Lecture 9
 VLAN нь сүлжээний логик групп ба switch-ийг нөөцтэй  холбогдох оролтыг удирдан тодорхойлно. Switch нь жижиг бүсийн инте...
VLAN нь 2-р түвшиний switch ба 3-р түвшний router-ийн нэтгэнcollision ба broadcast хоѐуланг нь хэрэглэнэ.VLAN нь VLAN гр...
•Хуваалт                                         •Уян хатан                                         •ХамгаалалтA VLAN = A ...
Бүх хостууд switch-д холбогдоно.Бүгд нэг бүсээс ирнэ.Логик сегмент болгон тусгаарлан хуваах хэрэгтэй.Өндөр хурдаар мэд...
 LAN нь Switch-ийн програм хангамжийг үүсгэнэ. VLAN-ийн бүх төхөөрөмжүүд нь ижил broadcast  domain-тай ба бүх broadcasts...
   Интернет ажил нь холбогдож байгаа hub, switch, router бүгдэд    нь хамгаалалт хэрэглэнэ.   VLAN-ийг үүсгэсэн admin нь...
   Broadcast domain-ийг салгах шаардлагатай тохиолдолд router-    тай холбогдсон байх хэрэгтэй.   2-р түвшинд VLAN-ийг а...
   Оролт дээр суурилагдан үүссэн VLAN-ийг as Static    VLAN нь гэнэ.   Текник хангамжийн хаягийн бааз дээр үндэслэгдэн  ...
10
 Маш   аюулгүй Зохион   байгуулахад хялбар Сүлжээ шилжихэд хэрэглэгчид нь сүлжээг дотор нь хянаж байдаг.               ...
   dynamic VLAN нь node-уудын VLAN нь автоматаар    тодорхойлно.   Програм хангамжийн менежементийг хэрэглэх ба    VLAN ...
port1      port5To see the existing VLAN#Show vlanTo create VLAN#vlan databaseSwitch(vlan)#vlan 2 name red Switch(vlan)#vl...
port1        port5To delete VLANSw(config)# no vlan 2Sw(config)# no vlan 3To bring port back to VLAN 1Sw(config-if)#switch...
VLAN Operation VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special enc...
   Access links    This type of link is only part of one VLAN     It’s referred to as the native VLAN of the port.    ...
17
18
   Can create VLANs to span more than one connected switch   Hosts are unaware of VLAN   When host A Create a data unit...
   There are two frame tagging methods    Inter-Switch Link (ISL)    IEEE 802.1Q   Inter-Switch Link (ISL)     propri...
ISL trunks enable VLANs across a backbone.                          Performed with ASIC                          ISL hea...
24                     12                       1 2 3 4                                1 2 3 410.0.0.1                    ...
Switch(config)#interface gigabitethernet 1/1• Enters interface configuration modeSwitch(config-if)#switchport mode access•...
Switch#show vlan [id | name] [vlan_num | vlan_name]VLAN Name                             Status    Ports---- -------------...
Switch#show running-config interface {fastethernet |gigabitethernet} slot/port• Displays the running configuration of the ...
 A messaging system that advertises VLAN configuration information Maintains VLAN configuration consistency throughout a...
 Benefits   of VTP Consistent VLAN configuration across all switches in  the network Accurate tracking and monitoring o...
•Creates VLANs                    •Modifies VLANs                    •Deletes VLANs                    •Sends/forwards    ...
VTP Operation• VTP advertisements are sent as multicast frames.• VTP servers and clients are synchronized to the latest up...
   VTP pruning provides a way for you to preserve    bandwidth by configuring it to reduce the amount of    broadcasts, m...
VTP Pruning• Increases available bandwidth by reducing unnecessary flooded traffic• Example: Station A sends broadcast, an...
◦ Configure the following:    VTP domain name    VTP mode (server mode is the default)    VTP pruning    VTP password ...
Creating a VTP DomainCatalyst 1900wg_sw_1900(config)#vtp [server | transparent | client] [domaindomain-name] [trap {enable...
Switch#show vtp statusSwitch#show vtp statusVTP Version                     : 2Configuration Revision          : 247Maximu...
Switch#show vtp countersSwitch#show vtp countersVTP statistics:Summary advertisements received      :   7Subset advertisem...
