Vlans 1

CSE: Networking FundamentalsTCP/IP
www.cisco.com
2002, Cisco Systems, Inc. All rights reserved.
1999, Cisco Systems, Inc.
3-1
Understanding
Virtual LANs
www.cisco.com
Virtual LANs
VLAN 1
VLAN 2
VLAN 3
Server Farm
One broadcast domain

within a switch
VLANs help manage
broadcast domain
Can be defined on
port groups, users, or
protocols
LAN switches and
network management
software provide a
mechanism to create
VLANs
www.cisco.com
3-3
VLAN Definition
VLAN is defined as logical grouping of

network resources & User connected
to predefined ports on a Switch,
defined by Administrator.
www.cisco.com
3-4
VLAN
VLANs are used to create smaller
broadcast domain within a switch.
A Single VLAN is treated as a separate
subnet or broadcast domain.
www.cisco.com
3-5
In layer 2 switched network, broadcast packet transmitted

arrives at every device on the network , whether intended or
not for that device
www.cisco.com
3-6
Drawback of Layer 2 Switched

Network.
Larger the number of Devices and Users, the
more broadcasts and packets are to be handle
by each device
Lack of Security, the only security is assigning
passwords on the Servers and other devices.
The Solution is VLAN
www.cisco.com
3-7
Remove the Physical

Boundaries
Engineering
Marketing
Acctg.
Floor 3
Floor 2
Floor 1
Group users by department, team, or application

Routers provide communication between VLANs
www.cisco.com
3-8
VLAN Benefits
Reduced administrative costs
Simplify moves, adds, and changes
Efficient bandwidth utilization

Better control of broadcasts
Improved network security

Separate VLAN group for high-security users
Relocate servers into secured locations
Scalability and performance

Microsegment with scalability
Distribute traffic load
www.cisco.com
3-9
Advantages of VLAN
Broadcast Control: Multimedia applications

use broadcasts and multicast heavily,
moreover, faulty equipment, inadequate
segmentation and poorly designed Firewalls
can be major players for the above problem.
Switches forwards broadcasts to all
segments and hence called as Flat Network
because it is one Broadcast Domain
www.cisco.com
3-10
Solution :
It is the job of the Administrator to properly do the

segmentation of the network to avoid problem from
propagating throughout the Network.
Devices in a particular VLAN are members of same
Broadcast Domain and so they receive all broadcast .
Note: Routers are used along with Switches to provide

connection between VLANs which stops broadcast
from propagating throughout the entire internetwork.
www.cisco.com
3-11
Security : can be implemented by connecting

hubs and Switches along with routers.But,
Anyone connecting to the Physical network

can gain access to the network resources.
Plugging a network Analyzer could have
displayed entire traffic of that network to an
intruder.
Joining a workgroup was as easy as plugging
the intruders workstation into existing Hub.
www.cisco.com
3-12
Solution :
Creation of VLANs and multiple broadcast
groups, empowers the Administrator to have
control over each port and user.
Groups are created based on users
requirement for network resources.
If configured, unauthorized access of the
network resources will be reported to the
network management station by Switches.
www.cisco.com
3-13
Contd..
In case of Inter-VLAN communication,

restriction are implemented on the router.
Restriction can also be placed on the
Hardware address, Protocols and
Application
www.cisco.com
3-14
Flexibility and Scalability

Layer 2 Switches only read Frames for filtering, which causes
it to forward all Broadcasts.
So, creating VLAN, means creating more Broadcast Domains.
Assigning Switch ports or users to VLAN groups on a switch
or switch fabric, you have the option to add selected users in
the broadcast domain.
This stops Broadcast Storms caused by faulty Network
Interface Card (NIC) or applications.
VLAN can be kept on multiplying in order to efficiently utilize
the bandwidth.
www.cisco.com
3-15
Functioning of VLANs
Scenario: A collapsed Backbone.
www.cisco.com
3-16
Contd..
With reference to the figure, each network

is attached to the router having its own
logical network number.
Each node attached to a particular network
must match that network number in order to
communicate on the internetwork.
www.cisco.com
3-17
www.cisco.com
3-18
Contd..
With reference to the figure, Switches
removes the physical boundaries,
creating greater flexibility and
scalability than router.
You can group users into
communities, which are known as
VLAN Organization.
www.cisco.com
3-19
Contd..
With reference to the figure there are four
VLANs or broadcast domain. Node within
a particular VLAN can communicate with
each other, but not with any other VLAN
or node in other VLAN.
So, communication between VLAN is
only possible through a Layer 3 device.
www.cisco.com
3-20
VLAN Membership
Administrator are responsible for

