Scribd
Upload
36 views49 pages

Lec4 VLANs

The document discusses VLANs including an overview of VLANs and their benefits, VLAN configuration in a multi-switch environment using trunking, and dynamic trunking protocol configuration.

Uploaded by

marwanosama229
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views49 pages

Lec4 VLANs

The document discusses VLANs including an overview of VLANs and their benefits, VLAN configuration in a multi-switch environment using trunking, and dynamic trunking protocol configuration.

Uploaded by

marwanosama229
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

Module 3: VLANs

Switching, Routing, and


Wireless Essentials v7.0
(SRWE)
Module Objectives
Module Title: Protocols and Models
Module Objective: Explain how network protocols enable devices to access local and remote
network resources.
Topic Title Topic Objective
Overview of VLANs Explain the purpose of VLANs in a switched network.
VLANs in a Multi-Switched Explain how a switch forwards frames based on VLAN configuration
Environment in a multi-switch environment.
Configure a switch port to be assigned to a VLAN based on
VLAN Configuration
requirements.

VLAN Trunks Configure a trunk port on a LAN switch.

Dynamic Trunking Protocol Configure Dynamic Trunking Protocol (DTP).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3.1 Overview of VLANs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Overview of VLANs
VLAN Definitions
VLANs are logical connections with other similar
devices.
Placing devices into various VLANs have the
following characteristics:
• Provides segmentation of the various groups
of devices on the same switches
• Provide organization that is more
manageable
• Broadcasts, multicasts and unicasts are
isolated in the individual VLAN
• Each VLAN will have its own unique range
of IP addressing
• Smaller broadcast domains

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
VLANs in a Multi-Switched Environment
Networks without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
VLANs in a Multi-Switched Environment
Networks without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
VLANs in a Multi-Switched Environment
Networks without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
VLANs in a Multi-Switched Environment
Networks without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different VLANs cannot communicate.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different VLANs cannot communicate.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different VLANs cannot communicate.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different VLANs cannot communicate.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Overview of VLANs
Benefits of a VLAN Design

Benefits of using VLANs are as


follows:
Benefits Description
Smaller Broadcast Dividing the LAN reduces the number of broadcast domains
Domains
Improved Security Only users in the same VLAN can communicate together
Improved IT Efficiency VLANs can group devices with similar requirements, e.g. faculty vs.
students
Reduced Cost One switch can support multiple groups or VLANs
Better Performance Small broadcast domains reduce traffic, improving bandwidth
Simpler Management Similar groups will need similar applications and other network resources
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Overview of VLANs
Types of VLANs
Default VLAN
VLAN 1 is the following:
• The default VLAN
• The default Native VLAN
• The default Management
VLAN
• Cannot be deleted or
renamed

Note: While we cannot delete


VLAN1 Cisco will recommend
that we assign these default
features to other VLANs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Overview of VLANs
Types of VLANs (Cont.)
Data VLAN
• Dedicated to user-generated traffic (email and web traffic).

• VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN.

Native VLAN
• This is used for trunk links only.

• All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Overview of VLANs
Types of VLANs (Cont.)
Management VLAN IOS Commands

• This is used for SSH/Telnet VTY traffic and should S1# configure terminal
not be carried with end user traffic. S1(config)# interface vlan 99
• Typically, the VLAN that is the SVI for the Layer 2 S1(config-if)# ip address 172.17.99.11
switch. 255.255.255.0

• In some cases, a network administrator proactively S1(config-if)# no shutdown


defines VLAN 1 as the management VLAN; this S1(config-if)# end
enables a loophole for an unauthorized connection
S1# copy running-config startup-config
to a switch.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Overview of VLANs
Types of VLANs (Cont.)
Voice VLAN
• A separate VLAN is required because Voice
traffic requires:
• Assured bandwidth
• High QoS priority
• Ability to avoid congestion
• Delay less that 150 ms from source to
destination
• The entire network must be designed to
support voice.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Overview of VLANs
Types of VLANs (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Overview of VLANs
Types of VLANs (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
3.2 VLANs in a
Multi-Switched Environment

