Tuesday, January 7, 2020

VLAN

It's 8pm and I'm at the Bridge 281....but not for coffee 😁. Trying tea, Rooibos, an African 'caffeine-free', low in tannins, free from Oxalix acid tea with very floral and fruity notes. A fabulous barista recommended it and I certainly enjoyed it!
Campus Topology Design
  1. Access Layer: PC, IP Phones, and Printers are at this layer that is designed for high port count and affordable cost. Client access security measures are enabled at this  Access Layer.
  2. Distribution Layer: access layer switches uplink to 'typically' redundant distribution switches, thus providing scalability. No host at this layer and most software policy like Qos is enabled here.
  3. Core Layer: distribution switches uplink here to typically redundant core switches, it is designed for speed and resiliency so rarely are software policies enable here --> this would slow the core. 
  • Collapsed Design for smaller campuses (LETU)

    1. Access Layer is the same as above.
    2. Distribution/Core Layer 



VLAN- Virtual Local Area Network
  • VLANs increase performance and security within a network
  • They segment the LAN into separate broadcast domains at Layer 2
  • typically a one-to-one relationship between an IP subnet and a VLAN 
  • Types of VLANs:
    • Default VLAN- initial startup VLAN - Cisco default is VLAN 1
    • Data  VLAN - referred to as the user VLAN
    • Management VLAN - for admins to manage the switch
    • Voice VLAN - for voice traffic
    • Native VLAN - is assigned to a 802.1Q trunk for untagged traffic
  • Access Ports
    • Access ports are configured on switch interfaces for end-hosts and end-host are not aware of the VLAN
    • Access ports are configured with one specific VLAN  
    • VLAN1 by default, which is also the Native VLAN
    • SW1(config)#vlan 10
    • SW1(config-vlan)#name Engineering
    • SW1(config)# interface Fa0/1
    • SW1(config-if)#switchport mode access (dynamic by default)
    • SW1(config-if)#switchport access vlan 10
    • SW1(config-if)#interface range FastEthernet 0/3 -12
    • SW1(config-if)#switchport mode access
    • SW1(config-if)#switchport access vlan 10
    • Verification
    • #show vlan brief                               (brief stats of all ports)
    • #show interface Fa0/1 switchport   (stats individual port)
  • Trunk Ports:
    • Links that carry traffic for multiple VLANs between switches
    • Dot1Q is the current trunking protocol - ISL(Inter-Switch Link) is cisco proprietary trunking protocol that is obsolete
    • Dot1Q - when traffic traversed switch to switch it tags the layer 2 header with the Dot1Q info (correct VLAN). The receiving switch only forwards traffic to ports in the same VLAN, and it removes the Dot1Q tag from the Ethernet frame.
    • Note: with a server running multiple virtual machines (like VMware or HyperV), that port would also be a truck as it may need to be in multiple LANs.
    • SW1(config)#interface fa0/24
    • SW1(config-if)#description Trunk to SW2  (optional)
    • SW1(config-if)#switchport trunk encapsulation dot1q (command for old switches)
    • SW1(config-if)#switchport mode trunk
    • SW1(config-if)#switchport trunk native vlan 199  (199 unused)
    • Native VLAN - this was assigned to any traffic that was not VLAN tagged coming from a trunked port (Hub to Switch: hubs are only layer 1 and not VLAN aware).
      •  The default Native VLAN is 1, however, there are security issues here so the best practice is to change it to an unused VLAN. 
      • The Native VLAN must match on both sides of the trunk.
    • Verification
    • SW1#sho interface fa0/1 switchport
    • Limiting Allowed VLANs - you can specifically limit the VLANs that can traverse a trunk for security and performance reasons. This must be set on both sides of the trunk, and if not set, all VLANs will traverse the link.
    • SW1(config)#interface fa0/24
    • SW1(config-if)#switchport trunk allowed vlan 10,30
  • DTP - Dynamic Trunking Protocol
    • If connecting two Cisco switches, they can negotiate the trunk connection using DTP, however, this is not recommended.
    • Switchport mode dynamic auto: if the neighboring switch port is set to trunk or desirable, the link will automatically form a trunk. However, if both sides are set to auto, a trunk will not form.
    • Switchport mode dynamic desirable:  will form a trunk if the neighbor switch is set to trunk, desirable, or auto
    • Swichport nonegotiate: disables DTP
  • VTP - VLAN Trunking Protocol
    • allows you to add, edit or delete VLANs on switches configured as VTP Servers, and all other VTP Client switches will synchronize their VLAN databases with it.
    • Note: port level VLAN assignments must still be made
    • If you have multiple VTP Servers, the one with the highest revision number on the domain will be king
    • VTP Server: can add, edit, or delete VLANs
    • VTP Client: not able to add, edit, or delete. Looks for highest revisioned VTP Server on domain
    • VTP Transparent: does not participate in the Server/Client VTP but will pass the database updates through the switch. It can maintain its own VLAN database. NOTE: if you want tagged traffic to flow through the switch, it must have the VLAN in the database.
    • SW1(config)#vtp domain LETU   ('LETU' must be on all switches)
    • SW1(config)#vtp mode server          or
    • SW1(config)#vtp mode client           or
    • SW1(config)#vtp mode transparent

    • Verification: SW1#show vtp status
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Spanning Tree

  • Cisco Troubleshooting Methodology & Bread
    Common tools on the router Ping - tests bidirectional connectivity Traceroute - uses the ICMP to each hop and maps ...
  • Layer 2 (Big MAC)
    The Data Link Layer  - I love this tasty layer....so beautifully simple 😁 Leah and I are chill'in at the Grizz ...nothing better ...