creating VLANs, which are further
assigned to Switch ports.
Vlan Membership can be
configured as Static or Dynamic.
www.cisco.com
3-21
Static VLAN
This is the basic and most secure type for
creating VLAN.
Port assignment associated with a VLAN is
maintained until and unless modified by the
Administrator.
This type of VLAN configuration is easy to
Setup and Monitor.
www.cisco.com
3-22
Dynamic VLAN
Using intelligent management software, you can
enable MAC address, Protocols or even Application
to create Dynamic VLANs.
For e.g. MAC address might be fed into a
centralized VLAN management application, Now if a
node is attached to an unassigned port, the VLAN
management database will lookup the MAC address
and assign and configure the Switch port to correct
VLAN. Again, if the user moves, the Switch will
automatically assign them to correct VLAN.
www.cisco.com
3-23
VLAN Identification
VLAN can span multiple connected

switches.
Switches must keep a track of Frames and
which VLAN, these Frame belong to.
Frame Tagging performs this function.
www.cisco.com
3-24
Establishing VLAN
Membership
Approaches Can Vary Performance
Port-Based
Port driven
MAC address driven
Network address
driven
Application type
driven
VLAN 2
VLAN 3
MAC-Based
Subnet
198.21.xx
Subnet
198.22.xx
VLAN 1
VLAN 2
MAC
MAC
Addresses Addresses
VLAN 1
Layer 3-Based
VLAN 1
www.cisco.com
VLAN 2
3-25
Membership by Port
Maximizes Forwarding Performance
VLAN 3
VLAN 1
Users assigned by port

association
VLAN 2
Requires no lookup if
done in ASICs
Easily administered via GUIs
Maximizes security between
VLANs
Packets do not leak into
other domains
Easily controlled across network
www.cisco.com
3-26
Communicating Between
VLANs
Two Physical Topology Approaches
Logical
Communication
VLANs 1, 2, 3
Cisco Internetworking
Software
Physical Link
per VLAN
VLAN 3
VLAN 2
VLAN 1
Layer 3 links
VLANs together
Adds additional security
and management
Logical links conserve
physical ports
Multimode, depending
on protocol
Controls access by VLAN
Up to 255 VLANs per router
www.cisco.com
3-27
VLAN Technologies
www.cisco.com
Inter-Switch Link
VLAN Tag Added

at Incoming Port
VLAN Tag Stripped

by Forwarding Port
Inter-Switch Link
(ISL) Carries
VLAN Identifier
802.10
ISL
802.1Q
LANE
Interconnects multiple switches

and maintains VLAN information
as traffic goes between switches
Establishes membership
through ASICs
Labels each packet as received
(packet tagging)
Eliminates lookups and tables
Transports multiple VLANs
across links
Protocol, endstation-independent
Easily managed
www.cisco.com
3-29
VLAN Standardization
Packet Tagging as Common VLAN Exchange
Level-1 Explicit Tagging
DES SRC
FCS
DES SRC
DES SRC
FCS
FCS
SRC
DES
Data
VLAN ID
Wide vendor endorsement for 802.1Q tagging standard

Cisco supports across Fast Ethernet, Gigabit uplinks
Cisco maps ISL to 802.1Q dynamically with VTP
www.cisco.com
3-30
VLAN Standard
Implementation
Typical Environment
Cisco environment
uses ISL
Vendor environment
uses an existing, yet
different packet tagging
method
Interdomain
communication based on
802.1Q standard
Cisco
Domain
Vendor X
Domain
802.1Q
Si
Si
ISL
Company ABC
www.cisco.com
3-31
Types of Links in Switched

environment
Access Links :
These are part of only one VLAN and are known as Native VLAN
of the port.
Device attached to these link are unaware of VLAN membership.
VLAN information from the frame are remove before it is set to an
access link device.
Access link devices are not capable of communicating to device
outside the VLAN unless the packet is routed thru a router.
www.cisco.com
3-32
Trunk Links :
Capable of carrying multiple VLANs
Used to connect Switches to other
Switches or to Routers or even
Servers
Supported on Fast or Gigabit ether net
only.
www.cisco.com
3-33
VLAN identification modes

