Your SlideShare is downloading. ×
EXTENDING SWITCHED NETWORKS WITH VIRTUAL LANS
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

EXTENDING SWITCHED NETWORKS WITH VIRTUAL LANS

258
views

Published on

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
258
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
52
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Purpose: The purpose of this chapter is to describe VLAN operations on the Catalyst®
    switches.
    Timing: This chapter should take about 2 hours to present.
    Contents:
    Basic VLAN operations.
    VTP operations.
    Cat1900 VLAN configurations.
    Lab first part - VLAN configurations.
    Lab second part - STP.
  • Purpose:
    Emphasize: A VLAN is a broadcast domain.
    Note: In order to have inter-VLAN communications, a router is required.
  • Layer 1 of 3
    Emphasize: Each port on the switch can be assigned to a VLAN.
    By default, all ports are in VLAN1, a factory default VLAN.
  • Layer 2 of 3
    Emphasize: To allow VLANs to span across multiple switches, the connection between the switches must belong to multiple VLANs.
  • Layer 3 of 3
    Emphasize: A trunk is used to connect two switches together.
    A trunk carries traffic for multiple VLANs.
    Only the Fast Ethernet ports on the 1900 can be configured as trunk port.
    Trunking is off by default on the 1900 Fast Ethernet ports (fa 0/26 and fa 0/27).
    Note: The 1900 supports DISL.
    At the time of the beta, the core switch (2900xl) doesn’t support DISL.
  • Note: Once a port has been assigned to a VLAN, it cannot send or receive traffic from devices in another VLAN without the intervention of a Layer 3 device like a router.
    The 1900 can’t be configure as the VMPS.
    A CiscoWorks 2000 or CWSI management station or a Catalyst 5000 switch can be configured as the VMPS.
    In the future, dynamic VLANs may also offer membership based on other criteria such as protocol or application. Dynamic VLANs are covered in the Managing Cisco Switched Internetworks class.
  • Note: The 1900 only supports ISL trunking.
    ISL is Cisco proprietary. 802.1Q is an IEEE standard.
    Other trunk types:
    LANE (VLANSs over ATM)
    802.10 (FDDI trunk)
  • Note: Since ISL technology is implemented in ASICs, frames are tagged at wire speed.
    The number of VLANs supported by a switch depends on the switch hardware.
    The Catalyst 1900en supports 64 active VLANs with an instance of Spanning-Tree Protocol per VLAN.
    Per-VLAN spanning tree (PVST) is a Cisco-proprietary implementation. It requires Cisco ISL encapsulation in order to work.
  • Notes: VTP is a Cisco proprietary feature. VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
    A VTP domain (also called a VLAN management domain) is one switch or several interconnected switches sharing the same VTP domain. A switch is configured to be in only one VTP domain. You make global VLAN configuration changes for the domain by using the Cisco IOS command-line interface (CLI), Cisco Visual Switch Manager Software, or Simple Network Management Protocol (SNMP).
    By default, a 1900 switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain.
    The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned. If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch then ignores advertisements with a different management domain name or an earlier configuration revision number.
    When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).
    If you configure a switch from VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.
  • Emphasize: Default VTP mode on the Catalyst switches is server. Be careful when adding new switches into an existing network. This is covered in more detail later.
  • Layer 1 of 2
    Notes: VTP advertisements are sent on the factory-default VLAN based on the media type.
    Each advertisement starts as configuration revision number 0. When changes are made, the configuration revision number increments (n + 1).
    Routers ignore VTP packets.
    There are two types of advertisements: requests from clients that want to learn at bootup, and response from servers.
    There are three types of messages: summary advertisements sent every 300 seconds on VLAN 1, subset advertisements with information about VLANs, and advertisement requests from clients where the server responds with summary and subset advertisements.
  • Layer 2 of 2
    Emphasize: The latest revision number is what the switches will synchronize to.
