S7C4

1
S7C4 VLANs

• VLAN Details

2
Problems with Layer 2 Switching

• Results in flat network structure
• Every device sees every pack transmitted
• Security
• All users have access to all devices
• Multiple paths to destinations
• Do not allow for redundant paths
• Are not capable of intelligent load balancing

3
VLAN Characteristics

• All VLAN members are in same broadcast domain
• Logical subnet
• Devices can exist any place in switch block
• Membership usually based on port number
• Can be dynamically assigned based on MAC
• End-to-end throughout switch fabric
• Can span several wiring closets or buildings

4
VLANs Solve Problems

• Efficient bandwidth utilization
• Traffic routed between switches with router
• Security
• Forces layer 3 routing process to occur
• Access lists
• Load balancing
• Layer 3 device determines best path
• Isolation of problem components
• Router keeps problems from propagating

5
End-to-End VLAN

• Users grouped into VLANs independent of physical
  location
• All users have same 80/20 traffic flow pattern
• As user moves, VLAN membership remains the same
• Each VLAN has a common set of security
  requirements for all members

6
Local VLANs

• Range from single switch in a wiring closet to an
  entire building
• Multiple paths to destinations
• Maximum scalability by keeping the VLAN within a
  switch block

7
VLAN Memberships

• Static
• Port-based assigning a port to a VLAN
• As device enters network, it assumes ports VLAN
• Requires administrator to make a port-to-VAN
  assignment for new connection when move is maDE
• Dynamic
• CiscoWorks 2000 or SWSI
• As device enters network, it queries database for
  VLAN membership
• Not covered in this course

8
Configuring Static VLANs

• Switchvlan database
• Switch(vlan) vlan vl name vlname
• Switch (config)int 1/1
• Switch (config-if) switchport mode access
• Switch (config-if) switchport access vlan vl
• CLI
• Set vlan vl name vlname
• Set vlan vl mod/portlist

9
Verifying VLAN ConfigurationVLAN Identification

• Show vlan
• Displays each vlan number, status, and ports
  assigned
• Identification
• Frame Tagging
• Places unique identifier in header of each frame
• Called id or color
• Used across backbone
• Discarded if destination host is on same switch
• VLAN hidden from end user

10
Link Types

• Access
• Member of only one VLAN
• Called ports native VLAN
• Cant receive information from another VLAN
• Requires router to communicate with another VLAN
• Trunk
• Fast Ethernet of Gigabit Ethernit (can be
  aggregated)
• Can carry multiple VLANs
• Cisco ISL or IEEE 802.1q
• Does not belong to any specific VLAN
• Does have a native VLAN uses when trunk link
  fails

11
ISL and 802.1q

• ISL
• Cisco proprietary
• Can carry ethernet, tokenring, FDDI
• Adds 26-byte header and 4-byte trailer to frame
• 10-bit VLAN ID
• 802.1q
• Standardized
• Embeds tagging information within frame
• Adds 4-byte tag after source address field
• First two bytes are 0x8100 (signifies 802.1Q tag)
• Native VLAN not encapsulated with tagging
  information
• SAID (security Association Identifier) holds
  Cisco proprietary VLAN information

12
NOTES

• Dynamic Trunking Protocol DTP
• Can be manually configured for either ISL or
  802.1q
• Should be disables if switch has trunk line
  connected to router because router cant
  participate in DTP negotiation protocol
• Trunk Line Negotiations
• Possible only if both switches belong to same
  VLAN Trunking Protocol management cdomain

13
VLAN Trunk Configuration

• (config)int 1/3
• (config-if)switchport mode trunk
• (config-if)switchport trunk encapsulation isl
  802.1q
• (config-if)switchport trunk allowed vlan remove
  vllist
• (config-if)switchport trunk allowed vlan add
  vllist
• CLI Switch
• Set trunk 3/1 onoff desirableautononegotiate
  vlanrange isldotq.1lanenegotiate
• Dtp frames sent every 30 seconds
• Clear trunk 3/1 vlan-range

14
VTP Domains

• Management Domains
• Advertise attributes (revision number, known
  VLANs, VLAN parameters)
• Server mode
• Full control (default)
• Client mode
• Cant create, change or delete VLANs
• Transparent mode
• Does not participate in VTP does not advertise

15
Advertisements

• Management domain name
• Configuration revision number
• MD5 digest
• Key sent with VTP when a password is assigned
• Updater identity switch sending advertisement

16
VTP Configuration

• VTP must be configured BEFORE VLAN
• Switchvlan database
• Switch (vlan) vtp domain domName
• Switch (vlan) vtp serverclienttransparent
• Switch (vlan) password psswrd
• Switch (vlan) vtp v2-mode
• CLI
• Switch(enable) SET VTP DOMAIN DNAME
  serverclienttransparent password psswrd
• Switch (enable) set vtp v2 enable

17
Confirming VTP

• Show vtp domain
• Shows version number, local mode, password
• Show vtp counters
• Shows exchange of advertisements
• Show vtp statistics
• Shows exchange of advertisements

18
VTP Pruning

• Disabled by default
• Switchvtp pruning
• IOS
• Set vtp pruning enable
• Clear vtp pruneeligible vlan-range
• Set vtp pruneligible vlan-range