SlideShare a Scribd company logo

Vlan and vtp

Download as DOCX, PDF
R
Raj sekar

vlan vtp

Internet
1 of 21
VirtualLANs (VLANs) and VTP Page 1 rajasekar  Virtual Lan(vlan) & VTP VLAN :  Collision vs Broadcast  Vlan  Advantageof vlan  Vlan membership  Vlan porttypes  Vlan frames  Frametag protocol  802.1Qtunnelling  Nativevlan  DTP  Vlan configuration VTP :  VTP versions  VTP modes  VTP advertisement  VTP Messagetypes  VTP pruning  VTP configuration
VirtualLANs (VLANs) and VTP Page 2 rajasekar Collision vs Broadcast Collision: A collision occurs when two devices send a packetat the sametime on the shared network segment.The packets collideand both devices mustsend the packets again,which reduces network efficiency. eg: HUB(each porton a hub is in the samecollision domain) when hostA is trying to reach host C.from thesame time hostD is also trying to reach hostC. HUB will receive both frames and HUB as no idea where to send frames as a resultitsend to all theports, from this stage collision is detecting. Broadcast: Broadcastis a typeof communication,wherethesending device send a singlecopy of data and thatcopy of data will be delivered to every device in thenetwork segment. Broadcast is a required type of communication and wecannotavoid Broadcasts. Eg: arp,dhcp when host Ais sending an packet to hostC when switch receives firsttimethen its send to all theports onceits learned the mac-address then itwill notsend to all theports.
VirtualLANs (VLANs) and VTP Page 3 rajasekar  VLAN:(Virtual Local Area Network) A switch can belogically segmented into separatebroadcastdomains, using Virtual LANs.On Cisco switches,all interfaces belongto VLAN 1 by default,and should bededicated forsystemtrafficsuch as CDP,STP,VTP, and DTP. EachVLANrepresentsa uniquebroadcastdomain: • Trafficbetween devices within thesameVLAN is switched. • Trafficbetween devices in differentVLANs requires a Layer-3 deviceto communicate. Broadcasts fromone VLAN will notbe forwarded to anotherVLAN.The logical separation provided by VLANs is nota Layer-3 function.VLAN tags are inserted into theLayer-2 header. Host A and B are in samebroadcastdomain,samelikeas E and F. when I am trying to ping hostAto hostE itwill notping a switch that segments a ports into differentbroadcastdomain.Thus,a Layer-3 deviceis required forthosehosts to communicate.
VirtualLANs (VLANs) and VTP Page 4 rajasekar Advantageofvlan  Broadcast Control – eliminates unnecessary broadcast traffic, improving network performance and scalability.  Security – logically separates users and departments, allowing administrators to implement access-lists to control traffic between VLANs.  Improved manageability VLANs providean easy,flexible,less costly way to modify logical groups in changing environments.. Vlan membership VLAN membership are two types:  Static  Dynamic Static: InastaticVLAN,thenetwork administratorcreatesa VLAN andthen assigns switch ports to the VLAN. Static VLANs are also called port- based VLANs. The association with the VLAN does not change until the administrator changes the port assignment. End-user devices become the members of VLAN based on the physical switch port to which they are connected. Dynamic: A dynamic VLAN, the switch automatically assigns theportto a VLAN using information from the user device like (mac, ip address etc). When a device is connected to a switch port theswitch queries a database to establish VLAN membership. A network administrator must configure VLAN databaseof a VLANMembership Policy Server (VMPS). DynamicVLANs supportinstantmovability of end devices.When we move a device from a port on one switch to a port on another switch, the dynamicVLANs will automatically configurethemembership of the VLAN. Static VLAN assignmentis farmore common than dynamic,and will be the focus of this guide.
VirtualLANs (VLANs) and VTP Page 5 rajasekar VLAN Port Types Two types of ports: • Access ports • Trunk ports Access link: An access link is a part of only one VLAN, and normally access links are for end devices. Any device attached to an access link is unaware of a VLAN membership. Trunk link: ATrunk link can carry multiple VLAN traffic and normally a trunk link is used to connect switches to other switches or to routers. To identify the VLAN that a frame belongs to. Vlanframes Frame tagging is used to identify the VLAN thatthe frame belongs to in a network with multipleVLANs.The VLAN ID is placed on the frame when it reaches a switch from an access port, which is a member of a VLAN. That frame can then be forwarded out the trunk link port. Each switch can see what VLAN the frame belongs to and can forward the frame to corresponding VLAN access ports or to another VLAN trunk port.
VirtualLANs (VLANs) and VTP Page 6 rajasekar Vlan frames (continued) If HostAsends a frameto HostB,no frametaggingwill occur • Theframe never leaves theSwitch A. • Theframe stays within its own VLAN. If HostAsends a frameto HostC,which is in a separateVLAN: • Theframe again neverleaves theswitch. • BecauseHost C is in a differentVLAN,the frame mustberouted. If HostAsends a frameto HostD,which is on a separateswitch: • Theframe is sentoutthetrunk port to Switch B. • Theframe mustbe tagged as itis sentoutthetrunk port.  The frameis tagged with its VLAN ID - VLAN 10 in this example. • When Switch B receives the frame, itwill only forward it out ports belonging to VLAN 10
VirtualLANs (VLANs) and VTP Page 7 rajasekar FrameTaggingProtocols Cisco switches supporttwo frame tagging protocols: • Inter-Switch Link(ISL) • IEEE 802.1Q Inter-SwitchLink(ISL)protocol is a Cisco propriety protocoland Inter-Switch Link (ISL) is available and supported on Cisco products only. Inter-Switch Link (ISL) protocol primarily is used forEthernetmedia (FastEthernet orGigabitEthernet).Cisco hasalsoincluded provisionsto carry Token Ring,FDDI, and ATM. Inter-Switch Link (ISL) protocol encapsulates the entire Ethernet frame (Fast Ethernet or Gigabit Ethernet) with a 26-byte header and a 4-byte frame check sequence (FCS) for a total of 30 bytes of overhead. Inter-Switch Link (ISL) frame format is shown below. DA (DestinationAddress):ThedestinationaddressusesthemulticastMACaddress 01-00-0C-00-00-00.The first 40 bits of the DA field signal the receiver that the packet is in Inter-Switch Link (ISL) format. • Type: Thetypeof frameencapsulated:Ethernet(0000),Token Ring (0001),FDDI (0010), and ATM (0011). • User: The USER field consists of a 4-bitcode. The USER bits are used to extend themeaningoftheTYPE field.ThedefaultUSER fieldvalueis "0000".ForEthernet frames, the USER field bits "0" and "1" indicate the priority of the packet as it passes through the switch.
