Date post: | 09-Apr-2018 |
Category: |
Documents |
Upload: | salman-ilyas-awan |
View: | 228 times |
Download: | 0 times |
of 15
8/8/2019 Vlan Notes
1/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 1
WHAT IS A VLAN?
The short form VLAN expands to Virtual Local Area Network. A VLAN is a logical local area
network (LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific
configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in
software.
As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created byswitches.
This works by, you, the administrator, putting some switch ports in a VLAN other than default VLAN 1all ports in a single VLAN are in a single broadcast domain.
Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports onswitch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in anyother VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any othe
devices, not in their VLAN.
http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm
HOW IS A VLAN IDENTIFIED?
Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly
prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN
members or groups are properly identified and handled. With frame coloring, packets are given the
proper VLAN ID at their origin so that they may be properly processed as they pass through the
network. The VLAN ID is then used to enable switching and routing engines to make the appropriatedecisions as defined in the VLAN configuration.
Are VLANs required?
It is important to point out that you dont have to configure a VLAN until your network gets solarge and has so much traffic that you need one. Many times, people are simply using VLANs becausethe network they are working on was already using them.
Another important fact is that, on a Cisco switch, VLANs are enabled by default and ALL devices are
already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just useall the ports on a switch and all devices will be able to talk to one another.
8/8/2019 Vlan Notes
2/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 2
When do I need a VLAN?
You need to consider using VLANs in any of the following situations:
You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same
applications. An example would be a company that has VoIP phones. The users using the phonecould be on a different VLAN, not with the regular users.
Or, just to make a single switch into multiple virtual switches.Why not just subnet my network?
A common question is why not just subnet the network instead of using VLANs? Each VLANshould be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devicesin different physical locations, not going back to the same router, can be on the same network. The
limitation of subnetting a network with a router is that all devices on that subnet must be connected tothe same switch and that switch must be connected to a port on the router.
With a VLAN, one device can be connected to one switch, another device can be connected to anotherswitch, and those devices can still be on the same VLAN (broadcast domain).
What is a trunk port?
When there is a link between two switches or a router and a switch that carries the traffic of morethan one VLAN, that port is a trunk port.
A trunk port must run a special trunking protocol. The protocol used would be Ciscos proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.
8/8/2019 Vlan Notes
3/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 3
DEFAULT VLANS
SW-A# show vlan
NOTE: VLAN numbers 1, 1002, 1003, 1004 & 1005 are default VLANs.
How do I create a VLAN?
Configuring VLANs can vary even between different models of Cisco switches. Your goals, nomatter what the commands are, are to:
Create the new VLANs Put each port in the proper VLAN
SW-A(config)# vlan 3
VTP VLAN configuration not allowed when device is in CLIENT mode.
SW-A(config)# vtp mode server
Setting device to VTP SERVER mode
SW-A(config)# vlan 3
8/8/2019 Vlan Notes
4/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 4
SW-A(config-vlan)# end
SW-A# show vlan
NOTE: Remember that, defaults VLANs are 5 and after adding VLAN No. 3, total numbers of VLANs are 6
8/8/2019 Vlan Notes
5/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 5
SW-A(config)# vlan 4
SW-A(config-vlan)# exit
SW-A(config)# vlan 5
SW-A(config-vlan)# exit
SW-A(config)# vlan 8-10
SW-A(config-vlan)# exit
SW-A(config)# vlan 16,18
SW-A(config-vlan)# exit
What do VLANs offer?
VLANs offer higher performance for medium and large LANs because they limit broadcasts. Asthe amount of traffic and the number of devices grow, so does the number of broadcast packets. Byusing VLANs you are containing broadcasts.
VLANs also provide security because you are essentially putting one group of devices, in one VLAN, ontheir own network.
Article Summary
Here is what we have learned:
A VLAN is a broadcast domain formed by switches Administrators must create the VLANs then assign what port goes in what VLAN
manually.
VLANs provide better performance for medium and large LANs. All devices, by default, are in VLAN 1.
8/8/2019 Vlan Notes
6/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 6
A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than oneVLAN.
For devices in different VLANs to communicate, you must use a router or Layer 3 switch.