 Ifyou want to connect between two VLANs you  need a layer 3 device                                                36
10.0.0.1                                               20.0.0.1                                               FA0/0       ...
Upcoming SlideShare
Loading in …5
×

Лекц 9

2,505 views
2,505 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,505
On SlideShare
0
From Embeds
0
Number of Embeds
1,163
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Лекц 9

  1. 1. Lecture 9
  2. 2.  VLAN нь сүлжээний логик групп ба switch-ийг нөөцтэй холбогдох оролтыг удирдан тодорхойлно. Switch нь жижиг бүсийн интернетийг нэвтрүүлэх ба ялгаатай оролт нь бүрээр ялгаатай дэд сүлжээг үүсгэх боломжтой. Frame дамжуулах сүлжээ нь зөвхөн 1 switch-д байх бөгөөд оролтуудын логик групп нь ижил VLAN-тай байна. Host-гүй VLAN нь өөр VLAN-тай бусад host-уудтай харилцах боломжтой. Inter VLAN-ийг холбоход router хэрэгтэй. 2
  3. 3. VLAN нь 2-р түвшиний switch ба 3-р түвшний router-ийн нэтгэнcollision ба broadcast хоѐуланг нь хэрэглэнэ.VLAN нь VLAN группийг шинээр үүсгэхдээ хамгаалтаар хангах баүүргийнхээ дагуу VLAN хооронд нь холбохдоо router-ыг ашиглана.Физик оролт нь VLAN-ний үүрэгийг хэрэгжүүлэхэд хэрэглэгдэнэ.VLAN хоорондын харилцаа нь router-ээр шууд гарна.broadcast domain-ний хязгаартай хэмжээ нь router-ийг хэрэглэжVLAN-ийг өөр VLAN-тай харилцахыг тодорхойлж өгнө.NOTE: This is the only way a switch can break up a broadcast domain! 3
  4. 4. •Хуваалт •Уян хатан •ХамгаалалтA VLAN = A Broadcast Domain = Logical Network (Subnet) 4
  5. 5. Бүх хостууд switch-д холбогдоно.Бүгд нэг бүсээс ирнэ.Логик сегмент болгон тусгаарлан хуваах хэрэгтэй.Өндөр хурдаар мэдээ дамжуулах шалтгаан ARP DHCP SAP XWindows NetBIOS 5
  6. 6.  LAN нь Switch-ийн програм хангамжийг үүсгэнэ. VLAN-ийн бүх төхөөрөмжүүд нь ижил broadcast domain-тай ба бүх broadcasts-аас хүлээн авах боломжтой. Switch-ийн бүх оролтуудад шүүлтүүр тавьж ижил VLAN-тай үгүйг шалгана. 6
  7. 7.  Интернет ажил нь холбогдож байгаа hub, switch, router бүгдэд нь хамгаалалт хэрэглэнэ. VLAN-ийг үүсгэсэн admin нь оролт болгоны хэрэглэгч дээр хяналт тавих боломжтой. 7
  8. 8.  Broadcast domain-ийг салгах шаардлагатай тохиолдолд router- тай холбогдсон байх хэрэгтэй. 2-р түвшинд VLAN-ийг ашиглан Broadcast domain-ийг хуваах боломжтой. VLAN группийн хэрэглэгчдэд өндөр түвшний хамгаалалт хэрэгтэй бөгөөд ямар ч хэрэглэгчгүй гадаад VLAN-тай харилцаж чадна. 8
  9. 9.  Оролт дээр суурилагдан үүссэн VLAN-ийг as Static VLAN нь гэнэ. Текник хангамжийн хаягийн бааз дээр үндэслэгдэн үүсгэгдсэн VLAN-ийг dynamic VLAN гэнэ. 9
  10. 10. 10
  11. 11.  Маш аюулгүй Зохион байгуулахад хялбар Сүлжээ шилжихэд хэрэглэгчид нь сүлжээг дотор нь хянаж байдаг. 11
  12. 12.  dynamic VLAN нь node-уудын VLAN нь автоматаар тодорхойлно. Програм хангамжийн менежементийг хэрэглэх ба VLAN нь техник хангамжийн (MAC) хаягийг сууриа болгоно. Dynamic VLAN-д VLAN Management Policy Server (VMPS) хэрэгтэй. 12
  13. 13. port1 port5To see the existing VLAN#Show vlanTo create VLAN#vlan databaseSwitch(vlan)#vlan 2 name red Switch(vlan)#vlan 3 name blueAssigning ports to VLANSw(config)# int fastEthernet 0/1Sw(config-if)#switch mode accessSw(config-if)#switchport access vlan2 13
  14. 14. port1 port5To delete VLANSw(config)# no vlan 2Sw(config)# no vlan 3To bring port back to VLAN 1Sw(config-if)#switchport mode accesSw(config-if)#switch port access vlan1For a RangeSw(config)#int range fastethernet 0/1 - 5Sw(config-if)#switch port access vlan1 14
  15. 15. VLAN Operation VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special encapsulation to distinguish between different VLANs. 15