VirtualLANs (VLANs) and VTP Page 8 rajasekar • SA (Source Address): Sourceaddress of the switch transmitting theInter-Switch Link (ISL) frame. • Len: The length of the packet. • SNAP: Subnetwork Access Protocol (SNAP) and Logical Link Control (LLC). The AAAA03 SNAP field is a 24-bit constant value of "AAAA03". • HSA (High Bits of Source Address): The HSA field is a 24-bit value which represents the upper 3 bytes (the manufacturer ID portion) of the SA field. • VLAN (DestinationVLANID): Indicates VLAN ID of the packet. VLAN ID is a 15- bit value that is used to distinguish frames on different VLANs. VLAN ID is also known as the "color" of the frame. • BPDU: Indicate whether a BPDU, or CDP or VTP frame • Index: The port index of the source of the packet. • Res: Reserved field foradditional information,forinstance,Token Ring orFDDI Frame Check Sequence field. For Ethernet, this field should be zero. • Encapsulated Ethernet Frame: The actual Ethernet frame. • ISL CRC: Four-byte check on the ISL packet to ensure it is not corrupted.  Cisco switches are specifically engineered to support these giant ISL - tagged frames. Note that this is a key reason why ISL is Cisco-proprietary.  ISL supports a maximum of 1000 VLANs on a trunk port. ISL is also almost entirely deprecated - most modern Cisco switches no longer support it. 802.1Q trunks 802.1Q trunks support tagged and untagged Ethernet frames. An untaggedEthernetframeisa standardunalteredEthernetframe.Untagged Ethernet frames are usually used for native VLAN communication. If a switch receives untagged Ethernet frames on a trunk port, they are considered as partof thenativeVLAN and frames froma nativeaccess port are not tagged when exiting the switch via a native VLAN trunk port.
VirtualLANs (VLANs) and VTP Page 9 rajasekar In a tagged 802.1QEthernet frame, a 4-bytefield is inserted between the original Ethernetframe Source Address field and the Type or Length field. FCS is recomputed after the 4-bytetag is inserted. Following figureshows 802.1Q tagged Ethernet frame. • TPID(Tag Protocol Identifier,16 bits):TPID (Tag Protocol Identifier) is globally and always have a value of 0x8100 to signify an 802.1Q tag. • Priority (3bits): ThePriority field is used by 802.1Qto implementLayer2 quality of service (QoS). • CFI (CanonicalFormatIdentifier,1 bit):TheCFI (CanonicalFormatIdentifier) bit is used for compatibility purposes between Ethernet and Token Ring. •VLAN ID (12 bits):TheVIDfieldis usedto distinguishbetweenVLANsonthelink.  802.1Q supports a maximum of 4096 VLANs on a trunk port.  Recall that ISL encapsulates a frame with an additional headerand trailer. In contrast, 802.1Q embeds a 4-byte VLAN tag directly into the Layer-2 frame header. Because the Layer-2 header is modified, 802.1Q must recalculate the frame’s CRC value.
VirtualLANs (VLANs) and VTP Page 10 rajasekar 802.1QTunneling(Q-in-Q) 802.1Qtunneling enables serviceproviders to usea singleVLAN to support customers who havemultipleVLANs,whilepreserving customerVLAN IDs and keeping trafficin differentcustomerVLANs segregated. When you configuretunneling,you assigna tunnel portto a VLAN thatyou dedicate to tunneling,which then becomes a tunnel VLAN. To keep customertrafficsegregated,each customerrequires a separate tunnel VLAN,butthatonetunnel VLAN supports all of thecustomer's VLANs. The customerswitches aretrunk connected,butwith 802.1Qtunneling,the service providerswitches only useoneserviceproviderVLAN to carry all the customerVLANs,instead of directly carrying all thecustomerVLANs Note: Tunnel trafficcarries a second 802.1Qtag only when itis on a trunk link between service-providernetwork devices,with theoutertag containing the service-provider-assigned VLAN ID and theinnertag containing the customer-assigned VLAN IDs.
VirtualLANs (VLANs) and VTP Page 11 rajasekar from this exampleCUSTOMER switch A B & C haverangeof vlan (100-400),when thisrange of vlan enters intwo PROVIDER switch theouter interfacecaries singlevlan (3349) called outer vlan. NativeVLAN Normally a Switch port configured as a trunk port send and receive IEEE 802.1q VLAN tagged Ethernet frames. If a switch receives untagged Ethernet frames on its Trunk port, they are forwarded to the VLAN that is configured on the Switch as native VLAN. Both sides of the trunk link must be configured to be in same native VLAN. NativeVLANSare only supported on 802.1Qtrunkports.ISL does notsupport untagged frames,and will always tag frames fromall VLANs.
VirtualLANs (VLANs) and VTP Page 12 rajasekar DTP (Dynamic Trunking Protocol) It is a Cisco proprietary trunking protocol used for negotiating trunking on a link between two CiscoSwitches. DynamicTrunkingProtocol(DTP) canalsobeusedfor negotiating the encapsulation type of either 802.1q or Cisco ISL. DTP has two modes to dynamically decide whether a port becomes a trunk: • Desirable– the port will actively attempt to form a trunk with theremote switch. This is the default setting. • Auto – the port will passively wait for the remote switch to initiate the trunk. Trunk ports send out DTP frames every 30 seconds to indicate their configured mode. A Trunk will form in the following configurations:  Trunk- Trunk  Trunk -dynamic desirable  Trunk- dynamic auto  dynamic desirable- dynamic desirable  dynamic desirable- dynamic auto A trunk will neverformif thetwo sides of thetrunk aresetto dynamicauto,as both ports are waiting for the other to initialize the trunk. It is best practice to manually configure trunk ports, to avoid DTP negotiation errors. DTP is also vulnerable to VLAN spoofing attacks.
VirtualLANs (VLANs) and VTP Page 13 rajasekar Vlan configuration By default,all interfaces belong to VLAN 1.To assign an interfaceto a different VLAN, that VLAN mustfirstbe created: To view all created VLANs, and interfaces assigned to each vlan: Switch#showvlan The standard rangeof VLAN numbers is 1 – 1005,with VLANs 1002-1005reserved for legacy Token Ring and FDDI purposes. The extended range of VLAN number is 1006-4094. Configurationoptions forVLANIDs1006through4094 arelimitedtoMTU,RSPAN VLAN, private VLAN, and UNI-ENI VLAN. The listof VLANs are stored in a database file named vlan.dat.The vlan.dat fileis usually stored in flash, though on some switch models it is stored in NVRAM Extended-range VLANs are not saved in the VLAN database.
