No Slide Title by 0O45wd20

VIEWS: 1 PAGES: 39

									        Chap 3 – Virtual LANs (VLANs)
              Learning Objectives

•   Explain the role of VLANs in a converged
    network.
•   Explain the role of trunking VLANs in a
    converged network.
•   Configure VLANs on the switches in a
    converged network topology.
•   Troubleshoot the common software or
    hardware mis-configurations associated with
    VLANs on switches in a converged network
    topology.
           1
                                             Chapter 3
        Introduction to VLANs
Traditional LAN Segmentation Virtual LAN Segmentation




              2
                                                   Chapter 3
VLANs – Broadcast Domains
         Broadcast Broadcast Broadcast
          Domain    Domain    Domain




     3
                                         Chapter 3
VLANs – Broadcast Domains




     4
                        Chapter 3
           Advantages of VLANs
•   Security - Groups that have sensitive data can be
    separated from the rest of the network.

•   Cost reduction - Cost savings result from more efficient
    use of existing bandwidth and uplinks.

•   Higher performance - reduces unnecessary traffic on
    the network, boosting performance.

•   Improved IT staff efficiency - VLANs make it easier to
    manage the network because users with similar network
    requirements share the same VLAN.



               5
                                                        Chapter 3
   VLANs – Broadcast Domains
VLAN implementation on a switch causes certain actions
to occur:

•The switch maintains a separate bridging table for each
VLAN.
•If the frame comes in on a port in VLAN 1, the switch
searches the bridging table for VLAN 1.
•When the frame is received, the switch adds the source
MAC address to the bridging table if it is currently
unknown.
•The destination is checked so a forwarding decision can
be made.
•For learning and forwarding, the search is made against
the address table for that VLAN only.
             6
                                                     Chapter 3
              Normal Range VLANs
•   Used in small- and medium-sized business and enterprise
    networks.

•   Identified by a VLAN ID between 1 and 1005.
•   IDs 1002 through 1005 are reserved for Token Ring and
    FDDI VLANs.

•   IDs 1 and 1002 to 1005 are automatically created and
    cannot be removed.

•   Configurations are stored within a VLAN database file,
    called vlan.dat. The vlan.dat file is located in the flash
    memory of the switch.

•   The VLAN trunking protocol (VTP), which helps manage
    VLAN configurations between switches, can only learn
    normal range VLANs and stores them in the VLAN database
    file.      7
                                                            Chapter 3
       Extended Range VLANs
•Enable service providers to extend their
infrastructure to a greater number of customers.
Some global enterprises could be large enough to need
extended range VLAN IDs.

•Are identified by a VLAN ID between 1006 and 4094.

•Supports fewer VLAN features than normal range
VLANs.

•Are saved in the running configuration file.

•VTP does not learn extended range VLANs.
           8
                                                   Chapter 3
                                          VLAN Types
    •A data VLAN is a VLAN that is configured to carry only
    user-generated traffic. A VLAN could carry voice-based
    traffic or traffic used to manage the switch, but this
    traffic would not be part of a data VLAN.


  Management
   VLAN 99
172.17.99.10/24    Computer




                                       Fa0/4


                                       Fa0/1     Fa0/3

    Student                                                                   Student
   VLAN 20                    Fa0/18                  Fa0/18                 VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                          172.17.20.25/24

     Guest                                                                     Guest
   VLAN 30                                                                   VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                          172.17.30.26/24
                  Computer                                     Computer




                                 9
                                                                                            Chapter 3
                                          VLAN Types
 •The default VLAN for Cisco switches is VLAN 1. VLAN
 1 has all the features of any VLAN, except that it
 cannot be renamed or deleted. Layer 2 control traffic,
 such as CDP and spanning tree protocol traffic, will
 always be associated with VLAN 1 - this cannot be
 changed.
  Management
   VLAN 99
172.17.99.10/24
                                                           It is a security best practice
                                                            to change the default VLAN
                   Computer




                                       Fa0/4
                                                           to a VLAN other than VLAN 1
                                       Fa0/1     Fa0/3

    Student                                                                   Student
   VLAN 20                    Fa0/18                  Fa0/18                 VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                          172.17.20.25/24

     Guest                                                                     Guest
   VLAN 30                                                                   VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                          172.17.30.26/24
                  Computer                                     Computer




