SlideShare a Scribd company logo

6.switching vla ns

Download as PPT, PDF
CYBERINTELLIGENTS
CYBERINTELLIGENTS

http://www.cyberintelligents.in info@cyberintelligents.in https://www.facebook.com/cyberintelligents https://in.linkedin.com/in/cyberintelligents/en https://cyberintelligents.wordpress.com/ http://cyberintelligent.blogspot.in +91 9876162698 +919988288019 http://trainingcyberintelligents.blogspot.com https://cyberintelligentsnews.wordpress.com/

Education
1 of 57
SwitchingSwitching && VLANsVLANs
Switching BasicsSwitching Basics  Switch act as a multiport bridge and itsSwitch act as a multiport bridge and its basic duty is to break collision domain.basic duty is to break collision domain.  Layer 2 switches and bridges are fasterLayer 2 switches and bridges are faster than routers because they don’t take upthan routers because they don’t take up time looking at the Network layer headertime looking at the Network layer header information.information.  Switches look at frame’s hardwareSwitches look at frame’s hardware addresses before deciding to eitheraddresses before deciding to either forward the frame or drop it.forward the frame or drop it.
Switching BasicsSwitching Basics  Switches create private dedicated collisionSwitches create private dedicated collision domain.domain.  They provide independent bandwidth onThey provide independent bandwidth on each port.each port.  Layer 2 switching provide the following:Layer 2 switching provide the following:  Hardware based bridging (Application SpecificHardware based bridging (Application Specific Integrated Circuit – ASIC)Integrated Circuit – ASIC)  Wire SpeedWire Speed  Low latencyLow latency  Low cost.Low cost.
Switching BasicsSwitching Basics  Switches do not do any modification toSwitches do not do any modification to the data packet.the data packet.  They only read the frame encapsulatingThey only read the frame encapsulating the packet.the packet.  This makes the switching processThis makes the switching process considerably faster and less error-pronconsiderably faster and less error-pron than routing process.than routing process.
Switches create private domainSwitches create private domain
Bridging Vs. LAN SwitchingBridging Vs. LAN Switching  Bridges are software based, while switchesBridges are software based, while switches are hardware based because switches useare hardware based because switches use ASIC chips to help make filtering decisions.ASIC chips to help make filtering decisions.  A switch is basically a multiport bridge.A switch is basically a multiport bridge.  Bridges can only have one spanning treeBridges can only have one spanning tree instance per bridge, while switches can haveinstance per bridge, while switches can have many.many.  Switches have more number of ports.Switches have more number of ports.
Bridges and SwitchesBridges and Switches  Both poses multiple COLLISION DOMAINBoth poses multiple COLLISION DOMAIN but one BROADCAST DOMAIN.but one BROADCAST DOMAIN.  Both learn MAC addresses by examiningBoth learn MAC addresses by examining the source address of each frame received.the source address of each frame received.  Both make forwarding decisions based onBoth make forwarding decisions based on layer 2 addresses.layer 2 addresses.
Functions of SwitchFunctions of Switch  Address LearningAddress Learning ::  Layer 2 switches remember the source hardwareLayer 2 switches remember the source hardware address of each frame received on an interface .address of each frame received on an interface .  Switches enter this information into a MACSwitches enter this information into a MAC database called a forward/filter table.database called a forward/filter table.  Forward/Filter DecisionForward/Filter Decision ::  When a frame is received on an interface, theWhen a frame is received on an interface, the switch looks at the destination hardware addressswitch looks at the destination hardware address and fields the exit interface in the MAC database.and fields the exit interface in the MAC database.  The frame is only forwarded out the specifiedThe frame is only forwarded out the specified destination port.destination port.
Functions of SwitchFunctions of Switch  Loop AvoidanceLoop Avoidance::  If multiple connections between switchesIf multiple connections between switches are created for redundancy purpose,are created for redundancy purpose, network loops can occur.network loops can occur.  Spanning Tree Protocol (STP) is used toSpanning Tree Protocol (STP) is used to stop network loops while still permittingstop network loops while still permitting redundancy.redundancy.
Address LearningAddress Learning  When switch is first powered on, the MACWhen switch is first powered on, the MAC forward/filter table is empty.forward/filter table is empty.  When an interface receives a frame, the switchWhen an interface receives a frame, the switch places the frame’s source address in MACplaces the frame’s source address in MAC forward/filter table, allowing it to rememberforward/filter table, allowing it to remember which interface the sending device is located on.which interface the sending device is located on.  Switch then floods the network with this frameSwitch then floods the network with this frame out of every port except the source port becauseout of every port except the source port because it has no idea where the destination deviceit has no idea where the destination device actually located.actually located.
Address LearningAddress Learning  If a device answers this flooded frame andIf a device answers this flooded frame and sends a frame back, then:sends a frame back, then:  Switch takes the source address from that frameSwitch takes the source address from that frame and place the mac address in the database asand place the mac address in the database as well.well.  Switch associates this address with the interfaceSwitch associates this address with the interface that received the frame.that received the frame.  Since the switch now has both the relevantSince the switch now has both the relevant MAC address in its filtering table, the twoMAC address in its filtering table, the two devices can now make a point-t0-pontdevices can now make a point-t0-pont connectionconnection
Forward/Filter DecisionsForward/Filter Decisions  When a frame arrives at a switchWhen a frame arrives at a switch interface, the destination hardwareinterface, the destination hardware address in compared to the MACaddress in compared to the MAC forward/filter table.forward/filter table.  If the destination hardware is known andIf the destination hardware is known and listed in the database, the frame is onlylisted in the database, the frame is only sent out the correct exit interface.sent out the correct exit interface.  This preserves bandwidth and is called asThis preserves bandwidth and is called as frame filtering.frame filtering.
Forward/Filter DecisionsForward/Filter Decisions  If destination hardware address is notIf destination hardware address is not listed in the MAC database, then thelisted in the MAC database, then the frame is flooded out all active interfacesframe is flooded out all active interfaces except the interface the frame wasexcept the interface the frame was received on.received on.  If a device answers the flooded frame, theIf a device answers the flooded frame, the MAC database is updated with the deviceMAC database is updated with the device interface.interface.
Loop AvoidanceLoop Avoidance  Redundant links between switches are aRedundant links between switches are a good idea because they help preventgood idea because they help prevent complete network failure in the event onecomplete network failure in the event one link stops working.link stops working.  But in a redundant link frames can beBut in a redundant link frames can be flooded down all redundant linksflooded down all redundant links simultaneously, resulting in network loops.simultaneously, resulting in network loops.
Redundant links may invite followingRedundant links may invite following set of problems:set of problems:  If no loop avoidance schemes are put in place,If no loop avoidance schemes are put in place, the switches will flood broadcast endlessly.the switches will flood broadcast endlessly. Following figure illustrates it:Following figure illustrates it: Broadcast Storm
 A device can receive multiple copies of the sameA device can receive multiple copies of the same frame, since that frame can arrive from multipleframe, since that frame can arrive from multiple segments simultaneously. Following figuresegments simultaneously. Following figure demonstrates it best.demonstrates it best.  The server in this figureThe server in this figure sends a unicast frame tosends a unicast frame to router C.router C.  Since it’s a unicast frame,Since it’s a unicast frame, switch A forwards the frameswitch A forwards the frame and switch B provides theand switch B provides the same service – it forwards thesame service – it forwards the broadcast.broadcast.  This is not good because now route C will receive unicastThis is not good because now route C will receive unicast frame twice, causing additional overhead on the network.frame twice, causing additional overhead on the network.
 The MAC address filter table will be totallyThe MAC address filter table will be totally confused about the devices locationconfused about the devices location because the switch can receive the framebecause the switch can receive the frame from more than one links.from more than one links.  Multiple loops could be generated. ThisMultiple loops could be generated. This mean a loop can occur within other loop.mean a loop can occur within other loop.
Spanning Tree ProtocolSpanning Tree Protocol  Its main task is to stop routing loops fromIts main task is to stop routing loops from occurring on layer 2. (Bridges or Switches)occurring on layer 2. (Bridges or Switches)  It monitors the network to find all links makingIt monitors the network to find all links making sure that no loops occur by shutting down thesure that no loops occur by shutting down the redundant link.redundant link.  It uses Spanning Tree Algorithm (STA), toIt uses Spanning Tree Algorithm (STA), to first create a topology database, then searchfirst create a topology database, then search out and destroy redundant links.out and destroy redundant links.  With STP running, frames are only forwardedWith STP running, frames are only forwarded on the STP, picked links.on the STP, picked links.
LAN Switch TypesLAN Switch Types  LAN Switch Types decide how a frame isLAN Switch Types decide how a frame is handled when it’s received on a switch port.handled when it’s received on a switch port.  Latency: The time switch takes for a frame toLatency: The time switch takes for a frame to be sent out an exit port once the switchbe sent out an exit port once the switch receives the frame.receives the frame.  There are three switching modes:There are three switching modes:  Cut – through (Fast Forward)Cut – through (Fast Forward)  Fragment Free (Modified cut-through)Fragment Free (Modified cut-through)  Store-and-forwardStore-and-forward
 Cut-through (Fast Forward)Cut-through (Fast Forward) ::  In this mode, the switch only waits for theIn this mode, the switch only waits for the destination hardware address to be received beforedestination hardware address to be received before it looks up the destination address in the MAC filterit looks up the destination address in the MAC filter table.table.  Fragment Free (Modified cut-through)Fragment Free (Modified cut-through) ::  In this mode, the switch checks the first 64 bytes ofIn this mode, the switch checks the first 64 bytes of a frame before forwarding it for fragmentation.a frame before forwarding it for fragmentation.  This is the default mode for catalyst 1900 seriesThis is the default mode for catalyst 1900 series switch.switch.  Store-and-forwardStore-and-forward ::  In this mode, the complete frame is received on theIn this mode, the complete frame is received on the switch’s buffer, a CRC is run and then the switchswitch’s buffer, a CRC is run and then the switch looks up the destination address in the MAClooks up the destination address in the MAC forward/filter table.forward/filter table.
Different switching modes within a frameDifferent switching modes within a frame
