A virtual
LAN (VLAN) is a logical grouping of network devices in the same broadcast
domain that can span multiple physical segments.
Advantages of VLANs:
- Increase the number of
broadcast domains while reducing their size.
- Provide additional security.
- Increase the flexibility of
network equipment.
- Allow a logical grouping of
users by function, not location.
- Make user adds, moves, and
changes easier.
Subnets and VLANs
Logically
speaking, VLANs are also subnets. A subnet, or a network, is a contained
broadcast domain. A broadcast that occurs in one subnet will not be forwarded,
by default, to another subnet. Routers, or layer-3 devices, provide this
boundary function. Switch provide this function at layer 2 by VLAN.
Scalability
VLANs
provide for location independence. This flexibility makes adds, changes, and
moves of networking devices a simple process. It also allows you to group
people together, which also makes implementing your security policies
straightforward.
IP protocols
supports 500 devices per vlans.
VLAN Membership
A device's
membership in a VLAN can be determined by one of two methods: static or dynamic
- Static: - you have to assign
manually
- Dynamic:- Configure VTP server
and it will automatically do rest
VLAN Connections
two types of
connections: access links and trunks.
Access-Link
Connections An access-link connection is a connection between a switch
and a device with a normal Ethernet NIC, where the Ethernet frames are
transmitted unaltered.
Trunk
Connections trunk connections are capable of carrying traffic for
multiple VLANs. Cisco supports two Ethernet trunking methods:
- Cisco's proprietary Inter
Switch Link (ISL) protocol for Ethernet
- IEEE's 802.1Q, commonly
referred to as dot1q for Ethernet
ISL is Cisco-proprietary trunking
method that adds a 26-byte header and a 4-byte trailer to the original Ethernet
frame. Cisco's 1900 switch supports only ISL
802.1Q is a standardized trunking method
that inserts a four-byte field into the original Ethernet frame and recomputed
the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support two types of
frames: tagged and untagged.
- An untagged frame does not carry any VLAN
identification information in it—basically, this is a standard, unaltered
Ethernet frame.
- A tagged frame contains VLAN information, and
only other 802.1Q-aware devices on the trunk will be able to process this
frame
Trunk Tagging
For VLANs to
span across multiple switches, you obviously need to connect the switches to
each other. Although it is possible to simply plug one switch into another
using an Access port just as you would plug in a host or a hub, doing so kills
the VLAN-spanning feature and a bunch of other useful stuff too. A
switch-to-switch link must be set up as a trunk link in order for the VLAN
system to work properly. A trunk link is a special connection; the key
difference between an ordinary connection (an Access port) and a Trunk port is
that although an Access port is only in one VLAN at a time, a Trunk port has
the job of carrying traffic for all VLANs from one switch to another. Any time
you connect a switch to another switch, you want to make it a trunk.
Trunking
methods create the
illusion that instead of a single physical connection between the two trunking
devices, a separate logical connection exists for each VLAN between them. When
trunking, the switch adds the source port's VLAN identifier to the frame so
that the device (typically a switch) at the other end of the trunk understands
what VLAN originated this frame and the destination switch can make intelligent
forwarding decisions on not just the destination MAC address, but also the
source VLAN identifier. Since information is added to the original Ethernet
frame, normal NICs will not understand this information and will typically drop
the frame. Therefore, you need to ensure that when you set up a trunk
connection on a switch's interface, the device at the other end also supports
the same trunking protocol and has it configured. If the device at the other
end doesn't understand these modified frames or is not set up for trunking, it
will, in most situations, drop them. The modification of these frames, commonly
called tagging.
By default,
all VLANs are permitted across a trunk link. Switch-to-Switch trunk links
always require the use of a crossover cable, never a straight-through cable.
Key feature
about DTP
- A trunk can be created only on
a Fast Ethernet or Gigabit Ethernet connection; 10Mb Ethernet ports are
not fast enough to support the increased traffic from multiple VLANs, so
the commands are not available for a regular Ethernet port.
- By default, traffic from all
VLANs is allowed on a trunk. You can specify which VLANs are permitted (or
not) to cross a particular trunk if you have that requirement, but these
functions are not covered in the CCNA exam.
- Switches (whether trunked or
not) are always connected with crossover cables, not straight-through
cables.
Dynamic
Trunk Protocol (DTP) DTP supports five trunking modes
- On or Trunk interface always assumes the
connection is a trunk, even if the remote end does not support trunking.
- Desirable the interface will generate
DTP messages on the interface, but it make the assumption that the other
side is not trunk-capable and will wait for a DTP message from the remote
side. In this state, the interface starts as an access-link connection. If
the remote side sends a DTP message, and this message indicates that
trunking is compatible between the two switches, a trunk will be formed
and the switch will start tagging frames on the interface. If the other side
does not support trunking, the interface will remain as an access-link
connection
- Auto-negotiate interface passively listens
for DTP messages from the remote side and leaves the interface as an
access-link connection. If the interface receives a DTP message, and the
message matches trunking capabilities of the interface, then the interface
will change from an access-link connection to a trunk connection and start
tagging frames
- No-negotiate, interface is set as a trunk
connection and will automatically tag frames with VLAN information;
however, the interface will not generate DTP messages: DTP is disabled.
This mode is typically used when connecting trunk connections to non-Cisco
devices that don't understand Cisco's proprietary trunking protocol and thus
won't understand the contents of these messages.
- Off If an interface is set to off,
the interface is configured as an access link. No DTP messages are
generated in this mode, nor are frames tagged.
VLAN Trunk Protocol (VTP)
VTP is a
Layer 2 protocol that takes care of the steps of creating and naming VLANs on
all switches in the system. We still have to set port membership to VLANs at
each switch, which we can do either statically or using a VMPS. VTP works by
establishing a single switch as being in charge of the VLAN information for a
domain. In this case, a domain is simply a group of switches that all have the
same VTP domain name. This simply puts all the switches into a common
administrative group.
The VLAN
Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN
configuration information between Cisco switches on trunk connections When you
are setting up VTP, you have three different modes: Server client and
transparent.
Server mode—
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
Client mode—
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Transparent
mode—
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
VTP Messages
An
advertisement request message is a VTP message a client generates When the
server responds to a client's request, it generates a subset advertisement A
summary advertisement is also generated by a switch in VTP server mode. Summary
advertisements are generated every five minutes by default (300 seconds), or
when a configuration change takes place on the server switch
VTP Pruning
VTP gives
you a way to preserve bandwidth by configuring it to reduce the amount of
broadcasts, multicasts, and unicast packets. This is called pruning. VTP
pruning enabled switches sends broadcasts only to trunk links that actually
must have the information.
VTP pruning
is used on trunk connections to dynamically remove VLANs not active between the
two switches. It requires all of the switches to be in server mode
0 comments:
Post a Comment