16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
Switch(config-if-range)#exi
Switch(config)#int fa0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exi
Switch(config)#exi
Switch#show run
Switch#show vlan
© 2003, Cisco Systems, Inc. All rights reserved.
18
Six Steps to VLAN Configuration
© 2003, Cisco Systems, Inc. All rights reserved.
19
What is a VLAN Trunk?
© 2003, Cisco Systems, Inc. All rights reserved.
20
VLAN Trunking Protocols
•
•
•
A special protocol is required to establish a trunk link
between two devices. A trunk link may exist between these
devices:
– Two switches
– A switch and a router
– A Switch and a trunk capable NIC
VLAN trunking protocols:
– IEEE 802.1q
– Cisco Inter Switch Link (ISL)
If a single physical link carries traffic for multiple VLANs,
each frame must be "marked" with a VLAN ID.
– This VLAN ID is stripped before the frame is passed to an
access port
© 2003, Cisco Systems, Inc. All rights reserved.
21
Comparison of Trunking Protocols
In 802.1Q, a 4 byte tag is inserted into the existing frame, in ISL
the entire frame is encapsulated with an additional 30 byte header.
http://www.cisco.com/en/US/tech/tk389/tk390/technologies_tech_note09186a0080094665.shtml
© 2003, Cisco Systems, Inc. All rights reserved.
22
ISL Encapsulation
• ISL only supports up to 1024 VLANs
• ISL adds an additional 30 bytes to the frame
• Cisco proprietary
© 2003, Cisco Systems, Inc. All rights reserved.
23
ISL Frame
© 2003, Cisco Systems, Inc. All rights reserved.
24
IEEE 802.1Q Encapsulation
• Like ISL, 802.1Q is a protocol used to
allow a single physical link to carry traffic
for multiple VLANs.
• It is the IEEE standard VLAN trunking
protocol.
• Rather than encapsulating the original
Layer 2 frame entirely, 802.1Q inserts a tag
into the original Ethernet header and
recalculates the FCS.
© 2003, Cisco Systems, Inc. All rights reserved.
25
802.1Q Trunk Links
© 2003, Cisco Systems, Inc. All rights reserved.
26
IEEE 802.1Q Frame
© 2003, Cisco Systems, Inc. All rights reserved.
27
Additional Benefits of 802.1Q
•
Some additional benefits of the 802.1Q protocol are:
– Support for Ethernet and Token Ring
– Support for 4096 VLANs
– Support for Common Spanning Tree (CST), Multiple
Spanning Tree (MST) and Rapid Spanning Tree (RST)
– Point-to-multipoint topology support
– Support for untagged traffic over the trunk link via Native
VLAN
– Extended quality of service (QoS) support (802.1p)
– Growing standard for IP Telephony links
© 2003, Cisco Systems, Inc. All rights reserved.
28
802.1Q Native VLAN
• 802.1Q trunk ports tag all egress frames except those from
the native VLAN
• 802.1Q does not tag frames on the native VLAN and
considers all untagged frames as belonging to the native
VLAN.
• When configuring an 802.1Q trunk, a matching, native VLAN
must be defined on each end of the trunk link.
• Frames destined to the same VLAN as the source VLAN are
not tagged
© 2003, Cisco Systems, Inc. All rights reserved.
29
Dynamic Trunking Protocol
• Catalyst switch ports run Dynamic Trunking
Protocol (DTP) that can automatically negotiate a
trunk link.
–This is a Cisco proprietary protocol
• DTP can determine an operational trunking mode
and protocol on a switch port when connected to
another device that is also capable of dynamic
trunk negotiation.
© 2003, Cisco Systems, Inc. All rights reserved.
30
DTP Trunking Modes
© 2003, Cisco Systems, Inc. All rights reserved.
31
Switchport Trunk Commands
© 2003, Cisco Systems, Inc. All rights reserved.
32
Configuring a Trunk Port
Trunk Port on a 3550/3560:
Switch(config)#int fa0/24
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not
be configured to "trunk" mode.
Switch(config-if)#switchport trunk encaps
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport trunk native vlan 10
Switch(config-if)#switchport nonegotiate
Switch(config-if)#
The 3550 is capable of both ISL and 802.1Q so the encapsulation must be set
before the switchport will trunk.
The ‘switchport nonegotiate’ turns off DTP on that port
© 2003, Cisco Systems, Inc. All rights reserved.