Cut - ThroughCut - Through  With cut-through switching method, the LAN switchWith cut-through switching method, the LAN switch reads only the destination.reads only the destination.  That is it looks at the first six bytes following theThat is it looks at the first six bytes following the preamble.preamble.  It then:It then:  Looks up the hardware destination address in the MACLooks up the hardware destination address in the MAC switching table.switching table.  Determines the outgoing interface.Determines the outgoing interface.  Proceeds to forward the frame towards its destination.Proceeds to forward the frame towards its destination.  A cut-through switch helps in reducing latency,A cut-through switch helps in reducing latency, because its begins to forward the frame as soon as itbecause its begins to forward the frame as soon as it reads the destination address and determines thereads the destination address and determines the outgoing interface.outgoing interface.
Fragment Free (ModifiedFragment Free (Modified Cut – Through)Cut – Through)  It is a modified form of cut-through switching inIt is a modified form of cut-through switching in which the switch waits for the collision window (64which the switch waits for the collision window (64 bytes) to pass before forwarding.bytes) to pass before forwarding.  This is because if a packet has a collision error, itThis is because if a packet has a collision error, it almost always occurs within the first 64 bytes.almost always occurs within the first 64 bytes.  This means each frame will be checked into theThis means each frame will be checked into the data field to make sure no fragmentation hasdata field to make sure no fragmentation has occurred.occurred.  Fragment Free mode provides better error checkingFragment Free mode provides better error checking than the cut-through mode with practically nothan the cut-through mode with practically no increase in latency.increase in latency.  It is the default switching mode for 1900 switches.It is the default switching mode for 1900 switches.
Store – and – ForwardStore – and – Forward  It is CISCO’s primary LAN switching method.It is CISCO’s primary LAN switching method.  In this method, the LAN switch copies the entireIn this method, the LAN switch copies the entire frame onto its onboard buffers and then computesframe onto its onboard buffers and then computes the CRC (Cyclic Redundancy Check).the CRC (Cyclic Redundancy Check).  Since it copies the entire frame, latency through theSince it copies the entire frame, latency through the switch varies with frame length.switch varies with frame length.  The frame is discarded if it contains a CRC error:The frame is discarded if it contains a CRC error:  If it is too short (Less then 64 bytes including the CRC)If it is too short (Less then 64 bytes including the CRC)  If it is too long (More than 1518 bytes, including the CRC)If it is too long (More than 1518 bytes, including the CRC)  If the frame doesn’t contain any error, the LANIf the frame doesn’t contain any error, the LAN switch looks up the destination hardware address inswitch looks up the destination hardware address in its MAC forward/filter table to find the correctits MAC forward/filter table to find the correct outgoing interface.outgoing interface.
Spanning Tree TermsSpanning Tree Terms  STP:STP:  It is a bridge protocol that uses the STA to findIt is a bridge protocol that uses the STA to find redundant links dynamically.redundant links dynamically.  It creates a spanning tree topology database.It creates a spanning tree topology database.  Bridges exchange BPDU messages with otherBridges exchange BPDU messages with other bridgesbridges
Configuring 1900 & 2950 catalystConfiguring 1900 & 2950 catalyst switchesswitches  We will cover following list of tasks:We will cover following list of tasks:  Setting the passwordSetting the password  Setting the hostnameSetting the hostname  Configuring the ip address and subnet masksConfiguring the ip address and subnet masks  Setting a description on the interfaceSetting a description on the interface  Erasing the switch configurationErasing the switch configuration  Configuring VLANsConfiguring VLANs  Adding VLAN membership to switch port.Adding VLAN membership to switch port.  Creating VTP domain.Creating VTP domain.  Configuring trunking.Configuring trunking.
Setting the passwordSetting the password  1900 Series:1900 Series:  It uses same command to set both user levelIt uses same command to set both user level password as well as privileged password, butpassword as well as privileged password, but with different level numbers.with different level numbers.  Level is 1 for user level and 15 for privilegeLevel is 1 for user level and 15 for privilege level.level.  Password length should be from 4 to 8Password length should be from 4 to 8 characters.characters.  Setting user password:Setting user password:  switch(config)#switch(config)# enable password level 1 ciscoenable password level 1 cisco  Setting privileged level passwordSetting privileged level password  switch(config)#switch(config)# enable password level 15 ciscoenable password level 15 cisco
Setting the passwordSetting the password  2950 Series:2950 Series:  To set user mode password for the 2950 switch,To set user mode password for the 2950 switch, we configure the line just as we would do on awe configure the line just as we would do on a router.router.  Console:Console:  switch(configswitch(config))## line console 0line console 0 switch(config-lineswitch(config-line))## passwordpassword ciscocisco switch(config-lineswitch(config-line))## loginlogin  Telnet:Telnet:  switch(configswitch(config))## line vty 0 15line vty 0 15 switch(config-lineswitch(config-line))## passwordpassword ciscocisco switch(config-line)#switch(config-line)# loginlogin  Enable secret password is set in the same wayEnable secret password is set in the same way as we would do for a router.as we would do for a router.  switch(config)#switch(config)# enable secretenable secret ciscocisco
Setting hostnameSetting hostname  The hostname on a switch is only locallyThe hostname on a switch is only locally significant.significant.  This means it doesn’t have any function onThis means it doesn’t have any function on the network or with the name resolution.the network or with the name resolution. (Though it has an exception with PPP(Though it has an exception with PPP authentication)authentication)  1900 Series:1900 Series:  switch(configswitch(config))## hostnamehostname LAN1LAN1  2950 Series:2950 Series:  switch(config)#switch(config)# hostnamehostname LAN1LAN1
Setting IP informationSetting IP information  Generally a switch doesn’t need any ipGenerally a switch doesn’t need any ip address at all to manager a LAN.address at all to manager a LAN.  There are exceptions though.There are exceptions though.  We have got two reasons where weWe have got two reasons where we probably do want to set IP addressprobably do want to set IP address information on the switch.information on the switch.  To manage the switch via TELNET or otherTo manage the switch via TELNET or other management software.management software.  To configure the switch with different VLANsTo configure the switch with different VLANs and other network functions.and other network functions.
Setting IP informationSetting IP information  1900 Switch:1900 Switch:  By default no ip address or default gatewayBy default no ip address or default gateway information is set.information is set.  We can verify this by using the commandWe can verify this by using the command sh ipsh ip atat privileged mode.privileged mode.  Switch#sh ipSwitch#sh ip  IP address and default gateway are set throughIP address and default gateway are set through GCM.GCM.  Switch(config)#Switch(config)# ip address 172.16.10.16 255.255.255.0ip address 172.16.10.16 255.255.255.0 Switch(config)#Switch(config)# ip default-gateway 172.16.10.1ip default-gateway 172.16.10.1
Setting IP informationSetting IP information  2950 Switch :2950 Switch :  In 2950 switch , we consider a default VLAN with theIn 2950 switch , we consider a default VLAN with the switch.switch.  This VLAN is called as VLAN1.This VLAN is called as VLAN1.  Every port on switch is a member of VLAN1 byEvery port on switch is a member of VLAN1 by default.default.  We always set ip address for VLAN1.We always set ip address for VLAN1.  Switch(config)#Switch(config)# interface vlan1interface vlan1 Switch(config-if)#Switch(config-if)# ip address 172.16.10.17 255.255.255.0ip address 172.16.10.17 255.255.255.0 Switch(config-if)#Switch(config-if)#exitexit Switch(config)#Switch(config)# ip default-gateway 172.16.10.1ip default-gateway 172.16.10.1
Configuring Interface DescriptionConfiguring Interface Description  We can administratively set a name for eachWe can administratively set a name for each interface on the switches.interface on the switches.  These descriptions are only locally significant.These descriptions are only locally significant.  1900 Switch:1900 Switch:  Description command is used from interfaceDescription command is used from interface configuration mode.configuration mode.  Spaces can't be used within description.Spaces can't be used within description.  Switch(config)#Switch(config)# int e0/1int e0/1 Switch(config-if)#Switch(config-if)# description Finance_VLANdescription Finance_VLAN Switch(config)#Switch(config)# int f0/26int f0/26 Switch(config-if)#Switch(config-if)# description trunk_to_building_4description trunk_to_building_4
Configuring Interface DescriptionConfiguring Interface Description  2950 Switch:2950 Switch:  Description command is used from interfaceDescription command is used from interface configuration mode.configuration mode.  Spaces can be used within description.Spaces can be used within description.  Switch(config)#Switch(config)# int fastEthernet 0/1int fastEthernet 0/1 Switch(config-if)#Switch(config-if)# description Sales Printerdescription Sales Printer Switch(config)#Switch(config)# int f0/12int f0/12 Switch(config-if)#Switch(config-if)# description trunk_to_building_4description trunk_to_building_4
Erasing the Switch ConfigurationErasing the Switch Configuration  1900 Switch:1900 Switch:  We can’t see the content of NVRAM.We can’t see the content of NVRAM.  We can only view RAM’s content.We can only view RAM’s content.  When we make changes to switch’s runningWhen we make changes to switch’s running configuration, it automatically copies it to the NVconfiguration, it automatically copies it to the NV RAM.RAM.  Following syntax helps us in deleting NVRAM’sFollowing syntax helps us in deleting NVRAM’s contents.contents.  Switch#Switch# delete nvramdelete nvram
Erasing the Switch ConfigurationErasing the Switch Configuration  2950 Switch:2950 Switch:  Concepts of startup config and running configConcepts of startup config and running config holds exactly same as they do with routers overholds exactly same as they do with routers over here.here.  Following syntax helps us in deleting NVRAM’sFollowing syntax helps us in deleting NVRAM’s contents.contents.  Switch#Switch# erase startup-configerase startup-config
Virtual LANs (VLANs)Virtual LANs (VLANs)  A VLAN is a logical grouping of networkA VLAN is a logical grouping of network users and resources connected tousers and resources connected to administratively defined ports on a switch.administratively defined ports on a switch.  VLANs allow us to break broadcastVLANs allow us to break broadcast domain in a pure switched internetwork.domain in a pure switched internetwork.  VLANs allow us to create smallerVLANs allow us to create smaller broadcast domains within a layer 2broadcast domains within a layer 2 switched based internetwork.switched based internetwork.
How VLANs simplify networkHow VLANs simplify network management?management?  Network adds, moves and changes are achievedNetwork adds, moves and changes are achieved by configuring a port into the appropriate VLAN.by configuring a port into the appropriate VLAN.  A group of users needing high security can be putA group of users needing high security can be put into a VLAN so that no users outside of the VLANinto a VLAN so that no users outside of the VLAN can communicate with them.can communicate with them.  VLANs are independent from their physical orVLANs are independent from their physical or logical locations.logical locations.  VLANs can enhance network security.VLANs can enhance network security.  VLANs increase no. of broadcast domains andVLANs increase no. of broadcast domains and decrease the size of each broadcast domain.decrease the size of each broadcast domain.
