Anda di halaman 1dari 59

CCNA Semester 3

Chapter 3: VLANs
CCNA Exploration 4.0

Objectives
Explain the role of VLANs in a network Explain the role of trunking VLANs in a network Configure VLANs on the switches in a network
topology Troubleshoot the common software or hardware configuration problems associated with VLANs on switches in a network topology

Introducing VLANs

Introducing VLANs

What is a VLAN?

What is a VLAN?

Benefits of a VLAN

Introducing VLANs

Types of VLANs

Today there is essentially one way of implementing VLANs port-based VLANs. A port-based VLAN is associated with a port called an access VLAN. However in the network there are a number of terms for VLANs. Some terms define the type of network traffic they carry and others define a specific function a VLAN performs. VLAN Types: Data VLAN: Is a VLAN that is configured to carry only user-generated traffic A VLAN could carry voice-based traffic or traffic used to manage the switch, but this traffic would not be part of a data VLAN. Sometimes referred to as a user VLAN

Types of VLANs

Default VLAN: All switch ports become a member of the default VLAN after the initial boot up of the switch. The default VLAN for Cisco switches is VLAN 1, you cannot rename it and you can not delete it. Layer 2 control traffic, such as CDP and spanning tree protocol traffic, will always be associated with VLAN 1 this cannot be changed. It is a security best practice to change the default VLAN to a VLAN other than VLAN 1
a VLAN other than VLAN 1 defined by the network administrator as the VLAN that all ports are assigned to when they are not in use. In this case, the only role that VLAN 1 plays is that of handling Layer 2 control traffic for the network.
10

Note: Some network administrators use the term "default VLAN" to mean

Types of VLANs

Native VLAN: A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. Native VLANs are set out in the IEEE 802.1Q specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.

11

Types of VLANs

Management VLAN A management VLAN is any VLAN you configure to access the management capabilities of a switch. VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the management VLAN. You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP.

Since the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, you see that VLAN 1 would be a bad choice as the management VLAN.
12

Types of VLANs

Voice VLANs VoIP traffic requires: Assured bandwidth to ensure voice quality Transmission priority over other types of network traffic Ability to be routed around congested areas on the network Delay of less than 150 milliseconds (ms) across the network A Cisco Phone is a Switch: contains an integrated three-port 10/100 switch: Port 1 connects to the switch or other voice-over-IP (VoIP) device. Port 2 is an internal 10/100 interface that carries the IP phone traffic. Port 3 (access port) connects to a PC or other device.
13

Types of VLANs

Voice VLAN

14

Types of VLANs

Cisco IP Phone

15

Network Traffic Types

Network Management and Control Traffic

16

Network Traffic Types

IP Telephony

17

Network Traffic Types

IP Multicast

18

Network Traffic Types

Normal Data

19

Switch Port Membership Modes

Switch ports are Layer 2-only interfaces associated with a physical port. A port can be configured to support these VLAN types: Static VLAN - Ports on a switch are manually assigned to a VLAN. Dynamic VLAN - This mode is not widely used in production networks and is not explored in this course. However, it is useful to know what a dynamic VLAN is. A dynamic port VLAN membership is configured using a special server called a VLAN Membership Policy Server (VMPS), based on the source MAC address of the device connected to the port. Voice VLAN - A port is configured to be in voice mode so that it can support an IP phone attached to it. Before you configure a voice VLAN on the port, you need to first configure a VLAN for voice and a VLAN for data.
20

Switch Port Membership Modes

21

Switch Port Membership Modes

Voice Mode configuration

22

Controlling Broadcast Domains with VLANs

Without VLANs: In normal operation, when a switch


receives a broadcast frame on one of its ports, it forwards the frame out all other ports on the switch.
23

Controlling Broadcast Domains with VLANs

With VLANs: the broadcast frame arrives at the only other computer in the network configured on the same VLAN

24

Controlling Broadcast Domains with Switches and Routers

Intra-VLAN Communication PC1 want to communicate with PC4.


25

Controlling Broadcast Domains with Switches and Routers

Inter-VLAN Communication PC1 want to communicate with PC5.


