Scribd Logo
Unggah

Selamat datang di Scribd!

  • Chapter3 VLAN

    Diunggah oleh

    Jorge Perez
    84 tayangan62 halaman
    This document discusses VLANs and VLAN trunking. It begins by explaining the requirements for VLANs and how they can be used to split broadcast domains, group users by department, restrict access, and allow communication between different network areas. VLANs are configured on switches to provide these benefits more flexibly than using routers alone. The document then covers VLAN trunking, which allows multiple VLANs to transmit over a single link between switches. It describes how frames are tagged with VLAN IDs to identify which VLAN they belong to when traversing trunk links. Finally, the document discusses configuring and troubleshooting VLANs and trunks on Cisco switches.

    Deskripsi Asli:

    Judul Asli

    Chapter3-VLAN

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PPT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    This document discusses VLANs and VLAN trunking. It begins by explaining the requirements for VLANs and how they can be used to split broadcast domains, group users by department, restrict access, and allow communication between different network areas. VLANs are configured on switches to provide these benefits more flexibly than using routers alone. The document then covers VLAN trunking, which allows multiple VLANs to transmit over a single link between switches. It describes how frames are tagged with VLAN IDs to identify which VLAN they belong to when traversing trunk links. Finally, the document discusses configuring and troubleshooting VLANs and trunks on Cisco switches.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    84 tayangan62 halaman

    Chapter3 VLAN

    Diunggah oleh

    Jorge Perez
    This document discusses VLANs and VLAN trunking. It begins by explaining the requirements for VLANs and how they can be used to split broadcast domains, group users by department, restrict access, and allow communication between different network areas. VLANs are configured on switches to provide these benefits more flexibly than using routers alone. The document then covers VLAN trunking, which allows multiple VLANs to transmit over a single link between switches. It describes how frames are tagged with VLAN IDs to identify which VLAN they belong to when traversing trunk links. Finally, the document discusses configuring and troubleshooting VLANs and trunks on Cisco switches.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 62

    VLANs

    CCNA Exploration 3 Chapter 3

    Topics

    The role of VLANs in a network Trunking VLANs Configure VLANs on switches Troubleshoot common VLAN problems

    Parte 1: VLANs Requerimientos de las VLANs

    Need to split up broadcast domains to make good use of bandwidth People in the same department may need to be grouped together for access to servers Seguridad: restrict access by certain users to some areas of the LAN Provide a way for different areas of the LAN to communicate with each other

    Solucin usando routers

    Divide the LAN into subnets Use routers to link the subnets

    Solucin usando routers


    PERO . Routers are expensive Routers are slower than switches Subnets are restricted to limited physical areas Subnets are inflexible

    Solucin usando VLANs

    VLAN membership can be by function and not by location VLANs managed by switches Routers needed for communication between VLANs

    VLANs

    All hosts in a VLAN have addresses in the same subnet. A VLAN is a subnet. Broadcasts are kept within the VLAN. A VLAN is a broadcast domain. The switch has a separate MAC address table for each VLAN. Traffic for each VLAN is kept separate from other VLANs. Layer 2 switches cannot route between VLANs.

    VLANs

    Rangos de los VLAN IDs

    Access VLANs are divided: Rango Normal Rango Extendido

    1. 2.

    1. Rango Normal

    Identified by a VLAN ID between 1 and 1005. IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs. IDs 1 and 1002 to 1005 are automatically created and cannot be removed. Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is located in the flash memory of the switch. The VLAN trunking protocol (VTP), which helps manage VLAN configurations between switches, can only learn normal range VLANs and stores them in the VLAN database file.

    2. Rango Extendido

    Enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need extended range VLAN IDs. Identified by a VLAN ID between 1006 and 4094. Support fewer VLAN features than normal range VLANs. Are saved in the running configuration file. VTP does not learn extended range VLANs.

    VLANs

    Tipos de VLANs

    1. Data VLAN 2. Default VLAN 3. Native VLAN 4. Management VLAN

    1. Data VLAN

    VLAN that is configured to carry only usergenerated traffic. It is common practice to separate voice and management traffic from data traffic. A data VLAN is sometimes referred to as a user VLAN.

    Data VLAN

    2. Default VLAN

    All switch ports are members of the default VLAN after the initial boot up of the switch. The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it and you can not delete it. Layer 2 control traffic, such as CDP and spanning tree protocol traffic, will always be associated with VLAN 1 - this cannot be changed.

    3. Native VLAN

    A native VLAN is assigned to an 802.1Q trunk port. Un puerto de enlace troncal 802.1 Q admite el trfico que llega de muchas VLAN (trfico etiquetado) como tambin el trfico que no llega de una VLAN (trfico no etiquetado). El puerto de enlace troncal 802.1Q coloca el trfico no etiquetado en la VLAN nativa.

