Quản trị mạng - Chapter 3: Vlans

1Chapter 3 - VLANS CCNA Exploration 4.0 Học viện mạng Bach Khoa - Website: www.bkacad.com 2 Objectives • Explain the role of VLANs in a network. • Explain the role of trunking VLANs in a network. • Troubleshoot the common software or hardware configuration problems associated with VLANs on switches in a network topology. Học viện mạng Bach Khoa - Website: www.bkacad.com 3 Role of VLANS • One of the contributing technologies to excellent network performance is the separation of large broadcast domains into smaller ones with VLANs. • Smaller broadcast domains limit the number of devices participating in broadcasts and allow devices to be separated into functional groupings, such as database services for an accounting department and high-speed data transfer for an engineering department. Học viện mạng Bach Khoa - Website: www.bkacad.com 4 Before VLANS • no problem ! 1 building Học viện mạng Bach Khoa - Website: www.bkacad.com 5 Before VLANS Many building Học viện mạng Bach Khoa - Website: www.bkacad.com 6 Before VLANS • Many building: Problem ? – IT department wants to ensure that student computers all share the same security features and bandwidth controls. How can the network accommodate the shared needs of the geographically separated departments? Do you create a large LAN and wire each department together? • It would be great to group the people with the resources they use regardless of their geographic location, and it would make it easier to manage their specific security and bandwidth needs. Học viện mạng Bach Khoa - Website: www.bkacad.com 7 VLAN overview Học viện mạng Bach Khoa - Website: www.bkacad.com 8 VLAN overview • A VLAN allows a network administrator to create groups of logically networked devices that act as if they are on their own independent network • These VLANs allow the network administrator to implement access and security policies to particular groups of users. Học viện mạng Bach Khoa - Website: www.bkacad.com 9 VLANS details Học viện mạng Bach Khoa - Website: www.bkacad.com 10 Benefit of VLANS Học viện mạng Bach Khoa - Website: www.bkacad.com 11 VLAN ID Học viện mạng Bach Khoa - Website: www.bkacad.com 12 Extra: Extended Range VLANs • Configuring Extended-Range VLANs – When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094 for any switch port commands that allow VLAN IDs). – Enter the vlan vlan-id global configuration command to access config-vlan mode and to configure extended-range VLANs. – The VLAN database configuration mode (that you access by entering the vlan database privileged EXEC command) does not support the extended range. – Extended-range VLAN configurations are not stored in the VLAN database. Because VTP mode is transparent, they are stored in the switch running configuration file. You can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command. – Example: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Học viện mạng Bach Khoa - Website: www.bkacad.com 13 Học viện mạng Bach Khoa - Website: www.bkacad.com 14 VLAN Tagging No VLAN Tagging VLAN Tagging Học viện mạng Bach Khoa - Website: www.bkacad.com 15 VLAN Tagging 802.10 Học viện mạng Bach Khoa - Website: www.bkacad.com 16 Types of VLAN • Data VLAN: A data VLAN is a VLAN that is configured to carry only user-generated traffic. Học viện mạng Bach Khoa - Website: www.bkacad.com 17 Types of VLAN • Default VLAN: – All switch ports become a member of the default VLAN after the initial boot up of the switch. – Having all the switch ports participate in the default VLAN makes them all part of the same broadcast domain. This allows any device connected to any switch port to communicate with other devices on other switch ports. – The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it and you can not delete it. Học viện mạng Bach Khoa - Website: www.bkacad.com 18 Types of VLAN • Management VLAN: – A management VLAN is any VLAN you configure to access the management capabilities of a switch. – VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the management VLAN. – You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP. Học viện mạng Bach Khoa - Website: www.bkacad.com 19 Types of VLAN • Native VLAN: – A native VLAN is assigned to an 802.1Q trunk port. – An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). – The 802.1Q trunk port places untagged traffic on the native VLAN. In the figure, the native VLAN is VLAN 99. Học viện mạng Bach Khoa - Website: www.bkacad.com 20 Native VLAN Học viện mạng Bach Khoa - Website: www.bkacad.com 21 Types of VLAN • Voice VLAN: – It is easy to appreciate why a separate VLAN is needed to support Voice over IP (VoIP) – VoIP traffic requires: 1. Assured bandwidth to ensure voice quality 2. Transmission priority over other types of network traffic 3. Ability to be routed