CSCO 272 VLANs - PowerPoint PPT Presentation

1 / 45

About This Presentation

Title:

CSCO 272 VLANs

Description:

1. CSCO 272. VLANs. LAN Switching and Wireless Chapter 3. CSCO 272 ... It is a security best practice to change the default VLAN to a VLAN other than VLAN 1 ... – PowerPoint PPT presentation

Number of Views:93

Avg rating:3.0/5.0

Slides: 46

Provided by: Vin145

Category:

more less

Transcript and Presenter's Notes

Title: CSCO 272 VLANs

1
CSCO 272VLANs

LAN Switching and Wireless Chapter 3

2
Objectives

Explain the role of VLANs in a converged network.
Explain the role of trunking VLANs in a converged
network.
Configure VLANs on the switches in a converged
network topology.
Troubleshoot the common software or hardware
misconfigurations associated with VLANs on
switches in a converged network topology.

3
Introduction to VLAN

3.1.1
How can the network accommodate the shared needs
of the geographically separated departments?
Do you create a large LAN and wire each
department together?
How easy would it be to make changes to that
network?

4
Introduction to VLAN

It would be great to group the people with the
resources they use regardless of their geographic
location, and it would make it easier to manage
their specific security and bandwidth needs.

5
What is VLAN?

A VLAN allows a network administrator to create
groups of logically networked devices that act as
if they are on their own independent network
A VLAN is a logically separate IP subnetwork.
VLANs allow multiple IP networks and subnets to
exist on the same switched network.

6
Explain the Role of VLANs in a Converged Network
7
Explain the Role of VLANs in a Converged Network
8
Benefits of VLAN

Security
Cost Reduction
Higher Performance
Broadcast mitigation
Improved IT staff efficiency
Simpler project or application management

9
VLAN
10
Types of VLAN

3.1.2
Data VLAN
Configured to carry only user-generated traffic.
It is common practice to separate voice and
management traffic from data traffic.
a "data VLAN". A data VLAN is sometimes referred
to as a user VLAN.

11
Types of VLAN contd..

Default VLAN
All switch ports become a member of the default
VLAN after the initial boot up of the switch.
same broadcast domain.
The default VLAN for Cisco switches is VLAN 1.
VLAN 1 has all the features of any VLAN, except
that you cannot rename it and you can not delete
it.
Layer 2 control traffic, such as CDP and spanning
tree protocol traffic, will always be associated
with VLAN 1 - this cannot be changed

12
Default VLAN

It is a security best practice to change the
default VLAN to a VLAN other than VLAN 1
This entails configuring all the ports on the
switch to be associated with a default VLAN other
than VLAN 1.

13
Native VLAN

A native VLAN is assigned to an 802.1Q trunk
port.
An 802.1Q trunk port supports traffic coming from
many VLANs (tagged traffic) as well as traffic
that does not come from a VLAN (untagged
traffic).
The 802.1Q trunk port places untagged traffic on
the native VLAN.

14
Native VLAN

Native VLANs are set out in the IEEE 802.1Q
specification to maintain backward compatibility
with untagged traffic common to legacy LAN
scenarios

15
Management VLAN

A management VLAN is any VLAN you configure to
access the management capabilities of a switch.
VLAN 1 would serve as the management VLAN if you
did not proactively define a unique VLAN to serve
as the management VLAN.

16
Management VLAN

A switch can be managed via HTTP, Telnet, SSH, or
SNMP.
you wouldn't want an arbitrary user connecting to
a switch to default to the management VLAN.

17
Voice VLAN

Voice Traffic requires
Assured bandwidth to ensure voice quality
Transmission priority over other types of network
traffic
Ability to be routed around congested areas on
the network
Delay of less than 150 milliseconds (ms) across
the network

18
Switch Port Membership

Switch ports are Layer 2-only interfaces
associated with a physical port.
Switch ports are used for managing the physical
interface and associated Layer 2 protocols.
Can not support routing or bridging.
Switch ports belong to one or more VLANs.

