The document discusses VLANs (virtual local area networks) and their role in dividing a network into logical segments. VLANs allow users to be grouped by function rather than physical location, improving flexibility. VLANs are configured on switches using port-based assignments and trunk links allow traffic from multiple VLANs to travel between switches using tagging. The document provides examples of configuring, monitoring and troubleshooting VLANs on Cisco switches.
he Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
It prevents a network from frame looping by putting some interfaces in forwarding state & some
interfaces in blocking state.
Whenever two or more switches are connected with each other for redundancy purpose loop can occur.
STP Protocol is used to prevent the loop. STP is layer 2 Protocol & by default it is enabled on switches.
In 2001, the IEEE introduced Rapid Spanning Tree Protocol (RSTP) as 802.1w. RSTP provides significantly
faster spanning tree convergence after a topology change, introducing new convergence behavior and
bridge port roles to do this. RSTP was designed to be backwards-compatible with standard STP.
While STP can take 30 to 50 seconds to respond to a topology change, RSTP is typically able to respond
to changes within 3 × Hello times (default: 3 times 2 seconds) or within a few milliseconds of a physical
link failure. The so-called Hello time is an important and configurable time interval that is used by RSTP
for several purposes; its default value is 2 seconds.
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
Ethernet networks require a loop-free topology, otherwise more and more broadcastand unknown unicast frames would swamp the network (creation of frame duplicates resulting in a broadcast storm). Spanning Tree Protocol (IEEE 802.1D) and its faster successor RSTP (IEEE 802.1w) provide loop prevention in bridged networks by establising a loop-free tree of forwarding paths between any two bridges in a network with multiple physical paths. If a link fails, STP and RSTP automatically establishes a new loop-free topology. This presentation describes in detail how STP and RSTP work along with typical examples.
Spanning Tree Protocol (STP) is a network protocol designed to prevent layer 2 loops. It is standardized as IEEE 802.D protocol. STP blocks some ports on switches with redundant links to prevent broadcast storms and ensure loop-free topology. With STP in place, you can have redundant links between switches in order to provide redundancy.
Chapter 3: Objectives
---------------------------------------------------
Explain the purpose of VLANs in a switched network.
Analyze how a switch forwards frames based on VLAN configuration in a multi-switched environment.
Configure a switch port to be assigned to a VLAN based on requirements.
Configure a trunk port on a LAN switch.
Configure Dynamic Trunk Protocol (DTP).
Troubleshoot VLAN and trunk configurations in a switched network.
Configure security features to mitigate attacks in a VLAN-segmented environment.
Explain security best practices for a VLAN-segmented environment.
Yaser Rahmati | یاسر رحمتی
Rahmati Academy | آکادمی رحمتی
www.yaser-rahmati.ir
www.rahmati-academy.ir
he Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
It prevents a network from frame looping by putting some interfaces in forwarding state & some
interfaces in blocking state.
Whenever two or more switches are connected with each other for redundancy purpose loop can occur.
STP Protocol is used to prevent the loop. STP is layer 2 Protocol & by default it is enabled on switches.
In 2001, the IEEE introduced Rapid Spanning Tree Protocol (RSTP) as 802.1w. RSTP provides significantly
faster spanning tree convergence after a topology change, introducing new convergence behavior and
bridge port roles to do this. RSTP was designed to be backwards-compatible with standard STP.
While STP can take 30 to 50 seconds to respond to a topology change, RSTP is typically able to respond
to changes within 3 × Hello times (default: 3 times 2 seconds) or within a few milliseconds of a physical
link failure. The so-called Hello time is an important and configurable time interval that is used by RSTP
for several purposes; its default value is 2 seconds.
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
Ethernet networks require a loop-free topology, otherwise more and more broadcastand unknown unicast frames would swamp the network (creation of frame duplicates resulting in a broadcast storm). Spanning Tree Protocol (IEEE 802.1D) and its faster successor RSTP (IEEE 802.1w) provide loop prevention in bridged networks by establising a loop-free tree of forwarding paths between any two bridges in a network with multiple physical paths. If a link fails, STP and RSTP automatically establishes a new loop-free topology. This presentation describes in detail how STP and RSTP work along with typical examples.