                                10
                                                                                            Chapter 3
                                          VLAN Types
•A native VLAN is assigned to an 802.1Q trunk port. An
802.1Q trunk port supports traffic coming from many
VLANs (tagged traffic) as well as traffic that does not
come from a VLAN (untagged traffic).
                                                         •Trunks are used to allow the
                                                         same VLAN to span different
  Management
   VLAN 99
                                                         switches
172.17.99.10/24    Computer




                                       Fa0/4
                                                         •A native VLAN serves as a
                                                         common identifier on opposing
                                       Fa0/1     Fa0/3
                                                         ends of a trunk link
    Student                                                                   Student
   VLAN 20                    Fa0/18                  Fa0/18                 VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                          172.17.20.25/24

     Guest                                                                     Guest
   VLAN 30                                                                   VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                          172.17.30.26/24
                  Computer                                     Computer




                                 11
                                                                                            Chapter 3
                                          VLAN Types
•A management VLAN is any VLAN configured to access the
management capabilities of a switch. VLAN 1 would serve as
the management VLAN if you did not proactively define a
unique VLAN to serve as the management VLAN.
                                                         •Default configuration of a
  Management
                                                         Cisco switch has VLAN 1 as the
   VLAN 99
172.17.99.10/24
                                                         default VLAN - bad choice, as
                                                         arbitrary users could then
                   Computer




                                       Fa0/4
                                                         attempt to access the switch
                                       Fa0/1     Fa0/3   IOS.
    Student                                                                   Student
   VLAN 20                    Fa0/18                  Fa0/18                 VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                          172.17.20.25/24

     Guest                                                                     Guest
   VLAN 30                                                                   VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                          172.17.30.26/24
                  Computer                                     Computer




                                12
                                                                                            Chapter 3
                  Voice VLAN

VoIP traffic requires:

•   Assured bandwidth to ensure voice quality

•   Transmission priority over other types of network
    traffic

•   Ability to be routed around congested areas on
    the network

•   Delay of less than 150 milliseconds (ms) across
    the network
             13
                                                 Chapter 3
                     Voice VLAN
•   The Cisco IP Phone contains an integrated three-port 10/100
    switch, providing dedicated connections to:

    1. Port 1 connects to the switch or other voice-over-IP (VoIP)
       device.
    2. Port 2 is an internal 10/100 interface that carries the IP
       phone traffic.
    3. Port 3 (access port) connects to a PC or other device.




               14
                                                                  Chapter 3
       Port Membership Modes - Voice
Configure a switch access port with an attached Cisco IP
Phone to use one VLAN for voice traffic and another VLAN
for data traffic from a device attached to the phone




•Command mls qos trust cos ensures that voice traffic is identified as priority
traffic. (note that the entire network must be set up to prioritise voice
traffic).

•The switchport voice VLAN 150 command identifies VLAN 150 as the voice
VLAN.

•The switchport access VLAN 20 command configures VLAN 20 as the access
mode (data) VLAN.
                 15
                                                                          Chapter 3
    Port Membership Modes - Static




•Static VLAN - Ports on a switch are manually assigned to a
VLAN, using the Cisco CLI.

•If an interface is assigned to a VLAN that does not exist,
the new VLAN is automatically created.



            16
                                                      Chapter 3
                     Network Traffic
•IP telephony traffic consists of signaling traffic and voice traffic.
Signaling traffic is, responsible for call setup, progress, and
teardown, and traverses the network end to end.

•IP multicast traffic is sent from a particular source address to a
multicast group that is identified by a single IP and MAC destination-
group address pair (e.g. Cisco IP/TV broadcasts).

•Normal data traffic is related to file creation and storage, print
services, e-mail database access, and other shared network
applications that are common to business uses.

•Scavenger class is intended to provide less-than best-effort
services to applications having little or no official purpose - KaZaa,
Morpheus, Groekster, Napster, iMesh, Doom, Quake, Unreal
Tournament)
                17
                                                                      Chapter 3
                                Connecting VLANs
•Breaking up a big broadcast domain into several smaller ones using
VLANs reduces broadcast traffic and improves network performance.
Breaking up domains into VLANs also allows for better information
confidentiality within an organisation.



