VLANs: Lecture 2 PDF

Lecture 2: VLANs INFR 1421 Introduction to Networking II Brent MacRae January 2025 2.1 VLAN Segmentation © 2025 Brent MacRae 2 Overview of VLANs VLAN Definitions ▪ VLANs can segment LAN devices without regard for the physical location of the user or device. In the figure, IT users on the first, second, and third floors are all on the same LAN segment. The same is true for HR and Sales users. ▪ A VLAN (virtual LAN) is a logical partition of a Layer 2 network. Multiple partitions can be created and multiple VLANs can co-exist. The partitioning of the Layer 2 network takes place inside a Layer 2 device, usually via a switch. Each VLAN is a broadcast domain that can span ▪ VLANs are mutually isolated and packets multiple physical LAN segments. can only pass between VLANs via a Hosts on the same VLAN are unaware of the VLAN’s router. existence. © Brent MacRae 2025 3 Overview of VLANs Benefits of VLANs © Brent MacRae 2025 4 Overview of VLANs Types of VLANs ▪ Common types of VLANs: Default VLAN – Also known as VLAN 1. All switch ports are members of VLAN 1 by default. Data VLAN – Data VLANs are commonly created for specific groups of users or devices. They carry user generated traffic. Native VLAN – This is the VLAN that carries all untagged traffic. This is traffic that does not originate from a VLAN port. The native VLAN is VLAN 1 by default. Management VLAN – This is a VLAN that is created to carry network management traffic including SSH, SNMP, Syslog, and more. VLAN 1 is the default VLAN used for network © Brent MacRae 2025 5 management. Overview of VLANs Voice VLANs ▪ To support time-sensitive voice traffic, Cisco switches support a voice VLAN that requires: Assured bandwidth Delay of less than 150 ms across the network to ensure voice quality Transmission priority over other types of network traffic Ability to be routed around congested areas on the network. ▪ The voice VLAN feature enables access ports to carry user and IP voice traffic. In the figure, the S3 F0/18 interface has been configured to tag student traffic on VLAN 20 and voice traffic on VLAN 150. © Brent MacRae 2025 6 VLANs in a Multi-Switched Environment VLAN Trunks ▪ A VLAN trunk is a point-to-point link that carries more than one VLAN. Usually established between switches to support intra VLAN communication. A VLAN trunk does not belong to a specific VLAN; rather, it is a conduit for multiple VLANs between switches and routers. ▪ Cisco IOS supports IEEE 802.1Q, a popular VLAN trunking protocol. ▪ A trunk could also be used between a network device and server or other The links between switches S1 and S2, and S1 and S3 are device that is equipped with an configured to transmit traffic coming from VLANs 10, 20, 30, and 99 across the network. appropriate 802.1Q-capable NIC. © Brent MacRae 2025 7 VLANs in a Multi-Switched Environment Controlling Broadcast Domains with VLANs ▪ If a switch port receives a broadcast frame, it forwards it out all ports except the originating port. Eventually the entire network receives the broadcast because the network is one broadcast domain. ▪ VLANs can be used to limit the reach of broadcast frames because each VLAN is a broadcast domain. VLANs help control the reach of broadcast frames and their impact in the network. © Brent MacRae 2025 8 VLANs in a Multi-Switched Environment Tagging Ethernet Frames for VLAN Identification ▪ Before a frame is forwarded across a trunk link, it must be tagged with its VLAN information. Frame tagging is the process of adding a VLAN identification header to the frame. It is used to properly transmit multiple VLAN frames through a trunk link. ▪ IEEE 802.1Q is a very popular VLAN trunking protocol that defines the structure of the tagging header added to the frame. Switches add VLAN tagging information after the Source MAC address field. The fields in the 802.1Q VLAN tag includes VLAN ID (VID). Trunk links add the tag information before sending the frame and then remove the tags before forwarding frames through non-trunk ports. © Brent MacRae 2025 9 2.2 VLAN Implementation © 2025 Brent MacRae 10 VLAN Assignment VLAN Ranges on Catalyst Switches ▪ VLANs are split into two categories: Normal range VLANs VLAN numbers from 1 to 1,005 ▪ Cisco Catalyst 2960 and 3560 Series Configurations stored in the vlan.dat (in the flash switches support over 4,000 VLANs. memory) IDs 1002 through 1005 are reserved for legacy Token Ring and Fiber Distributed Data Interface (FDDI) VLANs, automatically created and cannot be removed. Extended Range VLANs VLAN numbers from 1,006 to 4,096 Configurations stored in the running configuration (NVRAM) VLAN Trunking Protocol (VTP) does not learn extended VLANs © Brent MacRae 2025 11 VLAN Assignment Creating a VLAN © Brent MacRae 2025 12 VLAN Assignment Assigning Ports to VLANs ▪ After creating a VLAN, the next step is to assign it to a port. ▪ An access port can belong to only one VLAN at a time. ▪ To assign a port to a VLAN, navigate to the interface and type: S1(config-if)# switchport mode access S1(config-if)# switchport access vlan vlan-id ▪ The above configurations