VLANs - Askgeoff.org.uk
Download
Report
Transcript VLANs - Askgeoff.org.uk
Chap 3 – Virtual LANs (VLANs)
Learning Objectives
•
•
•
•
Explain the role of VLANs in a converged
network.
Explain the role of trunking VLANs in a
converged network.
Configure VLANs on the switches in a
converged network topology.
Troubleshoot the common software or
hardware mis-configurations associated with
VLANs on switches in a converged network
topology.
1
Chapter 3
Introduction to VLANs
Traditional LAN Segmentation Virtual LAN Segmentation
2
Chapter 3
VLANs – Broadcast Domains
Broadcast Broadcast Broadcast
Domain
Domain
Domain
3
Chapter 3
VLANs – Broadcast Domains
4
Chapter 3
Advantages of VLANs
•
•
•
•
Security - Groups that have sensitive data can be
separated from the rest of the network.
Cost reduction - Cost savings result from more efficient
use of existing bandwidth and uplinks.
Higher performance - reduces unnecessary traffic on
the network, boosting performance.
Improved IT staff efficiency - VLANs make it easier to
manage the network because users with similar network
requirements share the same VLAN.
5
Chapter 3
VLANs – Broadcast Domains
VLAN implementation on a switch causes certain actions
to occur:
•The switch maintains a separate bridging table for each
VLAN.
•If the frame comes in on a port in VLAN 1, the switch
searches the bridging table for VLAN 1.
•When the frame is received, the switch adds the source
MAC address to the bridging table if it is currently
unknown.
•The destination is checked so a forwarding decision can
be made.
•For learning and forwarding, the search is made against
the address table for that VLAN only.
6
Chapter 3
Normal Range VLANs
•
•
•
•
•
•
Used in small- and medium-sized business and enterprise
networks.
Identified by a VLAN ID between 1 and 1005.
IDs 1002 through 1005 are reserved for Token Ring and
FDDI VLANs.
IDs 1 and 1002 to 1005 are automatically created and
cannot be removed.
Configurations are stored within a VLAN database file,
called vlan.dat. The vlan.dat file is located in the flash
memory of the switch.
The VLAN trunking protocol (VTP), which helps manage
VLAN configurations between switches, can only learn
normal range VLANs and stores them in the VLAN database
file.
7
Chapter 3
Extended Range VLANs
•Enable service providers to extend their
infrastructure to a greater number of customers.
Some global enterprises could be large enough to need
extended range VLAN IDs.
•Are identified by a VLAN ID between 1006 and 4094.
•Supports fewer VLAN features than normal range
VLANs.
•Are saved in the running configuration file.
•VTP does not learn extended range VLANs.
8
Chapter 3
VLAN Types
•A data VLAN is a VLAN that is configured to carry only
user-generated traffic. A VLAN could carry voice-based
traffic or traffic used to manage the switch, but this
traffic would not be part of a data VLAN.
Management
VLAN 99
172.17.99.10/24
Computer
Fa0/4
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
Fa0/18
Computer
Computer
Fa0/6
9
Fa0/3
Fa0/1 Fa0/3
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
VLAN Types
•The default VLAN for Cisco switches is VLAN 1. VLAN
1 has all the features of any VLAN, except that it
cannot be renamed or deleted. Layer 2 control traffic,
such as CDP and spanning tree protocol traffic, will
always be associated with VLAN 1 - this cannot be
changed.
Management
VLAN 99
172.17.99.10/24
It is a security best practice
to change the default VLAN
to a VLAN other than VLAN 1
Computer
Fa0/4
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
Fa0/18
Computer
Computer
Fa0/6
10
Fa0/3
Fa0/1 Fa0/3
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
VLAN Types
•A native VLAN is assigned to an 802.1Q trunk port. An
802.1Q trunk port supports traffic coming from many
VLANs (tagged traffic) as well as traffic that does not
come from a VLAN (untagged traffic).
Management
VLAN 99
172.17.99.10/24
•Trunks are used to allow the
same VLAN to span different
switches
Computer
Fa0/4
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
Fa0/18
Computer
Computer
Fa0/6
11
Fa0/3
Fa0/1 Fa0/3
•A native VLAN serves as a
common identifier on opposing
ends of a trunk link
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
VLAN Types
•A management VLAN is any VLAN configured to access the
management capabilities of a switch. VLAN 1 would serve as
the management VLAN if you did not proactively define a
unique VLAN to serve as the management VLAN.
Management
VLAN 99
172.17.99.10/24
Computer
Fa0/4
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
Fa0/18
Computer
Computer
Fa0/6
12
Fa0/3
Fa0/1 Fa0/3
•Default configuration of a
Cisco switch has VLAN 1 as the
default VLAN - bad choice, as
arbitrary users could then
attempt to access the switch
IOS.
