Transcript Технология на програмирането

Computer
Networking
Macedonia
VLAN’s, VTP, InterVLAN Routing,
(And if there is enough time - STP)
Presenter
Delyan Genkov, PhD, Principal
Assistant Professor at Technical University of
Gabrovo, Bulgaria
 CCNA, CCNP, CCAI, CCSI#33190
 Working at Lirex BG Ltd – Gold Cisco Partner
 Instructor and Main Contact in the first Bulgarian
Cisco Networking Academy since 1999
 Email: [email protected]

VLAN

Virtual Local Area Networks

Main goal – to divide the network into
smaller parts
Why to divide a LAN?

Benefits:
 Decreases
unnecessary traffic
 Limits broadcasts
 Allows the network to grow
 Increases security

Drawbacks
 More
complicated and expensive devices
 More administrator’s knowledge required
Traditional network division
Depends on geographic locations
 (Sometimes) requires more router
interfaces
 Do not allows
movement

VLAN division
Position independent
 Allows easy movement
 Increases security
(if properly configured)
 May use one or more
router interfaces

Two or more VLANs on a single
switch?
Possible, but not common
 Functions as two or more separate
switches
 I use this when there are free ports and I
need another switch in the same rack
 The true power is when you use more
switches

VLAN’s have

Mandatory number (VLAN ID)
– 1024 Standard VLANs
 1001 – 1024 are reserved
 1025 – 4096 – Extended VLANs (SP)
1
Optional name (Default VLAN0001, …)
 Type (Ethernet)
 MTU (Typical 1500) and so on.

VLAN tasks
Create the VLANs in switch memory
 Assign ports to VLANs


Types of ports:
– resides in only one VLAN
 Voice VLAN – an additional VLAN for access port
 Trunk – allows packets for more than one VLAN
 Access
Typical scenario
Access ports –
connects computers
 Trunk ports –
connects switches


Routers?
VLAN Tagging
IEEE 802.1q (4bytes) - Standard
 ISL (30 bytes) – Cisco proprietary


IEEE 802.1q preferred
Native VLAN – no tag
 Native VLAN must match in both ends

Tagging and Untagging
Cisco defaults
Only VLAN 1 exists
 All ports are assigned in VLAN 1
 All VLANs are allowed on a Trunk (you
can change this)
 Native VLAN on all trunks is VLAN 1
 Security recommendation: Do not leave
computers in the native VLAN!

Deleting a VLAN
If you delete a VLAN and the switch have
ports, assigned to it – these ports remains
in a non-existing VLAN and are shutdown.
 The right way is – first to reassign these
ports in an existing VLAN, then to delete
the VLAN.

VTP
VLAN Trunking Protocol – Cisco
Proprietary
 What was the main tasks when you
configure VLANs?

 Creating
VLANs into the switch memory
 Assign ports into VLANs

VTP can assist you in the first task, but
you still have to complete the second task
Imagine a network with 100
switches
Instead of logging 100 times in every
switch and configure a VLAN, with VTP
you can do it on a single switch
 But be careful – with VTP you can stop the
whole network with one command (or
even with one connection)

VTP Switch modes
Server
 Client
 Transparent


There must be at least one server,
preferably two
Another VTP Parameters
VTP Version – 1, 2 or 3
 VTP Domain name
 VTP Password – optional
 VTP Pruning
 Configuration Revision

VTP Pruning
VTP Defaults
VTP mode: Server
 VTP Domain Name: null
 VTP Password: null
 VTP Version: 1
 Configuration Revision: 0

Correct action
You configure new VLAN on the server
 It increases configuration revision
 All other switches learns for the change
 All other gets new VLAN information and
increases the configuration revision

Incorrect action
You have a production and test networks
 You get a switch from test network and
delete all the test VLANs, except VLAN 1
 You forgot to reset the configuration
revision
 You connect the new switch to the
production network

InterVLAN Routing
When you need to pass traffic between
VLANs
 Not necessary in an ISP, probably needed
in an organizational network
 Needs Layer 3 device(s)
 Normally every VLAN is separate IP
network

Three common scenarios
Separate interface for every VLAN
 “Router-on-a-stick”
 Using a Layer 3 switch

Separate interfaces
Router doesn’t have to
know IEEE 802.1q
 Every interface is
connected to an access
port in correct VLAN
 Every interface is a
Default Gateway for it’s
VLAN

Router-on-a-Stick
One Routers interface,
connected to a trunk port
 Router must speak 802.1q
 You must create subinterfaces
for every VLAN with an IP
address for default gateway
 The single interface may
create bottleneck

Layer 3 switch
Uses virtual interfaces
 There is no practical limitation for VLANs
count
 Most scalable and fastest solution
 Sometimes may not fulfill all the
requirements (i.e. BGP routing with the
ISP’s)

Spanning Tree Protocol
IEEE 802.1D
 Enables redundant topologies
 Blocks the redundant links, enables only one
 If using for two or more links between two
switches, Etherchannel is preferrable
 But STP allows circular or more complex
topologies

Redundant topologies
Broadcast Storm
Spanning Tree Protocol
Избор на Root Bridge
Bridge Identifier (BID)
По – малкият идентификатор печели
Link Cost
Port Roles
Port states
Rapid STP (IEEE 802.1w)
Using STP with VLANs

MSTP,
PVST+,
RPVST+