  • Emphasize: VTP prunning provides optimized flooding. Without VTP prunning, station A’s broadcast will be flooded to all switches whether they have any port in the red VLAN or not.
    Note: VLAN1 can’t be prunned. STP, CDP, VTP updates are sent on VLAN1.
    All switches in the switched network must support prunning or prunning will be disabled.
    Each trunk port maintains a state variable per VLAN indicating if the switch has any port assigned to a particular VLAN or not.

  • Note: In the ICND lab, all the switches and routers are in VLAN1. The core server and the core router are in multiple VLANs. Each workgroup PC is on an unique VLAN.
  • Purpose: Show the four basic steps for configuring VLANs.
  • Notes: All switches in a VTP domain must run the same VTP version.
    The password entered with a domain name should be the same for all switches in the domain. If you configure a VTP password, the management domain will not function properly if you do not assign the management domain password to each switch in the domain.
    A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1, provided version 2 is disabled on the version 2-capable switch (version 2 is disabled by default).
    Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable version 2 on a switch, all of the version 2-capable switches in the domain must have version 2 enabled. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled.
    If there are Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly.
    Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain.
    In the lab, all the switches are set to VTP transparent mode.
  • Layer 1 of 2
  • Layer 2 of 2
    Note: The two commands shown in the slide can also be combined into one command:
    vtp domain switchlab transparent
  • Layer 1 of 2
  • Layer 2 of 2
    Note: In the slide, the VLAN database was last modified locally. The IP address of wg_sw_a is 10.1.1.40.
    In the lab, the 1900s are running version 8.01.01, and pruning was disabled by default. In the documentation, pruning is suppose to be enabled by default.
  • Layer 1 of 2
    Emphasize: The 1900 supports DISL.
    Note: At the time of the beta, the core switch (2900xl) does not support DISL.
    If trunking is on at one end, and off at the other end, the link will be down.
  • Layer 2 of 2
  • Layer 1 of 2
    Emphasize: Each VLAN has a unique, four-digit number that can be from 1 to 1001. To add a VLAN to the VLAN database, the minimum parameter required is the VLAN number.
  • Layer 2 of 2
  • Layer 1 of 2
  • Layer 2 of 2
    Note:
    Type: Default is Ethernet (other types are FDDI and Token Ring).
    SAID: Is used for FDDI trunking.
    MTU: Default is 1500 for Ethernet VLAN.
    STP: The 1900 only supports 802.1d Spanning-Tree Protocol. It does not support DEC or IBM Spanning-Tree Protocol. Routers support all three Spanning-Tree Protocol standards.
    Other parameters: Used for Token Ring or FDDI VLANs.
  • Note: The output shows that there are currently no ports assigned to VLAN9.
  • Layer 1 of 2
    Emphasize: By default, all ports are in VLAN1.
  • Layer 2 of 2
    Note: In the lab, we will only be configuring static VLAN membership.
  • Layer 1 of 2
  • Layer 2 of 2
    Emphasize: Port 1 = e0/1, ……. AUI = e0/25, A = fa 0/26, B = fa 0/27
  • Layer 1 of 2
    Emphasize: This command displays all instances of spanning tree that are currently running. If you specify a particular VLAN, the system just displays the spanning tree operating parameters for the specified VLAN.
    Spanning tree is enabled by default on all VLANs.
    Use the following global configuration command to disable spanning tree for a VLAN:
    wg_sw_a(config)#no spantree 2
    wg_sw_a#sh span 2
    Error: STP is not enabled for VLAN2
    Note:
    The command syntax on the 2900xl is a little different, as follows:
    show spanning-tree vlan {vlan number}
    One of the lab procedures requires the students to Telnet to the core switches (2900xl) to examine the spanning tree status.