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
VLANs in a Multi-Switched Environment
Defining VLAN Trunks
A trunk is a point-to-point link between
two network devices.
Cisco trunk functions:
• Allow more than one VLAN

• Extend the VLAN across the entire


network
• By default, supports all VLANs

• Supports 802.1Q trunking

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different VLANs cannot communicate.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
VLANs in a Multi-Switched Environment
VLAN Identification with a Tag
• The IEEE 802.1Q header is 4 Bytes

• When the tag is created the FCS must be


recalculated.
• When sent to end devices, this tag must be removed
and the FCS recalculated back to its original number.

802.1Q VLAN Tag Field Function


Type • 2-Byte field with hexadecimal 0x8100
• This is referred to as Tag Protocol ID (TPID)
User Priority • 3-bit value that supports
Canonical Format Identifier (CFI) • 1-bit value that can support token ring frames on Ethernet
VLAN ID (VID) • 12-bit VLAN identifier that can support up to 4096 VLANs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
VLANs in a Multi-Switched Environment
VLAN Identification with a Tag
▪ On the network shown, the trunk link between Device A and Device B
must support both the intra-VLAN 2 communication and the intra-VLAN
3 communication. Therefore, the ports at both ends of the trunk link must
be configured to be bound to VLAN 2 and VLAN 3. That is, Port 2
on Device A and Port 1 on Device B must belong to both VLAN 2 and
VLAN 3.
Host A sends a frame to Host B in the following process:
1.The frame is first sent to Port 4 on A.
2.A tag is added to the frame on Port 4. The VID field of the tag is set to 2, that is, the ID of the VLAN to which Port
4 belongs.
3.Device A checks whether its MAC address table contains the MAC address destined for Host B.
• If so, Device A sends the frame to the outbound interface Port 2.
• If not, Device A sends the frame to all interfaces bound to VLAN 2 except for Port 4
4. Upon receipt of the frame, Port 2 sends the frame to Device B.
5. After receiving the frame, Device B checks whether its MAC address table contains the MAC address destined
for Host B.
• If so, Device B sends the frame to the outbound interface Port 3.
• If not, Device B sends the frame to all interfaces bound to VLAN 2 except for Port 1.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

6.Upon receipt of the frame, Port 3 sends the frame to Host B.


3.3 VLAN Configuration

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
VLAN Configuration
VLAN Ranges on Catalyst Switches
Catalyst switches 2960 and 3650 support over
4000 VLANs.
• Normal Range VLAN 1 – 1005
• Extended Range VLAN 1006 - 4095

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
VLAN Configuration
VLAN Ranges on Catalyst Switches
Normal Range VLANs

▪ Used in small- and medium-sized business and enterprise networks.

▪ Identified by a VLAN ID between 1 and 1005.

▪ IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.

▪ IDs 1 and 1002 to 1005 are automatically created and cannot be removed.

▪ Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is
located in the flash memory of the switch.
▪ The VLAN Trunking Protocol (VTP) is a Cisco-proprietary Layer 2 protocol used to manage
VLAN configurations between switches; VTP can learn and store only normal range VLANs.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
VLAN Configuration
VLAN Ranges on Catalyst Switches
Extended Range VLANs
▪ Enable service providers to extend their infrastructure to a greater number of customers.
Some global enterprises could be large enough to need extended range VLAN IDs.
▪ Are identified by a VLAN ID between 1006 and 4094.

▪ Configurations are not written to the vlan.dat file.

▪ Support fewer VLAN features than normal range VLANs.

▪ Are, by default, saved in the running configuration file.

▪ VTP does not learn extended range VLANs.

