Chap 3

1
Chap 3 Virtual LANs (VLANs) Learning Objectives

• Explain the role of VLANs in a converged network.
  
• Explain the role of trunking VLANs in a converged
  network.
• Configure VLANs on the switches in a converged
  network topology.
• Troubleshoot the common software or hardware
  mis-configurations associated with VLANs on
  switches in a converged network topology.

2
Introduction to VLANs
Traditional LAN Segmentation
Virtual LAN Segmentation
3
VLANs Broadcast Domains
4
VLANs Broadcast Domains
5
Advantages of VLANs

• Security - Groups that have sensitive data can be
  separated from the rest of the network.
• Cost reduction - Cost savings result from more
  efficient use of existing bandwidth and uplinks.
• Higher performance - reduces unnecessary traffic
  on the network, boosting performance.
• Improved IT staff efficiency - VLANs make it
  easier to manage the network because users with
  similar network requirements share the same VLAN.

6
VLANs Broadcast Domains

• VLAN implementation on a switch causes certain
  actions to occur
• The switch maintains a separate bridging table
  for each VLAN.
• If the frame comes in on a port in VLAN 1, the
  switch searches the bridging table for VLAN 1.
• When the frame is received, the switch adds the
  source MAC address to the bridging table if it is
  currently unknown.
• The destination is checked so a forwarding
  decision can be made.
• For learning and forwarding, the search is made
  against the address table for that VLAN only.

7
Normal Range VLANs

• Used in small- and medium-sized business and
  enterprise networks.
• Identified by a VLAN ID between 1 and 1005.
• IDs 1002 through 1005 are reserved for Token Ring
  and FDDI VLANs.
• IDs 1 and 1002 to 1005 are automatically created
  and cannot be removed.
• Configurations are stored within a VLAN database
  file, called vlan.dat. The vlan.dat file is
  located in the flash memory of the switch.
• The VLAN trunking protocol (VTP), which helps
  manage VLAN configurations between switches, can
  only learn normal range VLANs and stores them in
  the VLAN database file.

8
Extended Range VLANs

• Enable service providers to extend their
  infrastructure to a greater number of customers.
  Some global enterprises could be large enough to
  need extended range VLAN IDs.
• Are identified by a VLAN ID between 1006 and
  4094.
• Supports fewer VLAN features than normal range
  VLANs.
• Are saved in the running configuration file.
• VTP does not learn extended range VLANs.

9
VLAN Types

• A data VLAN is a VLAN that is configured to carry
  only user-generated traffic. A VLAN could carry
  voice-based traffic or traffic used to manage the
  switch, but this traffic would not be part of a
  data VLAN.

Management VLAN 99 172.17.99.10/24
Fa0/4
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
10
VLAN Types

• The default VLAN for Cisco switches is VLAN 1.
  VLAN 1 has all the features of any VLAN, except
  that it cannot be renamed or deleted. Layer 2
  control traffic, such as CDP and spanning tree
  protocol traffic, will always be associated with
  VLAN 1 - this cannot be changed.

Management VLAN 99 172.17.99.10/24
It is a security best practice to change the
default VLAN to a VLAN other than VLAN 1
Fa0/4
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
11
VLAN Types

• A native VLAN is assigned to an 802.1Q trunk
  port. An 802.1Q trunk port supports traffic
  coming from many VLANs (tagged traffic) as well
  as traffic that does not come from a VLAN
  (untagged traffic).

• Trunks are used to allow the same VLAN to span
  different switches
• A native VLAN serves as a common identifier on
  opposing ends of a trunk link

Management VLAN 99 172.17.99.10/24
Fa0/4
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
12
VLAN Types

• A management VLAN is any VLAN configured to
  access the management capabilities of a switch.
  VLAN 1 would serve as the management VLAN if you
  did not proactively define a unique VLAN to serve
  as the management VLAN.

• Default configuration of a Cisco switch has VLAN
  1 as the default VLAN - bad choice, as arbitrary
  users could then attempt to access the switch
  IOS.

Management VLAN 99 172.17.99.10/24
Fa0/4
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
13
Voice VLAN

• VoIP traffic requires
• Assured bandwidth to ensure voice quality
• Transmission priority over other types of network
  traffic
• Ability to be routed around congested areas on
  the network
• Delay of less than 150 milliseconds (ms) across
  the network

14
Voice VLAN

• The Cisco IP Phone contains an integrated
  three-port 10/100 switch, providing dedicated
  connections to
• Port 1 connects to the switch or other
  voice-over-IP (VoIP) device.
• Port 2 is an internal 10/100 interface that
  carries the IP phone traffic.
• Port 3 (access port) connects to a PC or other
  device.