    4. Management VLAN

    A VLAN you configure to access the management capabilities of a switch. VLAN 1 would serve as the management VLAN You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP.

    5. Voice VLAN
    El trfico de VoIP requiere:

    Ancho de banda garantizado para asegurar la calidad de la voz Prioridad de la transmisin sobre los tipos de trfico de la red Capacidad para ser enrutado en reas congestionadas de la red Demora de menos de 150 milisegundos (ms) a travs de la red

    Voice VLAN

    VLAN 150 is designed to carry voice traffic. The student computer PC5 is attached to the Cisco IP phone, and the phone is attached to switch S3. PC5 is in VLAN 20, which is used for student data. The F0/18 port on S3 is configured to be in voice mode so that it will tell the phone to tag voice frames with VLAN 150. Data frames coming through the Cisco IP phone from PC5 are left untagged. Data destined for PC5 coming from port F0/18 is tagged with VLAN 20 on the way to the phone, which strips the VLAN tag before the data is forwarded to PC5. Tagging refers to the addition of bytes to a field in the data frame which is used by the switch to identify which VLAN the data frame should be sent to. You will learn later about how data frames are tagged.

    Voice VLAN

    A Cisco Phone is a Switch

    The Cisco IP Phone 7960 contains an integrated three-port 10/100 switch as shown in the Figure. The ports provide dedicated connections to these devices: Port 1 connects to the switch or other voice-overIP (VoIP) device. Port 2 is an internal 10/100 interface that carries the IP phone traffic. Port 3 (access port) connects to a PC or other device.

    1. 2. 3.

    Ejemplo de configuracin: Voice VLAN

    13-Jul-13

    S Ward Abingdon and Witney College

    24

    Static VLAN

    The normal Type Port configured to be on a VLAN. Connected device is on this VLAN. VLAN can be created using CLI command, given number and name. VLAN can be learned from another switch. If a port is put on a VLAN and the VLAN does not exist, then the VLAN is created.

    Static VLAN (Port-centric)

    If VLAN 20 did not exist before then it does now.

    Voice VLAN

    A port is configured to be in voice mode so that it can support an IP phone attached to it. Before you configure a voice VLAN on the port, you need to first configure a VLAN for voice and a VLAN for data.

    Voice VLAN

    Configured for voice VLAN and data VLAN.

    Dynamic VLAN

    Not widely used. Use a VLAN Membership Policy Server (VMPS). Assign a device to a VLAN based on its MAC address. Connect device, server assigns VLAN. Useful if you want to move devices around.

    Layer 3 switch

    A Layer 3 switch has the ability to route transmissions between VLANs. The procedure is the same as described for the interVLAN communication using a separate router, except that the SVIs act as the router interfaces for routing the data between VLANs. (SVI - switch virtual interface )

    SVI (Switch Virtual Interface)

    SVI es una interfaz lgica configurada para una VLAN especfica. Es necesario configurar una SVI para una VLAN si desea enrutar entre las VLAN o para proporcionar conectividad de host IP al switch. De manera predeterminada, una SVI se crea por la VLAN predeterminada (VLAN 1) para permitir la administracin de switch remota.
    13-Jul-13 S Ward Abingdon and Witney College 32

    Reenvo de switch de capa 3

    13-Jul-13

    S Ward Abingdon and Witney College

    33

    Parte 2: Enlaces troncales


    Both switches have the same 5 VLANs. Do you have a link for each VLAN?

    More efficient for them to share a link.

    Un enlace troncal de VLAN no pertenece a una VLAN especfica, sino que es un conducto para las VLAN entre switches y routers.

    Without VLAN Trunks

    With VLAN Trunks

    Trunking

    Traffic for all the VLANs travels between the switches on a shared trunk or backbone

    Tag to identify VLAN

    Tag is added to the frame when it goes on to the trunk Tag is removed when it leaves the trunk

    Etiqueta de la VLAN

    Etiqueta de VLAN
    3 bits para la prioridad del usuario: Utilizado por el estndar 802.1p, que especifica cmo proporcionar transmisin acelerada de las tramas de la Capa 2. Proporciona un mecanismo para implementar Calidad de Servicio (QoS) a nivel de MAC (Media Access Control). 1 bit of Canonical Format Identifier (CFI): Permite que las tramas Token Ring se transporten con facilidad a travs de los enlaces Ethernet. 12 bits of VLAN ID (VID) : VLAN identification numbers; supports up to 4096 VLAN IDs.

    Trama etiquetadas en la VLAN Nativa


    El trfico de control envado en la VLAN nativa debe estar sin etiquetar. Si un puerto de enlace troncal 802.1Q recibe una trama etiquetada en la VLAN nativa, este descarta la trama. Como consecuencia, al configurar un puerto de switch en un switch Cisco, es necesario identificar estos dispositivos y configurarlos de manera que no enven tramas etiquetadas en la VLAN nativa.