  • Layer 2 of 2
    Note: To adjust the spanning tree timers or bridge priority on the 1900, use the following global configuration command:
    wg_sw_a(config)#spantree-template 1 ?
    forwarding-time Set a Spanning Tree FORWARD Interval
    hello-time Set a Spanning Tree HELLO Interval
    max-age Set a Spanning Tree MAX AGE Interval
    priority Set a Spanning Tree PRIORITY
    vlan Assign up to ten VLANs to a bridge template
    On the 1900, you can assign up to four spanning tree templates, then you can assign VLANs to each template. When you modify a template, you are modifying all the VLANs belonging to that template.
  • Purpose: Review the chapter with open ended questions.
    Note: The questions in this section are open ended questions designed to foster further discussion.
    Answers the the review questions are in the “Answers” appendix.
  • Transcript

    • 1. Chapter 7 Extending Switched Networks with Virtual LANs © 2000, Cisco Systems, Inc. 7-1
    • 2. VLAN Overview • Segmentation 3rd Floor • Flexibility 2nd Floor 1st Floor Sales HR ENG • Security A VLAN = A Broadcast Domain = Logical Network (Subnet © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-2
    • 3. VLAN Operations Switch A Red VLAN Black VLAN Green VLAN • Each logical VLAN is like a separate physical bridge. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-3
    • 4. VLAN Operations Switch A Red VLAN Black VLAN Switch B Green VLAN Red VLAN Black VLAN Green VLAN • Each logical VLAN is like a separate physical bridge. • VLANs can span across multiple switches. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-4
    • 5. VLAN Operations Switch A Switch B Trunk Fast Ethernet Red VLAN Black VLAN Green VLAN Red VLAN Black VLAN Green VLAN • Each logical VLAN is like a separate physical bridge. • VLANs can span across multiple switches. • Trunks carry traffic for multiple VLANs. • Trunks use special encapsulation to distinguish between different VLANs. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-5
    • 6. VLAN Membership Modes Static VLAN Dynamic VLAN Trunk Port e0/4 Port e0/9 VLAN5 VLAN10 VMPS 1111.1111.1111 = VLAN 10 MAC = 1111.1111.1111 © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-6
    • 7. ISL Tagging ISL trunks enable VLANs across a backbone. • Performed with ASIC • Not intrusive to client stations; client does not see the ISL header VLAN Tag Added by Incoming Port Inter-Switch Link Carries VLAN Identifier • Effective between switches, routers and switches, and switches and servers with ISL network interface cards VLAN Tag Stripped by Forwarding Port © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-7
    • 8. ISL Encapsulation ISL Header 26 Bytes DA Encapsulated Ethernet Frame CRC 4 Bytes Type User SA LEN AAAA03 HSA VLANBPDU INDX RES BPDU VLAN BPDU • Frames encapsulated with ISL header and CRC • Support for many VLANs (1024) • VLAN field • BPDU bit © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-8
    • 9. VLAN Trunking Protocol (VTP) • A messaging system that advertises VLAN configuration information • Maintains VLAN configuration consistency throughout a common administrative domain • Sends advertisements on trunk ports only • Supports mixed-media trunks (Fast Ethernet, FDDI, ATM) VTP Domain “ICND” 3.Sync to the Latest VLAN Information 2 1.New VLAN Added © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-9
    • 10. VTP Modes • Creates VLANs • Modifies VLANs • Deletes VLANs • Sends/forwards Server • Forwards advertisements • Synchronizes • Not saved in NVRAM © 2000, Cisco Systems, Inc. advertisements • Synchronizes • Saved in NVRAM Clie nt Transparent www.cisco.com • Creates VLANs • Modifies VLANs • Deletes VLANs • Forwards advertisements • Does not synchronize • Saved in NVRAM ICND v1.1—7-10
    • 11. How VTP Works • VTP advertisements are sent as multicast frames. • VTP servers and clients are synchronized to the latest revision number. • VTP advertisements are sent every 5 minutes or when there is a change. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-11