TO identify which frames belongs to
which VLAN, VLAN identification is
used.The multiple types of trunking
methods are:
www.cisco.com
3-34
Inter-Switch Link (ISL)

Proprietary to Cisco Switches
Used for Fast Ethernet and Gigabit
ethernet links only
Used on a Switch port, Router
interfaces and Server Interface Cards
to trunk a server.
www.cisco.com
3-35
IEEE 802.1q
Created by IEEE as standard method for
Frame Tagging.
It inserts a field into Frame to identify the
VLAN.
When trunking between Cisco Switches link
and different brand of Switch, it is
mandatory to use 802.1q for the trunk to
work.
www.cisco.com
3-36
Inter-Switch Link (ISL) Protocol

ISL is an external tagging process,
which means the original frame is not
altered but encapsulated with a new
26 byte ISL header.
It also adds a second 4 byte FCS field
at the end of the frame.
www.cisco.com
3-37
DrawBack
As the frame is encapsulated with

information, only ISL devices can read it.
Also, the frame can be up to 1522 bytes
long, devices that receive an ISL frame may
record this as giant frame, as it is over the
maximum of 1518 bytes allowed on an
ethernet segment.
www.cisco.com
3-38
TRUNKING
Trunk Links are 100-1000 Mbps point-topoint links between two Switches, between
a Switch and Router or between Switch and
Server.
Trunk Links carry the traffic of multiple
VLANs, from 1 to 1005 at a time
Cannot run Trunk Links on 10 Mbps.
www.cisco.com
3-39
Virtual Trunk Protocol (VTP)
VLAN administration and configuration

protocol
VLAN 1
Reduces VLAN setup and

administration
VLAN 2
Eliminates configuration errors

Decreases network managers
time adding and managing
VLANs
Maps VLANs across different
backbones (FDDI, Fast Ethernet, ATM)
Maps between ISL and 802.1q
Maintains security between VLANs
ISL
ISL
LANE
LANE
ATM
Fabric
LANE
802.1Q
www.cisco.com
3-40
VLAN Trunking Protocol

(VTP)
VTP is created by Cisco, to allow

Administrator to add, delete, and
rename VLAN, which are further
propagated to all Switches
www.cisco.com
3-41
Benefits of VTP
Consistent VLAN configuration across all

switches in the network.
Allowing VLANs to be Trunked over mixed
networks, like Ethernet to ATM LANE or FDDI.
Accurate tracking and Monitoring of VLANs.
Dynamic reporting of adding VLAN to all Switches.
Plug and Play VLAN adding.
www.cisco.com
3-42
VTP Modes
Server Mode
Sends/Forwards
VTP
advertisements
Client Mode
Sends/Forwards
VTP
advertisements
Transparent Mode
Forwards VTP
advertisements
Syn VLAN
configuration
information with
other switches
Syn VLAN
configuration
information with
other switches
Does not Syn

VLAN
configuration
information with
other switches
VLAN
VLAN
VLAN
configurations are configurations are configurations are
saved on NVRAM not saved on
saved on NVRAM
NVRAM
www.cisco.com
3-43
VTP Modes
Catalyst Switch
can create VLANs
Catalyst Switch
cannot create
VLANs
Catalyst Switch
can create VLANs
Catalyst Switch
Catalyst Switch
can modify VLANs cannot modify
VLANs
Catalyst Switch
can modify VLANs
Catalyst Switch
can delete VLANs
Catalyst Switch
can delete VLANs
Catalyst Switch
cannot delete
VLANs
www.cisco.com
3-44
Configuration Revision
Number
The revision number is most
important piece in VTP advertisement
With Reference to the figure e.g.
shows how revision number is used
in an advertisement.
www.cisco.com
3-45
www.cisco.com
3-46
Contd..
Figure shows a configuration revision
number as N. As the database is modified,
the VTP server increments the revision
number by 1.
The VTP server then advertises the database
with the new configuration revision number.
When Switch receives an advertisement that
has a higher revision number, it overwrites
the database in NVRAM with the new
database being advertised.
www.cisco.com
3-47
VTP Pruning
Pruning is defined as preserving bandwidth by