  16. 16.  Access links This type of link is only part of one VLAN  It’s referred to as the native VLAN of the port.  Any device attached to an access link is unaware of a VLAN Switches remove any VLAN information from the frame before it’s sent to an access-link device. Trunk links Trunks can carry multiple VLANs These carry the traffic of multiple VLANs A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router. 16
  17. 17. 17
  18. 18. 18
  19. 19.  Can create VLANs to span more than one connected switch Hosts are unaware of VLAN When host A Create a data unit and reaches switch, the switch adds a Frame tagging to identify the VLAN Frame tagging is a method to identify the packet belongs to a particular VLAN Each switch that the frame reaches must first identify the VLAN ID from the frame tag It finds out what to do with the frame by looking at the information in the filter table Once the frame reaches an exit to an access link matching the frame’s VLAN ID, the switch removes the VLAN identifier 19
  20. 20.  There are two frame tagging methods Inter-Switch Link (ISL) IEEE 802.1Q Inter-Switch Link (ISL)  proprietary to Cisco switches used for Fast Ethernet and Gigabit Ethernet links only IEEE 802.1Q Created by the IEEE as a standard method of frame tagging it actually inserts a field into the frame to identify the VLAN If you’re trunking between a Cisco switched link and a different brand of switch, you have to use 802.1Q for the trunk to work. 20
  21. 21. ISL trunks enable VLANs across a backbone. Performed with ASIC ISL header not seen by client Effective between switches, and between routers and switches 21
  22. 22. 24 12 1 2 3 4 1 2 3 410.0.0.1 10.0.0.4 10.0.0.2 10.0.0.3Create two VLANs on each switches Trunk Port Configuration#vlan databasesw(vlan)#vlan 2 name red sw#config tsw(vlan)#vlan 3 name blue sw(config)#int fastethernet 0/24sw(vlan)#exit sw(config-if)#switchport trunksw#config t encapsulation dot1qsw(config)#int fastethernet 0/1 sw(config-if)#switchport modesw(config-if)#switch-portaccess trunk vlan 2sw(config)#int fastethernet 0/4 * 2950 Only dot1q Encapsulationsw(config-if)#switch-portaccess vlan 3To see Interface status#show interface status 22
  23. 23. Switch(config)#interface gigabitethernet 1/1• Enters interface configuration modeSwitch(config-if)#switchport mode access• Configures the interface as an access portSwitch(config-if)#switchport access vlan 3• Assigns the access port to a VLAN 23
  24. 24. Switch#show vlan [id | name] [vlan_num | vlan_name]VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/22 VLAN0002 active51 VLAN0051 active52 VLAN0052 active…VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 10032 enet 100002 1500 - - - - - 0 051 enet 100051 1500 - - - - - 0 052 enet 100052 1500 - - - - - 0 0…Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------ 24
  25. 25. Switch#show running-config interface {fastethernet |gigabitethernet} slot/port• Displays the running configuration of the interfaceSwitch#show interfaces [{fastethernet | gigabitethernet}slot/port] switchport• Displays the switch port configuration of the interfaceSwitch#show mac-address-table interface interface-id [vlanvlan-id] [ | {begin | exclude | include} expression]• Displays the MAC address table information for the specified interface in the specified VLAN 25
  26. 26.  A messaging system that advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only
  27. 27.  Benefits of VTP Consistent VLAN configuration across all switches in the network Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs to all switches in the VTP domain 27
