VLANs (Virtual LANs) Mng cc b o

Rick Graziani Cabrillo College Phm Vn Nam bin dch

Gii thiu v VLAN

Default vlan 1

vlan 10

Default vlan 1

VLANs cung cp s phn on da vo cc min qung

b. VLAN = Subnet/Mng con VLANs c th phn on logic cc mng chuyn mch da vo: a im vt l (VD: Ta nh) T chc (VD: Phng tip th) Chc nng (VD: Nhn vin)
2

Gii thiu v VLAN

Without VLANs
10.1.0.0/16

One link per VLAN or a single VLAN Trunk (later) 10.1.0.0/16

With VLANs
10.2.0.0/16 10.2.0.0/16

10.3.0.0/16

10.3.0.0/16

VLANs c to cung cp dch v phn on mng m truyn thng c cung cp bi router trong cc cu hnh mng LAN. VLANs gii quyt cc vn nh kh nng m rng, an ninh v qun l mng.
3

Hai Subnets, Mt Switch, Khng VLANs

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Layer 2 Broadcasts
Chuyn g s xy ra khi 10.1.0.10 gi mt gi ARP Request tm a ch MAC ca 10.1.0.30?

Hai Subnets, Mt Switch, Khng VLANs

Layer 2 Broadcasts

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Switch gi ra tt c cc cng (tr cng nhn c ARP request). Tt c cc hosts nhn c gi qung b, cho d chng nm trn cc subnet khc nhau. Layer 2 broadcast cn phi c tch bit trong phm vi mng ca n. Lu : Nu switch h tr VLAN, mc nh th tt c cc cng thuc v cng mt VLAN v n lm lt ra tt c cc cng nm cng VLAN vi cng nhn.
5

Hai Subnets, Mt Switch, Khng VLANs

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Layer 2 Unknown Unicasts

iu tng t s xy ra i vi trng hp gi tin unicast nhng switch cha hc c destination MAC.

Hai Subnets, Mt Switch, Khng VLANs

Fa 0/0 10.1.0.1/16 Fa 0/1 10.2.0.1/16

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Ngay c khi cc hosts kt ni cng mt switch (hay hub cng vy) th

cc hosts cc subnets khc nhau phi giao tip thng qua router. Nn nh switch l thit b tng 2, n chuyn tip cc frame bng cch kim tra Destination MAC addresses, ch khng phi IP addresses.
7

Gii php truyn thng: dng nhiu Switch

Fa 0/0 10.1.0.1/16

Fa 0/1 10.2.0.1/16

ARP Request

10.1.0.10/16 DG: 10.1.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.2.0.40/16 DG: 10.2.0.1

Mt gii php truyn thng l kt ni cc thit b nm trong cng mt

mng (con) vo cng mt switch. iu s cung cp s phn on cho trng hp broadcast v gi gi unicast nhng switch cha hc c Destination MAC address, nhng cch ny c kh nng m rng km.

Cc min qung b vi VLANs v routers

Port 1 VLAN 10 Port 4 VLAN 20 Port 9 VLAN 10 Port 12 VLAN 20

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Mt VLAN l mt min qung b c to bi mt hay nhiu switches. Cc VLANs c ch nh trn switch v tng ng vi a ch IP ca
host. Mi cng ca switch c th c ch nh thuc v mt VLAN khc nhau.

Cc min qung b vi VLANs v routers

Port 1 VLAN 10 Port 4 VLAN 20 Port 9 VLAN 10 Port 12 VLAN 20

ARP Request

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Cc cng c ch nh cng mt VLAN chia s cng mt min qung b. Cc cng thuc cc VLANs khc nhau khng chia s cng min qung b.

10

Cu hnh VLAN

Cu hnh tnh (Static) Ngi qun tr mng cu hnh tng cng mt (port-byport) Mi cng c ch nh mt VLAN c th Ngi qun tr mng ng vai tr then cht trong vic nh x gia cc cng v VLANs Cu hnh ng (Dynamic) Cc cng c kh nng xc nh ng cu hnh VLAN ca chng S dng mt c s d liu phn mm nh x gia VLANs v MAC addresses (ngi qun tr mng phi ci t trc).
11

VLANs tnh

Default VLAN 1
Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan 10

Default VLAN 1 VLAN 10 Configured

VLANs tnh c gi l port-based hay port-centric VLANs. y l phng php ph bin nht gn cc cng vo cc VLANs. Khi mt thit b kt ni vo mng, n t ng cho rng n l thnh vin ca
VLAN m cng n kt ni vo c ch nh. C mt VLAN mc nh/default VLAN, trn Cisco switches l VLAN 1.

