Module 2 VLANs VLANs Trunking VLAN Trunking Protocol

Module 2 VLANs

VLANs Ø Trunking Ø VLAN Trunking Protocol (VTP) 2

VLANs 3

VLANs and Physical Boundaries 4

VLANs Virtual LANs segment a switched network based on Organisation function, project teams, applications (end-to-end) Or Geographic, location (local vlans) Reconfiguration through software Broadcast domain existing within a defined no. of switches 5

VLANs control broadcasts 6

When NOT to VLAN 7

Types of VLANs When scaling VLANs in the switch block, there are two basic methods of defining the VLAN boundaries: ØEnd-to-end VLANs Ø (no longer recommended by Cisco due to management and STP concerns , goal is maintain 80% of traffic on end-to-end VLAN, old 80/20 rule) ØLocal VLANs Ø (generally geographic in nature – follow the 20/80 rule) 8

End to End VLANs 9

End-to-End VLANs 10

Local/Geographical VLANs 11

VLAN Types The two common approaches to assigning VLAN Membership are: ØStatic VLANs Ø Port based – VLAN assigned to port ØDynamic VLANs Ø Created & controlled via S/W packages CW 2000, VLAN Management Policy Server VMPS 12

Static VLANs 13

Dynamic VLAN 14

show vlan CIS-2900 -Server. Farm>show vlan VLAN Name ------------------1 default 2 VLAN 0002 3 VLAN 0003 4 VLAN 0004 5 VLAN 0005 10 VLAN 0010 50 Sever. Farm 1002 fddi-default <text omitted> Status Ports ----------------active active Fa 0/1, Fa 0/2, Fa 0/3, Fa 0/4, Fa 0/5, Fa 0/6, Fa 0/7, Fa 0/8, <output omitted) Fa 0/21, Fa 0/22 active VLAN Type SAID MTU Parent Ring. No Bridge. No Stp Brdg. Mode Trans 1 Trans 2 ----- -------- --------1 enet 100001 1500 0 0 15 <Text omitted>

show vlan brief CIS-2900 -Server. Farm>show vlan brief VLAN Name ------------------1 default 2 VLAN 0002 3 VLAN 0003 4 VLAN 0004 5 VLAN 0005 10 VLAN 0010 50 Sever. Farm 1002 1003 1004 1005 fddi-default token-ring-default fddinet-default trnet-default Status Ports ----------------active active Fa 0/1, Fa 0/2, Fa 0/3, Fa 0/4, Fa 0/5, Fa 0/6, Fa 0/7, Fa 0/8, <output omitted) Fa 0/21, Fa 0/22 active 16

show run Switch# show running- config ! interface Fast. Ethernet 0/1 switchport access vlan 50 ! interface Fast. Ethernet 0/2 switchport access vlan 50 ! interface Fast. Ethernet 0/3 switchport access vlan 50 ! interface Fast. Ethernet 0/4 switchport access vlan 50 17

VLANs • VLANs • Trunking • VLAN Trunking Protocol (VTP) 18

Trunking 19

Access and Trunk Links 20

Trunk Links Without trunking With trunking 21

ISL (Frame Encapsulation) Ethernet Frame 1500 bytes plus 18 byte header (1518 bytes) Standard NIC cards and networking devices don’t understand this giant frame. A Cisco switch must remove this encapsulation before sending the frame out on an access link. 22

802. 1 q NIC cards and networking devices can understand this “baby giant” frame (1522 bytes). However, a Cisco switch must remove this encapsulation before sending the frame out on an access link. SA and DASA and 802. 1 q DA MACs. Tag Type/Length Field Data (max 1500 bytes) 2 -byte TPID Tag Protocol Identifier 2 -byte TCI Tag Control Info (includes VLAN ID) CRC New CRC 23

Trunking • Before attempting to configure a VLAN trunk on a port, you should to determine what encapsulation the port can support. switch(config-if)# switchport trunk encapsulation ? 24