  28. 28. •Creates VLANs •Modifies VLANs •Deletes VLANs •Sends/forwards advertisements •Synchronizes •Saved in NVRAM •Creates VLANs• Forwards •Modifies VLANs advertisements •Deletes VLANs• Synchronizes •Forwards• Not saved in advertisements NVRAM •Does not synchronize •Saved in NVRAM 28
  29. 29. VTP Operation• VTP advertisements are sent as multicast frames.• VTP servers and clients are synchronized to the latest update identified revision number.• VTP advertisements are sent every 5 minutes or when there is a change. 29
  30. 30.  VTP pruning provides a way for you to preserve bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets. If Switch A doesn’t have any ports configured for VLAN 5, and a broadcast is sent throughout VLAN 5, that broadcast would not traverse the trunk link to Switch A. By default, VTP pruning is disabled on all switches. Pruning is enabled for the entire domain 30
  31. 31. VTP Pruning• Increases available bandwidth by reducing unnecessary flooded traffic• Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN 31
  32. 32. ◦ Configure the following:  VTP domain name  VTP mode (server mode is the default)  VTP pruning  VTP password Switch(config)#vtp mode server Switch(config)#vtp domain gates SwitchA#sh vtp status 32
  33. 33. Creating a VTP DomainCatalyst 1900wg_sw_1900(config)#vtp [server | transparent | client] [domaindomain-name] [trap {enable | disable}] [password password][pruning {enable | disable}] wg_sw_1900#configure terminal Enter configuration commands, one per line. End with CNTL/Z wg_sw_1900(config)#vtp transparent wg_sw_1900(config)#vtp domain switchlabCatalyst 2950wg_sw_2950#vlan databasewg_sw_2950(vlan)#vtp [ server | client | transparent ]wg_sw_2950(vlan)#vtp domain domain-namewg_sw_2950(vlan)#vtp password passwordwg_sw_2950(vlan)#vtp pruning 33
  34. 34. Switch#show vtp statusSwitch#show vtp statusVTP Version : 2Configuration Revision : 247Maximum VLANs supported locally : 1005Number of existing VLANs : 33VTP Operating Mode : ClientVTP Domain Name : Lab_NetworkVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49Switch# 34
  35. 35. Switch#show vtp countersSwitch#show vtp countersVTP statistics:Summary advertisements received : 7Subset advertisements received : 5Request advertisements received : 0Summary advertisements transmitted : 997Subset advertisements transmitted : 13Request advertisements transmitted : 3Number of config revision errors : 0Number of config digest errors : 0Number of V1 summary errors : 0VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa5/8 43071 42766 5 35
  36. 36.  Ifyou want to connect between two VLANs you need a layer 3 device 36
  37. 37. 10.0.0.1 20.0.0.1 FA0/0 9 24 12 1 2 3 4 1 2 3 4 10.0.0.2 20.0.0.3 20.0.0.2 10.0.0.3 Router ConfigurationCreate two VLANs on each switches Trunk Port Configuration R1#config t R1(config)#int fastethernet 0/0.1#vlan database sw#config t R1(config-if)#encapsulation dot1q 2sw(vlan)#vlan 2 name red sw(config)#int fastethernet 0/24 R1(config-if)#ip address 10..0.0.1 255.0.0.0sw(vlan)#vlan 3 name blue R1(config-if# No shut sw(config-if)#switchport trunksw(vlan)#exit encapsulation dot1q R1(config-Iif)# EXITsw#config t R1(config)#int fastethernet 0/0.2 sw(config-if)#switchport modesw(config)#int fastethernet 0/1 trunk R1(config-if)# encapsulation dot1q 3sw(config-if)#switch-portaccess vlan 2 R1(config-if)#ip address 20..0.0.1 255.0.0.0sw(config)#int fastethernet 0/4 R1(config-if# No shutsw(config-if)#switch-portaccess vlan Router-Switch Port to be made as Trunk 3 sw(config)#int fastethernet 0/9 sw(config-if)#switchport trunkTo see Interface status enacapsulation dot1q#show interface status sw(config-if)#switchport mode trunk 37

×