Cisco Exploration 3 Module 3 LAN Switching and Wireless Jim Johnston Class Notes September 9, 2008 VLAN is a logically separate IP subnetwork. This allows multiple networks to exist on a switch and provide security that they are not able to communicate with each other. The following are requirements necessary for two computers to exist on the same VLAN and switch. 1. Both computers must be assigned and IP address from the same subnetwork. 2. Both computers must be connected to a port on a switch that is a member of the same VLAN. VLAN Benefits Security Cost reduction Higher performance Broadcast storm mitigation Improved IT staff efficiency Simpler project or application management VLAN Rules Should be used in small, medium, and enterprise size businesses VLAN IDs between 1-1005 IDs 1002-1005 are reserved for Token Ring and FDDI IDs 1 and 1002-1005 are automatically created and cannot be removed vlan.dat is where VLAN configurations are stored VTP VLAN Trunking Protocol helps manage VLANs between switches Extended VLAN Rules For customer who need more VLANs can use 1006-4094 Fewer VLAN features supported VTP does not support extended Saved in running config At most you can have 255 configured VLANs. Cisco Catalyst switches can now piggyback up to 9 switches that will mimic one switch. Since you can purchase up to 48 ports on a switch you would then have a virtual switch of 48*9 = 432 ports available. Types of VLANs 1. Data also known as user VLAN 2. Default all switches come with VLAN 1 setup as the default VLAN both CDP and STP use this VLAN to communicate and all ports are assigned to this VLAN initially. Best practice says to move all ports to another VLAN therefore creating
a new default VLAN. You cannot change or delete VLAN 1 and it will always be used by CDP and STP but you can associate all the ports to a new default VLAN. 3. Native is assigned to an 802.1Q trunk port. This is used to pass multiple VLANs and untagged data to other switches. 802.1Q supports Legacy networks that do not have VLAN tagged traffic. You should not assign VLAN 1 as your native VLAN. 4. Management is your VLAN that you add your intermediary network devices to. This allows for easy and secure management. Again you should not use VLAN 1 as your VLAN of choice. 5. Voice it is very important to separate data VLANs from Voice VLANs. Voice requires the following: a. assured bandwidth to guarantee quality b. transmission priority over other traffic c. ability to be routed around congested areas of the network d. delay of less than 150ms across the network Cisco IP Phone The Cisco IP Phone is a switch with 3 10/100 ports. Port 1 connects to the switch or other VoIP device. Port 2 is an internal interface that carries IP phone traffic. Port 3 (access port) connects to PC or other device. Port 2 tags the IP phone data as voice, while Port 3 leaves PC data untagged. The port connected to the IP Phone when tagged as voice acts as a trunk for both types of data coming from the phone. Network Traffic Types 1. IP Telephony Traffic a. Signaling used to setup, maintain progress, and bring down calls b. Voice the actual voice data packets 2. Network Management and Control Traffic (CDP, SNMP, ) 3. IP Multicast (Cisco IP / TV Broadcasts) 4. Normal Data files, storage, print services, email, database access, shared applications 5. Scavenger Class P2P apps, gaming apps, and entertainment video apps Switchports Cisco switchports are layer 2 physical connections. You must assign them to a VLAN. Ports support the following type of VLANs. Static VLAN manual configuration and VLAN assignment
Dynamic VLAN not widely used and will not be used in this course. It uses a VLAN Membership Policy Server to associate MAC addresses with a VLAN. If a user moves to another port it automatically associates the new port with the VMPS VLAN configuration. Voice VLAN a port is configured to be voice port so that you can connect an IP phone to it. First you need to configure a VLAN for voice and a VLAN for data. When the phone is first plugged into the configured voice switchport the switch sends CDP information to the phone telling it what the voice VLAN and data VLAN are so that it can appropriately tag the data. Your network must be configured to prioritize voice traffic. The following are commands used to ensure successful voice traffic. Priority: mls qos trust cos Switchport VLAN access voice: switchport voice vlan 150 Switchport VLAN access data: switchport access vlan 20 Broadcast Domains When a switch receives a broadcast from a specific VLAN it will only forward it out ports that are a member of the same VLAN. SVI Switch Virtual Interface needs to be setup on all switches that will be remotely managed. This allows and IP address to be assigned to a virtual interface. The SVI is assigned the default LAN, which should be your management LAN and not VLAN 1. Layer 3 switches allow routing to occur between VLANs, something that a router usually is responsible for. The routing occurs at the SVI. VLAN Trunk A trunk is a point-to-point link between two network devices that carries more than one VLAN. Cisco supports IEEE 802.1Q as its trunking method. A trunk is not a member of a VLAN. 802.1Q is an encapsulation method that encapsulates a frame on a switch when it is about to travel over a trunk line. Switches are layer 2 devices that only deal with MAC addresses and no VLAN information at the trunk port a frame has information encapsulated around it and removed when it arrives on the other end of the trunk. A legacy protocol from Cisco is ISL, this should no longer be used as a trunking protocol. You should only use 802.1Q.
DTP Dynamic Trunking Protocol is a Cisco proprietary protocol. Some Cisco switches and routers do not support DTP and DTP is not required for trunking. If two Cisco devices are configured for DTP and one device has a port configured as a trunk line then the other end will dynamically configure itself to be a trunk port also. DTP supports both ISL and 802.1Q but is not supported on non-cisco devices. Trunking Modes (in conjunction with DTP) 1. On (default) local switchport set as trunk switchport mode trunk, periodically this port sends out DTP messages and possibly receives DTP messages from remote device. No matter what the message received is it is unconditionally in a trunk state. 2. Dynamic Auto switchport mode dynamic auto, periodically this port sends out DTP messages advertising it s state as auto. If the remote port is set as trunk or desirable then local port becomes trunk, else it s not a trunk (including when both are set to auto). 3. Dynamic Desirable switchport mode dynamic desirable, periodically this port sends out DTP messages. If the remote port is set as on, auto, or desirable then the ports will become a trunk. 4. Turn Off DTP switchport nonegotiate, shuts off DTP and port is set as unconditional trunk, this should be used when connecting to non-cisco switches. Configuring VLANs Add a VLAN vlan <vlan id> name <optional name> exit Useful Commands show vlan show vlan brief show vlan name student show vlan 20 Assign a Port to a VLAN switchport mode access switchport access vlan 20 exit Deleting Entire VLAN Database delete flash:vlan.dat
Configure a Port to be a Trunk switchport mode trunk Troubleshooting The following are problems that arise with VLANs. Native VLAN mismatches Trunk mode mismatches VLANs and IP subnets Allowed VLANs on trunks Adding a VLAN to a trunk line (trunk port) switchport access trunk allowed vlan add <vlan id> or reconfigure entire list switchport trunk allowed vlan 10,20,99