around congested areas on the network 4. Delay of less than 150 milliseconds (ms) across the network Học viện mạng Bach Khoa - Website: www.bkacad.com 22 Voice VLAN Học viện mạng Bach Khoa - Website: www.bkacad.com 23 Voice VLAN Học viện mạng Bach Khoa - Website: www.bkacad.com 24 Types of traffic Học viện mạng Bach Khoa - Website: www.bkacad.com 25 Types of traffic Học viện mạng Bach Khoa - Website: www.bkacad.com 26 Types of traffic Học viện mạng Bach Khoa - Website: www.bkacad.com 27 Types of traffic Học viện mạng Bach Khoa - Website: www.bkacad.com 28 Switch port membership Học viện mạng Bach Khoa - Website: www.bkacad.com 29 Controlling Broadcast Domains with VLANs Học viện mạng Bach Khoa - Website: www.bkacad.com 30 No VLANs
Same as a single VLAN
Two Subnets Switch 1172.30.1.21 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 172.30.2.12 255.255.255.0 • Without VLANs, the ARP Request would be seen by all hosts. • Again, consuming unnecessary network bandwidth and host processing cycles. ARP Request Without VLANs – No Broadcast Control Học viện mạng Bach Khoa - Website: www.bkacad.com 31 Two VLANs
Two Subnets Switch 1172.30.1.21 255.255.255.0 VLAN 1 172.30.2.10 255.255.255.0 VLAN 2 172.30.1.23 255.255.255.0 VLAN 1 172.30.2.12 255.255.255.0 VLAN 2 Switch Port: VLAN ID ARP Request With VLANs – Broadcast Control 1 2 3 4 5 6 . 1 2 1 2 2 1 . Port VLAN Học viện mạng Bach Khoa - Website: www.bkacad.com 32 Intra-VLAN Communication • Communicating with a device in the same VLAN is called intra-VLAN communication. Học viện mạng Bach Khoa - Website: www.bkacad.com 33 Inter-VLAN Communication • Communicating with a device in another VLAN is called inter-VLAN communication. Học viện mạng Bach Khoa - Website: www.bkacad.com 34 Controlling Broadcast Domains with VLANs and Layer 3 Forwarding • SVI (switch virtual interface ) – SVI is a logical interface configured for a specific VLAN. You need to configure an SVI for a VLAN if you want to route between VLANs or to provide IP host connectivity to the switch. – An SVI is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch. Học viện mạng Bach Khoa - Website: www.bkacad.com 35 VLAN Trunking Học viện mạng Bach Khoa - Website: www.bkacad.com 36 VLAN Trunk • A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device, such as a router or a switch. • A VLAN trunk does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers. Học viện mạng Bach Khoa - Website: www.bkacad.com 37 VLAN Trunk Học viện mạng Bach Khoa - Website: www.bkacad.com 38 802.1Q tagging Học viện mạng Bach Khoa - Website: www.bkacad.com 39 802.1Q tagging • EtherType field – Set to the hexadecimal value of 0x8100. This value is called the tag protocol ID (TPID) value. With the EtherType field set to the TPID value, the switch receiving the frame knows to look for information in the tag control information field. • Tag control information field – 3 bits of user priority - Used by the 802.1p standard, which specifies how to provide expedited transmission of Layer 2 frames. A description of the IEEE 802.1p is beyond the scope of this course; however, you learned a little about it earlier in the discussion on voice VLANs. – 1 bit of Canonical Format Identifier (CFI) - Enables Token Ring frames to be carried across Ethernet links easily. – 12 bits of VLAN ID (VID) - VLAN identification numbers; supports up to 4096 VLAN IDs. • FCS field – After the switch inserts the EtherType and tag control information fields, it recalculates the FCS values and inserts it into the frame. 802.1Q tagging Học viện mạng Bach Khoa - Website: www.bkacad.com 40 Học viện mạng Bach Khoa - Website: www.bkacad.com 41 Extra: IEEE 802.1p • IEEE 802.1p is a standard that provides traffic class expediting and dynamic multicast filtering. Essentially, it provides a mechanism for implementing Quality of Service (QoS) at the MAC (Media Access Control) level. • Eight different classes of service are available, expressed through the 3-bit user_priority field in an IEEE 802.1Q header added to the frame. The way traffic is treated when assigned to any particular class is undefined and left to the implementation. The IEEE however has made some broad recommendations. • 802.1p is used within the IEEE 802.1D and IEEE 802.1Q standards. Học viện mạng Bach Khoa - Website: www.bkacad.com 42 Extra: ISL Encapsulation Frame Học viện mạng Bach Khoa - Website: www.bkacad.com 43 Extra: ISL Encapsulation Frame Học viện mạng Bach Khoa - Website: www.bkacad.com 44 Native Vlan and 802.1Q • When you configure an 802.1Q trunk port, a default Port VLAN ID (PVID) is assigned the value of the native VLAN ID. Học viện mạng Bach Khoa - Website: www.bkacad.com 45 Extra: Basics of Dynamic Trunking Protocol (DTP) • Ethernet trunk interfaces support several different trunking modes. – Access – Dynamic