Professional Documents
Culture Documents
SWITCHING
Introduction to switching
VLAN: Virtual Local Area Network
• Types of Vlans
• Advantages of Vlans
• Types of Connections
• Vlan Tagging(Frame tagging technics)
• Types of Vlan Tagging
• Methods of indicating the packets travels
between switches
SWITCHING & WIRELESS
Vlan Limitations
Requirements to set up Vlans
The Virtual Trunk Protocol (VTP)
• The VTP Modes
• VTP Configuration
• Switches Classifications
Design and implementation of vlans
Security(Network security)
• Introduction
• Access Control List
SWITCHING & WIRELESS
High Security
• VLANs are more secure because switches will send and
receive information only to and from the VLAN on which
they are designed to transmit
• VLAN can also be configured to grant or restrict security
privileges to certain users.
Low cost
• Routers require powerful processors to read and route
packets on a network; this makes them more expensive
and less efficient than switches. Switches use much
smaller processors and therefore use less electricity.
Advantages of Vlans( summary)
3 Hybrid Link
This is a combination of the previous two links. This is
a link where both VLAN aware and VLAN unaware
devices are attached . A hybrid link can have both
tagged and untagged frames, but all the frames for a
specific VLAN must be either tagged or untagged.
Types of Connections(Next)
Vlan Tagging
2. IEEE 802.1q(dot1q)
The 802.1q standard was created by the IEEE group
to address the problem breaking large networks into
smaller and manageable ones through the use of
VLANs
As with all open standards the IEEE 802.1q tagging
method is by far the most popular and commonly
used even in Cisco oriented network installations
mainly for
Types of Vlans Tagging (Next)
S1#config t
S1#(config)#vtp mode server
S1(config)#vtp domain IT
S1(config)#vtp password ICT
S1(config)#do show vtp password
S1(config)#do show vtp status
VTP Configuration(Client mode)
Switch#config t
Switch(config)#vtp mode transparent
Switch(config)#vtp domain IT
Core(config)#vtp password ICT
S1(config)#do show vtp password
Switch(config)# do show vtp status
Classifications of switches
2.Configuration options:
Unmanaged switches: These switches have no configuration interface or options.
They are plug and play they are typically the least expensive switches, found in home
or small businesses. They can be desktop or rack mounted.
Managed switches: These switches have one or more methods to modify the
operation of the switch. Common management methods include: a command-line
interface (CLI) accessed via serial console, telnet or Secure Shell an embedded
Simple Network Management Protocol allowing management from a remote console
or management station, Two sub-classes of managed switches are marketed today:
Smart (or intelligent) switches: these are managed switches with a limited set of
management features. Allow configuration of basic settings, such as VLANs, port-
bandwidth and duplex.
Enterprise Managed (or fully managed) switches: These have a full set of
management features, including CLI, web interface. They may have additional
features to manipulate configurations, such as the ability to display, modify, backup
and restore configurations.
DESIGN AND IMPLEMENTATION OF VLANs
1.ACL Creation
Enter global configuration mode. Using the access-list command, enter the
access control list statements. Enter all statements with the same ACL
number until the access control list is complete.
The syntax for the Standard ACL statement is:
Access-list [access-list-number] [deny /permit] [source address] [source-
wildcard][log]
Example: # access-list 55 permit 192.168.77.0 0.0.0.63
To delete an ACL, use the command:
#no access-list [list number]
SECURITY
2.ACL Application
An ACL does not filter traffic until it has been applied, or assigned, to an interface
Assign an ACL to one or more interfaces, specifying either inbound traffic or
outbound traffic
Apply a standard ACL as close to the destination as possible.
R(config-if)#ip access-group access list number [in | out]
The following commands place access-list 7 on the R Fa0/0 interface filtering
inbound traffic:
R(config)#interface fastethernet 0/0
R(config-if)#ip access-group 7 in
The default direction for an ACL applied to an interface is out. Even though out is
the default, it is very important to specify the direction to avoid confusion and to
ensure that traffic filters in the correct direction.
To remove an ACL from an interface while leaving the ACL intact, use the no ip
access-group interface command
Important terms
Broadcast Domain:
The set of all devices that will receive broadcast
frames originating from any device within the set.
Broadcast domains can be bounded by VLANs in a
stand-alone environment. In an internetworking
environment, they are typically bounded by routers
because routers do not forward broadcast frames
Important terms
Collision
In Ethernet, the result of two nodes that transmit
simultaneously. The frames from each device impact
and are damaged when they meet on the physical
media
Collision Domain
In Ethernet, the network area within which frames
that have collided are propagated. Repeaters and
hubs propagate collisions; LAN switches, bridges
and routers do not.
Important terms
Frame
The logical grouping of information sent as a data link
layer unit over a transmission medium. Often refers to
the header and trailer, used for synchronization and
error control, which surround the user data contained in
the unit.
Packet
A logical grouping of information that includes a header
containing control information and user data, packets
are most often used to refer to network layer units of
data.
Important terms
IEEE
Institute of Electrical and Electronics Engineers. The IEEE is
a professional organization whose activities include the
development of communications and network standards.
IEEE LAN standards are the predominant LAN standards
today.
Latency
Delay between the time a device requests access to a network
and the time it is granted permission to transmit. It is also
the delay between the time when a device receives a frame
and the time that frame is forwarded out the destination port
WIRELESS NETWORKS