15
Port Membership Modes - Voice
Configure a switch access port with an attached
Cisco IP Phone to use one VLAN for voice traffic
and another VLAN for data traffic from a device
attached to the phone

• Command mls qos trust cos ensures that voice
  traffic is identified as priority traffic. (note
  that the entire network must be set up to
  prioritise voice traffic).
• The switchport voice VLAN 150 command identifies
  VLAN 150 as the voice VLAN.
• The switchport access VLAN 20 command configures
  VLAN 20 as the access mode (data) VLAN.

16
Port Membership Modes - Static

• Static VLAN - Ports on a switch are manually
  assigned to a VLAN, using the Cisco CLI.
• If an interface is assigned to a VLAN that does
  not exist, the new VLAN is automatically created.

17
Network Traffic

• IP telephony traffic consists of signaling
  traffic and voice traffic. Signaling traffic is,
  responsible for call setup, progress, and
  teardown, and traverses the network end to end.
• IP multicast traffic is sent from a particular
  source address to a multicast group that is
  identified by a single IP and MAC
  destination-group address pair (e.g. Cisco IP/TV
  broadcasts).
• Normal data traffic is related to file creation
  and storage, print services, e-mail database
  access, and other shared network applications
  that are common to business uses.
• Scavenger class is intended to provide less-than
  best-effort services to applications having
  little or no official purpose - KaZaa, Morpheus,
  Groekster, Napster, iMesh, Doom, Quake, Unreal
  Tournament)

18
Connecting VLANs

• Breaking up a big broadcast domain into several
  smaller ones using VLANs reduces broadcast
  traffic and improves network performance.
  Breaking up domains into VLANs also allows for
  better information confidentiality within an
  organisation.

• A router is needed any time devices on different
  Layer 3 networks need to communicate, regardless
  whether VLANs are used.

Management VLAN 99 172.17.99.10/24
Fa0/4
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
19
Connecting VLANs

• Switch Virtual Interface (SVI) is a logical
  interface configured for a specific VLAN, and is
  used by layer 3 switches to route between VLANs
  or to provide IP host connectivity to a switch.

• A Layer 3 switch has the ability to route
  transmissions between VLANs.
• The process is the same as when using a separate
  router, except that the SVIs act as the router
  interfaces for routing the data between VLANs.

SVI VLAN99
SVI VLAN30
Management VLAN 99 172.17.99.10/24
SVI VLAN20
Layer 3 Switch
Fa0/1
Fa0/3
Student VLAN 20 172.17.20.22/24
Student VLAN 20 172.17.20.25/24
Fa0/18
Fa0/18
Fa0/1
Fa0/3
Guest VLAN 30 172.17.30.23/24
Guest VLAN 30 172.17.30.26/24
Fa0/6
Fa0/6
20
VLAN Trunks

• A trunk is a point-to-point link between one or
  more Ethernet switch interfaces and another
  networking device, such as a router or a switch.
  Ethernet trunks carry the traffic of multiple
  VLANs over a single link.
• A VLAN trunk allows extension of VLANs across an
  entire network. Cisco supports IEEE 802.1Q for
  coordinating trunks on Fast Ethernet and Gigabit
  Ethernet interfaces.
• A VLAN trunk does not belong to a specific VLAN,
  rather it is a conduit for VLANs between switches
  and routers.

21
VLAN Trunking
No VLAN Trunking
VLAN Trunking

• VLAN Trunking is used when a single link needs to
  carry traffic for more than one VLAN.

22
802.1Q Tagging

• 802.1Q does not encapsulate the original frame,
  but modifies the Ethernet type field by adding a
  Tag Control Information (TCI) field.
• A TCI contains a 12-bit VLAN identifier (VID),
  uniquely identifying the VLAN to which the frame
  belongs (4,096 VLANs max, with 0 and 4095
  reserved).
• Because inserting this header changes the frame,
  802.1Q encapsulation forces a recalculation of
  the original FCS field in the Ethernet trailer.