    Trama sin etiquetar en la VLAN Nativa

    Cuando un puerto de enlace troncal de switch Cisco recibe tramas sin etiquetar, ste enva esas tramas a la VLAN nativa. La VLAN nativa predeterminada es la VLAN 1. Si la VLAN 99 se configura como la VLAN nativa, el PVID es 99 y todo el trfico sin etiquetar se enva a la VLAN 99. Si la VLAN nativa no ha sido configurada nuevamente, el valor de PVID se configura para la VLAN 1.

    Configuracin de enlaces troncales

    13-Jul-13

    S Ward Abingdon and Witney College

    43

    Untagged Frames on the Native VLAN

    13-Jul-13

    S Ward Abingdon and Witney College

    45

    Parte3 :DTP (Protocolo de enlace troncal dinmico)


    Protocolo propietario de Cisco. Switches de otros fabricantes no soportan DTP.

    El DTP es habilitado automticamente en un puerto de switch cuando algunos modos de enlace troncal se configuran en el puerto de switch.

    13-Jul-13

    S Ward Abingdon and Witney College

    46

    Trunking Modes

    1. 2. 3.

    4.

    The trunking mode defines how the port negotiates using DTP to set up a trunk link with its peer port. ON #switchport mode trunk Dynamic Auto #switchport mode auto Dynamic Desirable switchport mode dynamic desirable DTP off #switchport nonegotiate

    ON

    #switchport mode trunk

    The local switch port advertises to the remote port that it is dynamically changing to a trunking state. The local port then, regardless of what DTP information the remote port sends as a response to the advertisement, changes to a trunking state. The local port is considered to be in an unconditional (always on) trunking state.

    Dynamic Auto

    #switchport mode auto The local switch port advertises to the remote switch port that it is able to trunk but does not request to go to the trunking state. After a DTP negotiation, the local port ends up in trunking state only if the remote port trunk mode has been configured to be on or desirable. If both ports on the switches are set to auto, they do not negotiate to be in a trunking state. They negotiate to be in the access (non-trunk) mode state.

    Dynamic Desirable

    Dynamic desirable: switchport mode dynamic desirable DTP frames are sent periodically to the remote port. The command used is switchport mode dynamic desirable. The local switch port advertises to the remote switch port that it is able to trunk and asks the remote switch port to go to the trunking state. If the local port detects that the remote has been configured in on, desirable, or auto mode, the local port ends up in trunking

    DTP off

    #switchport nonegotiate You can turn off DTP for the trunk so that the local port does not send out DTP frames to the remote port. Use this feature when you need to configure a trunk with a switch from another switch vendor.

    13-Jul-13

    S Ward Abingdon and Witney College

    51

    Dynamic trunking protocol


    Dynamic auto/des Dynamic auto/des
    Dynamic auto

    trunk
    access

    Mode trunk
    Mode access Dynamic auto Dynamic desirable Dynamic auto

    access
    trunk trunk

    Dynamic desirable Dynamic desirable

    Create a VLAN

    SW1(config)#vlan 20 SW1(config-vlan)#name Finance SW1(config-vlan)#end VLAN will be saved in VLAN database rather than running config. If you do not give it a name then it will be called vlan0020.

    Assign port to VLAN


    SW1(config)#int fa 0/14 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 20 SW1(config-if)#end

    show vlan brief

    List of VLANs with ports

    Show commands

    show vlan brief (list of VLANs and ports) show vlan summary show interfaces vlan (up/down, traffic etc) Show interfaces fa0/14 switchport (access mode, trunking)

    Remove port from VLAN


    SW1(config)#int fa 0/14 SW1(config-if)#no switchport access vlan SW1(config-if)#end The port goes back to VLAN 1. If you assign a port to a new VLAN, it is automatically removed from its existing VLAN.

    Delete a VLAN

    SW1(config)#no vlan 20 SW1(config)#end VLAN 20 is deleted. Any ports still on VLAN 20 will be inactive not on any VLAN. They need to be reassigned.

    Delete VLAN database

    Erasing the startup configuration does not get rid of VLANs because they are saved in a separate file. SW1#delete flash:vlan.dat Switch goes back to the default with all ports in VLAN 1. You cannot delete VLAN 1.

    Configure trunk

    SW1(config)#int fa0/1 SW1(config-if)#switchport mode trunk SW1(config-if)#switchport trunk native vlan 99 SW1(config-if)#switchport trunk allowed vlan add 10, 20, 30 SW1(config-if)#end

    Trunk problems

    Both ends must have the same native VLAN. Both ends must be configured with trunking on or so that trunking is negotiated with the other end and comes on. Subnetting and addressing must be right. The right VLANs must be allowed on the trunk.

    The End

    Anda mungkin juga menyukai