ccna3-mod8-vlans day_1_1.2 ver 2

8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

1/29

VLANs (Virtual LANs)


2/29

Rick Graziani [email protected] 2

VLAN introduction

• VLANs provide segmentation based on broadcast domains.

• VLANs logically segment switched networks based on the unctions!

"ro#ect teams! or a""lications o the organization regardless o the"hysical location or connections to the network.

• All workstations and ser$ers used by a "articular workgrou" share thesame VLAN! regardless o the "hysical connection or location.

.


3/29

Rick Graziani [email protected] %

VLAN introduction

• VLANs are created to provide segmentation services traditionallyprovided by physical routers in LAN configurations.

• VLANs address scalability! security! and network management.Routers in VLAN to"ologies "ro$ide broadcast iltering! security! andtraic low management.

• &witches may not bridge any traic between VLANs! as this would$iolate the integrity o the VLAN broadcast domain.

• 'raic should only be routed between VLANs.

.


4/29

Rick Graziani [email protected] (

Broadcast domains with VLANs and routers

• A VLAN is a broadcast domain created by one or more switches.

• The networ design above creates three separate broadcast

domains.

.


5/29

Rick Graziani [email protected] )

Broadcast domains with VLANs and

routers

• *+ No VLANs! or in other words! ,neVLAN. &ingle - network.

• 2+ /ith or without VLANs. 0owe$er thiscan be and e1am"le o no VLAN&. -n bothe1am"les! each grou" switch+ is on adierent - network.

• %+ 3sing VLANs. &witch is conigured withthe "orts on the a""ro"riate VLAN.

• /hat are the broadcast domains in each4

!) "ithout

VLANs

#ne lin

per VLAN or a single VLAN

Trun (later)

$) "ith or

withoutVLANs

!) "ith

VLANs

!%.%.%.%&' !%.!.%.%&!

!%.$.%.%&!

!%..%.%&!

!%.!.%.%&!

!%.$.%.%&!

!%..%.%&!


6/29


VLAN operation

• 6ach switch "ort can be assigned to a dierent VLAN.

• orts assigned to the same VLAN share broadcasts.

• orts that do not belong to that VLAN do not share these broadcasts.

.


7/29Rick Graziani [email protected] 7

VLAN operation

• *tatic membership VLANs are called port+based and port+centricmembership VLANs.

• As a de$ice enters the network! it automatically assumes the VLANmembershi" o the "ort to which it is attached.

• 8'he default VLAN or e$ery "ort in the switch is the managementVLAN. 'he management VLAN is always VLAN * and may not be

deleted.9 : This statement does not give the whole story. We will examine

Management, Default and other VLANs at the end.

• All other "orts on the switch may be reassigned to alternate VLANs.• ;ore on VLAN * later.

.


8/29Rick Graziani [email protected] <

VLAN

operation

T w o V L A N s

' w o & u b n e t s

* w i t c h !* 7 2 . % = . * . 2 *

2 ) ) . 2 ) ) . 2 ) ) . =

V L A N *

* 7 2 . % = . 2 . * =

2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

* 7 2 . % = . * . 2 %

2 ) ) . 2 ) ) . 2 ) ) . =V L A N *

* 7 2 . % = . 2 . * 2

2 ) ) . 2 ) ) . 2 ) ) . =

V L A N 2

-m"ortant notes on VLANs>

*. VLANs are assigned on the switch "ort. 'here is no 8VLAN9

assignment done on the host usually+.2. -n order or a host to be a "art o that VLAN! it must be assigned an -

address that belongs to the "ro"er subnet.

Remember> VLAN ? &ubnet

! $ ) , - ( .

! $ ! $ $ ! .

ort

VLAN

.


9/29Rick Graziani [email protected]

VLAN operation

• /ynamic membership VLANs are created through networmanagement software. (Not as common as static VLANs)

• isco/orks 2=== or isco/orks or &witched -nternetworks is used tocreate Bynamic VLANs.• Bynamic VLANs allow or membershi" based on the ;A address o

the de$ice connected to the switch "ort.

• As a de$ice enters the network! it Cueries a database within the switchor a VLAN membershi".

