ccna exp3 - chapter03 - vlans

8/3/2019 Ccna Exp3 - Chapter03 - Vlans

1/62

Chapter 3 - VLANS

CCNA Ex loration 4.0

Please purchase apersonal license.


2/62

Objectives

Explain the role of VLANs in a network. Explain the role of trunking VLANs in a network.

Troubleshoot the common software or hardwareconfiguration problems associated with VLANs on switchesin a network topology.

Hc vin mng Bach Khoa - Website: www.bkacad.com 2


3/62

Role of VLANS

One of the contributing technologies to excellent networkperformance is the separation of large broadcast domains

into smaller ones with VLANs. Smaller broadcast domains limit the number of devicesparticipating in broadcasts and allow devices to bese arated into functional rou in s, such as database


services for an accounting department and high-speeddata transfer for an engineering department.


4/62

Before VLANS

1 building

Many building


u ng ->

Many building -> NOT OK IT department wants to ensure that student computers all share the

same security features and bandwidth controls. How can thenetwork accommodate the shared needs of the geographicallyseparated departments? Do you create a large LAN and wire eachdepartment together?

It would be great to group the people with the resources they useregardless of their geographic location, and it would make it easierto manage their specific security and bandwidth needs.


5/62

VLAN overview


A VLAN allows a network administrator to create groups of

logically networked devices that act as if they are on theirown independent network

These VLANs allow the network administrator to implementaccess and security policies to particular groups of users.


6/62

VLANS details


A VLAN is a broadcast domain created by one or moreswitches.

The network design above creates three separatebroadcast domains.


7/62

Benefit of VLANS



8/62

VLAN ID



9/62

Extra: Extended Range VLANs

Configuring Extended-Range VLANs When the switch is in VTP transparent mode (VTP disabled), you can

create extended-range VLANs (in the range 1006 to 4094 for any switchport commands that allow VLAN IDs).

Enter the vlan vlan-idglobal configuration command to access config-vlanmode and to configure extended-range VLANs. The VLAN database configuration mode (that you access by entering the

vlan database privileged EXEC command) does not support the extendedrange.


x en e -range con gura ons are no s ore n e a a ase.

Because VTP mode is transparent, they are stored in the switch runningconfiguration file. You can save the configuration in the startupconfiguration file by using the copy running-config startup-configprivileged EXEC command.

Example:Switch(config)# vtp mode transparent

Switch(config)# vlan 2000Switch(config-vlan)# endSwitch# copy running-config startup config


10/62



11/62

VLAN Tagging

No VLAN Tagging

VLAN Tagging


VLAN Tagging is used when a link needs to carry traffic formore than one VLAN.


12/62

VLAN Tagging


There are two major methods of frame tagging, Cisco proprietary Inter-Switch Link (ISL) and IEEE 802.1Q. ISL used to be the most common, but is now being replaced by 802.1Q

frame tagging.

Cisco recommends using 802.1Q.

VLAN Tagging and Trunking will be discussed in the next chapter.

802.10


13/62

Types of VLAN

Data VLAN: A data VLAN is a VLAN that is configured tocarry only user-generated traffic.



14/62

Types of VLAN


Default VLAN: All switch ports become a member of the default VLAN after the

initial boot up of the switch.

Having all the switch ports participate in the default VLAN makesthem all part of the same broadcast domain. This allows any deviceconnected to any switch port to communicate with other devices onother switch ports.

The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all thefeatures of any VLAN, except that you cannot rename it and youcan not delete it.


15/62

Types of VLAN


Management VLAN: A management VLAN is any VLAN you configure to access the

management capabilities of a switch.

VLAN 1 would serve as the management VLAN if you did notproactively define a unique VLAN to serve as the managementVLAN.

You assign the management VLAN an IP address and subnet

mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP.


16/62

Types of VLAN


Native VLAN:A native VLAN is assigned to an 802.1Q trunk port.

An 802.1Q trunk port supports traffic coming from manyVLANs (tagged traffic) as well as traffic that does notcome from a VLAN (untagged traffic).

The 802.1Q trunk port places untagged traffic on the

native VLAN. In the figure, the native VLAN is VLAN 99.


17/62

Native VLAN



18/62

Types of VLAN

Voice VLAN: It is easy to appreciate why a separate VLAN is needed to support

Voice over IP (VoIP) VoIP traffic requires:

Assured bandwidth to ensure voice quality Transmission priority over other types of network traffic Ability to be routed around congested areas on the network



19/62

Voice VLAN



20/62

Types of traffic



21/62

Types of traffic



22/62

Types of traffic



23/62

Types of traffic



24/62

Switch port membership



25/62

Controlling Broadcast Domains withVLANs



26/62

Switch 1172.30.1.21

255.255.255.0 172.30.2.12255.255.255.0

ARP Request

Without VLANs No Broadcast Control


No VLANs

Same as a single VLAN

Two Subnets

172.30.2.10255.255.255.0

172.30.1.23255.255.255.0

Without VLANs, the ARP Request would be seen by all hosts. Again, consuming unnecessary network bandwidth and host processing

cycles.


27/62

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12

255.255.255.0

VLAN 2

Switch Port: VLAN IDARP Request

With VLANs Broadcast Control


Two VLANs

Two Subnets

172.30.2.10

255.255.255.0

VLAN 2

172.30.1.23

255.255.255.0

VLAN 1 1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN


28/62

Intra-VLAN Communication

Communicating with a device in the same VLAN is calledintra-VLAN communication.



29/62

Inter-VLAN Communication

Communicating with a device in another VLAN is calledinter-VLAN communication.



30/62

Controlling Broadcast Domains with VLANs and Layer 3 Forwarding


SVI (switch virtual interface ) SVI is a logical interface configured for a specific VLAN. You need to configure an

SVI for a VLAN if you want to route between VLANs or to provide IP hostconnectivity to the switch.

