VLANs

1
VLANs

• Module 2

2
VLANs

• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)

3
VLANs
4
VLANs and Physical Boundaries
5
VLANs
Virtual LANs segment a switched network based on
Organisation function, project teams,
applications (end-to-end) Or Geographic, location
(local vlans) Reconfiguration through
software Broadcast domain existing within a
defined no. of switches
6
VLANs control broadcasts
7
When NOT to VLAN
8
Types of VLANs

• When scaling VLANs in the switch block, there
  are two basic methods of defining the VLAN
  boundaries
• End-to-end VLANs
• (no longer recommended by Cisco due to management
  and STP concerns , goal is maintain 80 of
  traffic on end-to-end VLAN, old 80/20 rule)
• Local VLANs
• (generally geographic in nature follow the
  20/80 rule)

9
End to End VLANs
10
End-to-End VLANs
11
Local/Geographical VLANs
12
VLAN Types

• The two common approaches to assigning VLAN
  Membership are
• Static VLANs
• Port based VLAN assigned to port
• Dynamic VLANs
• Created controlled via S/W packages CW2000,
  VLAN Management Policy Server VMPS

13
Static VLANs
14
Dynamic VLAN
15
show vlan

• CIS-2900-ServerFarmgtshow vlan
• VLAN Name Status
  Ports
• ---- -------------------------------- ---------
  -----------------
• 1 default active
• 2 VLAN0002 active
• 3 VLAN0003 active
• 4 VLAN0004 active
• 5 VLAN0005 active
• 10 VLAN0010 active
• 50 SeverFarm active
  Fa0/1, Fa0/2, Fa0/3, Fa0/4,
• 
  Fa0/5, Fa0/6, Fa0/7, Fa0/8,
• 
  ltoutput omitted)
• 
  Fa0/21, Fa0/22
• 1002 fddi-default active
• lttext omittedgt
• VLAN Type SAID MTU Parent RingNo
  BridgeNo Stp BrdgMode Trans1 Trans2

16
show vlan brief

• CIS-2900-ServerFarmgtshow vlan brief
• VLAN Name Status
  Ports
• ---- -------------------------------- ---------
  -----------------
• 1 default active
• 2 VLAN0002 active
• 3 VLAN0003 active
• 4 VLAN0004 active
• 5 VLAN0005 active
• 10 VLAN0010 active
• 50 SeverFarm active
  Fa0/1, Fa0/2, Fa0/3, Fa0/4,
• 
  Fa0/5, Fa0/6, Fa0/7, Fa0/8,
• 
  ltoutput omitted)
• 
  Fa0/21, Fa0/22
• 1002 fddi-default active
• 1003 token-ring-default active
• 1004 fddinet-default active
• 1005 trnet-default active

17
show run

• Switch show running-config
• !
• interface FastEthernet0/1
• switchport access vlan 50
• !
• interface FastEthernet0/2
• switchport access vlan 50
• !
• interface FastEthernet0/3
• switchport access vlan 50
• !
• interface FastEthernet0/4
• switchport access vlan 50

18
VLANs

• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)

19
Trunking
20
Access and Trunk Links
21
Trunk Links
Without trunking
With trunking
22
ISL (Frame Encapsulation)
Ethernet Frame1500 bytes plus 18 byte header
(1518 bytes)
23
802.1q
NIC cards and networking devices can understand
this baby giant frame (1522 bytes). However, a
Cisco switch must remove this encapsulation
before sending the frame out on an access link.
SA and DA MACs
SA and DA MACs
802.1q Tag
Type/Length Field
Data (max 1500 bytes)
CRC
NewCRC
Tag Protocol Identifier Tag Control Info
(includes VLAN ID)
24
Trunking

• Before attempting to configure a VLAN trunk on a
  port, you should to determine what encapsulation
  the port can support.
• switch(config-if) switchport trunk encapsulation
  ?