26

Controlling Broadcast Domains with VLANs and Layer 3 Forwarding


SVI: switch virtual interface SVI is a logical interface configured for a specific VLAN. You need to configure an SVI for a VLAN if you want to route between VLANs or to provide IP host connectivity to the switch. By default, an SVI is created for the default VLAN (VLAN 1) to permit remote switch administration.

27

Controlling Broadcast Domains with VLANs

28

VLAN Trunking

29

VLAN Trunks

It is hard to describe VLANs without mentioning VLAN trunks. A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device, such as a router or a switch. Ethernet trunks carry the traffic of multiple VLANs over a single link. A VLAN trunk allows you to extend the VLANs across an entire network. Cisco supports IEEE 802.1Q for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces. A VLAN trunk does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.

30

VLAN Trunks

Without VLAN Trunks

31

VLAN Trunks

With VLAN Trunks

32

VLAN Trunks
802.1Q Frame Tagging Switches are layer 2 devices, use the Ethernet frame header information to forward packets. The frame header does not contain information about which VLAN the frame should belong to. When Ethernet frames are placed on a trunk they need additional information about the VLANs they belong to. This is accomplished by using the 802.1q encapsulation header. This header adds a tag to the original Ethernet frame specifying the VLAN for which the frame belongs to.

33

VLAN Trunks

VLAN Frame Tagging

34

Native VLANs and 802.1Q Trunking

35

Native VLANs and 802.1Q Trunking

36

Trunking Operation

37

Trunking Modes

Although a Cisco switch can be configured to support two types of trunk ports, IEEE 802.1Q and ISL, today only 802.1Q is used. 802.1Q: An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic. An 802.1Q trunk port is assigned a default PVID, and all untagged traffic travels on the port default PVID. All untagged traffic and tagged traffic with a null VLAN ID are assumed to belong to the port default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged. All other traffic is sent with a VLAN tag. ISL (Inter-Switch Link): In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and all transmitted packets are sent with an ISL header. Native (nontagged) frames received from an ISL trunk port are dropped.
38

Trunking Modes

DTP (Dynamic Trunking Protocol ) A Cisco proprietary protocol DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP. DTP supports both ISL and 802.1Q trunks. Some Cisco switches and routers do not support DTP

39

Configure VLANs and Trunks

40

Configuring VLANs &Trunks Overview


Use the following steps to configure and verify VLANs and trunks on a switch network: 1. Create the VLANs 2. Assign switch ports to VLANs statically 3. Verify VLAN configuration 4. Enable trunking on the inter-switch connections 5. Verify trunk configuration

41

Configure a VLAN

Add a VLAN

42

Configure a VLAN

Assign a Switch Port

43

Configure a VLAN

Verification

44

Managing VLANs

45

Managing VLANs

46

Managing VLANs

47

Managing VLANs

Reassign a Port to VLAN 1

48

Managing VLANs

Delete VLANs: No vlan vlan-id You can delete vlan database: Delete flash:vlan.dat

49

Configure a Trunk

Note: (config-if)# switchport trunk encapsultation


50

Configure a Trunk

51

Configure a Trunk

Verify

52

Configure a Trunk

53

Configure a Trunk

54

Troubleshooting VLANs and Trunks

55

Common Problems witch Trunks

Use: show interfaces trunk command


56

Common Problem with VLAN configurations

VLAN and IP Subnets Each VLAN must correspond to a unique IP subnet. If two devices in the same VLAN have different subnet addresses, they cannot communicate. This type of incorrect configuration is a common problem, and it is easy to solve by identifying the offending device and changing the subnet address to the correct one.
57

Troubleshooting

58

Summary
VLANs separate broadcast domains on switches. VLANs improve network performance, management, and security. VLAN can be used for data, voice, network protocol and network
management traffic. There are 3 different membership modes: Static, Dynamic, and Voice VLAN mode. Routers or Layer 3 switches are required for inter-VLAN communication. Trunks allow multiple VLANs to traverse a single link to simplify intraVLAN communication across multiple switches. IEEE 802.1Q is the standard trunking protocol 802.1Q uses a process of frame tagging to keep VLAN traffic separate as it traverse the trunk link. 802.1Q does not tag native VLAN traffic, which can result in problems when trunking is misconfigured.

59