NOTE
Because there are 12 bits in the VLAN ID field of the IEEE 802.1Q header, 4096 is the upper
boundary for the number of VLANs available on Catalyst switches.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
VLAN Configuration
VLAN Trunk Protocol
▪ VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you

configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the

domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-

proprietary protocol that is available on most of the Cisco Catalyst series products.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
VLAN Configuration
VLAN Creation Commands
VLAN details are stored in the vlan.dat file. You create VLANs in the global
configuration mode.

Task IOS Command


Enter global configuration mode. Switch# configure terminal
Create a VLAN with a valid ID number. Switch(config)# vlan vlan-id
Specify a unique name to identify the
Switch(config-vlan)# name vlan-name
VLAN.
Return to the privileged EXEC mode. Switch(config-vlan)# end
Enter global configuration mode. Switch# configure terminal

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
VLAN Configuration
VLAN Creation Example

• If the Student PC is going to be in


VLAN 20, we will create the VLAN first
and then name it.
• If you do not name it, the Cisco IOS
will give it a default name of vlan and Prompt Command
the four digit number of the VLAN. E.g. S1# Configure terminal
vlan0020 for VLAN 20.
S1(config)# vlan 20
S1(config-vlan)# name student
S1(config-vlan)# end

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
VLAN Configuration
VLAN Port Assignment Commands
Once the VLAN is created, we can then assign it to the correct interfaces.

Task Command
Enter global configuration mode. Switch# configure terminal

Enter interface configuration mode. Switch(config)# interface interface-id

Set the port to access mode. Switch(config-if)# switchport mode access

Assign the port to a VLAN. Switch(config-if)# switchport access vlan vlan-id

Return to the privileged EXEC mode. Switch(config-if)# end

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
VLAN Configuration
VLAN Port Assignment Example
We can assign the VLAN to the port
interface.
• Once the device is assigned the
VLAN, then the end device will need
the IP address information for that
VLAN
Prompt Command
• Here, Student PC receives S1# Configure terminal
172.17.20.22
S1(config)# Interface fa0/18
S1(config-if)# Switchport mode access
S1(config-if)# Switchport access vlan 20
S1(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
VLAN Configuration
Verify VLAN Information
Use the show vlan command. The
complete syntax is:
show vlan [brief | id vlan-id | name
vlan-name | summary]

Task Command Option


Display VLAN name, status, and its ports one VLAN per line. brief
Display information about the identified VLAN ID number. id vlan-id
Display information about the identified VLAN name. The vlan-name
name vlan-name
is an ASCII string from 1 to 32 characters.
Display VLAN summary information. summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
VLAN Configuration
Change VLAN Port Membership

There are a number of ways to change VLAN


membership:
• re-enter switchport access vlan vlan-id
command
• use the no switchport access vlan to
place interface back in VLAN 1
Use the show vlan brief or the show
interface fa0/18 switchport commands to
verify the correct VLAN association.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
VLAN Configuration
Delete VLANs
Delete VLANs with the no vlan vlan-id command.
Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.
• Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.

• Reload the switch when deleting all VLANs.

Note: To restore to factory default – unplug all data cables, erase the startup-configuration
and delete the vlan.dat file, then reload the device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
3.4 VLAN Trunks

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
VLAN Trunks
Trunk Configuration Commands
Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.

Task IOS Command


Enter global configuration mode. Switch# configure terminal
Enter interface configuration mode. Switch(config)# interface interface-id
Set the port to permanent trunking mode. Switch(config-if)# switchport mode trunk
Sets the native VLAN to something other Switch(config-if)# switchport trunk native vlan
than VLAN 1. vlan-id
Specify the list of VLANs to be allowed on Switch(config-if)# switchport trunk allowed
the trunk link. vlan vlan-list
Return to the privileged EXEC mode. Switch(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
VLAN Trunks
Trunk Configuration Example
The subnets associated with each VLAN are:
• VLAN 10 - Faculty/Staff - 172.17.10.0/24
• VLAN 20 - Students - 172.17.20.0/24
• VLAN 30 - Guests - 172.17.30.0/24
• VLAN 99 - Native - 172.17.99.0/24