An SVI is a virtual Layer 3 interface that can be configured for any VLAN that exists

on a Layer 3 switch.


31/62

VLAN Trunking



32/62

VLAN Trunk


A trunk is a point-to-point link between one or more Ethernet switch interfaces andanother networking device, such as a router or a switch.

A VLAN trunk does not belong to a specific VLAN, rather it is a conduit for VLANs

between switches and routers.


33/62

VLAN Trunk



34/62

802.1Q tagging



35/62

802.1Q tagging

EtherType field Set to the hexadecimal value of 0x8100. This value is

called the tag protocol ID (TPID) value. With theEtherType field set to the TPID value, the switch receivingthe frame knows to look for information in the tag controlinformation field.


Tag control information field 3 bits of user priority - Used by the 802.1p standard, which specifies how to provide

expedited transmission of Layer 2 frames. A description of the IEEE 802.1p is beyondthe scope of this course; however, you learned a little about it earlier in the discussionon voice VLANs.

1 bit of Canonical Format Identifier (CFI) - Enables Token Ring frames to be carriedacross Ethernet links easily.

12 bits of VLAN ID (VID) - VLAN identification numbers; supports up to 4096 VLANIDs.

FCS field After the switch inserts the EtherType and tag control information fields, it recalculates

the FCS values and inserts it into the frame.


36/62

Extra: IEEE 802.1p

IEEE 802.1p is a standard that provides traffic class expediting anddynamic multicast filtering. Essentially, it provides a mechanism forimplementing Quality of Service (QoS) at the MAC (Media Access

Control) level. Eight different classes of service are available, expressed through the3-bit user_priority field in an IEEE 802.1Q header added to the frame.The way traffic is treated when assigned to any particular class is


undefined and left to the implementation. The IEEE however has made

some broad recommendations.

802.1p is used within the IEEE 802.1D and IEEE 802.1Q standards.


37/62

Extra: ISL Encapsulation Frame



38/62

Native Vlan and 802.1Q


When you configure an 802.1Q trunk port, a default Port VLAN ID(PVID) is assigned the value of the native VLAN ID.


39/62

Extra: Basics of Dynamic Trunking Protocol (DTP)


Ethernet trunk interfaces support several different trunking modes.

Access Dynamic desirable (default mode on Catalyst 2950 and 3550) Dynamic auto Trunk Non-negotiate dotq-tunnel (Not an option on the Catalyst 2950.)


40/62

The trunking modes available in Fast Ethernet and Gigabit Ethernet

Trunking mode

(config-if)#switchport mode trunk


switchport mode access

switchport mode dynamic desirable

switchport mode dynamic auto

Nonegotiateswitchport nonegotiate


41/62

Extra: Trunking mode

trunkConfigures the port to permanent trunk mode and negotiateswith the connected device on the other side to convert the link to trunkmode. If multiple trunk encapsulations are available, the encapsulationmust be chosen before this command will work.

accessDisables port trunk mode and negotiates with the connecteddevice to convert the link to nontrunk. This port will belong to only theconfigured access VLAN.

dynamic desirableTriggers the port to negotiate the link from


connected device is in the trunk, dynamic desirable, or dynamicauto state. Otherwise, the port becomes a nontrunk port. This is thedefault for IOS switch ports

dynamic autoEnables the port to become a trunk only if theconnected device has the state set to trunk or dynamic desirable.

nonnegotiateConfigures the port to permanent trunk mode. Nonegotiation takes place with the partner. The other side must be trunkor nonegotiate for the trunk to work. You must also specify theencapsulation before choosing this mode.

T ki d


42/62

Trunking mode


T ki d


43/62

Trunking mode



44/62


Creating VLANs


45/62

Creating VLANs

Add a VLAN


Extra: Creating VLANs


46/62

Extra: Creating VLANs

Switch#vlan database


Switch(vlan)#vlan {vlan_id} [name {vlan_name}]

Switch(vlan)#exit

switch# vlan database

% Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

Assign VLAN to port


47/62

Assign VLAN to port


Extra: Configuring Ranges of VLANs


48/62

Extra: Configuring Ranges of VLANs

SydneySwitch(config)#interface range fastethernet0/8 ?

, comma

vlan 3


- hyphen(config)#interface range fastethernet0/8 -12

(config-if-range)#switchport access vlan 3

(config-if-range)#exit

(config)#interface range fastethernet0/8 ,fastethernet0/12

(config-if-range)#switchport access vlan 3

(config-if-range)#exit


49/62

Delete Vlan


50/62

Delete Vlan


(config)# no vlan vlan_id # delete flash:vlan.dat

Configure a Trunk link


51/62

Configure a Trunk link


Extra: switchport trunk


52/62

Extra: switchport trunk


Remove VLANs from the current list of the trunking line:(config-if)# switchport trunk allowed vlan remove vlan-id

If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on thetrunk ports:(config-if)# switchport trunk native vlan vlan-id

Extra: Specify the Trunk Encapsulation


53/62

Extra: Specify the Trunk Encapsulation


Verify Trunk Configuration


54/62

Verify Trunk Configuration

show interfaces interface-IDswitchport


show interface trunk

Managing a Trunk Configuration


55/62

Managing a Trunk Configuration


Common Problems with Trunks


56/62

Common Problems with Trunks


Native VLAN mismatchs


57/62


Trunk mode mismatch


58/62


Solution: (config-if)# switchport mode trunk

Incorrect VLAN list


59/62


Solution: S1 f0/3: (config-if)# switchport trunk allowed vlan 10, 20, 99

Mistake of VLAN and IP subnets


60/62


Lab


61/62


Summary


62/62


ccna exp3 - chapter03 - vlans

Documents