configuring the VTP to reduce the amount of
broadcast, multicast and other unicast packets
VTP Pruning only sends broadcast to Trunk
Links that must have the information, any Trunk
Link that does not need the broadcast will not
receive them.
VTP Pruning is disabled by default on all Switches.
www.cisco.com
3-48
Several Facts to remember

before configuring VLAN
The maximum number of VLANs is Switchdependent.The 2950 switch supports 1005 VLANs with
a Spanning Tree support.
VLAN1 is one of the factory default VLANs.
CDP and VTP advertisements are sent on VLAN1.
The 2950 switch IP address is in the VLAN1 broadcast
domain.
The Switch must be in VTP server mode or transparent
mode to create,add, or delete VLANs
www.cisco.com
3-49
VTP Configuration Guidelines

The default VTP configuration parameters
for the 2950 Switch are as foolws:
VTP domain name: None
VTP mode: Server
VTP password: None
VTP pruning: Disabled
www.cisco.com
3-50
Vlan Commands
Use the vlan global configuration command to configure a VLAN with a
number & name. Use the no vlan command to delete a VLAN or to negate
the configuration of a translational bridge VLAN .
vlan vlan [name vlan-name]

no vlan vlan
Syntax Description
vlan
vlan-name
Unique ISL VLAN identifier between 1 and

1005.
Unique VLAN name between 1 and 32
alphanumeric characters.
www.cisco.com
3-51
Command Mode
Global configuration
Example
This example shows how to configure VLAN 2 with the name
Engineering:
hostname(config)# vlan 2 name engineering
www.cisco.com
3-52
show (vlan)
Use the show vlan privileged Exec command to display the settings of VLAN
configuration parameters.
show vlan [vlan]
Syntax Description
vlan
Number from 1 to 1005.
Default
This command has no default value.
Command Mode
Privileged Exec
www.cisco.com
3-53
Usage Guidelines
If you do not specify vlan, the system displays all VLAN configuration parameters.
Example
This example shows how to display the settings of the VLAN configuration
parameters:
hostname# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------1
default
active
1-15
2
VLAN0002
active
16-18
3
VLAN0003
active
4
VLAN0004
active
5
VLAN0005
active
www.cisco.com
3-54
Vlan-membership
vlan-membership
Use the vlan-membership interface configuration command to assign a port
to a VLAN. Use the no vlan-membership command to remove a port from a
VLAN.
vlan-membership {static {vlan} | dynamic}
no vlan-membership
Syntax Description
static Sets VLAN membership type as static.
vlan
Static VLAN number from 1 to 1005.
dynamic
Sets VLAN membership type as dynamic.
www.cisco.com
3-55
Vlan-membership
Default
All nontrunk ports belong to a default VLAN. ISL VLAN ID 1 is the
default VLAN for Ethernet VLANs. The membership type of all nontrunk
ports is static.
Command Mode
Interface configuration
Usage Guidelines
If you want to know the VLAN membership of a port that has been set to
dynanmic but is static by default, query the VLAN Membership Policy
Server (VMPS).
www.cisco.com
3-56
Vlan-membership
Example
This example shows how to configure the interface as a dynamic
VLAN port:
hostname(config)# interface ethernet 0/6
hostname(config-if)# vlan-membership dynamic
www.cisco.com
3-57
show (Vlan-membership)
Use the show vlan-membership privileged Exec command to display the

VLAN assignment and membership type for all switch ports.
show vlan-membership
Syntax Description
This command has no additional arguments or keywords.
Default
www.cisco.com
3-58
Command Mode
Privileged Exec
Usage Guidelines
This command is not functional when bridge groups are enabled.
Example
This example shows how to display the VLAN assignment and
membership type for all switch ports:
hostname# show vlan-membership
www.cisco.com
3-59
www.cisco.com
3-60
VTP
Use the vtp global configuration command to specify the operating mode,
domain name, generation of traps, and pruning capabilities of VLAN
Trunk Protocol (VTP). Also use this command to set a password for the
VTP domain.
vtp [server | transparent] [domain domain-name] [trap {enable |

disable}] [password password] [pruning {enable | disable}]
www.cisco.com
3-61
Syntax Description
server
VTP server operating mode.
If selected, switch updates its VLAN configuration from configurations reported by

other trunked VTP devices and allows configuration to be modified locally. Any
changes are distributed through VTP messages.
transparent
VTP transparent operating mode.
If selected, switch allows configuration to be modified locally but configuration

changes are not advertised by VTP messages. VTP messages received are forwarded
to trunks without being processed.
domain-name
VTP management domain name from 1 to 32

alphanumeric characters.
enable
Enable generation of VTP traps such as Configuration

Revision Error Trap, Configuration Digest Error Trap,
and MTU Too Big Trap. Enable pruning.
disable
Disable generation of VTP traps/pruning.
password
Password between 8 and 64 alphanumeric characters.