F0/1 port on S1 is configured as Prompt Command


a trunk port.
S1(config)# Interface fa0/1
Note: This assumes a 2960 S1(config-if)# Switchport mode trunk
switch using 802.1q tagging.
S1(config-if)# Switchport trunk native vlan 99
Layer 3 switches require the
encapsulation to be configured S1(config-if)# Switchport trunk allowed vlan 10,20,30,99
before the trunk mode.
S1(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
VLAN Trunks
Verify Trunk Configuration
Set the trunk mode and native vlan.
Notice sh int fa0/1 switchport command:
• Is set to trunk administratively

• Is set as trunk operationally (functioning)

• Encapsulation is dot1q

• Native VLAN set to VLAN 99

• All VLANs created on the switch will pass


traffic on this trunk

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
VLAN Trunks
Reset the Trunk to the Default State
• Reset the default trunk settings with
the no command.
• All VLANs allowed to pass traffic
• Native VLAN = VLAN 1
• Verify the default settings with a
sh int fa0/1 switchport command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
VLAN Trunks
Reset the Trunk to the Default State (Cont.)
Reset the trunk to an access mode with the
switchport mode access command:
• Is set to an access interface administratively
• Is set as an access interface operationally
(functioning)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
3.5 Dynamic Trunking Protocol

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Dynamic Trunking Protocol
Introduction to DTP
Dynamic Trunking Protocol (DTP) is a proprietary Cisco protocol.
DTP characteristics are as follows:
• On by default on Catalyst 2960 and 2950 switches
• Dynamic-auto is default on the 2960 and 2950 switches
• May be turned off with the nonegotiate command
• May be turned back on by setting the interface to dynamic-auto
• Setting a switch to a static trunk or static access will avoid negotiation issues with the
switchport mode trunk or the switchport mode access commands.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Dynamic Trunking Protocol
Introduction to DTP
▪ Ethernet interfaces on Catalyst 2960 and Catalyst 3560 Series switches support

different trunking modes with the help of DTP:

• switchport mode access: Puts the interface (access port) into permanent nontrunking mode and
negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface,
regardless of whether the neighboring interface is a trunk interface.

• switchport mode dynamic auto: Makes the interface able to convert the link to a trunk link. The

interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode.
The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if
two Cisco switches are left to the common default setting of auto, a trunk will never form.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Dynamic Trunking Protocol
Introduction to DTP
• switchport mode dynamic desirable: Makes the interface actively attempt to convert the link to a

trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk,
desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst
2950 and 3550 Series switches.

• switchport mode trunk: Puts the interface into permanent trunking mode and negotiates to convert
the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring
interface is not a trunk interface.

• switchport nonegotiate: Prevents the interface from generating DTP frames. You can use this

command only when the interface switchport mode is access or trunk. You must manually configure
the neighboring interface as a trunk interface to establish a trunk link.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Dynamic Trunking Protocol
Negotiated Interface Modes
The switchport mode command has additional options.
Use the switchport nonegotiate interface configuration command to stop DTP negotiation.

Option Description

Permanent access mode and negotiates to convert the neighboring link


access
into an access link
Will becomes a trunk interface if the neighboring interface is set to trunk
dynamic auto
or desirable mode
Actively seeks to become a trunk by negotiating with other auto or
dynamic desirable
desirable interfaces
Permanent trunking mode and negotiates to convert the neighboring link
trunk
into a trunk link

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Dynamic Trunking Protocol
Results of a DTP Configuration

DTP configuration options are as follows:

Dynamic
Dynamic Auto Trunk Access
Desirable
Dynamic Auto Access Trunk Trunk Access
Dynamic
Trunk Trunk Trunk Access
Desirable
Limited
Trunk Trunk Trunk Trunk
connectivity
Limited
Access Access Access Access
connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48

You might also like