25
Trunking

• A trunk is a point-to-point link between
• Two switches
• A switch and a router
• Trunks carry traffic of multiple VLANs
• Cisco supports one or both of these Trunking
  protocols
• IEEE 802.1Q (dot1q)
• ISL (Cisco proprietary)

26
Configuring Trunking

• Switch(config) interface fastethernet 0
• Switch(config-if) switchport mode access
  multi trunk
• Switch(config-if) switchport trunk encapsulation
  isldot1q
• Switch(config-if) switchport trunk allowed vlan
  remove vlan-list
• Switch(config-if) switchport trunk allowed vlan
  add vlan-list
• By default, all VLANS, 1-1005 transported
  automatically

27
Router

• interface FastEthernet0/1.1
• encapsulation dot1Q 1
• ip address 172.30.1.1 255.255.255.0
• ip access-group 100 in
• ip helper-address 172.30.50.50
• no ip directed-broadcast
• !
• interface FastEthernet0/1.2
• encapsulation dot1Q 2
• ip address 172.30.2.1 255.255.255.0
• ip access-group 102 in
• ip helper-address 172.30.50.255
• ip helper-address 172.30.50.10
• no ip directed-broadcast

28
VLANs

• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)

29
VTP
30
VLAN Trunking Protocol

• VTP maintains VLAN configuration consistency
  across the entire network.
• VTP is a messaging protocol that uses Layer 2
  trunk frames to manage the addition, deletion,
  and renaming of VLANs on a network-wide basis.
• Further, VTP allows you to make centralized
  changes that are communicated to all other
  switches in the network.

31
VTP

• Create VLANs on the VTP Server
• Those VLANs get sent to other client switches
• On the client switches, you can now assign ports
  to those vlans.
• Cannot create vlans on the client switches like
  you could previously before configuring the
  switch to be a VTP client.

32
VTP

• All switches in the same management domain share
  their VLAN information with each other, and a
  switch can participate in only one VTP management
  domain.
• Switches in different domains do not share VTP
  information.
• Using VTP, switches advertise
• Management domain
• Configuration revision number
• Known VLANs and their specific parameters

33
VTP

• Switches can be configured not to accept VTP
  information.
• These switches will forward VTP information on
  trunk ports in order to ensure that other
  switches receive the update, but the switches
  will not modify their database, nor will the
  switches send out an update indicating a change
  in VLAN status.
• This is referred to as transparent mode.

34
VTP

• By default, management domains are set to a
  nonsecure mode, meaning that the switches
  interact without using a password.
• Adding a password automatically sets the
  management domain to secure mode.
• A password must be configured on every switch in
  the management domain to use secure mode.

35
VTP

• The VTP database contains a revision number.
• Each time a change is made, the switch increments
  the revision number

36
VTP

• A higher configuration revision number indicates
  that the VLAN information that is being sent is
  more current then the stored copy.
• Any time a switch receives an update that has a
  higher configuration revision number, the switch
  will overwrite the stored information with the
  new information being sent in the VTP update.

37
VTP Modes

• Switches can operate in any one of the following
  three VTP modes
• Server
• Client
• Transparent

38
VTP Modes

• Server - If you configure the switch for server
  mode, you can create, modify, and delete VLANs,
  and specify other configuration parameters (such
  as VTP version and VTP pruning) for the entire
  VTP domain.
• VTP servers
• advertise their VLAN configuration to other
  switches in the same VTP domain
• synchronize the VLAN configuration with other
  switches based on advertisements received over
  trunk links.
• Recommended you have at least 2 VTP servers in
  case one goes down
• This is the default mode on the switch.

39
VTP Modes

• Client - VTP clients behave the same way as VTP
  servers. However, you cannot create, change, or
  delete VLANs on a VTP client.

40
VTP Modes

• Transparent - VTP transparent switches do not
  participate in VTP.
• A VTP transparent switch does not advertise its
  VLAN configuration, and does not synchronize its
  VLAN configuration based on received
  advertisements.
• However, in VTP Version 2, transparent switches
  do forward VTP advertisements that the switches
  receive out their trunk ports.

41
Configuring VTP

• Switch vlan database
• Switch(vlan) vtp domain domain-name
• Switch(vlan) vtp server client transparent
• Optional
• Switch(vlan) vtp password password
• Switch(vlan) vtp v2-mode (version2)
• Example
• ALSwitch vlan database
• ALSwitch(vlan) vtp domain corp
• ALSwitch(vlan) vtp client

42
Summary

• VLANs
• Trunking
• VLAN Trunking Protocol (VTP)