Spanning Tree Protocol (STP) is a network protocol designed to prevent layer 2 loops. It is standardized as IEEE 802.D protocol. STP blocks some ports on switches with redundant links to prevent broadcast storms and ensure loop-free topology. With STP in place, you can have redundant links between switches in order to provide redundancy.
Chapter 3: Objectives
---------------------------------------------------
Explain the purpose of VLANs in a switched network.
Analyze how a switch forwards frames based on VLAN configuration in a multi-switched environment.
Configure a switch port to be assigned to a VLAN based on requirements.
Configure a trunk port on a LAN switch.
Configure Dynamic Trunk Protocol (DTP).
Troubleshoot VLAN and trunk configurations in a switched network.
Configure security features to mitigate attacks in a VLAN-segmented environment.
Explain security best practices for a VLAN-segmented environment.
Yaser Rahmati | یاسر رحمتی
Rahmati Academy | آکادمی رحمتی
www.yaser-rahmati.ir
www.rahmati-academy.ir
La formation complète est disponible ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-linux-lpic-2
Cette formation est la suite de la Formation Linux LPIC-1. Elle vous permet d'aller plus loin dans le monde Linux et de maitriser des solutions Linux très avancées.
Dans cette formation, qui couvre les deux examens LPI 201 et LPI 202, Noël Macé vous apprend à administrer un parc de serveurs Linux de petite à moyenne taille et de planifier, mettre en œuvre et dépanner un petit réseau mixte (MS, Linux, Samba, NFS, DNS, DHCP, firewall, VPN, SSH, web cache/proxy, mail, serveur web, reverse proxy, serveur FTP).
A la fin de cette formation vous serez en mesure de passer l'examen LPIC-2, et gagner une certification très reconnue dans le marché du travail.
I tried to make as detailed, clear, abundant example and visual presentation of VLANs as possible. You can contact the e-mail address in the slide to get information about the yours issue or correct my any mistakes.
Explain the purpose of VLANs in a switched network.
1) Analyze how a switch forwards frames based on VLAN configuration in a multi-switched environment.
2) Configure a switch port to be assigned to a VLAN based on requirements.
3) Configure a trunk port on a LAN switch.
4) Configure Dynamic Trunk Protocol (DTP).
5) Troubleshoot VLAN and trunk configurations in a switched network.
6) Configure security features to mitigate attacks in a VLAN-segmented environment.
7) Explain security best practices for a VLAN-segmented environment.
1. VLANs
CCNA Exploration Semester 3
Chapter 3
30 Sep 2012 S Ward Abingdon and Witney College 1
2. Topics
The role of VLANs in a network
Trunking VLANs
Configure VLANs on switches
Troubleshoot common VLAN problems
2
30 Sep 2012 S Ward Abingdon and
Witney College
3. Semester 3
LAN Design
Basic Switch Wireless
Concepts
VLANs STP
VTP Inter-VLAN
routing
3
30 Sep 2012 S Ward Abingdon and
Witney College
4. Some requirements of LANs
Need to split up broadcast domains to make
good use of bandwidth
People in the same department may need to
be grouped together for access to servers
Security: restrict access by certain users to
some areas of the LAN
Provide a way for different areas of the LAN
to communicate with each other
4
30 Sep 2012 S Ward Abingdon and
Witney College
5. Solution using routers
Divide the LAN into
subnets
Use routers to link
the subnets
5
30 Sep 2012 S Ward Abingdon and
Witney College
6. Solution using routers
BUT
Routers are expensive
Routers are slower than switches
Subnets are restricted to limited physical
areas
Subnets are inflexible
6
30 Sep 2012 S Ward Abingdon and
Witney College
7. Solution using VLANs
VLAN membership can
be by function and not
by location
VLANs managed by
switches
Router needed for
communication
between VLANs
7
30 Sep 2012 S Ward Abingdon and
Witney College
8. VLANs
All hosts in a VLAN have addresses in the
same subnet. A VLAN is a subnet.