                                                                          •A router is needed any
  Management                                                              time devices on different
   VLAN 99
172.17.99.10/24                                                           Layer 3 networks need to
                                                                          communicate, regardless
                   Computer




                                       Fa0/4
                                                                          whether VLANs are used.
                                       Fa0/1     Fa0/3

    Student                                                                    Student
   VLAN 20                    Fa0/18                  Fa0/18                  VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                           172.17.20.25/24

     Guest                                                                      Guest
   VLAN 30                                                                    VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                           172.17.30.26/24
                  Computer                                     Computer




                                18
                                                                                                 Chapter 3
                                Connecting VLANs
•Switch Virtual Interface (SVI) is a logical interface configured for a
specific VLAN, and is used by layer 3 switches to route between
VLANs or to provide IP host connectivity to a switch.
                                                                                  •A Layer 3 switch has the
                                                                                  ability to route
                                         SVI VLAN99                               transmissions between
                                                                                  VLANs.
                                         SVI VLAN30
  Management
   VLAN 99                               SVI VLAN20                •The process is the same
172.17.99.10/24    Computer
                                                                   as when using a separate
                                                                   router, except that the
                                                    Layer 3 Switch SVIs act as the router
                                                                   interfaces for routing the
                                       Fa0/1     Fa0/3
                                                                   data between VLANs.
    Student                                                                   Student
   VLAN 20                    Fa0/18                  Fa0/18                 VLAN 20
172.17.20.22/24    Computer
                                        Fa0/1 Fa0/3            Computer
                                                                          172.17.20.25/24

     Guest                                                                     Guest
   VLAN 30                                                                   VLAN 30
172.17.30.23/24               Fa0/6                   Fa0/6
                                                                          172.17.30.26/24
                  Computer                                     Computer




                                19
                                                                                                     Chapter 3
                   VLAN Trunks




•A trunk is a point-to-point link between one or more Ethernet
switch interfaces and another networking device, such as a router or
a switch. Ethernet trunks carry the traffic of multiple VLANs over a
single link.
•A VLAN trunk allows extension of VLANs across an entire network.
Cisco supports IEEE 802.1Q for coordinating trunks on Fast
Ethernet and Gigabit Ethernet interfaces.
•A VLAN trunk does not belong to a specific VLAN, rather it is a
conduit for VLANs between switches and routers.
              20
                                                               Chapter 3
                 VLAN Trunking
                  No VLAN Trunking




                   VLAN Trunking




•   VLAN Trunking is used when a single link
    needs to carry traffic for more than one
    VLAN.
            21
                                               Chapter 3
                         802.1Q Tagging




•   802.1Q does not encapsulate the original frame, but modifies the Ethernet
    type field by adding a Tag Control Information (TCI) field.

•   A TCI contains a 12-bit VLAN identifier (VID), uniquely identifying the
    VLAN to which the frame belongs (4,096 VLANs max, with 0 and 4095
    reserved).

•   Because inserting this header changes the frame, 802.1Q encapsulation
    forces a recalculation of the original FCS field in the Ethernet trailer.
                   22
                                                                            Chapter 3
 Creating VLAN Trumks




•S1#configure terminal
•S1(config)#interface F0/1
•S1(config-if)#switchport mode trunk
•S1(config-if)#switchport trunk native vlan 99
•S1(config)#end

     23
                                                 Chapter 3
     Creating VLAN Trumks
 Use the show interfaces interface-id switchport
command to verify correct reconfiguration of the
     native VLAN from VLAN 1 to VLAN 99.




         24
                                                   Chapter 3
    DTP – Dynamic Trunking Protocol

•   Dynamic Trunking Protocol (DTP) is a Cisco
    proprietary protocol.

•   Switches from other vendors do not support
    DTP.

•   DTP is automatically enabled on a switch port
    when certain trunking modes are configured on
    the switch port.



           25
                                                 Chapter 3
          DTP Trunking Modes
•Switchport Mode Access- permanent non-trunking mode,
regardless of neighbouring interface settings.
•Switchport Mode Trunk – permanent trunking mode,
regardless of neighbouring interface settings.
•Switchport Mode Dynamic Desirable – actively tries to
convert the port to a trunk if the neighbouring interface is
set to trunk, desirable or auto.
•Switchport Mode Dynamic Auto – port is willing to convert
to a trunk if neighbouring interface is set to trunk or
desirable.
•Switchport Nonegotiate – port does not generate DTP
frames, and must be manually configured.