desirable (default mode on Catalyst 2950 and 3550) – Dynamic auto – Trunk – Non-negotiate – dotq-tunnel (Not an option on the Catalyst 2950.) Học viện mạng Bach Khoa - Website: www.bkacad.com 46 Trunking mode (config-if)# switchport mode trunk switchport mode access switchport mode dynamic desirable switchport mode dynamic auto Nonegotiate switchport nonegotiate Học viện mạng Bach Khoa - Website: www.bkacad.com 47 Extra: Trunking mode • trunk—Configures the port to permanent trunk mode and negotiates with the connected device on the other side to convert the link to trunk mode. If multiple trunk encapsulations are available, the encapsulation must be chosen before this command will work. • access—Disables port trunk mode and negotiates with the connected device to convert the link to nontrunk. This port will belong to only the configured access VLAN. • dynamic desirable—Triggers the port to negotiate the link from nontrunk to trunk mode. The port negotiates to a trunk port if the connected device is in the trunk, dynamic desirable, or dynamic auto state. Otherwise, the port becomes a nontrunk port. This is the default for IOS switch ports • dynamic auto—Enables the port to become a trunk only if the connected device has the state set to trunk or dynamic desirable. • nonnegotiate—Configures the port to permanent trunk mode. No negotiation takes place with the partner. The other side must be trunk or nonegotiate for the trunk to work. You must also specify the encapsulation before choosing this mode. Học viện mạng Bach Khoa - Website: www.bkacad.com 48 Trunking mode Học viện mạng Bach Khoa - Website: www.bkacad.com 49 Trunking mode • Show interface {port} trunk • Show interface trunk • Show interface {port} switchport Học viện mạng Bach Khoa - Website: www.bkacad.com 50 Học viện mạng Bach Khoa - Website: www.bkacad.com 51 Học viện mạng Bach Khoa - Website: www.bkacad.com 52 Creating VLANs • Add a VLAN Học viện mạng Bach Khoa - Website: www.bkacad.com 53 Extra: Creating VLANs Switch#vlan database Switch(vlan)#vlan {vlan_id} [name {vlan_name}] Switch(vlan)#exit • switch# vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Học viện mạng Bach Khoa - Website: www.bkacad.com 54 Assign VLAN to port Học viện mạng Bach Khoa - Website: www.bkacad.com 55 Extra: Configuring Ranges of VLANs SydneySwitch(config)#interface range fastethernet0/8 ? , comma - hyphen (config)#interface range fastethernet0/8 -12 (config-if-range)#switchport access vlan 3 (config-if-range)#exit (config)#interface range fastethernet0/8 , fastethernet0/12 (config-if-range)#switchport access vlan 3 (config-if-range)#exit vlan 3 Học viện mạng Bach Khoa - Website: www.bkacad.com 56 Verify VLAN show vlan show vlan brief show interface vlan 2 show interface fa0/18 switchport Học viện mạng Bach Khoa - Website: www.bkacad.com 57 Delete Vlan • (config)# no vlan vlan_id • # delete flash:vlan.dat Học viện mạng Bach Khoa - Website: www.bkacad.com 58 Configure a Trunk link Học viện mạng Bach Khoa - Website: www.bkacad.com 59 Extra: switchport trunk • Remove VLANs from the current list of the trunking line: (config-if)# switchport trunk allowed vlan remove vlan-id • If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports: (config-if)# switchport trunk native vlan vlan-id • (config-if)# switchport trunk native vlan {vlan-id } Học viện mạng Bach Khoa - Website: www.bkacad.com 60 • Remove VLANs from the current list of the trunking line: (config-if)# switchport trunk allowed vlan remove vlan-id • If a VLAN other than VLAN 1 is to be the Native VLAN, it needs to be identified on the trunk ports: (config-if)# switchport trunk native vlan vlan-id Học viện mạng Bach Khoa - Website: www.bkacad.com 61 Học viện mạng Bach Khoa - Website: www.bkacad.com 62 Extra: Specify the Trunk Encapsulation Extra: Multilayer switch • Interface f0/1 • switchport trunk encapsulation dot1q • switchport mode trunk Học viện mạng Bach Khoa - Website: www.bkacad.com 63 Học viện mạng Bach Khoa - Website: www.bkacad.com 64 Verify Trunk Configuration • show interface trunk • show interfaces interface-ID switchport Học viện mạng Bach Khoa - Website: www.bkacad.com 65 Managing a Trunk Configuration Học viện mạng Bach Khoa - Website: www.bkacad.com 66 Common Problems with Trunks Học viện mạng Bach Khoa - Website: www.bkacad.com 67 Native VLAN mismatchs Học viện mạng Bach Khoa - Website: www.bkacad.com 68 Trunk mode mismatch • Solution: (config-if)# switchport mode trunk Học viện mạng Bach Khoa - Website: www.bkacad.com 69 Incorrect VLAN list • Solution: – S1 f0/3: (config-if)# switchport trunk allowed vlan 10, 20, 99 Học viện mạng Bach Khoa - Website: www.bkacad.com 70 Mistake of VLAN and IP subnets Học viện mạng Bach Khoa - Website: www.bkacad.com 71 Lab Học viện mạng Bach Khoa - Website: www.bkacad.com 72 Summary