23
Creating VLAN Trumks

• S1configure terminal
• S1(config)interface F0/1
• S1(config-if)switchport mode trunk
• S1(config-if)switchport trunk native vlan 99
• S1(config)end

24
Creating VLAN Trumks
Use the show interfaces interface-id switchport
command to verify correct reconfiguration of the
native VLAN from VLAN 1 to VLAN 99.
25
DTP Dynamic Trunking Protocol

• Dynamic Trunking Protocol (DTP) is a Cisco
  proprietary protocol.
• Switches from other vendors do not support
• DTP.
• DTP is automatically enabled on a switch port
  when certain trunking modes are configured on the
  switch port.

26
DTP Trunking Modes

• Switchport Mode Access- permanent non-trunking
  mode, regardless of neighbouring interface
  settings.
• Switchport Mode Trunk permanent trunking mode,
  regardless of neighbouring interface settings.
• Switchport Mode Dynamic Desirable actively
  tries to convert the port to a trunk if the
  neighbouring interface is set to trunk, desirable
  or auto.
• Switchport Mode Dynamic Auto port is willing to
  convert to a trunk if neighbouring interface is
  set to trunk or desirable.
• Switchport Nonegotiate port does not generate
  DTP frames, and must be manually configured.

27
Configure VLANs Trunks

• Use the following steps to configure and verify
  VLANs and
• trunks on a switched network
• Create the VLANs
• Assign switch ports to VLANs statically
• Verify VLAN configuration
• Enable trunking on the inter-switch connections
• Verify trunk configuration

28
Creating VLANs
Creating VLANs

• Create Named VLAN
• Switch(config)vlan 10
• Switch(config-vlan)name Engineering
• Switch(config-vlan)exit

Verify Switchsh vlan brief
29
Creating VLANs

• Assigning access ports to a specific VLAN (10 in
  this example)
• Switch(config)interface fastethernet 0/9
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 10

Note The switchport mode access command should
be configured on all ports that the network
administrator does not want to become a trunk port
30
Creating VLANs
VLAN 10
Switch(config)interface range fastethernet 0/9 -
12 Switch(config-if)switchport mode
access Switch(config-if)switchport access vlan
10 Switch(config-if)exit
31
Managing Ports
VLAN 10
Switch(config)interface fa 0/9 Switch(config-if)
no switchport access vlan Switch(config-if)exit
Fa 0/9 returned to default VLAN
32
Deleting VLANs
VLAN 10

• Delete Named VLAN
• Switch(config)no vlan 10

Before deleting a VLAN, reassign all member ports
to a different VLAN, as they are not returned to
the default VLAN, and become inactive
Fa 0/9-12 inactive
33
Creating Trunk
Switch(config)interface fa 0/1 Switch(config-if)
switchport mode trunk Switch(config-if)switchpor
t trunk native vlan 99 Switch(config-if)switchpor
t trunk allowed vlan add 10,20,30 Switch(config-if
)end
34
Verify Trunk
Switchshow interface fa 0/1 switchport
35
Reset/Delete Trunk
Reset Trunk to default settings
Delete Trunk Switch(config)interface fa
0/1 Switch(config-if)switchport mode access
36
VLAN Troubleshooting

• Native VLAN mismatches - Trunk ports are
  configured with different native VLANs. This
  configuration error generates console
  notifications, causes control and management
  traffic to be misdirected.
• Trunk mode mismatches - One trunk port is
  configured with trunk mode "off" and the other
  with trunk mode "on". This configuration error
  causes the trunk link to stop working.
• VLANS and IP subnets devices may have been
  configured with incorrect IP addresses,
  preventing devices from accessing network
  resoures.
• Allowed VLANs on trunks - The list of allowed
  VLANs on a trunk has not been updated with the
  current VLAN trunking requirements. In this
  situation, unexpected traffic or no traffic is
  being sent over the trunk.

37
Chap 3 Virtual LANs (VLANs) Learning Objectives

• Explain the role of VLANs in a converged network.
  
• Explain the role of trunking VLANs in a converged
  network.
• Configure VLANs on the switches in a converged
  network topology.
• Troubleshoot the common software or hardware
  mis-configurations associated with VLANs on
  switches in a converged network topology.

38
Any Questions?
39
Lab Topology
Chapter 3.5.1 Basic VLAN Config
S1
PC4 172.17.10.24/24
PC1 172.17.10.21/24
Fa0/1
Fa0/2
Fa0/11
Fa0/11
S2
S3
Fa0/1
Fa0/2
Fa0/18
PC5 172.17.20.25/24
Fa0/18
PC2 172.17.20.22/24
Fa0/6
Fa0/6
PC6 172.17.30.26/24
PC3 172.17.30.23/24