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
Voice VLAN
VoIP traffic requires:
•
•
•
•
Assured bandwidth to ensure voice quality
Transmission priority over other types of network
traffic
Ability to be routed around congested areas on
the network
Delay of less than 150 milliseconds (ms) across
the network
13
Chapter 3
Voice VLAN
•
The Cisco IP Phone contains an integrated three-port 10/100
switch, providing dedicated connections to:
1.
Port 1 connects to the switch or other voice-over-IP (VoIP)
device.
2. Port 2 is an internal 10/100 interface that carries the IP
phone traffic.
3. Port 3 (access port) connects to a PC or other device.
14
Chapter 3
Port Membership Modes - Voice
Configure a switch access port with an attached Cisco IP
Phone to use one VLAN for voice traffic and another VLAN
for data traffic from a device attached to the phone
•Command mls qos trust cos ensures that voice traffic is identified as priority
traffic. (note that the entire network must be set up to prioritise voice
traffic).
•The switchport voice VLAN 150 command identifies VLAN 150 as the voice
VLAN.
•The switchport access VLAN 20 command configures VLAN 20 as the access
mode (data) VLAN.
15
Chapter 3
Port Membership Modes - Static
•Static VLAN - Ports on a switch are manually assigned to a
VLAN, using the Cisco CLI.
•If an interface is assigned to a VLAN that does not exist,
the new VLAN is automatically created.
16
Chapter 3
Network Traffic
•IP telephony traffic consists of signaling traffic and voice traffic.
Signaling traffic is, responsible for call setup, progress, and
teardown, and traverses the network end to end.
•IP multicast traffic is sent from a particular source address to a
multicast group that is identified by a single IP and MAC destinationgroup address pair (e.g. Cisco IP/TV broadcasts).
•Normal data traffic is related to file creation and storage, print
services, e-mail database access, and other shared network
applications that are common to business uses.
•Scavenger class is intended to provide less-than best-effort
services to applications having little or no official purpose - KaZaa,
Morpheus, Groekster, Napster, iMesh, Doom, Quake, Unreal
Tournament)
17
Chapter 3
Connecting VLANs
•Breaking up a big broadcast domain into several smaller ones using
VLANs reduces broadcast traffic and improves network performance.
Breaking up domains into VLANs also allows for better information
confidentiality within an organisation.
Management
VLAN 99
172.17.99.10/24
•A router is needed any
time devices on different
Layer 3 networks need to
communicate, regardless
whether VLANs are used.
Computer
Fa0/4
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
Fa0/18
Computer
Computer
Fa0/6
18
Fa0/3
Fa0/1 Fa0/3
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
Connecting VLANs
•Switch Virtual Interface (SVI) is a logical interface configured for a
specific VLAN, and is used by layer 3 switches to route between
VLANs or to provide IP host connectivity to a switch.
•A Layer 3 switch has the
ability to route
transmissions between
VLANs.
SVI VLAN99
SVI VLAN30
Management
VLAN 99
172.17.99.10/24
Computer
Fa0/1
Student
VLAN 20
172.17.20.22/24
Guest
VLAN 30
172.17.30.23/24
•The process is the same
as when using a separate
router, except that the
Layer 3 Switch SVIs act as the router
interfaces for routing the
Fa0/3
data between VLANs.
SVI VLAN20
Fa0/18
Computer
Computer
Fa0/6
19
Fa0/1 Fa0/3
Fa0/18
Computer
Fa0/6
Computer
Student
VLAN 20
172.17.20.25/24
Guest
VLAN 30
172.17.30.26/24
Chapter 3
VLAN Trunks
•A trunk is a point-to-point link between one or more Ethernet
switch interfaces and another networking device, such as a router or
a switch. Ethernet trunks carry the traffic of multiple VLANs over a
single link.
•A VLAN trunk allows extension of VLANs across an entire network.
Cisco supports IEEE 802.1Q for coordinating trunks on Fast
Ethernet and Gigabit Ethernet interfaces.
•A VLAN trunk does not belong to a specific VLAN, rather it is a
conduit for VLANs between switches and routers.
20
Chapter 3
VLAN Trunking
No VLAN Trunking
VLAN Trunking
•
VLAN Trunking is used when a single link
needs to carry traffic for more than one
VLAN.
21
Chapter 3
802.1Q Tagging
•
•
•
802.1Q does not encapsulate the original frame, but modifies the Ethernet
type field by adding a Tag Control Information (TCI) field.
A TCI contains a 12-bit VLAN identifier (VID), uniquely identifying the
VLAN to which the frame belongs (4,096 VLANs max, with 0 and 4095
reserved).
Because inserting this header changes the frame, 802.1Q encapsulation
forces a recalculation of the original FCS field in the Ethernet trailer.
