The Evolution of LAN Environment:

HUB:

Single Collision Domain. Half Duplex

SWITCH (Layer2):

Multiple Collision Domains. Support Full Duplex. Single BroadcastDomain.

SWITCH (Layer3):

Also has Routing capability.

Cisco’s Enterprise Composite Network Model:

Problem with ‘Plug and Play’ switching model:1.

Chances of failure2.

Broadcast traffic3.

Mulsticasting issues4.

Security issues5.

MAC flooding

Switch Operating Systems:

•

CatOS

•

IOS

Core LayerDistributionLayerAccess Layer

VLAN:

Facts:

1.

Logical separation2.

Each VLAN is a separate subnet3.

Each VLAN is a separate broadcast domain4.

Each VLAN can have its own QoS and Access Control5.

VLANs are stored in flash as ‘vlan.dat’ file. So erasing the nvram won’tdelete vlans. Delete ‘vlan.dat’.6.

Each VLAN runs its own STP, thus called PVST (Per-VLAN Spanning Tree)7.

One Root bridge is elected for each VLAN

Guidelines:

1.

Restrict VLANs to switch blocks, otherwise we have to use trunk to carry allbroadcast VLAN traffic. In other words, local VLANs shouldn’t extendbeyond the Distribution layer. VLANs should be created around physicalboundaries. For eg. Access Layer’s physical boundary is Distribution Layerand Distribution Layer’s physical boundary is Core Layer.2.

Implement Management VLAN.3.

Separate Voice traffic not only for QoS but also for security.4.

Implement multicast support.5.

Implement inter VLAN routing.

Configuration:

1. Create VLAN

•

Old way (through ‘

vlan database

’) Disadvantage: if we do ^Z thenVLAN configuration is lost. We need to type EXIT instead of ^Z tosave the configuration.

•

New Way (through ‘user config mode’)

SW(Config)#

vlan 10 name SALES

2. Change the mode of a port.

•

Access – (for Access layer devices, for e.g. PC, Printers etc., noadvertisement)

SW(Config-if)#

switchport mode access

•

Trunk – (for Trunking, advertise DTP [Dynamic Trunking Protocol] &VTP)

•

Dynamic Desirable – (dynamically negotiates and desires to be Trunk,advertise DTP & VTP)

•

Dynamic Auto – (dynamically negotiates but don’t have any desire, noadvertisement)

•

Non-negotiate – (do not advertise any DTP & VTP, even if the port isTrunk)3. Assign that port to a VLAN

SW(Config-if)#

switchport access vlan 10

4. Verify VLAN with ‘

show vlan

’ command.5. Verify port mode with ‘

show int f0/0 switchport

’. Check ‘Administrative modeand Operational mode fields’

6. Make sure to turn all access layer ports to Access mode for security reasons.

SW(Config)#

int range f0/0 - 15

SW(Config-if-range)#

switchport mode access

Trunking

:

1.

Trunking protocols:a.

ISL (Inter-Switch Link) – Cisco proprietary & encapsulates the entireframe. Thus adds 26 bytes header (out of which VLAN tag is only 2byte, but rest is junk for future use)

[not supported on 2950]

b.

802.1q – Open standard & inserts tag into frame instead of encapsulation. Only 4 byte tag is inserted (including 3 bit for priority)2.

Configure Trunk protocol (either ISL or 802.1q)

SW(Config-if)#

switchport trunk encapsulation dot1q

3.

If using 802.1q, make sure Native VLAN is configured properly. Because if a802.1q trunk port receives an untagged packet, it won’t know what to do withit. Then if we configure Native VLAN, we must make sure it’s same on theadjacent switch, otherwise we will receive Native VLAN mismatch error.(

Native VLAN is practically required in VOIP where we don’t want separateether for our PC in the cubical. We would just like to use the ether port on theVOIP phone to connect our PC too. VOIP phone has the capability of sendingVLAN tagged packet, but PC always sends untagged packet, which will bethen discarded by switch if Native VLAN is not configured.)

SW(Config-if)#

switchport trunk native vlan 10

4.

Configure a port mode to Trunk and use Non-negotiate.

SW(Config-if)#

switchport nonnegotiate

5.

If not using VTP pruning then manually configure the allowed VLANs to passthrough the trunk.

SW(Config-if)#

switchport trunk allowed vlan 10,20,30

6.

Verify using ‘

sh int f0/0 trunk

’ command

VTP (VLAN Trunking Protocol):

1.

Basically used to replicate VLAN revisions to switches.

a.

Advantage: We don’t have to manually configure VLANs in everyswitches

b.

Disadvantage: Can be a huge problem if not properly used.

Scenario: If we mistakenly connect a switch consists of differentVLANs and that switch is a VTP server with a same domainname too, then it will advertise VTP updates to all clientswitches and will thus result into flushing of their vlan databasewith the new information. This will result into a completenetwork outage because the ports of those client switches wereconfigured for the VLANs which are now lost.2.

Configure VTP domain. Domain name is case sensitive.

SW(config)#

vtp domain cisco.com

3.

Configure VTP mode

Category:	How-To Guides/Manuals
Rating:
Upload Date:	11/27/2009
Copyright:	Attribution Non-commercial
Tags:	This document has no tags.

Documents

People