    • 12. How VTP Works • VTP advertisements are sent as multicast frames. • VTP servers and clients are synchronized to the latest revision number. • VTP advertisement are sent every 5 minutes or when there is a change. 1. Add New VLAN 2. Rev 3 --> Rev 4 3 Server 3 4. Rev 3 --> Rev 4 5. Sync New VLAN Information 4. Rev 3 --> Rev 4 5. Sync New VLAN Information Client © 2000, Cisco Systems, Inc. Client www.cisco.com ICND v1.1—7-12
    • 13. VTP Pruning • Increases available bandwidth by reducing unnecessary flooded traffic • Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN Port 2 Switch 4 Flooded Traffic Is Pruned B Switch 2 Red VLAN Switch 5 Port 1 Switch 6 © 2000, Cisco Systems, Inc. Switch 3 www.cisco.com A Switch 1 ICND v1.1—7-13
    • 14. VLAN Configuration Guidelines • Maximum number of VLANs is switch dependent. • Catalyst 1900 supports 64 VLANs with a separate spanning tree per VLAN. • VLAN1 is one of the factory default VLANs. • CDP and VTP advertisements are sent on VLAN1. • To create, add, or delete VLANs, you must be in VTP server or transparent mode. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-14
    • 15. VLAN Configuration Steps • Enable VTP (optional) • Enable trunking • Create VLANs • Assign VLAN to ports © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-15
    • 16. VTP Configuration Guidelines • VTP domain name • VTP mode (server/client/transparent)—VTP server mode is the default • VTP pruning • VTP password • VTP trap Use caution when adding a new switch into an existing domain. A new switch should be added in client mode to prevent the new switch from propagating incorrect VLANs information. Use the delete vtp command to reset the VTP revision number. © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-16
    • 17. Creating a VTP Domain wg_sw_a(config)# vtp [server | transparent] [domain domain-name] [trap {enable | disable}] [password password] [pruning {enable | disable} © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-17
    • 18. Creating a VTP Domain wg_sw_a(config)# vtp [server | transparent | client] [domain domain-name] [trap {enable | disable}] [password password] [pruning {enable | disable}] wg_sw_a#conf terminal Enter configuration commands, one per line. wg_sw_a(config)#vtp transparent wg_sw_a(config)#vtp domain switchlab © 2000, Cisco Systems, Inc. www.cisco.com End with CNTL/Z ICND v1.1—7-18
    • 19. Verifying VTP Configurations wg_sw_a#show vtp © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-19
    • 20. Verifying VTP Configurations wg_sw_a#show vtp wg_sw_a#show vtp VTP version: 1 Configuration revision: 4 Maximum VLANs supported locally: 1005 Number of existing VLANs: 6 VTP domain name : switchlab VTP password : VTP operating mode : Transparent VTP pruning mode : Enabled VTP traps generation : Enabled Configuration last modified by: 10.1.1.40 at 00-00-0000 00:00:00 © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-20
    • 21. Defining a Trunk wg_sw_a(config-if)# trunk [on | off | desirable | auto | nonegotiate] • on = Set trunk on and negotiate with other side • off = Set trunk off and negotiate with other side • desirable = Negotiate with other side; trunk on if other side is on, desirable, or auto • auto = Will be a trunk only if the other side is on or desirable • non-negotiate = Set trunk on and will not negotiate © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-21
    • 22. Defining a Trunk wg_sw_a(config-if)# trunk [on | off | desirable | auto | nonegotiate] • on = Set trunk on and negotiate with other side • off = Set trunk off and negotiate with other side • desirable = Negotiate with other side; trunk on if other side is on, desirable, or auto • auto = Will be a trunk only if the other side is on or desirable • nonnegotiate = Set trunk on and will not negotiate wg_sw_a#conf terminal Enter configuration commands, one per line. wg_sw_a(config)#interface f0/26 wg_sw_a(config-if)#trunk on End with CNTL/Z First Trunk Port (Port A) © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-22