Broadcast ControlBroadcast Control  All devices in a VLAN are member of sameAll devices in a VLAN are member of same broadcast domain and receive all broadcasts.broadcast domain and receive all broadcasts.  The broadcasts, by default, are filtered fromThe broadcasts, by default, are filtered from all ports on a switch that are not member ofall ports on a switch that are not member of the same VLAN.the same VLAN.  This is one of the prime benefit that we getThis is one of the prime benefit that we get with a VLAN based switched network,with a VLAN based switched network, otherwise we would have faced seriousotherwise we would have faced serious problem if all our users were in sameproblem if all our users were in same broadcast domain.broadcast domain.
SecuritySecurity  In a flat network anyone connecting to the physical networkIn a flat network anyone connecting to the physical network could access the network resources located that physicalcould access the network resources located that physical LAN.LAN.  In order to observe any/all traffic happening in that networkIn order to observe any/all traffic happening in that network one has to simply plug a network analyzer into the hub.one has to simply plug a network analyzer into the hub.  Users can join any workgroup by just plugging theirUsers can join any workgroup by just plugging their workstations into the existing hub.workstations into the existing hub.  By building VLANs and creating multiple broadcast groups,By building VLANs and creating multiple broadcast groups, administrators can now have control over each port andadministrators can now have control over each port and user.user.  Since VLANs can be created in accordance with theSince VLANs can be created in accordance with the network resources a user requires, a switch can benetwork resources a user requires, a switch can be configured to inform a network management station of anyconfigured to inform a network management station of any unauthorized access to network resources.unauthorized access to network resources.  During inter VLAN communication, we can implementDuring inter VLAN communication, we can implement restrictions on a router to achieve it.restrictions on a router to achieve it.
Flexibility and ScalabilityFlexibility and Scalability  By assigning switch ports or users to VLANBy assigning switch ports or users to VLAN groups on a switch or group of switches, wegroups on a switch or group of switches, we gain flexibility to add only the users we wantgain flexibility to add only the users we want into that broadcast domain regardless ofinto that broadcast domain regardless of their physical location.their physical location.  When a VLAN becomes to big, we canWhen a VLAN becomes to big, we can create more VLANs to keep broadcasts fromcreate more VLANs to keep broadcasts from consuming too much bandwidth.consuming too much bandwidth.
Physical LAN connected to a RouterPhysical LAN connected to a Router
Switches removing physical boundarySwitches removing physical boundary
Static VLANStatic VLAN  These VLANs are created by administrators.These VLANs are created by administrators.  An administrator creates static VLANs and thenAn administrator creates static VLANs and then assigns switch port to each VLAN.assigns switch port to each VLAN.  Static VLANs are:Static VLANs are:  Most secureMost secure  Comparatively easy to set up and monitor.Comparatively easy to set up and monitor.  Works well in a network where the movement ofWorks well in a network where the movement of users within the network is controlled.users within the network is controlled.  Switch port that is assigned a VLANSwitch port that is assigned a VLAN association to always maintains the associationassociation to always maintains the association until an administrator changes that portuntil an administrator changes that port
Dynamic VLANDynamic VLAN  When network administrator assigns, all the hostWhen network administrator assigns, all the host device's hardware addresses into a database, thedevice's hardware addresses into a database, the switches can be configured to assign VLANsswitches can be configured to assign VLANs dynamically whenever a host is plugged into adynamically whenever a host is plugged into a switch.switch.  These are called as dynamic VLANs.These are called as dynamic VLANs.  A dynamic VLAN determines node’s VLANA dynamic VLAN determines node’s VLAN assignment automatically.assignment automatically.  Using intelligent management software, we canUsing intelligent management software, we can base VLAN assignment on hardware addressbase VLAN assignment on hardware address (MAC address), protocols, or even applications to(MAC address), protocols, or even applications to create dynamic VLANs.create dynamic VLANs.
Dynamic VLANDynamic VLAN  Suppose MAC addresses have been entered intoSuppose MAC addresses have been entered into centralized VLAN management application.centralized VLAN management application.  If a node is then attached to an unassigned switchIf a node is then attached to an unassigned switch port, the VLAN management database can look upport, the VLAN management database can look up the hardware address and assign and configure thethe hardware address and assign and configure the switch port to the correct VLAN.switch port to the correct VLAN.  Its make management and configuration easierIts make management and configuration easier because if a user moves, the switch will assign thembecause if a user moves, the switch will assign them to the correct VLAN automatically.to the correct VLAN automatically.  CISCO allows us to use the VLAN ManagementCISCO allows us to use the VLAN Management Policy Server (VMPS) service to set up a database ofPolicy Server (VMPS) service to set up a database of MAC addresses that can be used for dynamicMAC addresses that can be used for dynamic addressing of VLANs.addressing of VLANs.  A VMPS database maps MAC addresses to VLANs.A VMPS database maps MAC addresses to VLANs.
VLAN linksVLAN links  Frames are handled differently accordingFrames are handled differently according to the type of link they are traversing in ato the type of link they are traversing in a switch.switch.  Following two links are available in aFollowing two links are available in a switched network:switched network:  Access LinkAccess Link  Trunk LinkTrunk Link
Access LinkAccess Link  This type of link is only part of one VLAN, and it’sThis type of link is only part of one VLAN, and it’s referred to as the native VLAN of the port.referred to as the native VLAN of the port.  Any device attached to an access link is unawareAny device attached to an access link is unaware of a VLAN membership. The device just assumesof a VLAN membership. The device just assumes it’s part of a broadcast domain, but it has noit’s part of a broadcast domain, but it has no understanding of the physical network.understanding of the physical network.  Switches remove any VLAN information from theSwitches remove any VLAN information from the frame before it’s sent to an access-link device.frame before it’s sent to an access-link device.  Access-link devices cannot communicate withAccess-link devices cannot communicate with devices outside their VLAN unless the packet isdevices outside their VLAN unless the packet is routed.routed.
Trunk LinkTrunk Link  A trunk line is a 100 or 1000 Mbps point-to-point linkA trunk line is a 100 or 1000 Mbps point-to-point link between:between:  Two switchesTwo switches  A switch and a routerA switch and a router  A switch and a serverA switch and a server  Trunk lines carry traffic of VLANs from 1 to 1005 at a time.Trunk lines carry traffic of VLANs from 1 to 1005 at a time.  Trunking allows us to make a single port part of multipleTrunking allows us to make a single port part of multiple VLANs at the same time.VLANs at the same time.  We can actually set things up to have a server in twoWe can actually set things up to have a server in two broadcast domains simultaneously, so that users don’t havebroadcast domains simultaneously, so that users don’t have to cross the router to log in and access it.to cross the router to log in and access it.  Another advantage of trunking is when we are connectingAnother advantage of trunking is when we are connecting switches.switches.  Trunk links can carry some or all VLAN information acrossTrunk links can carry some or all VLAN information across the link, but if the links between switches aren’t trunked,the link, but if the links between switches aren’t trunked, only VLAN 1 information will be switched across the link byonly VLAN 1 information will be switched across the link by default.default.
Access and Trunk LinksAccess and Trunk Links in a switched networkin a switched network
Creating & Verifying VLANs 1900Creating & Verifying VLANs 1900 switchswitch  Creating VLANs:Creating VLANs:  Mode: GCMMode: GCM  Syntax:Syntax: Switch(config)# VLANSwitch(config)# VLAN VLAN numberVLAN number namename VLAN nameVLAN name E.g. switch(config)# VLANE.g. switch(config)# VLAN 22 namename salessales  Verifying VLANs:Verifying VLANs:  Mode: PrivilegedMode: Privileged  Syntax:Syntax: Switch# show VLANSwitch# show VLAN
Creating & Verifying VLANsCreating & Verifying VLANs 2950 switch2950 switch Creating VLANs:Creating VLANs:  Mode: Privileged and switch configMode: Privileged and switch config  Syntax:Syntax: Switch# VLAN databaseSwitch# VLAN database Switch(VLAN)# VLANSwitch(VLAN)# VLAN VLAN numberVLAN number namename VLAN nameVLAN name Switch(VLAN)# applySwitch(VLAN)# apply E.g. Switch(VLAN)# VLANE.g. Switch(VLAN)# VLAN 22 namename salessales Switch(VLAN)# VLANSwitch(VLAN)# VLAN 33 namename mktmkt Switch(VLAN)# applySwitch(VLAN)# apply  Verifying VLANs:Verifying VLANs:  Mode privilegedMode privileged  Syntax:Syntax: Switch# show VLAN briefSwitch# show VLAN brief
Assigning switch ports to VLANs 1900Assigning switch ports to VLANs 1900 switchswitch  Mode: Interface SpecificMode: Interface Specific  Syntax:Syntax: Switch(config)# intSwitch(config)# int interface no.interface no. Switch(config – if)# VLAN-membership staticSwitch(config – if)# VLAN-membership static VLAN no.VLAN no. Example 1: Switch(config)# int e0/2Example 1: Switch(config)# int e0/2 Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2 Example 2: Switch(config)# int e0/3Example 2: Switch(config)# int e0/3 Switch(config – if)# VLAN-membership static 3Switch(config – if)# VLAN-membership static 3 Example 3: Switch(config)# int e0/4Example 3: Switch(config)# int e0/4 Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2
Assigning switch ports to VLANs 2950Assigning switch ports to VLANs 2950 switchswitch  Mode: Interface SpecificMode: Interface Specific  Syntax:Syntax: Switch(config)# intSwitch(config)# int interface no.interface no. Switch(config – if)#switchport access VLANSwitch(config – if)#switchport access VLAN VLANVLAN no.no. Example 1: Switch(config)# int f0/2Example 1: Switch(config)# int f0/2 Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2 Example 2: Switch(config)# int f0/3Example 2: Switch(config)# int f0/3 Switch(config – if)# switchport access VLAN 3Switch(config – if)# switchport access VLAN 3 Example 3: Switch(config)# int f0/4Example 3: Switch(config)# int f0/4 Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2
Frame TaggingFrame Tagging  Switch fabric: It is a group of switches sharing theSwitch fabric: It is a group of switches sharing the same VLAN information.same VLAN information.  Frame tagging is a frame identification method, whichFrame tagging is a frame identification method, which uniquely assigns a user-defined ID to each frame.uniquely assigns a user-defined ID to each frame.  It is also called asIt is also called as VLAN idVLAN id oror colorcolor..  How does it work?How does it work?  Each switch that the frame reaches must first identify theEach switch that the frame reaches must first identify the VLAN ID from the frame tag.VLAN ID from the frame tag.  Then it finds out what to do with the frame by looking at theThen it finds out what to do with the frame by looking at the information in the filter table.information in the filter table.  If the frame reaches a switch that has another trunked link,If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link port.the frame will be forwarded out the trunk-link port.  Once the frame reaches an exit to an access link matchingOnce the frame reaches an exit to an access link matching the frames VLAN ID, the switch removes the VLAN identifierthe frames VLAN ID, the switch removes the VLAN identifier so that the destination device receive the frames withoutso that the destination device receive the frames without having to understand their VLAN identification.having to understand their VLAN identification.