22
Chapter 3
Creating VLAN Trumks
•S1#configure terminal
•S1(config)#interface F0/1
•S1(config-if)#switchport mode trunk
•S1(config-if)#switchport trunk native vlan 99
•S1(config)#end
23
Chapter 3
Creating VLAN Trumks
Use the show interfaces interface-id switchport
command to verify correct reconfiguration of the
native VLAN from VLAN 1 to VLAN 99.
24
Chapter 3
DTP – Dynamic Trunking Protocol
•
•
•
Dynamic Trunking Protocol (DTP) is a Cisco
proprietary protocol.
Switches from other vendors do not support
DTP.
DTP is automatically enabled on a switch port
when certain trunking modes are configured on
the switch port.
25
Chapter 3
DTP Trunking Modes
•Switchport Mode Access- permanent non-trunking mode,
regardless of neighbouring interface settings.
•Switchport Mode Trunk – permanent trunking mode,
regardless of neighbouring interface settings.
•Switchport Mode Dynamic Desirable – actively tries to
convert the port to a trunk if the neighbouring interface is
set to trunk, desirable or auto.
•Switchport Mode Dynamic Auto – port is willing to convert
to a trunk if neighbouring interface is set to trunk or
desirable.
•Switchport Nonegotiate – port does not generate DTP
frames, and must be manually configured.
26
Chapter 3
Configure VLANs & Trunks
Use the following steps to configure and verify VLANs and
trunks on a switched network:
1. Create the VLANs
2. Assign switch ports to VLANs statically
3. Verify VLAN configuration
4. Enable trunking on the inter-switch connections
5. Verify trunk configuration
27
Chapter 3
Creating VLANs
Creating VLANs
•
Create Named VLAN:
Switch(config)#vlan 10
Switch(config-vlan)#name Engineering
Switch(config-vlan)#exit
Verify:
Switch#sh vlan brief
28
Chapter 3
Creating VLANs
•
Assigning access ports to a specific VLAN (10 in this
example):
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Note: The switchport mode access command should be configured on all
ports that the network administrator does not want to become a trunk
port
29
Chapter 3
Creating VLANs
VLAN 10
Switch(config)#interface range fastethernet 0/9 - 12
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
30
Chapter 3
Managing Ports
VLAN 10
Switch(config)#interface fa 0/9
Switch(config-if)#no switchport access vlan
Switch(config-if)#exit
Fa 0/9
returned to
default VLAN
31
Chapter 3
Deleting VLANs
•Delete Named VLAN:
VLAN 10
Switch(config)#no vlan 10
Before deleting a VLAN, reassign all member ports to a different
VLAN, as they are not returned to the default VLAN, and become
inactive
Fa 0/9-12
inactive
32
Chapter 3
Creating Trunk
VLAN 10
VLAN 10
VLAN 20
VLAN 20
VLAN 30
VLAN 30
Switch(config)#interface fa 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 99
Switch(config-if)#switchport trunk allowed vlan add 10,20,30
Switch(config-if)#end
33
Chapter 3
Verify Trunk
Switch#show interface fa 0/1 switchport
34
Chapter 3
Reset/Delete Trunk
Reset Trunk to default settings:
Delete Trunk:
Switch(config)#interface fa 0/1
Switch(config-if)#switchport mode access
35
Chapter 3
VLAN Troubleshooting
•
•
•
•
Native VLAN mismatches - Trunk ports are configured with different
native VLANs. This configuration error generates console
notifications, causes control and management traffic to be
misdirected.
Trunk mode mismatches - One trunk port is configured with trunk
mode "off" and the other with trunk mode "on". This configuration
error causes the trunk link to stop working.
VLANS and IP subnets – devices may have been configured with
incorrect IP addresses, preventing devices from accessing network
resoures.
Allowed VLANs on trunks - The list of allowed VLANs on a trunk has
not been updated with the current VLAN trunking requirements. In
this situation, unexpected traffic or no traffic is being sent over the
trunk.
36
Chapter 3
Chap 3 – Virtual LANs (VLANs)
Learning Objectives
•
•
•
•
Explain the role of VLANs in a converged
network.
Explain the role of trunking VLANs in a
converged network.
Configure VLANs on the switches in a
converged network topology.
Troubleshoot the common software or
hardware mis-configurations associated with
VLANs on switches in a converged network
topology.
37
Chapter 3
Any
Questions?
38
Chapter 3
Chapter 3.5.1 – Basic
VLAN Config
Lab Topology
S1
PC1
172.17.10.21/24
Fa0/1
Computer
Fa0/11
PC2
172.17.20.22/24
Fa0/18
Fa0/2
Fa0/1 Fa0/2
S3
Computer
Fa0/11
Fa0/18
Computer
PC5
172.17.20.25/24
Computer
Fa0/6
PC3
172.17.30.23/24
S2
PC4
172.17.10.24/24
Computer
Fa0/6
Computer
39
PC6
172.17.30.26/24
Chapter 3