ICND2 Topic: Implementing VLAN and Trunks, Improving performance with Spanning Tree, Routing between VLANs.
VLAN definition:
Short for Virtual LAN. Each switchport may be assigned to one VLAN, ports in the same VLAN share broadcasts, and there is one IP subnet per VLAN.
Reasons for implementing VLAN
- keep the broadcasts local within the same VLAN, more security
- Inter VLAN traffic can be filtered
- departmental network segmentation for example: Sales, Engineering, Marketing, HR
Static VLAN
Create separate VLAN in the switch by assigning specific ports to VLANs
More secure but no flexibility for moving in the office network
Dynmic VLAN
Permits user to move computer around and still be connected to the department's VLAN
Requires Cisco VLAN Management Policy Server; set up a list of MAC addresses and the VLANs they belong to. User can plug computer into any switch on the LAN (though the NIC card can be removed, less secure).
Trunking VLAN
If two switches have ports with two separate VLANs on both switches, the frames need a frame tag with the VLAN ID. Protocols for trunking:
ISL - Cisco only for fast ethernet or 1 Gig. Spanning Tree works.
802.1q - only one instance of spanning tree runs with 802.1q no matter the number of VLANs
Creating a VLAN and assigning ports.
How does it get added to the vlan.dat in flash, it just does!
usage: conf t
vlan 2 (creates it!)
name Test2 (name optional)
verify: show vlan brief
Assigning a switchport to a VLAN
conf t/ int fa 0/1 usage: switchport access vlan2
Inter VLAN Routing
A router is required to communicate between two different broadcast domains or VLANs. Router will not forward broadcasts, router will forward a unicast with the layer 3 address.
TRUNKING
A trunk is required to carry traffic for multiple VLAN, the IEEE protocol is 802.1q intervlan trunking. There is a practical application for VoIP, using a separate VLAN for IP phone traffic and data traffic.
The VTP or VLAN Trunking Protocol is configured
conf t
int fa 0/0.2
encapsulation dot1q
router rip
network 10.0.0.0
Trunk can carry traffic for mulitple VLANs. The switches tell each other which VLAN they belong to. The administrator has to configure one switch as the VTP Server
VTP Modes:
Server
- default for Cisco Switch
- must be server mode to create, modify or delete a VLAN
- need one switch in server mode
- propogates VLAN information to the whole network
usage: conf t
vtp domain Pod2
vtp mode server
end
Client
- sends and recevies updates about VLAN changes
- Receives information from the VTP server
- cannot modify VLAN
Transparent
- switches just pass alont the VLAN advertisements to other switches
- will not accept or send VLAN information from itself
- can create, modify, delte VLANs for itself
Adding a previously used switch on the network creates a potential issue because switches typical try to sync with a device with a higher revision number. To clean properly clean a switch's flash memory, delete the vlan.dat file. The safest mode to when decommissioning an old switch, and before you plug it back in to avoid damaging or destroying the present VLAN configuration, type the command
usage: vtp mode transparent
usage: show vtp status
Showing posts with label Cisco VLAN. Show all posts
Showing posts with label Cisco VLAN. Show all posts
Wednesday, February 8, 2012
Thursday, January 26, 2012
Cisco Troubleshoot: Restore Switch to Factory Default
It is a bad day in paradise if you have to restore a switch to default. In an extreme emergency and you had to restore the switch to factory default, this is irecoverable and should be done in a test environment first to try it out; never live unless you are absolutely sure of the damage you might causem but actually it's not usually that bad. Well I'm only saying that because it took me four times before I decided to read the directions in the manual.
What is Normal Behaviour?
When a router first boots the following steps happen in sequence (almost the same thing for a switch).
HOW TO Reset the switch to Brand New in Box Configuration.
Cisco Switch Express Startup Mode
int fa 0/15
switchport trunk allowed vlan 1-3, 1002-1005
What is Normal Behaviour?
When a router first boots the following steps happen in sequence (almost the same thing for a switch).
- The bootstrap in ROM performs the POST (Power on Self Test)
- The Cisco IOS is loaded into memory (quiz: which type of memory?)
- The configuration file is loaded into memory from NVRAM
I guess you could do this if you could no longer recover the password and the default cisco cisco is no longer valid. Requires physical access to the switch.
- Reconfigure the console login password
- Add Vlan 2
- Enable Telnet
- Unplug everything from each port on the switch, power off or pull the plug
- Power on the Switch
- Allow POST (Power On Self Test) to complete. The System LED blinks green; RPS, Status, Duplex and Speed LED turn sold green). Wait till System LED remainds solid green and other lights go off (about 5 minutes)
- Let the IP address of Laptop be assigned by DHCP. Connect laptop to any Ethernet port on the Switch.
- Hold MODE button down for 3 to 7 seconds till the Status, Duplex, and Speed lights stay solid
- In the web browser, enter default IP address 10.0.0.1 to load the Cisco SDM
- Login with default username cisco password cisco. Note you will be required to change the default password.