VirtualLANs (VLANs) and VTP Page 14 rajasekar Configure Vlan All the interfaces or belong to vlan 1. To change the vlan on interfaces vlan must first be created. If u want to give a name for the vlan u can give its optional. Switch(config)# vlan 10 Switch(config-vlan)# name cisco First cmd creates vlan for particular port and enters into vlan configuration mode. Second cmd is used to configure name of the vlan To remove VLAN: Switch(config)# no vlan 10
VirtualLANs (VLANs) and VTP Page 15 rajasekar Configure Vlan (continued) ConfigureAccessmode The modetells that port is ACCESS orTRUNKso in theaboveimagethatfast ethernet 0/1 is configured to access port. ConfigureTrunkmode
VirtualLANs (VLANs) and VTP Page 16 rajasekar To explicitlyallowa subsetof VLANs on a trunk port: Switch(config)# interfacef0/4 Switch(config-if)# switchporttrunkallowed vlan10,20,21-25 To remove a VLAN fromthe allowedlist: Switch(config)# interface f0/4 Switch(config-if)# switchport trunkallowed vlanremove 20 To adda specificVLAN back into theallowedlist: Switch(config)#interface f0/4 Switch(config-if)#switchporttrunkallowed vlan add20 To allowall VLANs exceptfor a specificrange: Switch(config-if)#switchporttrunk allowed vlanexcept 21-25 To configuretheDTP modeon an interface: Switch(config)# interface f0/4 Switch(config-if)#switchportmodedynamicdesirable Switch(config-if)#switchportmodedynamicauto To allowall VLANs again: Switch(config-if)# interfacef0/4 Switch(config-if)#switchporttrunk allowed vlanall To allownativeVLAN: Switch(config)#interface F0/4 Switch(config-if)# switchportmodetrunk Switch(config-if)# switchporttrunk nativevlan20 Showcmd: showvlan showinterfacesfa0/1 trunk showinterfacestrunk
VirtualLANs (VLANs) and VTP Page 17 rajasekar VTP (VlanTrunkingProtocol) VLAN Trunk Protocol reduces administrationin a switched network.When you configurea newVLAN on one VTP server, the VLAN is distributed through all switches in thedomain. This reduces theneed to configurethesameVLAN everywhere. VTP is a Cisco- proprietary protocol thatis availableon mostof theCisco Catalystseries products. VTP requires thatall participating switches joina VTP domain.Switches must belong to thesame domain to shareVLAN information VTP version There are three types of version VTP version1: It supports thestandard 1 – 1005 VLAN range.VTP version 1 is also defaulton Catalystswitches. VTP version2: Itsupports Token Ring support VLAN consistency checks Domain-independenttransparentpassthrough VTP version3: Itsupports The extended 1006-4094 VLAN range. Supportforprivate VLANs. Improved VTP authentication. Ability to enableVTP on a per-portbasis. VTPv1 and v2 are notcompatible. VTP Version 3 was supported on only limited Cisco switch platforms
VirtualLANs (VLANs) and VTP Page 18 rajasekar VTP Modes: A switch using VTP mustoperatein oneof three modes: • Server • Client • Transparent  Server In VTP servermode, you can create, modify,and delete VLANs and specify otherconfigurationparameters,such as VTP version and VTP pruning, forthe entireVTP domain.VTP servers advertisetheirVLAN configuration to otherswitches in thesame VTP domain and synchronizetheirVLAN configurationwith otherswitches based on advertisementsreceived overtrunk links.  Client VTP clients behavethesameway as VTP servers, butyou cannotcreate, change,ordelete VLANs on a VTP client.  Transparent AVTP transparentswitch maintainsits own local VLAN database,and does notdirectly participatein theVTP domain.Atransparent switch will neveraccept VLAN databaseinformationfromanotherswitch,even a server. Also,a transparentswitch will neveradvertiseits local VLAN database to anotherswitch. VTP messagetypes:  Summary advertisements  Subsetadvertisement  Advertisementrequests Summary advertisementsItcontains thefollowing data. Both VTP servers and clients will send outa summary advertisementevery 300 seconds  VTP domain  VTP version  Domain name  Configurationrevisionnumber  Time stamp  MD5 digest
VirtualLANs (VLANs) and VTP Page 19 rajasekar A subsetadvertisement It contain thefollowinginformation:  VTP version  Domain name  Configurationrevision number  VLAN IDs for each VLAN in the database  VLAN-specificinformation,suchas theVLAN nameand MTU AdvertisementRequests A switch needs a VTP advertisementrequestin thesesituations:  The switch has been reset.  The VTP domain namehas been changed.  The switch has received a VTP summary advertisementwith a higherconfigurationrevisionthan its own. VTP Pruning:  VLAN Trunking Protocol (VTP) is used to communicateVLAN information between switches in thesameVTP domain. VLANTrunking Protocol(VTP) pruning is a featurein Cisco switches,which stops VLAN updateinformationtrafficfrombeing sent down trunk links if theupdates arenotneeded.  In normal operation a switch needs to flood broadcastframes,multicast frames, orunicastframes wherethe destination MACaddress is unknown to all its ports.  If theneighbouring switch doesn’thave any activeports inthe sourceVLAN, this broadcastis unnecessary and excessiveunwanted trafficmay create problems on thenetwork.  VLAN Trunking Protocol (VTP) pruning helpsin increasing theavailable bandwidthby reducing unnecessary flooded traffic.  Broadcastframes,multicastframes,orunicastframes wherethe destination MACaddress is unknownareforwarded overa trunk link only if theswitch on thereceiving end of the trunk link has ports in the source VLAN.
VirtualLANs (VLANs) and VTP Page 20 rajasekar Configuring VTP By default,a switch is in VTP server mode,. To changetheVTP Switch(config)#vtp domain MYDOMAINNotethatthedomain nameis case sensitive. To configuretheVTP mode: Switch(config)# vtp modeserver Switch(config)# vtp modeclient Switch(config)#vtp mode transparent The VTP domain can besecured using a password: Switch(config)#vtp password P@SSWORD! The password is also casesensitive.All switches participating in theVTP domain mustbe configured with thesamepassword.Thepassword is hashed into a 16- byte MD5 digest. VTP pruning is disabled by defaulton IOS switches.VTP pruningmustbe enabled on a server, and will be applied globally to theentireVTP domain: Switch(config)#vtppruning Both VLAN 1 and the systemVLANs 1002-1005 arenevereligibleforpruning. To manually specify which VLANsarepruning eligibleon a trunk:
VirtualLANs (VLANs) and VTP Page 21 rajasekar