Recommended

Switching
SwitchingSwitching
Switching
CYBERINTELLIGENTS
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
welcometofacebook
 
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP)Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP)
NetProtocol Xpert
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
hazimalghalayini
 
Switching
SwitchingSwitching
Switching
CYBERINTELLIGENTS
 
Networking and Data Communications
Networking and Data CommunicationsNetworking and Data Communications
Networking and Data Communications
kuramartin
 
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
sushmil123
 

Recommended

Switching
SwitchingSwitching
Switching
CYBERINTELLIGENTS
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
welcometofacebook
 
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP)Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP)
NetProtocol Xpert
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
hazimalghalayini
 
Switching
SwitchingSwitching
Switching
CYBERINTELLIGENTS
 
Networking and Data Communications
Networking and Data CommunicationsNetworking and Data Communications
Networking and Data Communications
kuramartin
 
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
sushmil123
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
Arash Foroughi
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Mike McLain
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
Muhd Mu'izuddin
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Prasanna Shanmugasundaram
 
VLAN on packet Tracer
VLAN on packet TracerVLAN on packet Tracer
VLAN on packet Tracer
BIRLA VISHVAKARMA MAHAVIDYALAY
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Ethernet
EthernetEthernet
Ethernet
selvakumar_b1985
 
Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12
CYBERINTELLIGENTS
 
C C N A Day4
C C N A Day4C C N A Day4
C C N A Day4
darulquthni
 
RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)
Netwax Lab
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
IEEE STANDARDS 802.3,802.4,802.5
IEEE STANDARDS 802.3,802.4,802.5IEEE STANDARDS 802.3,802.4,802.5
IEEE STANDARDS 802.3,802.4,802.5
Vicky Kumar
 
Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1
jcbp_peru
 
Switching
SwitchingSwitching
Switching
Netwax Lab
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configuration
Mohammedseleim
 
CCNA R&S-12-Spanning Tree Protocol Concepts
CCNA R&S-12-Spanning Tree Protocol ConceptsCCNA R&S-12-Spanning Tree Protocol Concepts
CCNA R&S-12-Spanning Tree Protocol Concepts
Amir Jafari
 
Unit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part BUnit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part B
Chandan Gupta Bhagat
 
Spannig tree
Spannig treeSpannig tree
Spannig tree
1 2d
 
Token bus
Token busToken bus
Token bus
Denver Rockfreak
 
Lan switching technologies
Lan switching technologiesLan switching technologies
Lan switching technologies
Mohammedseleim
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
Chaing Ravuth
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHING
anilinvns
 

More Related Content

What's hot

Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Mike McLain
 
Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1
jcbp_peru
 
Spannig tree
Spannig treeSpannig tree
Spannig tree
1 2d
 

What's hot (19)

Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
 
VLAN on packet Tracer
VLAN on packet TracerVLAN on packet Tracer
VLAN on packet Tracer
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
 
Ethernet
EthernetEthernet
Ethernet
 
Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12
 
C C N A Day4
C C N A Day4C C N A Day4
C C N A Day4
 
RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
IEEE STANDARDS 802.3,802.4,802.5
IEEE STANDARDS 802.3,802.4,802.5IEEE STANDARDS 802.3,802.4,802.5
IEEE STANDARDS 802.3,802.4,802.5
 
Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1Odl010024 qin q laboratory exercise guide issue1
Odl010024 qin q laboratory exercise guide issue1
 
Switching
SwitchingSwitching
Switching
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configuration
 
CCNA R&S-12-Spanning Tree Protocol Concepts
CCNA R&S-12-Spanning Tree Protocol ConceptsCCNA R&S-12-Spanning Tree Protocol Concepts
CCNA R&S-12-Spanning Tree Protocol Concepts
 