will assign all traffic on that port to the specified VLAN. ▪ The IP address and subnet mask configured on the PC should match the subnet for the VLAN. ▪ Note: the switchport access vlan command forces the creation of the VLAN if it does not already exist. © Brent MacRae 2025 13 VLAN Assignment Changing VLAN Port Membership Even though interface F0/18 was previously assigned to VLAN 20, it reset to the default VLAN1. © Brent MacRae 2025 14 VLAN Assignment Deleting VLANs ▪ Use the no vlan vlan-id global configuration mode command to remove VLAN. ▪ To delete the entire vlan.dat file, use the delete vlan.dat privileged EXEC mode command. This command can only be used if the vlan.dat file has not been moved from its original location. © Brent MacRae 2025 15 VLAN Assignment Verifying VLAN Information ▪ VLAN configurations can be validated using the show vlan and show interfaces commands. show vlan [brief | id vlan-id | name vlan-name | summary] © Brent MacRae 2025 16 VLAN Assignment Verifying VLAN Information ▪ VLAN configurations can be validated using the Cisco IOS show vlan and show interfaces command options. show interfaces [interface-id | vlan vlan-id] | switchport © Brent MacRae 2025 17 VLAN Trunks Configuring IEEE 802.1q Trunk Links ▪ A VLAN trunk is an OSI Layer 2 link between two switches that carries traffic for all VLANs (unless restricted). ▪ The switchport mode trunk command puts the port into a permanent trunking mode. ▪ The switchport trunk allowed vlan command allows you to specify which VLANs are allowed on across the trunk. © Brent MacRae 2025 18 VLAN Trunks Resetting the Trunk to Default State © Brent MacRae 2025 19 Troubleshoot VLANs and Trunks IP Addressing Issues with VLANs ▪ Common practice to associate a VLAN with an IP network. Different IP networks must communicate through a router. All devices within a VLAN must be part of the same IP network to communicate. ▪ In the figure, PC1 cannot communicate to the server because it has a wrong IP address configured. © Brent MacRae 2025 20 Troubleshoot VLANs and Trunks Missing VLANs ▪ If all the IP address mismatches have been solved, but the device still cannot connect, check if the VLAN exists in the switch. If the VLAN to which the port belongs is deleted, the port becomes inactive and is unable to communicate with the rest of the network until the VLAN is created. © Brent MacRae 2025 21 Troubleshoot VLANs and Trunks Common Problems with Trunks ▪ Trunking issues are usually associated with incorrect configurations. ▪ The most common type of trunk configuration errors are: © Brent MacRae 2025 22 Troubleshoot VLANs and Trunks Incorrect Port Mode ▪ In this example, PC4 cannot reach the Web server. The trunk links on S1 and S3 are verified and reveal that the S3 trunk port has been configured as an access port. © Brent MacRae 2025 23 Troubleshoot VLANs and Trunks Incorrect VLAN List ▪ In this example, PC5 cannot reach the Student Email server. The output of the switchport trunk allowed vlan command reveals S1 is not allowing VLAN 20. © Brent MacRae 2025 24 2.3 DTP © 2025 Brent MacRae 25 Dynamic Trunking Protocol Introduction to DTP ▪ Ethernet trunk interfaces support different trunking modes. ▪ An interface can be set to trunking or non-trunking, or it can be set to negotiate trunking with the neighbor interface. ▪ Trunk negotiation is managed by DTP, which operates on a point-to-point basis only, between network devices. ▪ Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol Automatically enabled on Catalyst 2960X and Catalyst 3650 Series switches. ▪ To enable trunking from a Cisco switch to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate © Brent MacRae 2025 26 Dynamic Trunking Protocol DTP Defaults ▪ The default configuration for Cisco Catalyst switches is dynamic auto, as shown in the figure. © Brent MacRae 2025 27 Dynamic Trunking Protocol DTP Defaults ▪ The link between S1 and S2 becomes a trunk because both interfaces are configured to ignore DTP messages and to stay in a permanent trunking mode. ▪ The link between S1 and S3 are set to dynamic auto (default) which will result in an access link (opposed to a trunk). Anytime a trunk is needed, always statically configure with switchport mode trunk. © Brent MacRae 2025 28 Dynamic Trunking Protocol Negotiated Interface Modes ▪ Different trunking modes: switchport mode access – puts the interface into a permanent non-trunking mode and negotiates to convert link to a non-trunk link. switchport mode trunk – puts the interface into a permanent trunking mode and negotiates to convert link to a trunk link. switchport mode dynamic auto - interface becomes a trunk if the neighboring interface is set to trunk or desirable mode. switchport mode dynamic desirable - interface becomes a trunk if the neighboring interface is set to trunk, desirable, or dynamic auto mode. switchport nonegotiate - prevents the interface from generating DTP frames. © Brent MacRae 2025 29 Dynamic Trunking Protocol Negotiated Interface Modes © Brent MacRae 2025 30

VLANs: Lecture 2 PDF

Document Details

Tags

Related

Summary

Full Transcript