ICND2 Topic: Implementing VLAN and Trunks, Improving performance with Spanning Tree, Routing between VLANs.
VLAN definition:
Short for Virtual LAN. Each switchport may be assigned to one VLAN, ports in the same VLAN share broadcasts, and there is one IP subnet per VLAN.
Reasons for implementing VLAN
- keep the broadcasts local within the same VLAN, more security
- Inter VLAN traffic can be filtered
- departmental network segmentation for example: Sales, Engineering, Marketing, HR
Static VLAN
Create separate VLAN in the switch by assigning specific ports to VLANs
More secure but no flexibility for moving in the office network
Dynmic VLAN
Permits user to move computer around and still be connected to the department's VLAN
Requires Cisco VLAN Management Policy Server; set up a list of MAC addresses and the VLANs they belong to. User can plug computer into any switch on the LAN (though the NIC card can be removed, less secure).
Trunking VLAN
If two switches have ports with two separate VLANs on both switches, the frames need a frame tag with the VLAN ID. Protocols for trunking:
ISL - Cisco only for fast ethernet or 1 Gig. Spanning Tree works.
802.1q - only one instance of spanning tree runs with 802.1q no matter the number of VLANs
Creating a VLAN and assigning ports.
How does it get added to the vlan.dat in flash, it just does!
usage: conf t
vlan 2 (creates it!)
name Test2 (name optional)
verify: show vlan brief
Assigning a switchport to a VLAN
conf t/ int fa 0/1 usage: switchport access vlan2
Inter VLAN Routing
A router is required to communicate between two different broadcast domains or VLANs. Router will not forward broadcasts, router will forward a unicast with the layer 3 address.
TRUNKING
A trunk is required to carry traffic for multiple VLAN, the IEEE protocol is 802.1q intervlan trunking. There is a practical application for VoIP, using a separate VLAN for IP phone traffic and data traffic.
The VTP or VLAN Trunking Protocol is configured
conf t
int fa 0/0.2
encapsulation dot1q
router rip
network 10.0.0.0
Trunk can carry traffic for mulitple VLANs. The switches tell each other which VLAN they belong to. The administrator has to configure one switch as the VTP Server
VTP Modes:
Server
- default for Cisco Switch
- must be server mode to create, modify or delete a VLAN
- need one switch in server mode
- propogates VLAN information to the whole network
usage: conf t
vtp domain Pod2
vtp mode server
end
Client
- sends and recevies updates about VLAN changes
- Receives information from the VTP server
- cannot modify VLAN
Transparent
- switches just pass alont the VLAN advertisements to other switches
- will not accept or send VLAN information from itself
- can create, modify, delte VLANs for itself
Adding a previously used switch on the network creates a potential issue because switches typical try to sync with a device with a higher revision number. To clean properly clean a switch's flash memory, delete the vlan.dat file. The safest mode to when decommissioning an old switch, and before you plug it back in to avoid damaging or destroying the present VLAN configuration, type the command
usage: vtp mode transparent
usage: show vtp status
No comments:
Post a Comment