A virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast
domain that can span multiple physical segments.
Advantages of VLANs:
·
Increase the number of
broadcast domains while reducing their size.
·
Provide additional security.
·
Increase the flexibility of
network equipment.
·
Allow a logical grouping of
users by function, not location.
·
Make user adds, moves, and
changes easier.
Subnets and VLANs
Logically
speaking, VLANs are also subnets. A subnet, or a network, is a contained
broadcast domain. A broadcast that occurs in one subnet will not be forwarded,
by default, to another subnet. Routers, or layer-3 devices, provide this
boundary function. Switch provide this function at layer 2 by VLAN.
Scalability
VLANs
provide for location independence. This flexibility makes adds, changes, and
moves of networking devices a simple process. It also allows you to group
people together, which also makes implementing your security policies
straightforward.
IP
protocols supports 500 devices per vlans.
VLAN Membership
A
device's membership in a VLAN can be determined by one of two methods: static
or dynamic
·
Static: - you have to assign
manually
·
Dynamic:- Configure VTP
server and it will automatically do rest
VLAN Connections
two
types of connections: access links and trunks.
Access-Link
Connections An access-link connection is a
connection between a switch and a device with a normal Ethernet NIC, where the
Ethernet frames are transmitted unaltered.
Trunk
Connections trunk connections are capable of
carrying traffic for multiple VLANs. Cisco supports two Ethernet trunking
methods:
·
Cisco's proprietary Inter
Switch Link (ISL) protocol for Ethernet
·
IEEE's 802.1Q, commonly
referred to as dot1q for Ethernet
ISL is Cisco-proprietary trunking method that adds a 26-byte header
and a 4-byte trailer to the original Ethernet frame. Cisco's 1900 switch
supports only ISL
802.1Q is a standardized trunking method that inserts a four-byte field
into the original Ethernet frame and recomputed the FCS. The 2950 only supports
802.1Q. 802.1Q trunks support two types of frames: tagged and untagged.
·
An untagged frame does not carry any VLAN identification information in it—basically,
this is a standard, unaltered Ethernet frame.
·
A tagged frame contains VLAN information,
and only other 802.1Q-aware devices on the trunk will be able to process this
frame
Trunk Tagging
For
VLANs to span across multiple switches, you obviously need to connect the
switches to each other. Although it is possible to simply plug one switch into
another using an Access port just as you would plug in a host or a hub, doing
so kills the VLAN-spanning feature and a bunch of other useful stuff too. A
switch-to-switch link must be set up as a trunk link in order for the VLAN
system to work properly. A trunk link is a special connection; the key
difference between an ordinary connection (an Access port) and a Trunk port is
that although an Access port is only in one VLAN at a time, a Trunk port has
the job of carrying traffic for all VLANs from one switch to another. Any time
you connect a switch to another switch, you want to make it a trunk.
Trunking methods create the illusion that instead of a single physical
connection between the two trunking devices, a separate logical connection
exists for each VLAN between them. When trunking, the switch adds the source
port's VLAN identifier to the frame so that the device (typically a switch) at
the other end of the trunk understands what VLAN originated this frame and the
destination switch can make intelligent forwarding decisions on not just the
destination MAC address, but also the source VLAN identifier. Since information
is added to the original Ethernet frame, normal NICs will not understand this
information and will typically drop the frame. Therefore, you need to ensure
that when you set up a trunk connection on a switch's interface, the device at
the other end also supports the same trunking protocol and has it configured.
If the device at the other end doesn't understand these modified frames or is
not set up for trunking, it will, in most situations, drop them. The
modification of these frames, commonly called tagging.
By default, all VLANs are permitted across a trunk link.
Switch-to-Switch trunk links always require the use of a crossover cable, never
a straight-through cable.
Key feature about DTP
·
A trunk can be created only on a Fast Ethernet or Gigabit
Ethernet connection; 10Mb Ethernet ports are not fast enough to support the
increased traffic from multiple VLANs, so the commands are not available for a
regular Ethernet port.
·
By default, traffic from all VLANs is allowed on a trunk. You can
specify which VLANs are permitted (or not) to cross a particular trunk if you
have that requirement, but these functions are not covered in the CCNA exam.
·
Switches (whether trunked or not) are always connected with
crossover cables, not straight-through cables.
Dynamic
Trunk Protocol (DTP) DTP supports five trunking modes
·
On or Trunk interface always assumes the connection is a trunk, even
if the remote end does not support trunking.
·
Desirable the interface will generate DTP messages on the interface,
but it make the assumption that the other side is not trunk-capable and will
wait for a DTP message from the remote side. In this state, the interface
starts as an access-link connection. If the remote side sends a DTP message,
and this message indicates that trunking is compatible between the two
switches, a trunk will be formed and the switch will start tagging frames on
the interface. If the other side does not support trunking, the interface will
remain as an access-link connection
·
Auto-negotiate interface passively listens for DTP messages from the
remote side and leaves the interface as an access-link connection. If the
interface receives a DTP message, and the message matches trunking capabilities
of the interface, then the interface will change from an access-link connection
to a trunk connection and start tagging frames
·
No-negotiate, interface is set as a trunk connection and will
automatically tag frames with VLAN information; however, the interface will not
generate DTP messages: DTP is disabled. This mode is typically used when
connecting trunk connections to non-Cisco devices that don't understand Cisco's
proprietary trunking protocol and thus won't understand the contents of these
messages.
·
Off If an interface is set to off, the interface is configured
as an access link. No DTP messages are generated in this mode, nor are frames
tagged.
VLAN Trunk Protocol
(VTP)
VTP
is a Layer 2 protocol that takes care of the steps of creating and naming VLANs
on all switches in the system. We still have to set port membership to VLANs at
each switch, which we can do either statically or using a VMPS. VTP works by
establishing a single switch as being in charge of the VLAN information for a
domain. In this case, a domain is simply a group of switches that all have the
same VTP domain name. This simply puts all the switches into a common
administrative group.
The
VLAN Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN
configuration information between Cisco switches on trunk connections When you
are setting up VTP, you have three different modes: Server client and transparent.
Server
mode—
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
Client
mode—
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Transparent
mode—
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
VTP Messages
An
advertisement request message is a VTP message a client generates. When the
server responds to a client's request, it generates a subset advertisement .A
summary advertisement is also generated by a switch in VTP server mode. Summary
advertisements are generated every five minutes by default (300 seconds), or
when a configuration change takes place on the server switch
VTP Pruning
VTP
gives you a way to preserve bandwidth by configuring it to reduce the amount of
broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning
enabled switches sends broadcasts only to trunk links that actually must have
the information.
VTP
pruning is used on trunk connections to dynamically remove VLANs not active
between the two switches. It requires all of the switches to be in server mode
No comments:
Post a Comment