33
Configuring a Trunk Port
© 2003, Cisco Systems, Inc. All rights reserved.
34
Verifying Trunking
© 2003, Cisco Systems, Inc. All rights reserved.
35
Resolving Trunk Link Problems
•
If a problem exists with a trunk link, or if a trunk
link cannot be established, check the following:
– Verify that the interface mode configured on both
ends of the link is identical or valid for negotiated
links. The interface mode should be trunk, dynamic,
or nonegotiate.
– Verify the trunk encapsulation type configured on
both ends of the link is valid and compatible.
– For 802.1Q links, verify that the native VLAN is the
same on both ends of the trunk
© 2003, Cisco Systems, Inc. All rights reserved.
36
VTP Domains
• The list of VLANs in an enterprise must be
consistent across all switches that are
going to pass traffic for those VLANs.
• The VLAN Trunking Protocol (VTP) is
designed to automate this administrative
task.
© 2003, Cisco Systems, Inc. All rights reserved.
37
VTP Domains
© 2003, Cisco Systems, Inc. All rights reserved.
38
VTP Domain Attributes
• These are the attributes of a VTP Domain:
1. A switch may be in only one VTP domain.
2. A VTP domain may be as small as only one switch.
3. VTP updates will be exchanged only with other
switches in the same domain.
4. The way VLAN information is exchanged between
switches in the same domain depends upon the VTP
mode of the switch.
5. By default, a Catalyst switch is in the nomanagement-domain state until it receives an
advertisement for a domain over a trunk link, or until
a management domain is configured.
© 2003, Cisco Systems, Inc. All rights reserved.
39
VTP Domains
• Switches in a single VTP domain exchange VTP
updates to distribute and synchronize VLAN
information
–VTP ensures that all switches see VLAN changes
within the VTP domain
• VTP runs over trunk links between switches
allowing interconnected switches to exchange
layer 2 frames, synchronizing a single list of
configured VLANs.
© 2003, Cisco Systems, Inc. All rights reserved.
40
VTP Modes
© 2003, Cisco Systems, Inc. All rights reserved.
41
VTP Operation
© 2003, Cisco Systems, Inc. All rights reserved.
42
Naming a VTP Domain
Switch#config t
VTP domain names are case sensitive
Switch(config)#vtp domain CCSF
Changing VTP domain name from ccsf to CCSF
Switch(config)#vtp domain CCSF
When a VTP Domain is renamed, the
Switch#sh vtp status
VTP revision number is reset to zero
VTP Version
:2
Configuration Revision
:0
Maximum VLANs supported locally : 1005
Number of existing VLANs
:8
VTP Operating Mode
: Server
VTP Domain Name
: CCSF
VTP Pruning Mode
: Enabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x92 0x0E 0xD6 0x5D 0x44 0x9D 0x09 0x0C
Configuration last modified by 0.0.0.0 at 3-1-93 02:03:54
Local updater ID is 0.0.0.0 (no valid interface found)
© 2003, Cisco Systems, Inc. All rights reserved.
43
Best Practices – VTP Domains
• Plan boundaries for the VTP domain; not all switches in the network need
information on all VLANs in the network. In the Enterprise Composite
model the VTP domain should be isolated to redundant distribution
switches and the access switches they serve.
• Have only one or two switches specifically configured as VTP servers and
the remainder as clients.
• Manually configure VTP on all switches installed in the network so the
mode can be specified and the default mode of server on all switches can
be overwritten.
• Configure a password so that no switch can join the VTP domain with
domain name only (which can be derived dynamically).
• When setting up a new domain, configure VTP client switches first so they
participate passively then configure servers to update client devices.
• In an existing domain, if performing VTP cleanup, configure passwords on
servers first. Clients may need to maintain current VLAN information until
server contains a complete VLAN database. Once the VLAN database on
the server is verified as complete, then client passwords can be configured
to be the same as the servers. Clients will then accept updates from the
server.
© 2003, Cisco Systems, Inc. All rights reserved.
44
Adding a Switch to a VTP Domain
• When you add a switch to a VTP domain,
make sure that it’s VTP revision number is
set to zero to ensure that the new switch
will not update the existing switches!
• Rename the VTP domain (twice).
• Possibly change it’s VTP mode to “Client”
© 2003, Cisco Systems, Inc. All rights reserved.
45
‘show vtp counters’
Note the trunk at the bottom
of the output
© 2003, Cisco Systems, Inc. All rights reserved.
46