12

Hot ng ca VLAN
Port 1 VLAN 10 Port 4 VLAN 20 Port 9 VLAN 10 Port 12 VLAN 20

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Cc VLANs c ch nh cho cc cng ca switch. mt host tr thnh mt phn ca VLAN, n phi c t mt a ch IP ph hp vi VLAN . Nn nh: VLAN = Subnet
13

Hot ng ca VLAN

VLANs thnh vin ng/Dynamic membership c to thng qua

phn mm qun l mng. (Khng ph bin nh static VLANs) CiscoWorks 2000 hay CiscoWorks for Switched Internetworks c s dng to Dynamic VLANs. Dynamic VLANs cho php vic tr thnh thnh vin ca VLAN da vo a ch MAC ca thit b kt ni vo switch. Khi mt thit b kt ni vo mng, n truy vn c s d liu bit n l thnh vin ca VLAN no
14

Hai loi VLANs

End-to-End hay Campus-wide VLANs Geographic hay Local VLANs

15

End-to-End hay Campus-wide VLANs

M hnh ny hin ti khng c khuyn ngh s dng bi Cisco v cc nh sn xut thit b khc, tr khi c mt s cn thit c th ca phng php ny.

- VLANs da trn chc nng - M hnh VLAN everywhere/ VLAN mi ni - VLANs vi cng VLAN ID, v d: Accounting VLAN 10 c th xut hin bt k ch no trn mng

16

Geographic or Local VLANs

M hnh ny c khuyn ngh s dng.

-VLANs da trn v tr vt l

-VLANs c dnh cho mi nhm switch thuc tng truy cp.

-Ngi s dng thuc Accounting kt ni ti layer 3 switch khc nhau nm trn cc VLAN khc nhau (vd: VLAN 10 v VLAN 30)
17

Lut 80/20 v 20/80

Mng c thit k, da trn cc mu ca lung lu lng, c

c 80 phn trm lu lng chy trong mt VLAN. 20 phn trm cn li qua router n cc my ch ca hng/t chc/x nghip, mng WAN v Internet. l lut 80/20. Lu : Vi cc mu lu lng ngy nay th lut trn ang dn tr nn li thi. Lut 20/80 c p dng cho nhiu mng hin nay vi 20% lu lng chy trong mt VLAN v 80% ngoi VLAN.
18

Geographic hay Local VLANs

Do nhiu mng ca cc cng ty ang c xu hng tp trung ha cc

ti nguyn, end-to-end VLANs tr nn kh khn duy tr. Ngi dng phi s dng nhiu ti nguyn khc nhau m nhiu trong s khng nm trong cng VLAN ca h. V s thay i trong vic b tr v s dng cc ti nguyn, VLANs ang thng c to chung quanh cc ranh gii a l hn l ranh gii tng ng.
19

Gii thiu v Trunking

20

VLAN Trunking/Tagging

VLAN Tagging c s dng khi mt link cn phi mang lu lng ca

nhiu VLAN. Trunk link: khi packets c nhn bi switch t cc thit b u cui kt ni vo, mt nh danh gi duy nht c thm vo bn trong mi header. Phn thng tin thm vo gip nh r v tr thnh vin VLAN cho mi gi (cho bit gi thuc VLAN no).

Rick Graziani graziani@cabrillo.edu

21

VLAN Trunking/Tagging

Sau gi tin c chuyn tip n cc switch hay router thch hp da

vo phn nh danh VLAN v a ch MAC. Khi n node ch (switch), VLAN ID c tho ra khi gi bi switch gn k v gi c chuyn tip cho thit b kt ni vo. Thm th ghi a ch vo gi cung cp mt c ch kim sot cc lung qung b v ng dng trong khi khng can thip n mng v cc ng dng. iu gi l mt trunk link hay VLAN trunking.
22

Rick Graziani graziani@cabrillo.edu

VLAN Trunking/Tagging
No VLAN Tagging

VLAN Tagging

VLAN Tagging c s dng khi mt link n c dng

chuyn lu lng cho nhiu VLAN.

23

VLAN Trunking/Tagging

C hai phng php chnh cho frame tagging, chun c quyn Inter
Switch Link (ISL) ca Cisco v IEEE 802.1Q. ISL tng c dng ph bin, nhng hin ti ang c thay th bi 802.1Q frame tagging ca IEEE. Cisco khuyn ngh s dng 802.1Q.

