Embed Size (px)
Citation preview
1© 2003, Cisco Systems, Inc. All rights reserved.
CCNA 3 v3.0 Module 8 Virtual LANs
Cisco Networking Academy
222© 2003, Cisco Systems, Inc. All rights reserved.
Objectives
• VLAN concepts
• VLAN configuration
• Troubleshooting VLANs
333© 2003, Cisco Systems, Inc. All rights reserved.
Benefits of VLANs
• Easily move workstations on the LAN
• Easily add workstations to the LAN
• Easily change the LAN configuration
• Easily control network broadcast traffic
• Improve security
444© 2003, Cisco Systems, Inc. All rights reserved.
VLANs
VLANs logically segment switched networks based on an organization's functions, project teams, or applications as opposed to only a physical or geographical basis.
However, geographic VLANs (local VLANs) are becoming more common.
555© 2003, Cisco Systems, Inc. All rights reserved.
Local VLANs
• VLANs are more frequently being created around geographic boundaries (wiring closet) rather than commonality (application) boundaries.
– traffic flow patterns utilize the new 20/80 rule
– the user must cross a Layer 3 device in order to reach 80 percent of the resources
–considerably easier to manage and conceptualize than VLANs that span different geographic areas
666© 2003, Cisco Systems, Inc. All rights reserved.
3 Switches, 3 Interfaces, 3 Broadcast Domains
777© 2003, Cisco Systems, Inc. All rights reserved.
Example with 1 Switch, 3 VLANs and 3 Broadcast Domains
In this example, 3 different FastEthernetinterfaces are being used. However,subinterfaces can be created instead toachieve the same design goal.
Router(config)# int fa0/0.1Router(config)# int fa0/0.2Router(config)# int fa0/0.3
One physical interface
888© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Configuration
VLANs can be configured as static or dynamic.
• Statically:–Network administrators configure port-by-port
–Each port is associated with a specific VLAN
–Network admin. is responsible for keying in the mappings between the switchports and VLANs
• Dynamically:–Switchports are able to dynamically configure their VLAN association
–Uses a software database of MAC addresses to VLAN mappings (which the network admin. must set up first)
999© 2003, Cisco Systems, Inc. All rights reserved.
Static VLANs
101010© 2003, Cisco Systems, Inc. All rights reserved.
Dynamic VLANs
111111© 2003, Cisco Systems, Inc. All rights reserved.
Dynamic VLANs
• With a VLAN Management Policy Server (VMPS), you can assign switch ports to VLANs dynamically.
– When you enable VMPS, a MAC address-to-VLAN mapping database downloads from a Trivial File Transfer Protocol (TFTP) server and VMPS begins to accept client requests.
Note: The VLAN Trunking Protocol (VTP) management domain and the management VLAN of VMPS clients and the VMPS server must be the same.
121212© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Types
• Port Based:
– Most common configuration method
– Ports assigned individually, in groups or across multiple switches
– Simple to use/administer
• MAC address:
– Rarely implemented today
– Each address must be entered into the switch and configured individually
– More administrative overhead
131313© 2003, Cisco Systems, Inc. All rights reserved.
Communicating Between VLANs
One physical interface
141414© 2003, Cisco Systems, Inc. All rights reserved.
Interswitch Communication and VTP
• In order for switches to communicate between each other, a trunk link must be established from switch to switch using a trunking protocol.
• Trunk links carry frames from all VLANs.
• Trunking ports tag frames with a VLAN ID before the frame is forwarded to another switch.
• The VLAN tag is then removed before the frame is forwarded out an access port.
151515© 2003, Cisco Systems, Inc. All rights reserved.
Access/Trunk Links
An access link is a link on the switch that is a member of only one VLAN. –referred to as the native VLAN of the port
A trunk link is capable of supporting multiple VLANs.–typically used to connect switches to other switches or routers
ISL or 802.1q
161616© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Trunking Protocols
• The switch has two methods of identifying the VLAN that a frame belongs to when the switch receives the frame on a trunk link.
–Cisco proprietary ISL standard
–IEEE 802.1Q standard
• There are other trunking encapsulation types but we will focus on these two.
171717© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Frame Identification
Identification Method
Encapsulation Tagging (insertion into frame)
Media
802.1Q No Yes Ethernet
ISL Yes No Ethernet
802.10 No No FDDI
LANE No No ATM
http://www.cisco.com/en/US/tech/tk389/tk390/technologies_tech_note09186a0080094665.shtml
181818© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Trunking Protocol
• A VTP domain is made up of one or more interconnected devices that share the same VTP domain name.
– A switch can be configured to be in one VTP domain only.
– Global VLAN information is propagated across the network by way of connected switch trunk ports.
– When transmitting VTP messages to other switches in the network, the VTP message is encapsulated in a trunking protocol frame such as ISL or IEEE 802.1Q.
– In order to share VTP information, switches must be in the same VTP domain.
191919© 2003, Cisco Systems, Inc. All rights reserved.
End-to-End VLANs
• Users are grouped into VLANs independent of physical location, but dependent on group or job function.
• All users in a VLAN should have the same 80/20 traffic flow patterns.
• As a user moves around the campus, VLAN membership for that user should not change.
• Each VLAN has a common set of security requirements for all members
202020© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Configuration
The following guidelines must be followed when configuring VLANs on Cisco 29xx switches:
• The maximum number of VLANs is switch dependent.
• VLAN 1 is one of the factory-default VLANs.
• VLAN 1 is the default Ethernet VLAN.
• Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) advertisements are sent on VLAN 1.
• The Catalyst 29xx IP address is in the VLAN 1 broadcast domain by default.
• The switch must be in VTP server mode to create, add, or delete VLANs.
212121© 2003, Cisco Systems, Inc. All rights reserved.
Creating and Deleting VLANs
To Create VLANs:
Switch# vlan databaseSwitch(vlan)# vlan 2Switch(vlan)# vlan 3 name AccountingSwitch(vlan)# no vlan 4
To group a switchport to a VLAN:
Switch(config)# int range fa0/1 - 4Switch(config-range-if)# switchport mode accessSwitch(config-range-if)# switchport access vlan 2Switch(config-range-if)# no switchport access vlan 2Switch(config-range-if)# int g0/1Switch(config-if)# switchport mode trunk
2900XL:Switch(config-if)# switchport mode trunkSwitch(config-if)# switchport encapsulation isl | dot1q
The Catalyst 2900XL will do both ISL and 802.1q encapsulation so you must specify at the switchport.
222222© 2003, Cisco Systems, Inc. All rights reserved.
Verifying VLAN Configuration
232323© 2003, Cisco Systems, Inc. All rights reserved.
Common Problems in Troubleshooting VLANs
• Ports grouped to incorrect VLAN
• Trunk link between switches may not have the same encapsulation on both sides
• VTP Domain name different
• Duplex and speed mismatch
• Intervlan routing configured incorrectly at router
242424© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Problem Isolation
252525© 2003, Cisco Systems, Inc. All rights reserved.
Problem Isolation in Catalyst Networks
262626© 2003, Cisco Systems, Inc. All rights reserved.
Preventing Broadcast Storms
272727© 2003, Cisco Systems, Inc. All rights reserved.
Catalyst IOS show vlan Command
282828© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Troubleshooting Scenarios
A trunk link cannot be established between a switch and a router
292929© 2003, Cisco Systems, Inc. All rights reserved.
VLAN Troubleshooting Scenarios
VTP is not properly propagating VLAN configuration changes between switches.
