Building Cisco Multilayer Switched Networks (BCMSN)

Instructor NameMR.SIDDIQ AHMED

CCIE # 17864

Implementing VLANs

A VLAN = A Broadcast Domain = Logical Network (Subnet)

VLAN Overview

– Layer 2 connectivity

– Logical organizational flexibility

– Single broadcast domain

– Management– Basic security

4

– VLANs plus routing limits broadcasts to the domain of origin.

VLANs Establish Broadcast Domains

5

• Local VLANs generally reside in the wiring closet.

Local VLANs

• All users attached to same switch port must be in the same VLAN.

Static VLANs

7

VLAN Membership Modes

• VLAN membership can either be static or dynamic.

Configuring VLANs in Global Mode

Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3Switch(config-vlan)#exit Switch(config)#end

Configuring VLANs in VLAN Database Mode

Switch#vlan database Switch(vlan)#vlan 3

VLAN 3 added: Name: VLAN0003Switch(vlan)#exit APPLY completed.Exiting....

Assigning Access Ports to a VLAN Switch(config)#interface gigabitethernet 1/1Switch(config)#interface gigabitethernet 1/1

• Enters interface configuration mode

Switch(config-if)#switchport mode accessSwitch(config-if)#switchport mode access

• Configures the interface as an access port

Switch(config-if)#switchport access vlan 3Switch(config-if)#switchport access vlan 3

• Assigns the access port to a VLAN

Verifying the VLAN Configuration

Switch#show vlan [id | name] [vlan_num | vlan_name]Switch#show vlan [id | name] [vlan_num | vlan_name]

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/22 VLAN0002 active51 VLAN0051 active52 VLAN0052 active… VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 10032 enet 100002 1500 - - - - - 0 051 enet 100051 1500 - - - - - 0 052 enet 100052 1500 - - - - - 0 0

Verifying the VLAN Port Configuration

Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port

• Displays the running configuration of the interface

Switch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchportSwitch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchport

• Displays the switch port configuration of the interface

Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression]Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression]

• Displays the MAC address table information for the specified interface in the specified VLAN

Implementing VLAN Trunks

Trunk Link Physical Implementation

VLAN Trunking

Switch Ports and Trunk Ports

FunctionFunction

switchport mode trunkTrunk portswitchport mode trunkTrunk port

switchport mode dynamicDynamic portswitchport mode dynamicDynamic port

Sets the switch port to dynamically negotiate the status (access or trunk)

Sets the switch port to dynamically negotiate the status (access or trunk)

Sets the switch port to unconditionally become a trunk portSets the switch port to unconditionally become a trunk port

switchport mode access Access portswitchport mode access Access port

Sets the switch port to unconditionally be an access portSets the switch port to unconditionally be an access port

CommandCommand

Switch Port DTP Modes

FunctionFunction

trunktrunk

dynamic autodynamic auto

dynamic desirabledynamic desirable Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet

Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet

accessaccess

Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode

Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode

Unconditionally sets a switch port to access mode, regardless of other DTP functionsUnconditionally sets a switch port to access mode, regardless of other DTP functions

Sets the switch port to respond but not to actively send DTP negotiation framesSets the switch port to respond but not to actively send DTP negotiation frames

nonegotiate nonegotiate Specifies that DTP negotiation packets are not sent on the Layer 2 interface Specifies that DTP negotiation packets are not sent on the Layer 2 interface

ModeMode

18

– Performed with ASIC

– Not intrusive to client stations; client does not see the header

– Effective between switches, and between routers and switches

ISL Encapsulation

ISL and Layer 2 Encapsulation

802.1Q Frame

802.1Q and Layer 2 Encapsulation

802.1Q Native VLANs

VLAN Ranges

VLAN RangeVLAN Range RangeRange UsageUsage

ReservedReserved For system use onlyFor system use only0, 40950, 4095

NormalNormal Cisco defaultCisco default11

NormalNormal For Ethernet VLANsFor Ethernet VLANs2-10012-1001

NormalNormal Cisco defaults for FDDI and Token Ring

Cisco defaults for FDDI and Token Ring1002-10051002-1005

ExtendedExtended For Ethernet VLANs onlyFor Ethernet VLANs only1025-40941025-4094

Configuring ISL Trunking

Switch(config)#interface fastethernet 2/1Switch(config)#interface fastethernet 2/1

Switch(config-if)#switchport trunk encapsulation islSwitch(config-if)#switchport trunk encapsulation isl

Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport mode trunk

• Enters interface configuration mode

• Selects the encapsulation

• Configures the interface as a Layer 2 trunk

Verifying ISL Trunking

Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port

Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]

Switch#show interfaces fastethernet 2/1 trunk

Port Mode Encapsulation Status Native VLAN Fa2/1 desirable isl trunking 1

Port VLANs allowed on trunk Fa2/1 1-1005

Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005

Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005

Configuring 802.1Q Trunking

Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,15,11,1002-1005 Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown

Verifying 802.1Q Trunking

Switch#show running-config interface {fastethernet | gigabitethernet} slot/portSwitch#show running-config interface {fastethernet | gigabitethernet} slot/port

Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ]

Switch#show interfaces gigabitEthernet 0/1 switchportName: Gi0/1Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001 . . .

Implementing VLAN Trunk Protocol

– Advertises VLAN configuration information

– Maintains VLAN configuration consistency throughout a common administrative domain

– Sends advertisements on trunk ports only

VTP Protocol Features

VTP Operation• VTP advertisements are sent as multicast frames.

• VTP servers and clients are synchronized to the latest revision number.

• VTP advertisements are sent every 5 minutes or when there is a change.

31

• Cannot create, change, or delete VLANs

• Forwards advertisements

• Synchronizes VLAN configurations

• Does not save in NVRAM

• Creates, modifies, and deletes VLANs

• Sends and forwards advertisements

• Synchronizes VLAN configurations

• Saves configuration in NVRAM

• Creates, modifies, and deletes VLANs locally only

• Forwards advertisements

• Does not synchronize VLAN configurations

• Saves configuration in NVRAM

VTP Modes

• Increases available bandwidth by reducing unnecessary flooded traffic

• Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN.

VTP Pruning

33

VTP Configuration Guidelines

– Configure the following:• VTP domain name • VTP mode (server mode is the default)• VTP pruning• VTP password• VTP trap

– Use caution when adding a new switch into an existing domain.

– Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information.

Configuring a VTP Server

Switch(config)#vtp server Switch(config)#vtp server

• Configures VTP server mode

Switch(config)#vtp domain domain-name Switch(config)#vtp domain domain-name

• Specifies a domain name

Switch(config)#vtp password password Switch(config)#vtp password password

• Sets a VTP password

Switch(config)#vtp pruning Switch(config)#vtp pruning

• Enables VTP pruning in the domain

Configuring a VTP Server

Switch#configure terminal

Switch(config)#vtp server

Setting device to VTP SERVER mode.Switch(config)#vtp domain Lab_Network

Setting VTP domain name to Lab_NetworkSwitch(config)#end

Verifying the VTP Configuration

Switch#show vtp statusSwitch#show vtp status

Switch#show vtp status

VTP Version : 2Configuration Revision : 247Maximum VLANs supported locally : 1005Number of existing VLANs : 33VTP Operating Mode : ClientVTP Domain Name : Lab_NetworkVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49Switch#

Tomorrow's Topics :

• Spanning Tree Protocol (STP)• Rapid Spanning Tree Protocol (RSTP)• Multiple Spanning Tree Protocol (MSTP)