Transcript Class Power Points for Chapter #9

Sybex CCNA 640-802
Chapter 9: VLAN’s
• Instructor & Todd Lammle
1
Chapter 9 Objectives
The CCNA Topics Covered in this chapter include:
• What is a VLAN?
• VLAN Memberships
• VLAN links
• Frame tagging
• VTP
• Trunking
• Configuring VLANs
• Inter-VLAN Communication
• Configuration examples
2
2
Virtual LANs (VLANs)
• VLAN - Definition:
– A logical grouping of network users and resources
– connected to
– administratively defined ports on a switch.
– gives you:
– Smaller “broadcast domains”
– Organized by:
– Location
– Function
(e.g., the 4th floor)
e.g., IT techs, or a group with high
security needs)
– Department (e.g., the accounting department)
– Application or protocol (e.g., everyone running
AppleTalk – maybe in the Graphics dept.)
3
Switches
4
Features of VLANs
• Simplify network management:
– You control each port in a VLAN, and each switch can contain a
number of VLANs, so you can no longer just cable into a switch and
see all of the traffic on that switch.
– Also, a VLAN can be configured with a number of reporting functions
for example, report any attempt at unauthorized access
• Provides a level of security over a flat network:
– “Flat” as in a network that is one, large broadcast domain
– Security: see ff
• Flexibility and Scalability:
– With the old hub & switch networks, you could run out of space on a
switch or in an office, but with VLANs, you just add a new user to an
existing VLAN and go.
Book, pp 555 ff, 5
Features: Broadcast Control
• Broadcasts occur in every protocol
– but how often they occur depends upon 3 things:
• The type of protocol (some are worse than others)
• The application(s) running on the internetwork (ditto)
• How these services are used
6
Flat Network Structure
7
Security
• Flat network problems
– A flat internetwork’s security used to be tackled by
connecting hubs and switches together with routers.
– So it was the router’s job to maintain security. This was
pretty ineffective for several reasons.
• First, anyone connecting to the physical network could access the
network resources on that physical LAN.
• Second, all anyone had to do to observe any and all traffic in that
network was to plug a network analyzer into the hub
• VLANs
– If you create multiple broadcast groups, you have total
control over each port and user!
– So the days when anyone could just plug their
workstations into any switch port and gain access to
network resources are history because now you get to
control each port, plus whatever resources that port can
access.
8
Flexibility & Scalability
• Layer-2 switches only read frames
– Can cause a switch to forward all broadcasts
• VLANs
– Essentially create broadcast domains
• Greatly reduces broadcast traffic
• Ability to add wanted users to a VLAN regardless of
their physical location
• Additional VLANs can be created when network
growth consumes more bandwidth
9
Switched Network
10
Physical LANs Connected To A Router
11
VLANs Remove Physical Boundary
12
VLAN Memberships
• Static VLANs
– Typical method of creating VLANs
– Most secure
• A switch port assigned to a VLAN always maintains that assignment
until changed
• Dynamic VLANs
– Node assignment to a VLAN is automatic
• MAC addresses, protocols, network addresses, etc
– VLAN Management Policy Server (VMPS)
• MAC address database for dynamic assignments
• MAC-address to VLAN mapping
Book, pg 558 ff:
13
Identifying VLANs
• Access links
– A link that is part of only one VLAN
• Trunk links
– Carries multiple VLANs
14
Identifying VLANs (cont.)
15
Frame Tagging
• Frame Tagging: A means of keeping track
of users & frames as they travel the switch
fabric & VLANs
– User-defined ID assigned to each frame
– VLAN ID is removed before exiting trunked
links & access links
16
VLAN ID Methods
• Inter-Switch Link (ISL)
– Cisco proprietary (becoming obsolete)
– FastEthernet & Gibabit Ethernet only
• IEEE 802.1q
– Must use if trunking between Cisco & nonCisco switch
17
Inter-Switch Link (ISL) Protocol
• ISL: A means of explicitly tagging VLAN
information onto an Ethernet frame
– Allows VLANs to be multiplexed over a
trunk line
– Cisco proprietary
– External tagging process
18
VLAN Trunk Protocol (VTP)
• Purpose: to manage all configured VLANs
across a switch internetwork & maintain
consistency
– Allows an administrator to add, delete, & rename
VLANs
19
VTP Benefits
• Benefits
– Consistent configuration across all switches in
the network
– Permits trunking over mixed networks, such
as Ethernet to ATM LANE or even FDDI
– Accurate tracking and monitoring of VLANs
– Dynamic reporting of added VLANs to all
switches in the VTP domain
– Plug-and-Play
• A VTP server must be created to manage
VLANs
20
VTP Modes
21
VTP Modes of Operation
• Server
– Default for all Catalyst switches
– Minimum one server for a VTP domain
• Client
– Receives information + sends/receives updates
– Cannot make any changes
• Transparent
– Does not participate in a VTP domain but forwards
VTP advertisements
– Can add/delete VLANs
– Locally significant
22
Router with Individual VLAN associations
23
Routing Between VLANs
24
Configuring VLANs
•
•
•
•
Creating VLANs
Assigning Switch Ports to VLANs
Configuring Trunk Ports
Configuring Inter-VLAN routing
25
Configuring VTP
• Default: Switches are configured to be VTP servers
26
InterVLAN Configuration Example
Switch#config t
Switch(config)#int fa0/1
Switch(config-if)#
switchport mode trunk
27
Example 2
Router#config t
Router(config)#int f0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address
192.168.10.17 255.255.255.240
Switch#config t
Switch(config)#int f0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#int f0/2
Switch(config-if)#switchport access vlan 1
28
Example 3
29
Example 4
30
Configuring Switching In Our Sample Internetwork
31
2950C
32
2950B
33
Setting Up Trunking
34
Inter-VLAN communication
The End
35