Recommended

Vlan
VlanVlan
Vlanilias ahmed
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
Ipv4 ppt
Ipv4 pptIpv4 ppt
Ipv4 pptSonal Chandel
 
VLAN
VLANVLAN
VLANVarsha Honde
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiMR. VIKRAM SNEHI
 
VLAN
VLANVLAN
VLANISMT College
 
How to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideHow to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideIT Tech
 

Recommended

Vlan
VlanVlan
Vlanilias ahmed
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
Ipv4 ppt
Ipv4 pptIpv4 ppt
Ipv4 pptSonal Chandel
 
VLAN
VLANVLAN
VLANVarsha Honde
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiMR. VIKRAM SNEHI
 
VLAN
VLANVLAN
VLANISMT College
 
How to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideHow to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideIT Tech
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LANDarshan Dalwadi
 
Cisco packet tracer dhcp
Cisco packet tracer dhcpCisco packet tracer dhcp
Cisco packet tracer dhcprishi ram khanal
 
CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101Rohan Reddy
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
STP Protection
STP ProtectionSTP Protection
STP ProtectionNetwax Lab
 
VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)Naveen Soni
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocolVarsha Anandani
 
Acl
AclAcl
AclRaghu Kiran
 
Vlans (virtual local area networks)
Vlans (virtual local area networks)Vlans (virtual local area networks)
Vlans (virtual local area networks)Kanishk Raj
 
Wcdma
WcdmaWcdma
WcdmaDlip Nyk
 
Vlan
Vlan Vlan
Vlan sanss40
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
Mpls technology
Mpls technologyMpls technology
Mpls technologyNaveen Sihag
 
Wireless Network Architecture
Wireless Network ArchitectureWireless Network Architecture
Wireless Network ArchitecturePawandeep Singh
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LANLilesh Pathe
 
Introduction to router
Introduction to routerIntroduction to router
Introduction to routerFarhan Galib
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
Hot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingHot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingShubhiGupta94
 
Wifi & 802.11 Standards
Wifi & 802.11 StandardsWifi & 802.11 Standards
Wifi & 802.11 StandardsVipul Kumar Maurya
 
Leach protocol
Leach protocolLeach protocol
Leach protocolcalcutta institute of engineering and management,kolkata
 
Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area NetworkAtakan ATAK
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdfitwkd
 

More Related Content

What's hot

CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101Rohan Reddy
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
STP Protection
STP ProtectionSTP Protection
STP ProtectionNetwax Lab
 
VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)Naveen Soni
 
Vlans (virtual local area networks)
Vlans (virtual local area networks)Vlans (virtual local area networks)
Vlans (virtual local area networks)Kanishk Raj
 
Wireless Network Architecture
Wireless Network ArchitectureWireless Network Architecture
Wireless Network ArchitecturePawandeep Singh
 
Introduction to router
Introduction to routerIntroduction to router
Introduction to routerFarhan Galib
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
Hot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingHot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingShubhiGupta94
 

What's hot (20)

Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
 
Cisco packet tracer dhcp
Cisco packet tracer dhcpCisco packet tracer dhcp
Cisco packet tracer dhcp
 
CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
 
STP Protection
STP ProtectionSTP Protection
STP Protection
 
VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
 
Acl
AclAcl
Acl
 
Vlans (virtual local area networks)
Vlans (virtual local area networks)Vlans (virtual local area networks)
Vlans (virtual local area networks)
 
Wcdma
WcdmaWcdma
Wcdma
 
Vlan
Vlan Vlan
Vlan
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
Mpls technology
Mpls technologyMpls technology
Mpls technology
 
Wireless Network Architecture
Wireless Network ArchitectureWireless Network Architecture
Wireless Network Architecture
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
 
Introduction to router
Introduction to routerIntroduction to router
Introduction to router
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
 
Hot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingHot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) using
 
Wifi & 802.11 Standards
Wifi & 802.11 StandardsWifi & 802.11 Standards
Wifi & 802.11 Standards
 
Leach protocol
Leach protocolLeach protocol
Leach protocol
 

Similar to Vlan and vtp

Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area NetworkAtakan ATAK
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdfitwkd
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpjmdoger
 
Лекц 9
Лекц 9Лекц 9
Лекц 9Muuluu
 
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdfW3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdfgummybear37
 
Virtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxVirtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxmarunkumareee77
 
ccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptxccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptxGiyaShefin
 
Ethernet protocol
Ethernet protocolEthernet protocol
Ethernet protocolTom Chou
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslHussein Elmenshawy
 
VLANs_Module_3.pptx
VLANs_Module_3.pptxVLANs_Module_3.pptx
VLANs_Module_3.pptxBOURY1
 
Vlan configuration in medium sized network
Vlan configuration in medium sized networkVlan configuration in medium sized network
Vlan configuration in medium sized networkArnold Derrick Kinney
 

Similar to Vlan and vtp (20)

Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area Network
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
Chapter 8 .vlan.pdf
Chapter 8 .vlan.pdfChapter 8 .vlan.pdf
Chapter 8 .vlan.pdf
 
Лекц 9
Лекц 9Лекц 9
Лекц 9
 
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdfW3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
Virtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxVirtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptx
 
ccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptxccna3mod9_VLAN Trunking Protocol (1).pptx
ccna3mod9_VLAN Trunking Protocol (1).pptx
 
Ethernet protocol
Ethernet protocolEthernet protocol
Ethernet protocol
 
Switching
SwitchingSwitching
Switching
 
Switching
SwitchingSwitching
Switching
 
CCNA_RSE_Chp6.pptx
CCNA_RSE_Chp6.pptxCCNA_RSE_Chp6.pptx
CCNA_RSE_Chp6.pptx
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid Transl
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
VLANs_Module_3.pptx
VLANs_Module_3.pptxVLANs_Module_3.pptx
VLANs_Module_3.pptx
 
mod8-VLANs.ppt
mod8-VLANs.pptmod8-VLANs.ppt
mod8-VLANs.ppt
 
Mod8 vlans
Mod8 vlansMod8 vlans
Mod8 vlans
 
Vlan configuration in medium sized network
Vlan configuration in medium sized networkVlan configuration in medium sized network
Vlan configuration in medium sized network
 

Recently uploaded

AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdfkeithzhangding
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 

Recently uploaded (20)

AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 

Vlan and vtp

  • 1. VirtualLANs (VLANs) and VTP Page 1 rajasekar  Virtual Lan(vlan) & VTP VLAN :  Collision vs Broadcast  Vlan  Advantageof vlan  Vlan membership  Vlan porttypes  Vlan frames  Frametag protocol  802.1Qtunnelling  Nativevlan  DTP  Vlan configuration VTP :  VTP versions  VTP modes  VTP advertisement  VTP Messagetypes  VTP pruning  VTP configuration
  • 2. VirtualLANs (VLANs) and VTP Page 2 rajasekar Collision vs Broadcast Collision: A collision occurs when two devices send a packetat the sametime on the shared network segment.The packets collideand both devices mustsend the packets again,which reduces network efficiency. eg: HUB(each porton a hub is in the samecollision domain) when hostA is trying to reach host C.from thesame time hostD is also trying to reach hostC. HUB will receive both frames and HUB as no idea where to send frames as a resultitsend to all theports, from this stage collision is detecting. Broadcast: Broadcastis a typeof communication,wherethesending device send a singlecopy of data and thatcopy of data will be delivered to every device in thenetwork segment. Broadcast is a required type of communication and wecannotavoid Broadcasts. Eg: arp,dhcp when host Ais sending an packet to hostC when switch receives firsttimethen its send to all theports onceits learned the mac-address then itwill notsend to all theports.
  • 3. VirtualLANs (VLANs) and VTP Page 3 rajasekar  VLAN:(Virtual Local Area Network) A switch can belogically segmented into separatebroadcastdomains, using Virtual LANs.On Cisco switches,all interfaces belongto VLAN 1 by default,and should bededicated forsystemtrafficsuch as CDP,STP,VTP, and DTP. EachVLANrepresentsa uniquebroadcastdomain: • Trafficbetween devices within thesameVLAN is switched. • Trafficbetween devices in differentVLANs requires a Layer-3 deviceto communicate. Broadcasts fromone VLAN will notbe forwarded to anotherVLAN.The logical separation provided by VLANs is nota Layer-3 function.VLAN tags are inserted into theLayer-2 header. Host A and B are in samebroadcastdomain,samelikeas E and F. when I am trying to ping hostAto hostE itwill notping a switch that segments a ports into differentbroadcastdomain.Thus,a Layer-3 deviceis required forthosehosts to communicate.
  • 4. VirtualLANs (VLANs) and VTP Page 4 rajasekar Advantageofvlan  Broadcast Control – eliminates unnecessary broadcast traffic, improving network performance and scalability.  Security – logically separates users and departments, allowing administrators to implement access-lists to control traffic between VLANs.  Improved manageability VLANs providean easy,flexible,less costly way to modify logical groups in changing environments.. Vlan membership VLAN membership are two types:  Static  Dynamic Static: InastaticVLAN,thenetwork administratorcreatesa VLAN andthen assigns switch ports to the VLAN. Static VLANs are also called port- based VLANs. The association with the VLAN does not change until the administrator changes the port assignment. End-user devices become the members of VLAN based on the physical switch port to which they are connected. Dynamic: A dynamic VLAN, the switch automatically assigns theportto a VLAN using information from the user device like (mac, ip address etc). When a device is connected to a switch port theswitch queries a database to establish VLAN membership. A network administrator must configure VLAN databaseof a VLANMembership Policy Server (VMPS). DynamicVLANs supportinstantmovability of end devices.When we move a device from a port on one switch to a port on another switch, the dynamicVLANs will automatically configurethemembership of the VLAN. Static VLAN assignmentis farmore common than dynamic,and will be the focus of this guide.
  • 5. VirtualLANs (VLANs) and VTP Page 5 rajasekar VLAN Port Types Two types of ports: • Access ports • Trunk ports Access link: An access link is a part of only one VLAN, and normally access links are for end devices. Any device attached to an access link is unaware of a VLAN membership. Trunk link: ATrunk link can carry multiple VLAN traffic and normally a trunk link is used to connect switches to other switches or to routers. To identify the VLAN that a frame belongs to. Vlanframes Frame tagging is used to identify the VLAN thatthe frame belongs to in a network with multipleVLANs.The VLAN ID is placed on the frame when it reaches a switch from an access port, which is a member of a VLAN. That frame can then be forwarded out the trunk link port. Each switch can see what VLAN the frame belongs to and can forward the frame to corresponding VLAN access ports or to another VLAN trunk port.
  • 6. VirtualLANs (VLANs) and VTP Page 6 rajasekar Vlan frames (continued) If HostAsends a frameto HostB,no frametaggingwill occur • Theframe never leaves theSwitch A. • Theframe stays within its own VLAN. If HostAsends a frameto HostC,which is in a separateVLAN: • Theframe again neverleaves theswitch. • BecauseHost C is in a differentVLAN,the frame mustberouted. If HostAsends a frameto HostD,which is on a separateswitch: • Theframe is sentoutthetrunk port to Switch B. • Theframe mustbe tagged as itis sentoutthetrunk port.  The frameis tagged with its VLAN ID - VLAN 10 in this example. • When Switch B receives the frame, itwill only forward it out ports belonging to VLAN 10
  • 7. VirtualLANs (VLANs) and VTP Page 7 rajasekar FrameTaggingProtocols Cisco switches supporttwo frame tagging protocols: • Inter-Switch Link(ISL) • IEEE 802.1Q Inter-SwitchLink(ISL)protocol is a Cisco propriety protocoland Inter-Switch Link (ISL) is available and supported on Cisco products only. Inter-Switch Link (ISL) protocol primarily is used forEthernetmedia (FastEthernet orGigabitEthernet).Cisco hasalsoincluded provisionsto carry Token Ring,FDDI, and ATM. Inter-Switch Link (ISL) protocol encapsulates the entire Ethernet frame (Fast Ethernet or Gigabit Ethernet) with a 26-byte header and a 4-byte frame check sequence (FCS) for a total of 30 bytes of overhead. Inter-Switch Link (ISL) frame format is shown below. DA (DestinationAddress):ThedestinationaddressusesthemulticastMACaddress 01-00-0C-00-00-00.The first 40 bits of the DA field signal the receiver that the packet is in Inter-Switch Link (ISL) format. • Type: Thetypeof frameencapsulated:Ethernet(0000),Token Ring (0001),FDDI (0010), and ATM (0011). • User: The USER field consists of a 4-bitcode. The USER bits are used to extend themeaningoftheTYPE field.ThedefaultUSER fieldvalueis "0000".ForEthernet frames, the USER field bits "0" and "1" indicate the priority of the packet as it passes through the switch.