Trunking Ø A trunk is a point-to-point link between: ØTwo switches ØA switch and a router Ø Trunks carry traffic of multiple VLANs Ø Cisco supports one or both of these Trunking protocols: ØIEEE 802. 1 Q (dot 1 q) ØISL (Cisco proprietary) 25

Configuring. Trunking Switch(config)# interface fastethernet 0 Switch(config-if)# switchport mode [access | multi | trunk] Switch(config-if)# switchport trunk encapsulation {isl|dot 1 q} Switch(config-if)# switchport trunk allowed vlan remove vlanlist Switch(config-if)# switchport trunk allowed vlan add vlan-list • By default, all VLANS, 1 -1005 transported automatically 26

Router interface Fast. Ethernet 0/1. 1 encapsulation dot 1 Q 1 ip address 172. 30. 1. 1 255. 0 ip access-group 100 in ip helper-address 172. 30. 50 no ip directed-broadcast ! interface Fast. Ethernet 0/1. 2 encapsulation dot 1 Q 2 ip address 172. 30. 2. 1 255. 0 ip access-group 102 in ip helper-address 172. 30. 50. 255 ip helper-address 172. 30. 50. 10 no ip directed-broadcast 27

VLANs • VLANs • Trunking • VLAN Trunking Protocol (VTP) 28

VTP 29

VLAN Trunking Protocol • VTP maintains VLAN configuration consistency across the entire network. • VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis. • Further, VTP allows you to make centralized changes that are communicated to all other switches in the network. 30

VTP • Create VLANs on the VTP Server • Those VLANs get sent to other client switches • On the client switches, you can now assign ports to those vlans. • Cannot create vlans on the client switches like you could previously before configuring the switch to be a VTP client. 31

VTP • All switches in the same management domain share their VLAN information with each other, and a switch can participate in only one VTP management domain. • Switches in different domains do not share VTP information. • Using VTP, switches advertise: – Management domain – Configuration revision number – Known VLANs and their specific parameters 32

VTP • Switches can be configured not to accept VTP information. • These switches will forward VTP information on trunk ports in order to ensure that other switches receive the update, but the switches will not modify their database, nor will the switches send out an update indicating a change in VLAN status. – This is referred to as transparent mode. 33

VTP • By default, management domains are set to a nonsecure mode, meaning that the switches interact without using a password. • Adding a password automatically sets the management domain to secure mode. – A password must be configured on every switch in the management domain to use secure mode. 34

VTP • The VTP database contains a revision number. • Each time a change is made, the switch increments the revision number 35

VTP • A higher configuration revision number indicates that the VLAN information that is being sent is more current then the stored copy. • Any time a switch receives an update that has a higher configuration revision number, the switch will overwrite the stored information with the new information being sent in the VTP update. 36

VTP Modes • Switches can operate in any one of the following three VTP modes: – Server – Client – Transparent 37

VTP Modes • Server - If you configure the switch for server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. • VTP servers: – advertise their VLAN configuration to other switches in the same VTP domain – synchronize the VLAN configuration with other switches based on advertisements received over trunk links. – Recommended you have at least 2 VTP servers in case one goes down • This is the default mode on the switch. 38

VTP Modes • Client - VTP clients behave the same way as VTP servers. However, you cannot create, change, or delete VLANs on a VTP client. 39

VTP Modes • Transparent - VTP transparent switches do not participate in VTP. • A VTP transparent switch does not advertise its VLAN configuration, and does not synchronize its VLAN configuration based on received advertisements. – However, in VTP Version 2, transparent switches do forward VTP advertisements that the switches receive out their trunk ports. 40

Configuring VTP Switch# vlan database Switch(vlan)# vtp domain-name Switch(vlan)# vtp {server | client | transparent} Optional: Switch(vlan)# vtp password Switch(vlan)# vtp v 2 -mode (version 2) Example: ALSwitch# vlan database ALSwitch(vlan)# vtp domain corp ALSwitch(vlan)# vtp client 41

Summary • VLANs • Trunking • VLAN Trunking Protocol (VTP) 42