Unit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part BUnit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part B
 
Spannig tree
Spannig treeSpannig tree
Spannig tree
 
Token bus
Token busToken bus
Token bus
 

Similar to 6.switching vla ns

Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
abdnazar2003
 
Ccna free chapter
Ccna free chapterCcna free chapter
Ccna free chapter
kvs062003
 
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
Prince Mishra
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
aghacrom
 

Similar to 6.switching vla ns (20)

Lan switching technologies
Lan switching technologiesLan switching technologies
Lan switching technologies
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHING
 
LAYER 2 SWITCHING
LAYER 2 SWITCHINGLAYER 2 SWITCHING
LAYER 2 SWITCHING
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
 
Ccna free chapter
Ccna free chapterCcna free chapter
Ccna free chapter
 
Networking interview questions and answers
Networking interview questions and answersNetworking interview questions and answers
Networking interview questions and answers
 
VLAN
VLANVLAN
VLAN
 
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
Imperfection_Is_Beautiful.111_2016_04_13_19_07_54_722
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
Cisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basicsCisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basics
 
Chapter V-Connecting LANs, Backbone Networks, and Virtual LANs.pptx
Chapter V-Connecting LANs, Backbone Networks, and Virtual LANs.pptxChapter V-Connecting LANs, Backbone Networks, and Virtual LANs.pptx
Chapter V-Connecting LANs, Backbone Networks, and Virtual LANs.pptx
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
Ch6
Ch6Ch6
Ch6
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet Networking
 

More from CYBERINTELLIGENTS

More from CYBERINTELLIGENTS (20)

Wide area networks
Wide area networksWide area networks
Wide area networks
 
Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12Stp premdeep gill-lu045310-14aug12
Stp premdeep gill-lu045310-14aug12
 
Routerfundaments gurwinder
Routerfundaments gurwinderRouterfundaments gurwinder
Routerfundaments gurwinder
 
Rip 1 rip 2
Rip 1 rip 2Rip 1 rip 2
Rip 1 rip 2
 
Ospf new
Ospf newOspf new
Ospf new
 
Nat pat
Nat patNat pat
Nat pat
 
Nat config
Nat configNat config
Nat config
 
Ipv6^ new
Ipv6^ newIpv6^ new
Ipv6^ new
 
Ip addressing...
Ip addressing... Ip addressing...
Ip addressing...
 
Ip address
Ip address Ip address
Ip address
 
Igrp
IgrpIgrp
Igrp
 
Frame relay
Frame relayFrame relay
Frame relay
 
Eigrp new
Eigrp newEigrp new
Eigrp new
 
Day 25 cisco ios router configuration
Day 25 cisco ios router configurationDay 25 cisco ios router configuration
Day 25 cisco ios router configuration
 
Day 22 _ ppp
Day 22 _ ppp Day 22 _ ppp
Day 22 _ ppp
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Day 20.3 frame relay
Day 20.3 frame relay Day 20.3 frame relay
Day 20.3 frame relay
 
Day 20.2 frame relay
Day 20.2 frame relay Day 20.2 frame relay
Day 20.2 frame relay
 
Day 20.1 configuringframerelay
Day 20.1 configuringframerelayDay 20.1 configuringframerelay
Day 20.1 configuringframerelay
 
Day 19 wan connections
Day 19 wan connectionsDay 19 wan connections
Day 19 wan connections
 

Recently uploaded

Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Accounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdfAccounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdf
YibeltalNibretu
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 

Recently uploaded (20)

Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational ResourcesBenefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptxNLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
Accounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdfAccounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdf
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 