24

Cu hnh VLANs trn thit b Cisco

Default vlan 1

vlan 10

Default vlan 1

Rick Graziani graziani@cabrillo.edu

25

Cu hnh VLANs tnh

Phi tun theo cc hng dn sau khi cu hnh VLANs trn cc Cisco
29xx switches: S lng VLANs ti a ph thuc vo switch. 29xx switches thng thng cho php c n 4,095 VLANs VLAN 1 l mt trong cc VLANs mc nh ca nh sn xut. VLAN 1 l VLAN Ethernet mc nh. Cc qung b Cisco Discovery Protocol (CDP) v VLAN Trunking Protocol (VTP) c gi trn VLAN 1. a ch IP ca Catalyst 29xx nm trn min qung b ca VLAN 1 theo mc nh.

26

To VLANs
vlan 10 name VLAN10 exit

To VLAN: (Bc ny c th khng cn thit)

Switch#vlan database Switch(vlan)#vlan vl_num name vl_name Switch(vlan)#exit Ch nh cc cng truy cp (access ports khng phi l cng trunk) vo mt VLAN c th Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan vlan_number Switch(config-if)#switchport mode access
27

To VLANs

Default vlan 1

vlan 10

Default vlan 1

Gn cc cng vo mt VLAN no
Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan 10 Switch(config-if)#switchport mode access

access c ngha l cng l mt cng truy cp ch khng phi l

mt cng trunk

28

To VLANs

Default vlan 1

vlan 300

Default vlan 1

Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan 300 Switch(config-if)#switchport mode access

29

Cu hnh di cc cng thuc VLAN

vlan 2

Switch(config)#interface fastethernet 0/5 Switch(config-if)#switchport access vlan 2 Switch(config-if)#switchport mode access Switch(config-if)#exit Switch(config)#interface fastethernet 0/6 Switch(config-if)#switchport access vlan 2 Switch(config-if)#switchport mode access Switch(config-if)#exit Switch(config)#interface fastethernet 0/7 Switch(config-if)#switchport access vlan 2 Switch(config-if)#switchport mode access
30

Cu hnh di cc cng thuc VLAN

vlan 3

Switch(config)#interface range fastethernet 0/8 - 12 Switch(config-if)#switchport access vlan 3 Switch(config-if)#switchport mode access Switch(config-if)#exit

Cu lnh trn khng hot ng trn tt c 2900 switches, v d nh

2900 Series XL. Quy cch ca cu lnh ny c th khc nhau i cht trn cc 2900 switches khc nhau. Hon ton hot ng trn 2950 switches.

31

To VLANs

Default vlan 1

vlan 300

Default vlan 1

SydneySwitch(config)#interface fastethernet 0/1 SydneySwitch(config-if)#switchport mode access SydneySwitch(config-if)#exit Lu : Cu lnh switchport mode access nn c cu hnh trn tt c cc port ca switch m ngi qun tr mng khng mun n tr thnh mt cng trunk

32

To VLANs

Mc nh: dynamic desirable

Link ny s tr thnh mt trunk link tr khi mt trong hai ports c cu hnh nh l mt access port, vd: switchport mode access

Theo mc nh, tt c cc cng c cu hnh l switchport mode

dynamic desirable, iu c ngha l nu cng ny c kt ni ti mt cng ca mt switch khc v n cng c cu hnh mc nh th link tr thnh mt trunking link Nn cu hnh c hai cu lnh switchport access vlan v switchport mode access

33

Kim chng VLANs show vlan

vlan 1 default

vlan 2

vlan 3

34

Kim chng VLANs show vlan brief

vlan 1 default

vlan 2

vlan 3

#show inter fa 0/2 switchport #show interface trunk

35

Xa VLANs

Switch (config) # no vlan 300

Switch(config-if)#no switchport access vlan vlan_number Switch(config-if)#exit Switch(config)# no vlan vlan_number

Cu lnh s xc lp li cng vo VLAN 1. VLAN 1 khng th b xa khi switch.