             26
                                                       Chapter 3
     Configure VLANs & Trunks
Use the following steps to configure and verify VLANs and
trunks on a switched network:

   1. Create the VLANs

   2. Assign switch ports to VLANs statically

   3. Verify VLAN configuration

   4. Enable trunking on the inter-switch connections

   5. Verify trunk configuration


             27
                                                        Chapter 3
     Creating VLANs
     Creating VLANs
•    Create Named VLAN:
         Switch(config)#vlan 10
         Switch(config-vlan)#name Engineering
         Switch(config-vlan)#exit




                                      Verify:
                                      Switch#sh vlan brief



    28
                                                     Chapter 3
                 Creating VLANs


•   Assigning access ports to a specific VLAN (10 in this
    example):

    Switch(config)#interface fastethernet 0/9
    Switch(config-if)#switchport mode access
    Switch(config-if)#switchport access vlan 10



Note: The switchport mode access command should be configured on all
ports that the network administrator does not want to become a trunk
port
                29
                                                              Chapter 3
               Creating VLANs

                                        VLAN 10
Switch(config)#interface range fastethernet 0/9 - 12
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit




              30
                                                       Chapter 3
                   Managing Ports

                                         VLAN 10
Switch(config)#interface fa 0/9
Switch(config-if)#no switchport access vlan
Switch(config-if)#exit




                                                   Fa 0/9
                                                   returned to
                                                   default VLAN


              31
                                                            Chapter 3
                 Deleting VLANs

                                          VLAN 10
             •Delete Named VLAN:
                Switch(config)#no vlan 10
Before deleting a VLAN, reassign all member ports to a different
VLAN, as they are not returned to the default VLAN, and become
inactive




                                                         Fa 0/9-12
                                                          inactive


               32
                                                                   Chapter 3
                 Creating Trunk


                      VLAN 10    VLAN 20   VLAN 30




                       VLAN 10   VLAN 20   VLAN 30


Switch(config)#interface fa 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 99
Switch(config-if)#switchport trunk allowed vlan add 10,20,30
Switch(config-if)#end
            33
                                                               Chapter 3
         Verify Trunk
Switch#show interface fa 0/1 switchport




    34
                                          Chapter 3
     Reset/Delete Trunk
        Reset Trunk to default settings:




Delete Trunk:

Switch(config)#interface fa 0/1
Switch(config-if)#switchport mode access
       35
                                           Chapter 3
              VLAN Troubleshooting
•   Native VLAN mismatches - Trunk ports are configured with different
    native VLANs. This configuration error generates console
    notifications, causes control and management traffic to be
    misdirected.

•   Trunk mode mismatches - One trunk port is configured with trunk
    mode "off" and the other with trunk mode "on". This configuration
    error causes the trunk link to stop working.

•   VLANS and IP subnets – devices may have been configured with
    incorrect IP addresses, preventing devices from accessing network
    resoures.

•   Allowed VLANs on trunks - The list of allowed VLANs on a trunk has
    not been updated with the current VLAN trunking requirements. In
    this situation, unexpected traffic or no traffic is being sent over the
    trunk.

                   36
                                                                       Chapter 3
        Chap 3 – Virtual LANs (VLANs)
              Learning Objectives

•   Explain the role of VLANs in a converged
    network.
•   Explain the role of trunking VLANs in a
    converged network.
•   Configure VLANs on the switches in a
    converged network topology.
•   Troubleshoot the common software or
    hardware mis-configurations associated with
    VLANs on switches in a converged network
    topology.
           37
                                             Chapter 3
        Any
     Questions?



38
                  Chapter 3
                                     Lab Topology
Chapter 3.5.1 – Basic
   VLAN Config
                                                           S1
      PC1                                                                                                 PC4
172.17.10.21/24                                    Fa0/1        Fa0/2                               172.17.10.24/24
                  Computer                                                               Computer




                                     Fa0/11                             Fa0/11
                                              S2                   S3
                              Fa0/18                Fa0/1 Fa0/2              Fa0/18                       PC5
      PC2
172.17.20.22/24                                                                                     172.17.20.25/24
                  Computer                                                               Computer




                             Fa0/6                                               Fa0/6

      PC3                                                                                                 PC6
172.17.30.23/24   Computer                                                               Computer
                                                                                                    172.17.30.26/24




                             39
                                                                                                         Chapter 3

								
To top