    • 23. Adding a VLAN wg_sw_a(config)# vlan vlan# © 2000, Cisco Systems, Inc. www.cisco.com [name vlan-name] ICND v1.1—7-23
    • 24. Adding a VLAN wg_sw_a(config)# vlan vlan# [name vlan-name] wg_sw_a#conf terminal Enter configuration commands, one per line. wg_sw_a(config)#vlan 9 name switchlab2 © 2000, Cisco Systems, Inc. www.cisco.com End with CNTL/Z ICND v1.1—7-24
    • 25. Verifying a VLAN wg_sw_a#show vlan [vlan#] © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-25
    • 26. Verifying a VLAN wg_sw_a#show vlan [vlan#] wg_sw_a#sh vlan 9 VLAN Name Status Ports ------------------------------------------------9 switchlab2 Enabled ------------------------------------------------VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 -------------------------------------------------------------------------9 Ethernet 100009 1500 0 1 1 Unkn 0 0 -------------------------------------------------------------------------© 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-26
    • 27. Modifying a VLAN Name wg_sw_a(config)# vlan vlan# name vlan-name wg_sw_a#conf terminal Enter configuration commands, one per line. wg_sw_a(config)#vlan 9 name switchlab90 End with CNTL/Z wg_sw_a#show vlan 9 VLAN Name Status Ports -----------------------------------------------9 switchlab90 Enabled ------------------------------------------------ © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-27
    • 28. Assigning Switch Ports to a VLAN wg_sw_a(config-if)# vlan-membership {static {vlan#} | dynamic} © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-28
    • 29. Assigning Switch Ports to a VLAN wg_sw_a(config-if)# vlan-membership {static {vlan#} | dynamic} wg_sw_a#conf terminal Enter configuration commands, one per line. wg_sw_a(config)#interface ethernet 0/8 wg_sw_a(config-if)#vlan-membership static 9 © 2000, Cisco Systems, Inc. www.cisco.com End with CNTL/Z ICND v1.1—7-29
    • 30. Verifying VLAN Membership wg_sw_a#show vlan-membership © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-30
    • 31. Verifying VLAN Membership wg_sw_a#show vlan-membership wg_sw_a#show vlan-membership Port VLAN Membership Type --------------------------1 5 Static 2 1 Static 3 1 Static 4 1 Static 5 1 Static 6 1 Static 7 1 Static 8 9 Static Port VLAN Membership Type -----------------------------13 1 Static 14 1 Static 15 1 Static 16 1 Static 17 1 Static 18 1 Static 19 1 Static 20 1 Static Note: port 1=e0/1, port 2=e0/2 ..... © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-31
    • 32. Verifying Spanning Tree wg_sw_a#show spantree {vlan number} © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-32
    • 33. Verifying Spanning Tree wg_sw_a#show spantree {vlan number} wg_sw_a#show spantree 1 VLAN1 is executing the IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0050.F037.DA00 Configured hello time 2, max age 20, forward delay 15 Current root has priority 0, address 00D0.588F.B600 Root port is FastEthernet 0/26, cost of root path is 10 Topology change flag not set, detected flag not set Topology changes 53, last topology change occurred 0d00h17m14s ago Times: hold 1, topology change 8960 hello 2, max age 20, forward delay 15 Timers: hello 2, topology change 35, notification 2 Port Ethernet 0/1 of VLAN1 is Forwarding Port path cost 100, Port priority 128 Designated root has priority 0, address 00D0.588F.B600 Designated bridge has priority 32768, address 0050.F037.DA00 Designated port is Ethernet 0/1, path cost 10 Timers: message age 20, forward delay 15, hold 1 © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-33
    • 34. Review Questions 1. What are the three VTP modes? 2. Over what type of port can VTP advertisements be sent? 3. What header contains the VLAN ID? 4. How do you assign a VLAN to a port? © 2000, Cisco Systems, Inc. www.cisco.com ICND v1.1—7-34