6.switching vla ns

  • 2. Switching BasicsSwitching Basics  Switch act as a multiport bridge and itsSwitch act as a multiport bridge and its basic duty is to break collision domain.basic duty is to break collision domain.  Layer 2 switches and bridges are fasterLayer 2 switches and bridges are faster than routers because they don’t take upthan routers because they don’t take up time looking at the Network layer headertime looking at the Network layer header information.information.  Switches look at frame’s hardwareSwitches look at frame’s hardware addresses before deciding to eitheraddresses before deciding to either forward the frame or drop it.forward the frame or drop it.
  • 3. Switching BasicsSwitching Basics  Switches create private dedicated collisionSwitches create private dedicated collision domain.domain.  They provide independent bandwidth onThey provide independent bandwidth on each port.each port.  Layer 2 switching provide the following:Layer 2 switching provide the following:  Hardware based bridging (Application SpecificHardware based bridging (Application Specific Integrated Circuit – ASIC)Integrated Circuit – ASIC)  Wire SpeedWire Speed  Low latencyLow latency  Low cost.Low cost.
  • 4. Switching BasicsSwitching Basics  Switches do not do any modification toSwitches do not do any modification to the data packet.the data packet.  They only read the frame encapsulatingThey only read the frame encapsulating the packet.the packet.  This makes the switching processThis makes the switching process considerably faster and less error-pronconsiderably faster and less error-pron than routing process.than routing process.
  • 5. Switches create private domainSwitches create private domain
  • 6. Bridging Vs. LAN SwitchingBridging Vs. LAN Switching  Bridges are software based, while switchesBridges are software based, while switches are hardware based because switches useare hardware based because switches use ASIC chips to help make filtering decisions.ASIC chips to help make filtering decisions.  A switch is basically a multiport bridge.A switch is basically a multiport bridge.  Bridges can only have one spanning treeBridges can only have one spanning tree instance per bridge, while switches can haveinstance per bridge, while switches can have many.many.  Switches have more number of ports.Switches have more number of ports.
  • 7. Bridges and SwitchesBridges and Switches  Both poses multiple COLLISION DOMAINBoth poses multiple COLLISION DOMAIN but one BROADCAST DOMAIN.but one BROADCAST DOMAIN.  Both learn MAC addresses by examiningBoth learn MAC addresses by examining the source address of each frame received.the source address of each frame received.  Both make forwarding decisions based onBoth make forwarding decisions based on layer 2 addresses.layer 2 addresses.
  • 8. Functions of SwitchFunctions of Switch  Address LearningAddress Learning ::  Layer 2 switches remember the source hardwareLayer 2 switches remember the source hardware address of each frame received on an interface .address of each frame received on an interface .  Switches enter this information into a MACSwitches enter this information into a MAC database called a forward/filter table.database called a forward/filter table.  Forward/Filter DecisionForward/Filter Decision ::  When a frame is received on an interface, theWhen a frame is received on an interface, the switch looks at the destination hardware addressswitch looks at the destination hardware address and fields the exit interface in the MAC database.and fields the exit interface in the MAC database.  The frame is only forwarded out the specifiedThe frame is only forwarded out the specified destination port.destination port.
  • 9. Functions of SwitchFunctions of Switch  Loop AvoidanceLoop Avoidance::  If multiple connections between switchesIf multiple connections between switches are created for redundancy purpose,are created for redundancy purpose, network loops can occur.network loops can occur.  Spanning Tree Protocol (STP) is used toSpanning Tree Protocol (STP) is used to stop network loops while still permittingstop network loops while still permitting redundancy.redundancy.
  • 10. Address LearningAddress Learning  When switch is first powered on, the MACWhen switch is first powered on, the MAC forward/filter table is empty.forward/filter table is empty.  When an interface receives a frame, the switchWhen an interface receives a frame, the switch places the frame’s source address in MACplaces the frame’s source address in MAC forward/filter table, allowing it to rememberforward/filter table, allowing it to remember which interface the sending device is located on.which interface the sending device is located on.  Switch then floods the network with this frameSwitch then floods the network with this frame out of every port except the source port becauseout of every port except the source port because it has no idea where the destination deviceit has no idea where the destination device actually located.actually located.
  • 11. Address LearningAddress Learning  If a device answers this flooded frame andIf a device answers this flooded frame and sends a frame back, then:sends a frame back, then:  Switch takes the source address from that frameSwitch takes the source address from that frame and place the mac address in the database asand place the mac address in the database as well.well.  Switch associates this address with the interfaceSwitch associates this address with the interface that received the frame.that received the frame.  Since the switch now has both the relevantSince the switch now has both the relevant MAC address in its filtering table, the twoMAC address in its filtering table, the two devices can now make a point-t0-pontdevices can now make a point-t0-pont connectionconnection
  • 12.
  • 13.
  • 14. Forward/Filter DecisionsForward/Filter Decisions  When a frame arrives at a switchWhen a frame arrives at a switch interface, the destination hardwareinterface, the destination hardware address in compared to the MACaddress in compared to the MAC forward/filter table.forward/filter table.  If the destination hardware is known andIf the destination hardware is known and listed in the database, the frame is onlylisted in the database, the frame is only sent out the correct exit interface.sent out the correct exit interface.  This preserves bandwidth and is called asThis preserves bandwidth and is called as frame filtering.frame filtering.
  • 15. Forward/Filter DecisionsForward/Filter Decisions  If destination hardware address is notIf destination hardware address is not listed in the MAC database, then thelisted in the MAC database, then the frame is flooded out all active interfacesframe is flooded out all active interfaces except the interface the frame wasexcept the interface the frame was received on.received on.  If a device answers the flooded frame, theIf a device answers the flooded frame, the MAC database is updated with the deviceMAC database is updated with the device interface.interface.
  • 16. Loop AvoidanceLoop Avoidance  Redundant links between switches are aRedundant links between switches are a good idea because they help preventgood idea because they help prevent complete network failure in the event onecomplete network failure in the event one link stops working.link stops working.  But in a redundant link frames can beBut in a redundant link frames can be flooded down all redundant linksflooded down all redundant links simultaneously, resulting in network loops.simultaneously, resulting in network loops.
  • 17. Redundant links may invite followingRedundant links may invite following set of problems:set of problems:  If no loop avoidance schemes are put in place,If no loop avoidance schemes are put in place, the switches will flood broadcast endlessly.the switches will flood broadcast endlessly. Following figure illustrates it:Following figure illustrates it: Broadcast Storm
  • 18.  A device can receive multiple copies of the sameA device can receive multiple copies of the same frame, since that frame can arrive from multipleframe, since that frame can arrive from multiple segments simultaneously. Following figuresegments simultaneously. Following figure demonstrates it best.demonstrates it best.  The server in this figureThe server in this figure sends a unicast frame tosends a unicast frame to router C.router C.  Since it’s a unicast frame,Since it’s a unicast frame, switch A forwards the frameswitch A forwards the frame and switch B provides theand switch B provides the same service – it forwards thesame service – it forwards the broadcast.broadcast.  This is not good because now route C will receive unicastThis is not good because now route C will receive unicast frame twice, causing additional overhead on the network.frame twice, causing additional overhead on the network.
  • 19.  The MAC address filter table will be totallyThe MAC address filter table will be totally confused about the devices locationconfused about the devices location because the switch can receive the framebecause the switch can receive the frame from more than one links.from more than one links.  Multiple loops could be generated. ThisMultiple loops could be generated. This mean a loop can occur within other loop.mean a loop can occur within other loop.
  • 20. Spanning Tree ProtocolSpanning Tree Protocol  Its main task is to stop routing loops fromIts main task is to stop routing loops from occurring on layer 2. (Bridges or Switches)occurring on layer 2. (Bridges or Switches)  It monitors the network to find all links makingIt monitors the network to find all links making sure that no loops occur by shutting down thesure that no loops occur by shutting down the redundant link.redundant link.  It uses Spanning Tree Algorithm (STA), toIt uses Spanning Tree Algorithm (STA), to first create a topology database, then searchfirst create a topology database, then search out and destroy redundant links.out and destroy redundant links.  With STP running, frames are only forwardedWith STP running, frames are only forwarded on the STP, picked links.on the STP, picked links.
  • 21. LAN Switch TypesLAN Switch Types  LAN Switch Types decide how a frame isLAN Switch Types decide how a frame is handled when it’s received on a switch port.handled when it’s received on a switch port.  Latency: The time switch takes for a frame toLatency: The time switch takes for a frame to be sent out an exit port once the switchbe sent out an exit port once the switch receives the frame.receives the frame.  There are three switching modes:There are three switching modes:  Cut – through (Fast Forward)Cut – through (Fast Forward)  Fragment Free (Modified cut-through)Fragment Free (Modified cut-through)  Store-and-forwardStore-and-forward
  • 22.  Cut-through (Fast Forward)Cut-through (Fast Forward) ::  In this mode, the switch only waits for theIn this mode, the switch only waits for the destination hardware address to be received beforedestination hardware address to be received before it looks up the destination address in the MAC filterit looks up the destination address in the MAC filter table.table.  Fragment Free (Modified cut-through)Fragment Free (Modified cut-through) ::  In this mode, the switch checks the first 64 bytes ofIn this mode, the switch checks the first 64 bytes of a frame before forwarding it for fragmentation.a frame before forwarding it for fragmentation.  This is the default mode for catalyst 1900 seriesThis is the default mode for catalyst 1900 series switch.switch.  Store-and-forwardStore-and-forward ::  In this mode, the complete frame is received on theIn this mode, the complete frame is received on the switch’s buffer, a CRC is run and then the switchswitch’s buffer, a CRC is run and then the switch looks up the destination address in the MAClooks up the destination address in the MAC forward/filter table.forward/filter table.
  • 23. Different switching modes within a frameDifferent switching modes within a frame
  • 24. Cut - ThroughCut - Through  With cut-through switching method, the LAN switchWith cut-through switching method, the LAN switch reads only the destination.reads only the destination.  That is it looks at the first six bytes following theThat is it looks at the first six bytes following the preamble.preamble.  It then:It then:  Looks up the hardware destination address in the MACLooks up the hardware destination address in the MAC switching table.switching table.  Determines the outgoing interface.Determines the outgoing interface.  Proceeds to forward the frame towards its destination.Proceeds to forward the frame towards its destination.  A cut-through switch helps in reducing latency,A cut-through switch helps in reducing latency, because its begins to forward the frame as soon as itbecause its begins to forward the frame as soon as it reads the destination address and determines thereads the destination address and determines the outgoing interface.outgoing interface.