Broadcasts are kept within the VLAN. A VLAN
is a broadcast domain.
The switch has a separate MAC address table
for each VLAN. Traffic for each VLAN is kept
separate from other VLANs.
Layer 2 switches cannot route between VLANs.
8
30 Sep 2012 S Ward Abingdon and
Witney College
9. VLAN numbers
VLAN 1: default Ethernet LAN, all ports start in
this VLAN.
VLANs 1002 – 1005 automatically created for
Token Ring and FDDI
Numbers 2 to 1001 can be used for new VLANs
Up to 255 VLANs on Catalyst 2960 switch
Extended range 1006 – 4094 possible but fewer
features
9
30 Sep 2012 S Ward Abingdon and
Witney College
10. VLAN information
VLAN information is stored in the VLAN
database.
vlan.dat in the flash memory of the switch.
10
30 Sep 2012 S Ward Abingdon and
Witney College
11. Port based
Each switch port intended for an end device
is configured to belong to a VLAN.
Any device connecting to that port belongs to
the port’s VLAN.
There are other ways of assigning VLANs but
this is now the normal way.
Ports that link switches can be configured to
carry traffic for all VLANs (trunking)
11
30 Sep 2012 S Ward Abingdon and
Witney College
12. Types of VLAN
Data or user VLAN
Voice VLAN
Management VLAN
Native VLAN
Default VLAN
12
30 Sep 2012 S Ward Abingdon and
Witney College
13. Data VLAN
Carryfiles, e-mails, shared application traffic,
most user traffic.
Separate VLAN for each group of users.
13
30 Sep 2012 S Ward Abingdon and
Witney College
14. Voice VLAN
Use with IP phone.
Phone acts as a switch too.
Voice traffic is tagged, given priority.
Data not tagged, no priority.
14
30 Sep 2012 S Ward Abingdon and
Witney College
15. Management VLAN
Has the switch IP address.
Used for telnet/SSH or web access for
management purposes.
Better not to use VLAN 1 for security
reasons.
15
30 Sep 2012 S Ward Abingdon and
Witney College
16. Native VLAN
For backward compatibility with older
systems.
Relevant to trunk ports.
Trunk ports carry traffic from multiple VLANs.
VLAN is identified by a “tag” in the frame.
Native VLAN does not have a tag.
16
30 Sep 2012 S Ward Abingdon and
Witney College
17. Default VLAN
VLAN 1 on Cisco switches.
Carries CDP and STP (spanning tree
protocol) traffic.
Initially all ports are in this VLAN.
Do not use it for data, voice or management
traffic for security reasons.
17
30 Sep 2012 S Ward Abingdon and
Witney College
18. Static VLAN
The normal type. Port configured to be on a
VLAN. Connected device is on this VLAN.
VLAN can be created using CLI command,
given number and name.
VLAN can be learned from another switch.
If a port is put on a VLAN and the VLAN does
not exist, then the VLAN is created.
18
30 Sep 2012 S Ward Abingdon and
Witney College
19. Static VLAN (Port-centric)
If
VLAN 20 did not exist before – then it does
now.
19
30 Sep 2012 S Ward Abingdon and
Witney College
20. Voice VLAN
Configured for voice VLAN and data VLAN.
20
30 Sep 2012 S Ward Abingdon and
Witney College
21. Dynamic VLAN
Not widely used.
Use a VLAN Membership Policy Server
(VMPS).
Assign a device to a VLAN based on its MAC
address.
Connect device, server assigns VLAN.
Useful if you want to move devices around.
21
30 Sep 2012 S Ward Abingdon and
Witney College
22. Traffic between VLANs
Layer 2 switch keeps VLANs separate.
Router can route between VLANs. It needs to
provide a default gateway for each VLAN as
VLANs are separate subnets.
Layer 3 switch has a switch virtual interface
(SVI) configured for each VLAN. These act
like router interfaces to route between
VLANs.
22
30 Sep 2012 S Ward Abingdon and
Witney College
23. Trunking
Bothswitches have the same 5 VLANs.