36

Truy cp/Qun tr mt Switch

Switch(config)#interface vlan 1 Switch(config-if)#ip address 10.1.0.5 255.255.0.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip default-gateway 10.1.0.1
The IP Address, Subnet Mask, v Default Gateway trn mt switch c cng mc ch nh khi ta cu hnh cho mt host. Lu : Switch phi c cu hnh password cho line vty v mt privileged password c th truy cp thng qua telnet. IP Address v Subnet Mask Theo mc nh, VLAN 1 l management VLAN/VLAN qun tr. l ni m ta t IP Address v Subnet Mask cho switch. a ch ch c mc ch qun tr v khng nh hng n cc hot ng chuyn mch ca switch. t a ch cho php ta ping hay telnet ti switch. Default Gateway/Cng vo ra mc nh Default gateway cng c dng cho cc mc ch qun tr. Khi ta telnet n mt switch, nu ta cn ping hay telnet n mt thit b trn mt mng khc th default-gateway l ni m cc frames s c gi qua.
37

Truy cp/Qun tr mt Switch

Switch(config)# enable secret class Switch(config)#line vty 0 15 Switch(config-line)#password cisco Switch(config-line)#login Switch(config)#inter vlan 1 Switch(config-if)#ip add 10.1.0.5. 255.255.0.0 Switch(config-if)#no shut Switch(config)#ip default-gateway 10.1.0.1

38

Truy cp/Qun tr mt Switch

10.1.0.5/16 DG: 10.1.0.1

Fa 0/0 10.1.0.1/16

Fa 0/1 10.2.0.1/16

10.1.0.10/16 DG: 10.1.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.2.0.40/16 DG: 10.2.0.1

Host C:\>telnet 10.1.0.1 username:cisco password:class Switch>show vlan Switch>ping 10.2.0.20 Switch>telnet 10.1.0.1 Switch>exit

39

Xa thng tin VLAN

Switch#delete flash:vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch#erase startup-config Switch#reload

Thng tin VLAN c lu gi trong file vlan.dat File ny khng b xa khi ta xa file startup-config. xa tt c cc thng tin v VLAN, s dng cu lnh trn v reload
li switch.

40

S hot ng ca Trunking

or 802.1Q

Trunking protocols c pht trin qun l hiu qu vic chuyn cc frames t cc VLANs khc nhau trn cng mt link vt l. Cc trunking protocols thit lp tha thun cho vic phn pht cc frames n cc cng lin kt ti hai u ca ng trunk. Cc ng trunk c th mang lu lng cho tt c cc VLANs hoc ch mt s VLANs c th no . Thng tin VLAN nh km c thm bi switch trc khi n c gi qua ng trunk v c tch b bi switch trc khi n c gi xung mt link khng phi l ng trunk.
41

VLANs v trunking

Non-Trunk Links

Trunk Link

Non-Trunk Links

Lu rng ng trunk khng thuc vo mt VLAN c th

no c. Trch nhim ca ng trunk nh l mt ng dn cho cc VLANs gia switches v routers (hay gia swiches v switches).

42

Cu hnh Trunking
Lu : Trn cc switch h tr c 802.1Q v ISL, th lnh switchport trunk encapsulation phi c thc hin TRC lnh switchport mode trunk

Cc cu lnh trn s c gii thch cc slides tip theo.

43

Cu hnh Trunking

Switch(config-if)switchport trunk encapsulation [dot1q|isl]

Cu lnh trn cu hnh VLAN tagging trn mt interface ca switch h

tr nhiu trunking protocols. C hai la chn l: dot1q IEEE 802.1Q isl ISL VLAN tagging phi ging nhau c hai bn.

44

Cu hnh Trunking
802.1Q only ISL only

No Trunk

SwitchA(config-if)switchport mode trunk

SwitchB(config-if)switchport mode trunk

Nu SwitchA ch h tr 802.1.Q trunk v SwitchB ch h tr ISL trunk,

th hai switches khng th thit lp mt ng trunk vi nhau.

45

Cu hnh Trunking
802.1Q only Both ISL and 802.1Q

Trunk

SwitchA(config-if)switchport mode trunk

SwitchB(config-if)switchport trunk encapsulation dot1q

SwitchB(config-if)switchport mode trunk

Nu SwitchA ch h tr 802.1.Q trunk v SwitchB h tr c hai ISL v

8021.Q trunk, cu hnh SwitchB dng 802.1Q cho ng trunk. Trn cc switches h tr c 802.1Q v ISL, lnh switchport trunk encapsulation phi c thc hin trc TRC lnh switchport mode trunk

46

Cu hnh Trunking

Switch(config-if)switchport mode [access|trunk]

Theo mc nh,cc cng ca switch 2900XL c cu hnh nh l cng

access. Khng ng trn phn ln cc switches khc (mc nh l dynamic desirable). Mt cng access ngha l cng ch thuc v mt VLAN n. Access ports c s dng khi: Ch mt thit b n kt ni n cng Nhiu thit b (hub) c kt ni n cng, tt c thuc cng mt VLAN Mt switch khc ni ti cng ny nhng link ch mang thng tin ca mt VLAN n (khng phi l ng trunk). Trunk ports c s dng khi: Mt switch khc c kt ni ti cng ny, v link mang nhiu thng tin VLANs (trunk link).
47