  • 8. VirtualLANs (VLANs) and VTP Page 8 rajasekar • SA (Source Address): Sourceaddress of the switch transmitting theInter-Switch Link (ISL) frame. • Len: The length of the packet. • SNAP: Subnetwork Access Protocol (SNAP) and Logical Link Control (LLC). The AAAA03 SNAP field is a 24-bit constant value of "AAAA03". • HSA (High Bits of Source Address): The HSA field is a 24-bit value which represents the upper 3 bytes (the manufacturer ID portion) of the SA field. • VLAN (DestinationVLANID): Indicates VLAN ID of the packet. VLAN ID is a 15- bit value that is used to distinguish frames on different VLANs. VLAN ID is also known as the "color" of the frame. • BPDU: Indicate whether a BPDU, or CDP or VTP frame • Index: The port index of the source of the packet. • Res: Reserved field foradditional information,forinstance,Token Ring orFDDI Frame Check Sequence field. For Ethernet, this field should be zero. • Encapsulated Ethernet Frame: The actual Ethernet frame. • ISL CRC: Four-byte check on the ISL packet to ensure it is not corrupted.  Cisco switches are specifically engineered to support these giant ISL - tagged frames. Note that this is a key reason why ISL is Cisco-proprietary.  ISL supports a maximum of 1000 VLANs on a trunk port. ISL is also almost entirely deprecated - most modern Cisco switches no longer support it. 802.1Q trunks 802.1Q trunks support tagged and untagged Ethernet frames. An untaggedEthernetframeisa standardunalteredEthernetframe.Untagged Ethernet frames are usually used for native VLAN communication. If a switch receives untagged Ethernet frames on a trunk port, they are considered as partof thenativeVLAN and frames froma nativeaccess port are not tagged when exiting the switch via a native VLAN trunk port.
  • 9. VirtualLANs (VLANs) and VTP Page 9 rajasekar In a tagged 802.1QEthernet frame, a 4-bytefield is inserted between the original Ethernetframe Source Address field and the Type or Length field. FCS is recomputed after the 4-bytetag is inserted. Following figureshows 802.1Q tagged Ethernet frame. • TPID(Tag Protocol Identifier,16 bits):TPID (Tag Protocol Identifier) is globally and always have a value of 0x8100 to signify an 802.1Q tag. • Priority (3bits): ThePriority field is used by 802.1Qto implementLayer2 quality of service (QoS). • CFI (CanonicalFormatIdentifier,1 bit):TheCFI (CanonicalFormatIdentifier) bit is used for compatibility purposes between Ethernet and Token Ring. •VLAN ID (12 bits):TheVIDfieldis usedto distinguishbetweenVLANsonthelink.  802.1Q supports a maximum of 4096 VLANs on a trunk port.  Recall that ISL encapsulates a frame with an additional headerand trailer. In contrast, 802.1Q embeds a 4-byte VLAN tag directly into the Layer-2 frame header. Because the Layer-2 header is modified, 802.1Q must recalculate the frame’s CRC value.
  • 10. VirtualLANs (VLANs) and VTP Page 10 rajasekar 802.1QTunneling(Q-in-Q) 802.1Qtunneling enables serviceproviders to usea singleVLAN to support customers who havemultipleVLANs,whilepreserving customerVLAN IDs and keeping trafficin differentcustomerVLANs segregated. When you configuretunneling,you assigna tunnel portto a VLAN thatyou dedicate to tunneling,which then becomes a tunnel VLAN. To keep customertrafficsegregated,each customerrequires a separate tunnel VLAN,butthatonetunnel VLAN supports all of thecustomer's VLANs. The customerswitches aretrunk connected,butwith 802.1Qtunneling,the service providerswitches only useoneserviceproviderVLAN to carry all the customerVLANs,instead of directly carrying all thecustomerVLANs Note: Tunnel trafficcarries a second 802.1Qtag only when itis on a trunk link between service-providernetwork devices,with theoutertag containing the service-provider-assigned VLAN ID and theinnertag containing the customer-assigned VLAN IDs.
  • 11. VirtualLANs (VLANs) and VTP Page 11 rajasekar from this exampleCUSTOMER switch A B & C haverangeof vlan (100-400),when thisrange of vlan enters intwo PROVIDER switch theouter interfacecaries singlevlan (3349) called outer vlan. NativeVLAN Normally a Switch port configured as a trunk port send and receive IEEE 802.1q VLAN tagged Ethernet frames. If a switch receives untagged Ethernet frames on its Trunk port, they are forwarded to the VLAN that is configured on the Switch as native VLAN. Both sides of the trunk link must be configured to be in same native VLAN. NativeVLANSare only supported on 802.1Qtrunkports.ISL does notsupport untagged frames,and will always tag frames fromall VLANs.
  • 12. VirtualLANs (VLANs) and VTP Page 12 rajasekar DTP (Dynamic Trunking Protocol) It is a Cisco proprietary trunking protocol used for negotiating trunking on a link between two CiscoSwitches. DynamicTrunkingProtocol(DTP) canalsobeusedfor negotiating the encapsulation type of either 802.1q or Cisco ISL. DTP has two modes to dynamically decide whether a port becomes a trunk: • Desirable– the port will actively attempt to form a trunk with theremote switch. This is the default setting. • Auto – the port will passively wait for the remote switch to initiate the trunk. Trunk ports send out DTP frames every 30 seconds to indicate their configured mode. A Trunk will form in the following configurations:  Trunk- Trunk  Trunk -dynamic desirable  Trunk- dynamic auto  dynamic desirable- dynamic desirable  dynamic desirable- dynamic auto A trunk will neverformif thetwo sides of thetrunk aresetto dynamicauto,as both ports are waiting for the other to initialize the trunk. It is best practice to manually configure trunk ports, to avoid DTP negotiation errors. DTP is also vulnerable to VLAN spoofing attacks.
  • 13. VirtualLANs (VLANs) and VTP Page 13 rajasekar Vlan configuration By default,all interfaces belong to VLAN 1.To assign an interfaceto a different VLAN, that VLAN mustfirstbe created: To view all created VLANs, and interfaces assigned to each vlan: Switch#showvlan The standard rangeof VLAN numbers is 1 – 1005,with VLANs 1002-1005reserved for legacy Token Ring and FDDI purposes. The extended range of VLAN number is 1006-4094. Configurationoptions forVLANIDs1006through4094 arelimitedtoMTU,RSPAN VLAN, private VLAN, and UNI-ENI VLAN. The listof VLANs are stored in a database file named vlan.dat.The vlan.dat fileis usually stored in flash, though on some switch models it is stored in NVRAM Extended-range VLANs are not saved in the VLAN database.