VTP (VLAN TRUNKING PROTOCOL)
VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that managesthe addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a network-wide basis
Cisco's VLAN Trunk Protocol reduces administration in a switched network. When a new VLAN is
configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces
the need to configure the same VLAN everywhere. To do this VTP carries VLAN information to all the
switches in a VTP domain. VTP advertisements can be sent over ISL 802.1q, IEEE 802.10 and LANE
trunks. VTP traffic is sent over the management VLAN (VLAN1). So all VLAN trunks must be
configured to pass VLAN1, VTP is available on most of the Cisco Catalyst Family products.
VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a newVLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the
need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on
most of the Cisco Catalyst series products.
VTP OPERATING MODES
If you intend to make a switch part of a VTP management domain, each switch must be
configured in one of three possible VTP modes. The VTP mode assigned to a switch will determine how
the switch interacts with other VTP switches in the management domain. The three VTP modes that can
be assigned to a Cisco switch include server mode, client mode, and transparent mode. Each of theseroles is outlined below:
SERVER MODE:
Once VTP is configured on a Cisco switch, the default mode used is Server Mode. In any given
VTP management domain, at least one switch must be in Server Mode. When in Server Mode, a switch
can be used to add, delete, and modify VLANs, and this information will be passed to all other switches
in the VTP management domain.
NOTE: Below command will change VTP operating mode to SERVER.
8/8/2019 Vlan Notes
7/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 7
CLIENT MODE:
When a switch is configured to use VTP Client Mode, it is simply the recipient of any VLANs
added, deleted, or modified by a switch in Server Mode within the same management domain. A switch
in VTP client mode cannot make any changes to VLAN information.
NOTE: VTP operating mode has been set to CLIENT.
8/8/2019 Vlan Notes
8/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 8
TRANSPARENT MODE:
A switch in VTP Transparent Mode will pass VTP updates received by switches in Server Mode
to other switches in the VTP management domain, but will not actually process the contents of these
messages. When individual VLANs are added, deleted, or modified on a switch running in transparent
mode, the changes are local to that particular switch only, and are not passed to other switches in the
VTP management domain.
NOTE: VTP operating mode has been set to TRANSPARENT.
CONFIGURATION REVISION NUMBER
The configuration revision number is a 32-bit number that indicates the level of revision for aVTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Mostof the VTP packets contain the VTP configuration revision number of the sender. This information iused in order to determine whether the received information is more recent than the current version.
Each time that you make a VLAN change in a VTP device, the configuration revision is incremented byone. In order to reset the configuration revision of a switch, change the VTP domain name, and thenchange the name back to the original name.
8/8/2019 Vlan Notes
9/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 9
HOW A REVISION NUMBER INCREASES?
Switch(config)# vlan 200
Switch(config-vlan)# end
NOTE: When you create a VLAN, revision number increases.
Switch(config)# vlan 55Switch(config-vlan)# exitSwitch(config-vlan)# vlan 8Switch(config)# exitSwitch(config-vlan)# vlan 9Switch(config)# end
NOTE: The value of revision number is associated with the number of VLANs. Creating a
VLAN results an increase in revision number. For example, if you create 5 VLANs (one by one),the value of revision number would be 5.
In other words, the revision number is associated with the word VLAN.The number of times you use this word for creating or deleting VLANs, results an increase inrevision number.
8/8/2019 Vlan Notes
10/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 10
How to Delete VLAN
Switch(config)# no vlan 10 ----- only delete VLAN 10Switch(config)# no vlan 11,13-2 -----Delete VLAN 11, and from 13 to 20 (means,13,14,1520)Switch(config)# exit
NOTE: When you delete multiple VLANs with a single command, only one number adds in the value of
revision number.
HOW TO RESET THE VALUE OF REVISION NUMBER TO ZERO
METHOD #1: (BY CHANGING THE DOMAIN NAME
Switch(config)# vtp domain pucit
Changing VTP domain name from NULL to pucit
Switch(config)# exit
NOTE: The revision number has been change to ZERO.