19
Static VLAN

Ports on a switch are manually assigned to a
VLAN.

20
Dynamic VLAN

This mode is not widely used in production
networks and is not explored in this course.
A dynamic port VLAN membership is configured
using a special server called a VLAN Membership
Policy Server (VMPS).
With the VMPS, you assign switch ports to VLANs
dynamically, based on the source MAC address of
the device connected to the port

21
Voice VLAN

A port is configured to be in voice mode so that
it can support an IP phone attached to it.
Before you configure a voice VLAN on the port,
you need to first configure a VLAN for voice and
a VLAN for data.

22
Controlling Broadcast Domain within VLAN

When VLANs are implemented on a switch, the
transmission of unicast, multicast, and broadcast
traffic from a host on a particular VLAN are
constrained to the devices that are on the VLAN.
3.1.4
3.1.5

23
Layer 3 Switch

Switch virtual interface (SVI) technology that
allows a Layer 3 switch to route transmissions
between VLANs.
A Layer 3 switch has the ability to route
transmissions between VLANs.
3.1.4

24
VLAN Trunk

A trunk is a point-to-point link between two
network devices that carries more than one VLAN.
A VLAN trunk allows you to extend the VLANs
across an entire network. Cisco supports IEEE
802.1Q for coordinating trunks on Fast Ethernet
and Gigabit Ethernet interfaces.
A VLAN trunk does not belong to a specific VLAN,
rather it is a conduit for VLANs between switches
and routers.
You will learn about 802.1Q later in this
section.

25
Explain the Role of Trunking VLANs in a Converged
Network
26
802.1Q Frame Tagging

When the switch receives a frame on a port
configured in access mode with a static VLAN, the
switch takes apart the frame and inserts a VLAN
tag, recalculates the FCS and sends the tagged
frame out a trunk port.

27
VLAN Tag Field Details

3.2.1

28
VLAN Trunk
29
VLAN Trunking Operation

3.2.2

30
Trunking Modes ( ISL or IEEE)

An IEEE 802.1Q trunk port supports simultaneous
tagged and untagged traffic.
An 802.1Q trunk port is assigned a default PVID,
and all untagged traffic travels on the port
default PVID.
All untagged traffic and tagged traffic with a
null VLAN ID are assumed to belong to the port
default PVID.
A packet with a VLAN ID equal to the outgoing
port default PVID is sent untagged. All other
traffic is sent with a VLAN tag.

31
ISL

In an ISL trunk port, all received packets are
expected to be encapsulated with an ISL header,
and all transmitted packets are sent with an ISL
header.
Native (non-tagged) frames received from an ISL
trunk port are dropped. I
SL is no longer a recommended trunk port mode,
and it is not supported on a number of Cisco
switches.

32
Configure VLANs on the Switches in a Converged
Network Topology
33
Configure VLANs on the Switches in a Converged
Network Topology
34
Configure VLANs on the Switches in a Converged
Network Topology
35
Assign Switch Port

3.3.2

36
Verification commands

show vlan brief
show vlan name student
show vlan summary
3.3.3

37
Managing VLAN

3.3.3
Reassign a port to a different VLAN
Deleting a VLAN
no vlan vlan-id ( global configuration mode)
Deleting a VLAN database
delete flashvlan.dat
Erasing running-configuration file will not
delete a VLAN database

38
Trunk Port Configuration

3.3.4
Verifying Trunk port configuration
show interfaces interface-ID switchport

39
Common Problems with Trunk Port

Native VLAN Mismatches
Trunk Mode mismatches
VLAN and IP subnets
Allowed VLAN on Trunks

40
Troubleshoot Common Software or Hardware
Misconfigurations Associated with VLANs
41
Troubleshoot Common Software or Hardware
Misconfigurations Associated with VLANs
42
Troubleshoot Common Software or Hardware
Misconfigurations Associated with VLANs
43
Summary

VLANS
Allows an administrator to logically group
devices that act as their own network
Are used to segment broadcast domains
Some benefits of VLANs include
Cost reduction, security, higher Performance,
better management

44
Summary