  • 14. VirtualLANs (VLANs) and VTP Page 14 rajasekar Configure Vlan All the interfaces or belong to vlan 1. To change the vlan on interfaces vlan must first be created. If u want to give a name for the vlan u can give its optional. Switch(config)# vlan 10 Switch(config-vlan)# name cisco First cmd creates vlan for particular port and enters into vlan configuration mode. Second cmd is used to configure name of the vlan To remove VLAN: Switch(config)# no vlan 10
  • 15. VirtualLANs (VLANs) and VTP Page 15 rajasekar Configure Vlan (continued) ConfigureAccessmode The modetells that port is ACCESS orTRUNKso in theaboveimagethatfast ethernet 0/1 is configured to access port. ConfigureTrunkmode
  • 16. VirtualLANs (VLANs) and VTP Page 16 rajasekar To explicitlyallowa subsetof VLANs on a trunk port: Switch(config)# interfacef0/4 Switch(config-if)# switchporttrunkallowed vlan10,20,21-25 To remove a VLAN fromthe allowedlist: Switch(config)# interface f0/4 Switch(config-if)# switchport trunkallowed vlanremove 20 To adda specificVLAN back into theallowedlist: Switch(config)#interface f0/4 Switch(config-if)#switchporttrunkallowed vlan add20 To allowall VLANs exceptfor a specificrange: Switch(config-if)#switchporttrunk allowed vlanexcept 21-25 To configuretheDTP modeon an interface: Switch(config)# interface f0/4 Switch(config-if)#switchportmodedynamicdesirable Switch(config-if)#switchportmodedynamicauto To allowall VLANs again: Switch(config-if)# interfacef0/4 Switch(config-if)#switchporttrunk allowed vlanall To allownativeVLAN: Switch(config)#interface F0/4 Switch(config-if)# switchportmodetrunk Switch(config-if)# switchporttrunk nativevlan20 Showcmd: showvlan showinterfacesfa0/1 trunk showinterfacestrunk
  • 17. VirtualLANs (VLANs) and VTP Page 17 rajasekar VTP (VlanTrunkingProtocol) VLAN Trunk Protocol reduces administrationin a switched network.When you configurea newVLAN on one VTP server, the VLAN is distributed through all switches in thedomain. This reduces theneed to configurethesameVLAN everywhere. VTP is a Cisco- proprietary protocol thatis availableon mostof theCisco Catalystseries products. VTP requires thatall participating switches joina VTP domain.Switches must belong to thesame domain to shareVLAN information VTP version There are three types of version VTP version1: It supports thestandard 1 – 1005 VLAN range.VTP version 1 is also defaulton Catalystswitches. VTP version2: Itsupports Token Ring support VLAN consistency checks Domain-independenttransparentpassthrough VTP version3: Itsupports The extended 1006-4094 VLAN range. Supportforprivate VLANs. Improved VTP authentication. Ability to enableVTP on a per-portbasis. VTPv1 and v2 are notcompatible. VTP Version 3 was supported on only limited Cisco switch platforms
  • 18. VirtualLANs (VLANs) and VTP Page 18 rajasekar VTP Modes: A switch using VTP mustoperatein oneof three modes: • Server • Client • Transparent  Server In VTP servermode, you can create, modify,and delete VLANs and specify otherconfigurationparameters,such as VTP version and VTP pruning, forthe entireVTP domain.VTP servers advertisetheirVLAN configuration to otherswitches in thesame VTP domain and synchronizetheirVLAN configurationwith otherswitches based on advertisementsreceived overtrunk links.  Client VTP clients behavethesameway as VTP servers, butyou cannotcreate, change,ordelete VLANs on a VTP client.  Transparent AVTP transparentswitch maintainsits own local VLAN database,and does notdirectly participatein theVTP domain.Atransparent switch will neveraccept VLAN databaseinformationfromanotherswitch,even a server. Also,a transparentswitch will neveradvertiseits local VLAN database to anotherswitch. VTP messagetypes:  Summary advertisements  Subsetadvertisement  Advertisementrequests Summary advertisementsItcontains thefollowing data. Both VTP servers and clients will send outa summary advertisementevery 300 seconds  VTP domain  VTP version  Domain name  Configurationrevisionnumber  Time stamp  MD5 digest
  • 19. VirtualLANs (VLANs) and VTP Page 19 rajasekar A subsetadvertisement It contain thefollowinginformation:  VTP version  Domain name  Configurationrevision number  VLAN IDs for each VLAN in the database  VLAN-specificinformation,suchas theVLAN nameand MTU AdvertisementRequests A switch needs a VTP advertisementrequestin thesesituations:  The switch has been reset.  The VTP domain namehas been changed.  The switch has received a VTP summary advertisementwith a higherconfigurationrevisionthan its own. VTP Pruning:  VLAN Trunking Protocol (VTP) is used to communicateVLAN information between switches in thesameVTP domain. VLANTrunking Protocol(VTP) pruning is a featurein Cisco switches,which stops VLAN updateinformationtrafficfrombeing sent down trunk links if theupdates arenotneeded.  In normal operation a switch needs to flood broadcastframes,multicast frames, orunicastframes wherethe destination MACaddress is unknown to all its ports.  If theneighbouring switch doesn’thave any activeports inthe sourceVLAN, this broadcastis unnecessary and excessiveunwanted trafficmay create problems on thenetwork.  VLAN Trunking Protocol (VTP) pruning helpsin increasing theavailable bandwidthby reducing unnecessary flooded traffic.  Broadcastframes,multicastframes,orunicastframes wherethe destination MACaddress is unknownareforwarded overa trunk link only if theswitch on thereceiving end of the trunk link has ports in the source VLAN.
  • 20. VirtualLANs (VLANs) and VTP Page 20 rajasekar Configuring VTP By default,a switch is in VTP server mode,. To changetheVTP Switch(config)#vtp domain MYDOMAINNotethatthedomain nameis case sensitive. To configuretheVTP mode: Switch(config)# vtp modeserver Switch(config)# vtp modeclient Switch(config)#vtp mode transparent The VTP domain can besecured using a password: Switch(config)#vtp password P@SSWORD! The password is also casesensitive.All switches participating in theVTP domain mustbe configured with thesamepassword.Thepassword is hashed into a 16- byte MD5 digest. VTP pruning is disabled by defaulton IOS switches.VTP pruningmustbe enabled on a server, and will be applied globally to theentireVTP domain: Switch(config)#vtppruning Both VLAN 1 and the systemVLANs 1002-1005 arenevereligibleforpruning. To manually specify which VLANsarepruning eligibleon a trunk:
  • 21. VirtualLANs (VLANs) and VTP Page 21 rajasekar