Password is case insensitive.
www.cisco.com
3-62
VTP CONFIGURATION
Default
The default VTP mode is server, and the default trap-generation is
enabled. The default VTP pruning mode is enabled.
Usage Guidelines
If you create a VTP password, it generates a secret value. This value is
used in the calculation of the MD5 digest of a VTP advertisement. The
MD5 digest ensures the validity of VTP advertisements.
www.cisco.com
3-63
show (vtp)
Use the show vtp privileged Exec command to display Vlan Trunking
Protocol (VTP) statistics.
Syntax Description
This command has no additional arguments or keywords.
Default
Command Mode
Privileged Exec
www.cisco.com
3-64
Usage Guidelines
Example
This example shows how to display VTP statistics:
hostname# show vtp
VTP version: 1
Configuration revision
: 3
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name
: Zorro
VTP password
: vtp_server
VTP operating mode
: Server
VTP pruning mode
: Enabled
VTP traps generation
: Enabled
Configuration last modified by: 0.0.0.0 at
00-00-0000 00:00:00
www.cisco.com
3-65
Trunk
Use the trunk interface configuration command to set a Fast Ethernet port
to trunk mode with the Dynamic Inter-Switch Link (DISL) protocol.
trunk [on | off | desirable | auto | nonegotiate]
www.cisco.com
3-66
Syntax Description
on
Configures the port into permanent Inter-Switch Link (ISL) trunk
mode and negotiates with the connected device to convert the link to
trunk mode. The port converts to trunk mode even if the other end of the
link does not.
off
Disables port trunk mode and negotiates with the connected
device to convert the link to nontrunk. The port converts to nontrunk even
if the other end of the link does not. Use this state when an ISL port is
connected to another ISL port that does not support the DISL protocol.
desirable
Triggers the port to negotiate the link from nontrunking to
trunk mode. The port negotiates to a trunk port if the connected device is
either in the On, Desirable, or Auto state. Otherwise, the port becomes a
nontrunk port.
www.cisco.com
3-67
Syntax Description
auto Enables a port to become a trunk only if the connected device has
the state set to On or Desirable.
nonegotiate Configures port to permanent ISL trunk mode and no
negotiation takes place with the partner.
www.cisco.com
3-68
Trunk
Default
The default DISL configuration state for a Fast Ethernet port is
off.
Command Mode
Interface configuration
Usage Guidelines
This command applies only to one Fast Ethernet port. If you use
this command for a Fast Ethernet port that is an aggregate port
group member, the newly configured value also applies to all
other aggregate port group members.
www.cisco.com
3-69
Trunk
Example
This example shows how to set the Fast Ethernet port to trunk
mode:
hostname(config)# interface fastethernet
0/26
hostname(config-if)# trunk on
www.cisco.com
3-70
www.cisco.com
2002, Cisco Systems, Inc. All rights reserved.
3-71

Vlans 1

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Vlans 1

Загружено:

Авторское право:

Доступные форматы

CSE: Networking FundamentalsTCP/IP

2002, Cisco Systems, Inc. All rights reserved.

1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

One broadcast domain

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

VLAN is defined as logical grouping of

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

In layer 2 switched network, broadcast packet transmitted

1999, Cisco Systems, Inc.

Drawback of Layer 2 Switched

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Remove the Physical

Group users by department, team, or application

1999, Cisco Systems, Inc.

Efficient bandwidth utilization

Improved network security

Scalability and performance

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Broadcast Control: Multimedia applications

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

It is the job of the Administrator to properly do the

Note: Routers are used along with Switches to provide

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Security : can be implemented by connecting

Anyone connecting to the Physical network

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

In case of Inter-VLAN communication,

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Flexibility and Scalability

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Scenario: A collapsed Backbone.

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

With reference to the figure, each network

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

Administrator are responsible for

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.

VLAN can span multiple connected

CSE: Networking FundamentalsTCP/IP

1999, Cisco Systems, Inc.