Do you have a link for each VLAN?
More efficient for them to share a link.
23
30 Sep 2012 S Ward Abingdon and
Witney College
24. Trunking
Traffic for all the VLANs travels between the
switches on a shared trunk or backbone
24
30 Sep 2012 S Ward Abingdon and
Witney College
25. Tag to identify VLAN
Tag is added to the frame when it goes on to the
trunk
Tag is removed when it leaves the trunk
25
30 Sep 2012 S Ward Abingdon and
Witney College
26. Frame tagging IEEE 802.1Q
Normal
Dest Add Source Add Type/Len Data FCS
frame
Dest Add Source Add Tag Type/Len Data FCS
Add 4-byte tag,
recalculate FCS
Tag protocol Priority CFI for token VLAN ID
ID 0x8100 ring 1 - 4096
26
30 Sep 2012 S Ward Abingdon and
Witney College
27. Native VLAN
Untagged frames received on a trunk port are
forwarded on to the native VLAN.
Frame received from the native VLAN should
be untagged.
Switch will drop tagged frames received from
the native VLAN. This can happen if non-
Cisco devices are connected.
27
30 Sep 2012 S Ward Abingdon and
Witney College
28. Configure trunk port
Make a port into a trunk port and tell it which
VLAN is native.
SW1(config)#int fa0/1
SW1(config-if)switchport mode trunk
SW1(config-if)switchport trunk native vlan
99
By default native VLAN is 1.
28
30 Sep 2012 S Ward Abingdon and
Witney College
29. Dynamic trunking protocol
Dynamic trunk Mode
auto/des trunk
access Mode
Dynamic
auto/des access
Dynamic access Dynamic
auto auto
trunk Dynamic
Dynamic
desirable desirable
Dynamic trunk Dynamic
desirable auto
29
30 Sep 2012 S Ward Abingdon and
Witney College
30. Create a VLAN
SW1(config)#vlan 20
SW1(config-vlan)#name Finance
SW1(config-vlan)#end
VLAN will be saved in VLAN database rather
than running config.
If you do not give it a name then it will be
called vlan0020.
30
30 Sep 2012 S Ward Abingdon and
Witney College
31. Assign port to VLAN
SW1(config)#int fa 0/14
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end
31
30 Sep 2012 S Ward Abingdon and
Witney College
32. show vlan brief
List of VLANs with ports
32
30 Sep 2012 S Ward Abingdon and
Witney College
33. Show commands
show vlan brief (list of VLANs and ports)
show vlan summary
show interfaces vlan (up/down, traffic etc)
Show interfaces fa0/14 switchport (access
mode, trunking)
33
30 Sep 2012 S Ward Abingdon and
Witney College
34. Remove port from VLAN
SW1(config)#int fa 0/14
SW1(config-if)#no switchport access vlan
SW1(config-if)#end
The port goes back to VLAN 1.
If you assign a port to a new VLAN, it is
automatically removed from its existing
VLAN.
34
30 Sep 2012 S Ward Abingdon and
Witney College
35. Delete a VLAN
SW1(config)#no vlan 20
SW1(config)#end
VLAN 20 is deleted.
Any ports still on VLAN 20 will be inactive –
not on any VLAN. They need to be
reassigned.
35
30 Sep 2012 S Ward Abingdon and
Witney College
36. Delete VLAN database
Erasing the startup configuration does not get
rid of VLANs because they are saved in a
separate file.
SW1#delete flash:vlan.dat
Switch goes back to the default with all ports
in VLAN 1.
You cannot delete VLAN 1.
36
30 Sep 2012 S Ward Abingdon and
Witney College
38. Trunk problems
Both ends must have the same native VLAN.
Both ends must be configured with trunking
on or so that trunking is negotiated with the
other end and comes on.
Subnetting and addressing must be right.
The right VLANs must be allowed on the
trunk.
38
30 Sep 2012 S Ward Abingdon and
Witney College
39. The End
30 Sep 2012 S Ward Abingdon and Witney College 39