METHOD #2: (BY SETTING THE VTP OPERATING MODE TO TRANSPARENT)
Switch(config)# vtp mode transparent
Setting device to VTP TRANSPARENT mode
Switch(config)# exit
NOTE: The revision number has been change to ZERO in Transparent mode.
8/8/2019 Vlan Notes
11/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 11
Refresh the Switch like brand new configuration
STEP-1 (It also use to change the revision number to zero)
Switch# write erase
Erasing the NVRAM filesystem will remove all configuration files! Continue?
[Confirm]
[OK]
Erase of nvram: complete
%SYS-7NV_BLOCK_INIT: Initialized the geometry of nvram
STEP-2
Switch# delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [Confirm]
STEP-4
Switch# reload
Proceed with reload? [Confirm]
DYNAMIC TRUNKING
DTP (DYNAMIC TRUNKING PROTOCOL)
The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco
Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for
negotiating the type of trunking encapsulation to be used. It works on the Layer 2 of the OSI model.
VLAN trunks formed using DTP may utilize either IEEE 802.1Q or Cisco ISL trunking protocols. DTP
should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence
information between switches. DTP aids with trunk port establishment. Neither protocol transmits the
data frames that trunks carry.
DTP MODES http://www.javvin.com/protocolDTP.html
On a Catalyst set-based switch, the syntax for setting up a link as a trunk is:
Use this command to set the specified port or ports to trunking.
8/8/2019 Vlan Notes
12/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 12
The first set of keyword arguments governs the DTP modes:
Mode What the Mode Does
on Forces the link into permanent trunking, even if the neighbor doesn't agree
off Forces the link to permanently not trunk, even if the neighbor doesn't agree
desirable Causes the port to actively attempt to become a trunk, subject to neighbor agreement(neighbor set to on, desirable, or auto )
autoCauses the port to passively be willing to convert to trunking. The port will not trunk unlessthe neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both
ends default) links will not become trunks.
nonegotiate
Forces the port to permanently trunk but not send DTP frames. For use when the DTP
frames confuse the neighboring (non-Cisco) 802.1q switch. You must manually set theneighboring switch to trunking.
WITCHPORT MODESThe options for the switchport mode command are as follows:
TRUNK:
Configures the port to permanent trunk mode and negotiates with the connected device on the
other side to convert the link to trunk mode. If multiple trunk encapsulations are available, the
encapsulation must be chosen before this command will work.
ACCESS
Disables port trunk mode and negotiates with the connected device to convert the link to
nontrunk. This port will belong to only the configured access VLAN.DYNAMIC DESIRABLE
Triggers the port to negotiate the link from nontrunk to trunk mode, the port negotiates to a
trunk port if the connected device is in the trunk, dynamic desirable or dynamic auto state. Otherwise,
the port becomes a nontrunk port. This is the default for IOS switch ports.
DYNAMIC AUTO
Enables the port to become a trunk only if the connected device has the state set to trunk or
dynamic desirable;
NONNEGOTIATE
Configures the port to permanent trunk mode, No negotiation takes place with the partner. Theother side must be trunk or nonegotiate for the trunk to work. You must also specify the encapsulation
before choosing this mode.
8/8/2019 Vlan Notes
13/15
8/8/2019 Vlan Notes
14/15
8/8/2019 Vlan Notes
15/15
Prepared By: Javed Ahmad Dogar (VLAN) Page 15
NOTE: We know that trunk is only made when we set switchport mode to dynamic auto on one
side (e.g Switch-A) and dynamic desirable on other side (e.g. Switch-B) or dynamic desirable on
one side (e.g. Switch-A) and dynamic desirable on other side (e.g. Switch-B).
According to above topology, switchport mode of fastethernet0/1 of Switch-A is dynamic auto
and switchport mode of fastethernet0/2 of Switch-B is also dynamic auto, therefore trunk is not
made on this link.Now change the Switchport mode of fastethernet0/1 of Switch-B to dynamic desirable and switchport
mode of fastethernet0/1 of Switch-A is dynamic auto, then trunk link will be establish.
NOTE: After changing the switchport mode to dynamic desirable of interface fastethernet 0/2
of Switch B, we can see two trunks on Switch B.