Cu hnh Trunking
No VLAN Tagging

Switch(config-if)switchport mode access Switch(config-if)switchport mode trunk

VLAN Tagging

48

nh tuyn lin VLAN Inter-VLAN Routing

Inter-VLAN Routing
Fa 0/0 10.1.0.1/16 Fa 0/1 10.2.0.1/16

10.1.0.10/16 DG: 10.1.0.1

10.2.0.20/16 DG: 10.2.0.1

10.1.0.30/16 DG: 10.1.0.1

10.2.0.40/16 DG: 10.2.0.1

Khi mt node trong mt subnet hay VLAN cn giao tip vi mt node

thuc mt subnet hay VLAN khc th ta cn mt router nh tuyn gia cc VLANs. Nu khng c thit b nh tuyn th khng th truyn thng tin gia cc VLANs.

50

Inter-VLAN Routing Khng dng ng trunk

10.10.0.11/16

10.20.0.22/16
10.20.0.1/16

10.10.0.1/16

Mt la chn l c mt link ni ti router cho mi VLAN. Tuy nhin, cch khng m rng c. Mc d n gip cn bng ti gia cc VLANs, nhng n c th khng

s dng hiu qu nhng link c t lu lng. Phi chc chn l cc hosts v routers c nh a ch IP thch hp, tng ng vi cc VLANs. Mt thi quen chung l cc s hiu VLAN ging nh a ch IP khi c th.
51

Interfaces vt l v logic

Subinterfaces trn mt router c th c s dng chia mt

interface vt l n thnh nhiu logic interfaces. Cc router cu hnh thp nh 2500 v 1600 khng h tr subinterfaces. Mi interface vt l c th c n 65,535 logical interfaces. Rtr(config)#interface fastethernet port/interface.subinterface

52

Inter-VLAN Routing Dng Trunk Links

10.10.0.11/16

10.20.0.22/16

10.1.0.1/16 10.10.0.1/16 10.20.0.1/16

Router-on-a-Stick

Rtr(config)#interface fastethernet 0/1.1 Rtr(config-subif)#description VLAN 1 Rtr(config-subif)#encapsulation dot1q 1 Rtr(config-subif)#ip address 10.1.0.1 255.255.0.0

Nn s dng gi tr sub-interface trng vi s hiu ca VLAN. Khng nn dng VLAN 1 chuyn cc lu lng qun tr hay lu lng ca ngi dng.
53

Inter-VLAN Routing Dng Trunk Links

10.10.0.11/16

10.20.0.22/16

10.1.0.1/16 10.10.0.1/16 10.20.0.1/16 Rtr(config)#interface fastethernet 0/1.10 Rtr(config-subif)#description Management VLAN 10 Rtr(config-subif)#encapsulation dot1q 10 Rtr(config-subif)#ip address 10.10.0.1 255.255.0.0 Rtr(config)#interface fastethernet 0/1.20 Rtr(config-subif)#description Management VLAN 20 Rtr(config-subif)#encapsulation dot1q 20 Rtr(config-subif)#ip address 10.20.0.1 255.255.0.0
54

Inter-VLAN Routing Dng Trunk Links

10.10.0.11/16

10.20.0.22/16

10.1.0.1/16 10.10.0.1/16 10.20.0.1/16 switch(config)#interface FastEthernet 0/0 switch(config-if)#switchport trunk encapsulation dot1q switch(config-if)#switchport mode trunk

55

Router On A Stick: 802.1Q Trunk Link

switch(config)#interface FastEthernet 0/0 switch(config-if)#switchport trunk encapsulation dot1q switch(config-if)#switchport mode trunk

Router(config)#interface FastEthernet0/0 Router(config-if)no shutdown Router(config)#interface FastEthernet 0/0.1 Router(config-subif) description VLAN 1 Router(config-subif)#encapsulation dot1Q 1 native Router(config-subif)#ip address 10.10.1.1 255.255.255.0 Router(config)#interface FastEthernet 0/0.10 Router(config-subif) description VLAN 10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 10.10.10.1 255.255.255.0 Router(config)#interface FastEthernet 0/0.20 Router(config-subif)# description VLAN 20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 10.10.20.1 255.255.255.0 56