  • 25. Fragment Free (ModifiedFragment Free (Modified Cut – Through)Cut – Through)  It is a modified form of cut-through switching inIt is a modified form of cut-through switching in which the switch waits for the collision window (64which the switch waits for the collision window (64 bytes) to pass before forwarding.bytes) to pass before forwarding.  This is because if a packet has a collision error, itThis is because if a packet has a collision error, it almost always occurs within the first 64 bytes.almost always occurs within the first 64 bytes.  This means each frame will be checked into theThis means each frame will be checked into the data field to make sure no fragmentation hasdata field to make sure no fragmentation has occurred.occurred.  Fragment Free mode provides better error checkingFragment Free mode provides better error checking than the cut-through mode with practically nothan the cut-through mode with practically no increase in latency.increase in latency.  It is the default switching mode for 1900 switches.It is the default switching mode for 1900 switches.
  • 26. Store – and – ForwardStore – and – Forward  It is CISCO’s primary LAN switching method.It is CISCO’s primary LAN switching method.  In this method, the LAN switch copies the entireIn this method, the LAN switch copies the entire frame onto its onboard buffers and then computesframe onto its onboard buffers and then computes the CRC (Cyclic Redundancy Check).the CRC (Cyclic Redundancy Check).  Since it copies the entire frame, latency through theSince it copies the entire frame, latency through the switch varies with frame length.switch varies with frame length.  The frame is discarded if it contains a CRC error:The frame is discarded if it contains a CRC error:  If it is too short (Less then 64 bytes including the CRC)If it is too short (Less then 64 bytes including the CRC)  If it is too long (More than 1518 bytes, including the CRC)If it is too long (More than 1518 bytes, including the CRC)  If the frame doesn’t contain any error, the LANIf the frame doesn’t contain any error, the LAN switch looks up the destination hardware address inswitch looks up the destination hardware address in its MAC forward/filter table to find the correctits MAC forward/filter table to find the correct outgoing interface.outgoing interface.
  • 27. Spanning Tree TermsSpanning Tree Terms  STP:STP:  It is a bridge protocol that uses the STA to findIt is a bridge protocol that uses the STA to find redundant links dynamically.redundant links dynamically.  It creates a spanning tree topology database.It creates a spanning tree topology database.  Bridges exchange BPDU messages with otherBridges exchange BPDU messages with other bridgesbridges
  • 28. Configuring 1900 & 2950 catalystConfiguring 1900 & 2950 catalyst switchesswitches  We will cover following list of tasks:We will cover following list of tasks:  Setting the passwordSetting the password  Setting the hostnameSetting the hostname  Configuring the ip address and subnet masksConfiguring the ip address and subnet masks  Setting a description on the interfaceSetting a description on the interface  Erasing the switch configurationErasing the switch configuration  Configuring VLANsConfiguring VLANs  Adding VLAN membership to switch port.Adding VLAN membership to switch port.  Creating VTP domain.Creating VTP domain.  Configuring trunking.Configuring trunking.
  • 29. Setting the passwordSetting the password  1900 Series:1900 Series:  It uses same command to set both user levelIt uses same command to set both user level password as well as privileged password, butpassword as well as privileged password, but with different level numbers.with different level numbers.  Level is 1 for user level and 15 for privilegeLevel is 1 for user level and 15 for privilege level.level.  Password length should be from 4 to 8Password length should be from 4 to 8 characters.characters.  Setting user password:Setting user password:  switch(config)#switch(config)# enable password level 1 ciscoenable password level 1 cisco  Setting privileged level passwordSetting privileged level password  switch(config)#switch(config)# enable password level 15 ciscoenable password level 15 cisco
  • 30. Setting the passwordSetting the password  2950 Series:2950 Series:  To set user mode password for the 2950 switch,To set user mode password for the 2950 switch, we configure the line just as we would do on awe configure the line just as we would do on a router.router.  Console:Console:  switch(configswitch(config))## line console 0line console 0 switch(config-lineswitch(config-line))## passwordpassword ciscocisco switch(config-lineswitch(config-line))## loginlogin  Telnet:Telnet:  switch(configswitch(config))## line vty 0 15line vty 0 15 switch(config-lineswitch(config-line))## passwordpassword ciscocisco switch(config-line)#switch(config-line)# loginlogin  Enable secret password is set in the same wayEnable secret password is set in the same way as we would do for a router.as we would do for a router.  switch(config)#switch(config)# enable secretenable secret ciscocisco
  • 31. Setting hostnameSetting hostname  The hostname on a switch is only locallyThe hostname on a switch is only locally significant.significant.  This means it doesn’t have any function onThis means it doesn’t have any function on the network or with the name resolution.the network or with the name resolution. (Though it has an exception with PPP(Though it has an exception with PPP authentication)authentication)  1900 Series:1900 Series:  switch(configswitch(config))## hostnamehostname LAN1LAN1  2950 Series:2950 Series:  switch(config)#switch(config)# hostnamehostname LAN1LAN1
  • 32. Setting IP informationSetting IP information  Generally a switch doesn’t need any ipGenerally a switch doesn’t need any ip address at all to manager a LAN.address at all to manager a LAN.  There are exceptions though.There are exceptions though.  We have got two reasons where weWe have got two reasons where we probably do want to set IP addressprobably do want to set IP address information on the switch.information on the switch.  To manage the switch via TELNET or otherTo manage the switch via TELNET or other management software.management software.  To configure the switch with different VLANsTo configure the switch with different VLANs and other network functions.and other network functions.
  • 33. Setting IP informationSetting IP information  1900 Switch:1900 Switch:  By default no ip address or default gatewayBy default no ip address or default gateway information is set.information is set.  We can verify this by using the commandWe can verify this by using the command sh ipsh ip atat privileged mode.privileged mode.  Switch#sh ipSwitch#sh ip  IP address and default gateway are set throughIP address and default gateway are set through GCM.GCM.  Switch(config)#Switch(config)# ip address 172.16.10.16 255.255.255.0ip address 172.16.10.16 255.255.255.0 Switch(config)#Switch(config)# ip default-gateway 172.16.10.1ip default-gateway 172.16.10.1
  • 34. Setting IP informationSetting IP information  2950 Switch :2950 Switch :  In 2950 switch , we consider a default VLAN with theIn 2950 switch , we consider a default VLAN with the switch.switch.  This VLAN is called as VLAN1.This VLAN is called as VLAN1.  Every port on switch is a member of VLAN1 byEvery port on switch is a member of VLAN1 by default.default.  We always set ip address for VLAN1.We always set ip address for VLAN1.  Switch(config)#Switch(config)# interface vlan1interface vlan1 Switch(config-if)#Switch(config-if)# ip address 172.16.10.17 255.255.255.0ip address 172.16.10.17 255.255.255.0 Switch(config-if)#Switch(config-if)#exitexit Switch(config)#Switch(config)# ip default-gateway 172.16.10.1ip default-gateway 172.16.10.1
  • 35. Configuring Interface DescriptionConfiguring Interface Description  We can administratively set a name for eachWe can administratively set a name for each interface on the switches.interface on the switches.  These descriptions are only locally significant.These descriptions are only locally significant.  1900 Switch:1900 Switch:  Description command is used from interfaceDescription command is used from interface configuration mode.configuration mode.  Spaces can't be used within description.Spaces can't be used within description.  Switch(config)#Switch(config)# int e0/1int e0/1 Switch(config-if)#Switch(config-if)# description Finance_VLANdescription Finance_VLAN Switch(config)#Switch(config)# int f0/26int f0/26 Switch(config-if)#Switch(config-if)# description trunk_to_building_4description trunk_to_building_4
  • 36. Configuring Interface DescriptionConfiguring Interface Description  2950 Switch:2950 Switch:  Description command is used from interfaceDescription command is used from interface configuration mode.configuration mode.  Spaces can be used within description.Spaces can be used within description.  Switch(config)#Switch(config)# int fastEthernet 0/1int fastEthernet 0/1 Switch(config-if)#Switch(config-if)# description Sales Printerdescription Sales Printer Switch(config)#Switch(config)# int f0/12int f0/12 Switch(config-if)#Switch(config-if)# description trunk_to_building_4description trunk_to_building_4
  • 37. Erasing the Switch ConfigurationErasing the Switch Configuration  1900 Switch:1900 Switch:  We can’t see the content of NVRAM.We can’t see the content of NVRAM.  We can only view RAM’s content.We can only view RAM’s content.  When we make changes to switch’s runningWhen we make changes to switch’s running configuration, it automatically copies it to the NVconfiguration, it automatically copies it to the NV RAM.RAM.  Following syntax helps us in deleting NVRAM’sFollowing syntax helps us in deleting NVRAM’s contents.contents.  Switch#Switch# delete nvramdelete nvram
  • 38. Erasing the Switch ConfigurationErasing the Switch Configuration  2950 Switch:2950 Switch:  Concepts of startup config and running configConcepts of startup config and running config holds exactly same as they do with routers overholds exactly same as they do with routers over here.here.  Following syntax helps us in deleting NVRAM’sFollowing syntax helps us in deleting NVRAM’s contents.contents.  Switch#Switch# erase startup-configerase startup-config
  • 39. Virtual LANs (VLANs)Virtual LANs (VLANs)  A VLAN is a logical grouping of networkA VLAN is a logical grouping of network users and resources connected tousers and resources connected to administratively defined ports on a switch.administratively defined ports on a switch.  VLANs allow us to break broadcastVLANs allow us to break broadcast domain in a pure switched internetwork.domain in a pure switched internetwork.  VLANs allow us to create smallerVLANs allow us to create smaller broadcast domains within a layer 2broadcast domains within a layer 2 switched based internetwork.switched based internetwork.
  • 40. How VLANs simplify networkHow VLANs simplify network management?management?  Network adds, moves and changes are achievedNetwork adds, moves and changes are achieved by configuring a port into the appropriate VLAN.by configuring a port into the appropriate VLAN.  A group of users needing high security can be putA group of users needing high security can be put into a VLAN so that no users outside of the VLANinto a VLAN so that no users outside of the VLAN can communicate with them.can communicate with them.  VLANs are independent from their physical orVLANs are independent from their physical or logical locations.logical locations.  VLANs can enhance network security.VLANs can enhance network security.  VLANs increase no. of broadcast domains andVLANs increase no. of broadcast domains and decrease the size of each broadcast domain.decrease the size of each broadcast domain.