- Express Startup window, Basic Settings: enter Vlan 2, enter specific IP address of the switch, subnet mask, default gateway and password with confirmation.
- Enter new hostname of the switch
- Accept the Ethernet Management port IP address 10.0.1.3
- Click Advanced Settings to enable Telnet. Set the Telnet password; against most security policies, you might as well use the local password so you won't forget it.
- When you click Submit, the new IP address of the switch will be assigned and your laptop will be disconnected. Change the IP address of the laptop in the Network Settings in teh same subnet. Launch the Cisco SDM webpage again with the new IP address of the switch.
int fa 0/15
switchport trunk allowed vlan 1-3, 1002-1005
Cisco Troubleshoot: VLAN mismatch
Hardware: Cisco Catalyst 2960 S Series Switch
Use "show version" to display the hardware configuration, Cisco IOS version, names and sources of configuration files, boot images (and boot sequences).
Symptoms:
The "show logging" displays a large volume of CDP messages potentially bogging down the network with warnings about vlan mismatch.
What is a VLAN?
Diagnosis:
Vlan mismatch could indicate that the switch does not have the VLAN 2 created on it, and is being asked to route traffic from a VLAN that is not advertised on the switch. Usually, only the default native VLAN 1 is configured by factory default, but the attached router is advertising VLAN 2.
Fix: Add VLAN 2 to the swtich
Access: Console Access or Cisco SDM (web GUI)
HOW TO Use the Cisco SDM
1) Launch the webpage http://ipaddressoftheswitch
2) Login as cisco, cisco; You will be asked to change after the first login
3) Enable Telnet access to the switch from the Advanced Settings page
4) Use the web menus and configuration tabs, Add VLAN 2 and assign all the switchports to VLAN2
If you cannot open the Cisco SDM webpage because the username login is invalid and cannot be recovered, you can resort to restore the Switch to factory default to use the default login.
Alternatively, you may login as EXEC Privileged, global configuration mode and use the Cisco commands
switch (config)# line con 0
login
password mypassword
This indicates the maximum number of 5 sessions for telnet.
Additional lines may be specified with line vty 5 15
switch (config)# line vty 0 4
password
password myTelnetpassword
Verify Telnet and Assign ports to VLAN 2
Before closing the Cisco SDM or the CLI, verify that you can telnet into the switch from another machine on the network.
switch (config)# int range fa 0/1 - 24
switchport mode acces vlan 2
no schutdown
Do a "show running" on the switch and all the switchports should be ssigned to VLAN2.
This command configures ssh (and removes Telnet access. Beware!)
line vty 0 15
login local
transport input ssh
(if you leave that blank after ssh, then there is no longer any telnet acces)
Use "show version" to display the hardware configuration, Cisco IOS version, names and sources of configuration files, boot images (and boot sequences).
Symptoms:
The "show logging" displays a large volume of CDP messages potentially bogging down the network with warnings about vlan mismatch.
What is a VLAN?
Diagnosis:
Vlan mismatch could indicate that the switch does not have the VLAN 2 created on it, and is being asked to route traffic from a VLAN that is not advertised on the switch. Usually, only the default native VLAN 1 is configured by factory default, but the attached router is advertising VLAN 2.
Fix: Add VLAN 2 to the swtich
Access: Console Access or Cisco SDM (web GUI)
- If Console login is not configured by default, user must telnet to swtich to configure the "line con 0"
- If Telnet is disabled/ not configured by default and must be enabled first through the Cisco SDM
- web GUI.
- Cisco SDM is a web interface to configure the switch as an alternative to the Command Line Interface
HOW TO Use the Cisco SDM
1) Launch the webpage http://ipaddressoftheswitch
2) Login as cisco, cisco; You will be asked to change after the first login
3) Enable Telnet access to the switch from the Advanced Settings page
4) Use the web menus and configuration tabs, Add VLAN 2 and assign all the switchports to VLAN2
If you cannot open the Cisco SDM webpage because the username login is invalid and cannot be recovered, you can resort to restore the Switch to factory default to use the default login.
Alternatively, you may login as EXEC Privileged, global configuration mode and use the Cisco commands
switch (config)# line con 0
login
password mypassword
This indicates the maximum number of 5 sessions for telnet.
Additional lines may be specified with line vty 5 15
switch (config)# line vty 0 4
password
password myTelnetpassword
Verify Telnet and Assign ports to VLAN 2
Before closing the Cisco SDM or the CLI, verify that you can telnet into the switch from another machine on the network.
switch (config)# int range fa 0/1 - 24
switchport mode acces vlan 2
no schutdown
Do a "show running" on the switch and all the switchports should be ssigned to VLAN2.
This command configures ssh (and removes Telnet access. Beware!)
line vty 0 15
login local
transport input ssh
(if you leave that blank after ssh, then there is no longer any telnet acces)
Subscribe to:
Posts (Atom)