  • 41. Broadcast ControlBroadcast Control  All devices in a VLAN are member of sameAll devices in a VLAN are member of same broadcast domain and receive all broadcasts.broadcast domain and receive all broadcasts.  The broadcasts, by default, are filtered fromThe broadcasts, by default, are filtered from all ports on a switch that are not member ofall ports on a switch that are not member of the same VLAN.the same VLAN.  This is one of the prime benefit that we getThis is one of the prime benefit that we get with a VLAN based switched network,with a VLAN based switched network, otherwise we would have faced seriousotherwise we would have faced serious problem if all our users were in sameproblem if all our users were in same broadcast domain.broadcast domain.
  • 42. SecuritySecurity  In a flat network anyone connecting to the physical networkIn a flat network anyone connecting to the physical network could access the network resources located that physicalcould access the network resources located that physical LAN.LAN.  In order to observe any/all traffic happening in that networkIn order to observe any/all traffic happening in that network one has to simply plug a network analyzer into the hub.one has to simply plug a network analyzer into the hub.  Users can join any workgroup by just plugging theirUsers can join any workgroup by just plugging their workstations into the existing hub.workstations into the existing hub.  By building VLANs and creating multiple broadcast groups,By building VLANs and creating multiple broadcast groups, administrators can now have control over each port andadministrators can now have control over each port and user.user.  Since VLANs can be created in accordance with theSince VLANs can be created in accordance with the network resources a user requires, a switch can benetwork resources a user requires, a switch can be configured to inform a network management station of anyconfigured to inform a network management station of any unauthorized access to network resources.unauthorized access to network resources.  During inter VLAN communication, we can implementDuring inter VLAN communication, we can implement restrictions on a router to achieve it.restrictions on a router to achieve it.
  • 43. Flexibility and ScalabilityFlexibility and Scalability  By assigning switch ports or users to VLANBy assigning switch ports or users to VLAN groups on a switch or group of switches, wegroups on a switch or group of switches, we gain flexibility to add only the users we wantgain flexibility to add only the users we want into that broadcast domain regardless ofinto that broadcast domain regardless of their physical location.their physical location.  When a VLAN becomes to big, we canWhen a VLAN becomes to big, we can create more VLANs to keep broadcasts fromcreate more VLANs to keep broadcasts from consuming too much bandwidth.consuming too much bandwidth.
  • 44. Physical LAN connected to a RouterPhysical LAN connected to a Router
  • 45. Switches removing physical boundarySwitches removing physical boundary
  • 46. Static VLANStatic VLAN  These VLANs are created by administrators.These VLANs are created by administrators.  An administrator creates static VLANs and thenAn administrator creates static VLANs and then assigns switch port to each VLAN.assigns switch port to each VLAN.  Static VLANs are:Static VLANs are:  Most secureMost secure  Comparatively easy to set up and monitor.Comparatively easy to set up and monitor.  Works well in a network where the movement ofWorks well in a network where the movement of users within the network is controlled.users within the network is controlled.  Switch port that is assigned a VLANSwitch port that is assigned a VLAN association to always maintains the associationassociation to always maintains the association until an administrator changes that portuntil an administrator changes that port
  • 47. Dynamic VLANDynamic VLAN  When network administrator assigns, all the hostWhen network administrator assigns, all the host device's hardware addresses into a database, thedevice's hardware addresses into a database, the switches can be configured to assign VLANsswitches can be configured to assign VLANs dynamically whenever a host is plugged into adynamically whenever a host is plugged into a switch.switch.  These are called as dynamic VLANs.These are called as dynamic VLANs.  A dynamic VLAN determines node’s VLANA dynamic VLAN determines node’s VLAN assignment automatically.assignment automatically.  Using intelligent management software, we canUsing intelligent management software, we can base VLAN assignment on hardware addressbase VLAN assignment on hardware address (MAC address), protocols, or even applications to(MAC address), protocols, or even applications to create dynamic VLANs.create dynamic VLANs.
  • 48. Dynamic VLANDynamic VLAN  Suppose MAC addresses have been entered intoSuppose MAC addresses have been entered into centralized VLAN management application.centralized VLAN management application.  If a node is then attached to an unassigned switchIf a node is then attached to an unassigned switch port, the VLAN management database can look upport, the VLAN management database can look up the hardware address and assign and configure thethe hardware address and assign and configure the switch port to the correct VLAN.switch port to the correct VLAN.  Its make management and configuration easierIts make management and configuration easier because if a user moves, the switch will assign thembecause if a user moves, the switch will assign them to the correct VLAN automatically.to the correct VLAN automatically.  CISCO allows us to use the VLAN ManagementCISCO allows us to use the VLAN Management Policy Server (VMPS) service to set up a database ofPolicy Server (VMPS) service to set up a database of MAC addresses that can be used for dynamicMAC addresses that can be used for dynamic addressing of VLANs.addressing of VLANs.  A VMPS database maps MAC addresses to VLANs.A VMPS database maps MAC addresses to VLANs.
  • 49. VLAN linksVLAN links  Frames are handled differently accordingFrames are handled differently according to the type of link they are traversing in ato the type of link they are traversing in a switch.switch.  Following two links are available in aFollowing two links are available in a switched network:switched network:  Access LinkAccess Link  Trunk LinkTrunk Link
  • 50. Access LinkAccess Link  This type of link is only part of one VLAN, and it’sThis type of link is only part of one VLAN, and it’s referred to as the native VLAN of the port.referred to as the native VLAN of the port.  Any device attached to an access link is unawareAny device attached to an access link is unaware of a VLAN membership. The device just assumesof a VLAN membership. The device just assumes it’s part of a broadcast domain, but it has noit’s part of a broadcast domain, but it has no understanding of the physical network.understanding of the physical network.  Switches remove any VLAN information from theSwitches remove any VLAN information from the frame before it’s sent to an access-link device.frame before it’s sent to an access-link device.  Access-link devices cannot communicate withAccess-link devices cannot communicate with devices outside their VLAN unless the packet isdevices outside their VLAN unless the packet is routed.routed.
  • 51. Trunk LinkTrunk Link  A trunk line is a 100 or 1000 Mbps point-to-point linkA trunk line is a 100 or 1000 Mbps point-to-point link between:between:  Two switchesTwo switches  A switch and a routerA switch and a router  A switch and a serverA switch and a server  Trunk lines carry traffic of VLANs from 1 to 1005 at a time.Trunk lines carry traffic of VLANs from 1 to 1005 at a time.  Trunking allows us to make a single port part of multipleTrunking allows us to make a single port part of multiple VLANs at the same time.VLANs at the same time.  We can actually set things up to have a server in twoWe can actually set things up to have a server in two broadcast domains simultaneously, so that users don’t havebroadcast domains simultaneously, so that users don’t have to cross the router to log in and access it.to cross the router to log in and access it.  Another advantage of trunking is when we are connectingAnother advantage of trunking is when we are connecting switches.switches.  Trunk links can carry some or all VLAN information acrossTrunk links can carry some or all VLAN information across the link, but if the links between switches aren’t trunked,the link, but if the links between switches aren’t trunked, only VLAN 1 information will be switched across the link byonly VLAN 1 information will be switched across the link by default.default.
  • 52. Access and Trunk LinksAccess and Trunk Links in a switched networkin a switched network
  • 53. Creating & Verifying VLANs 1900Creating & Verifying VLANs 1900 switchswitch  Creating VLANs:Creating VLANs:  Mode: GCMMode: GCM  Syntax:Syntax: Switch(config)# VLANSwitch(config)# VLAN VLAN numberVLAN number namename VLAN nameVLAN name E.g. switch(config)# VLANE.g. switch(config)# VLAN 22 namename salessales  Verifying VLANs:Verifying VLANs:  Mode: PrivilegedMode: Privileged  Syntax:Syntax: Switch# show VLANSwitch# show VLAN
  • 54. Creating & Verifying VLANsCreating & Verifying VLANs 2950 switch2950 switch Creating VLANs:Creating VLANs:  Mode: Privileged and switch configMode: Privileged and switch config  Syntax:Syntax: Switch# VLAN databaseSwitch# VLAN database Switch(VLAN)# VLANSwitch(VLAN)# VLAN VLAN numberVLAN number namename VLAN nameVLAN name Switch(VLAN)# applySwitch(VLAN)# apply E.g. Switch(VLAN)# VLANE.g. Switch(VLAN)# VLAN 22 namename salessales Switch(VLAN)# VLANSwitch(VLAN)# VLAN 33 namename mktmkt Switch(VLAN)# applySwitch(VLAN)# apply  Verifying VLANs:Verifying VLANs:  Mode privilegedMode privileged  Syntax:Syntax: Switch# show VLAN briefSwitch# show VLAN brief
  • 55. Assigning switch ports to VLANs 1900Assigning switch ports to VLANs 1900 switchswitch  Mode: Interface SpecificMode: Interface Specific  Syntax:Syntax: Switch(config)# intSwitch(config)# int interface no.interface no. Switch(config – if)# VLAN-membership staticSwitch(config – if)# VLAN-membership static VLAN no.VLAN no. Example 1: Switch(config)# int e0/2Example 1: Switch(config)# int e0/2 Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2 Example 2: Switch(config)# int e0/3Example 2: Switch(config)# int e0/3 Switch(config – if)# VLAN-membership static 3Switch(config – if)# VLAN-membership static 3 Example 3: Switch(config)# int e0/4Example 3: Switch(config)# int e0/4 Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2
  • 56. Assigning switch ports to VLANs 2950Assigning switch ports to VLANs 2950 switchswitch  Mode: Interface SpecificMode: Interface Specific  Syntax:Syntax: Switch(config)# intSwitch(config)# int interface no.interface no. Switch(config – if)#switchport access VLANSwitch(config – if)#switchport access VLAN VLANVLAN no.no. Example 1: Switch(config)# int f0/2Example 1: Switch(config)# int f0/2 Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2 Example 2: Switch(config)# int f0/3Example 2: Switch(config)# int f0/3 Switch(config – if)# switchport access VLAN 3Switch(config – if)# switchport access VLAN 3 Example 3: Switch(config)# int f0/4Example 3: Switch(config)# int f0/4 Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2
  • 57. Frame TaggingFrame Tagging  Switch fabric: It is a group of switches sharing theSwitch fabric: It is a group of switches sharing the same VLAN information.same VLAN information.  Frame tagging is a frame identification method, whichFrame tagging is a frame identification method, which uniquely assigns a user-defined ID to each frame.uniquely assigns a user-defined ID to each frame.  It is also called asIt is also called as VLAN idVLAN id oror colorcolor..  How does it work?How does it work?  Each switch that the frame reaches must first identify theEach switch that the frame reaches must first identify the VLAN ID from the frame tag.VLAN ID from the frame tag.  Then it finds out what to do with the frame by looking at theThen it finds out what to do with the frame by looking at the information in the filter table.information in the filter table.  If the frame reaches a switch that has another trunked link,If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link port.the frame will be forwarded out the trunk-link port.  Once the frame reaches an exit to an access link matchingOnce the frame reaches an exit to an access link matching the frames VLAN ID, the switch removes the VLAN identifierthe frames VLAN ID, the switch removes the VLAN identifier so that the destination device receive the frames withoutso that the destination device receive the frames without having to understand their VLAN identification.having to understand their VLAN identification.