.


10/29Rick Graziani [email protected] *=

Benefits of VLANs

• 'he key beneit o VLANs is that they "ermit the network administrator toorganize the LAN logically instead o "hysically.

• Note> an be done without VLANs! but VLANs limit the broadcast domains

•'his means that an administrator is able to do all o the ollowing>

: 6asily mo$e workstations on the LAN.

: 6asily add workstations to the LAN.

: 6asily change the LAN coniguration.

: 6asily control network traic.

:-m"ro$e security.

0f a hub is connected to VLAN port on

a switch1 all devices on that hub must

belong to the same VLAN.


11/29Rick Graziani [email protected] **

N o V L A N s

& a m e a s a s i n g l e V L A N

' w o & u b n e t s

* w i t c h !* 7 2 . % = . * . 2 *

2 ) ) . 2 ) ) . 2 ) ) . =

* 7 2 . % = . 2 . * =

2 ) ) . 2 ) ) . 2 ) ) . =

* 7 2 . % = . * . 2 %

2 ) ) . 2 ) ) . 2 ) ) . =

* 7 2 . % = . 2 . * 2

2 ) ) . 2 ) ) . 2 ) ) . =

• /ithout VLANs! the AR ReCuest would be seen by all hosts.

• Again! consuming unnecessary network bandwidth and host "rocessingcycles.

A2 2e3uest

/ithout VLANs : No Droadcast ontrol


12/29Rick Graziani [email protected] *2

T w o V L A N s

' w o & u b n e t s

* w i t c h !* 7 2 . % = . * . 2 *

2 ) ) . 2 ) ) . 2 ) ) . =

V L A N *

* 7 2 . % = . 2 . * =

2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

* 7 2 . % = . * . 2 %

2 ) ) . 2 ) ) . 2 ) ) . =V L A N *

* 7 2 . % = . 2 . * 2

2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

*witch ort4 VLAN 0/

A2 2e3uest

/ith VLANs : Droadcast ontrol

! $ ) , - ( .

! $ ! $ $ ! .

ort

VLAN


13/29Rick Graziani [email protected] *%

VLAN Types


14/29Rick Graziani [email protected] *(

5A6 address Based VLANs

• Rarely im"lemented.

.


15/29Rick Graziani [email protected] *)

VLAN Tagging

• VLAN Tagging is used when a lin needs to carry traffic for more than one VLAN. : Trun lin4 As "ackets are recei$ed by the switch rom any attached endEstation de$ice!

a uniCue "acket identiier is added within each header.

• This header information designates the VLAN membership of each pacet.• 'he "acket is then orwarded to the a""ro"riate switches or routers based on the VLAN

identiier and ;A address.

• 3"on reaching the destination node &witch+ the VLAN -B is remo$ed rom the "acket by thead#acent switch and orwarded to the attached de$ice.

• acket tagging "ro$ides a mechanism or controlling the low o broadcasts and a""licationswhile not interering with the network and a""lications.

• 'his is known as a trunk link or VLAN trunking.

.



VLAN Tagging

• VLAN 'agging is used when a single link needs to carrytraic or more than one VLAN.

No VLAN Tagging

VLAN Tagging

.



VLAN Tagging

• 'here are two ma#or methods o rame tagging! isco "ro"rietary 0nter+*witch Lin (0*L) and 0777 '%$.!8.

• -&L used to be the most common! but is now being re"laced by


18/29Rick Graziani [email protected] *<

6onfiguring static VLANs

• 'he ollowing guidelines must be ollowed when coniguring VLANs on

isco 211 switches> : 'he ma1imum number o VLANs is switch de"endent.

• 211 switches commonly allow (!=) VLANs

: VLAN * is one o the actoryEdeault VLANs.

: VLAN * is the deault 6thernet VLAN.

: isco Bisco$ery rotocol B+ and VLAN 'runking rotocol V'+ad$ertisements are sent on VLAN *.

: 'he atalyst 211 - address is in the VLAN * broadcast domain bydeault.

: 8'he switch must be in V' ser$er mode to create! add! or deleteVLANs.9 (This is not true. *witch could be in VT Transparent

mode. VT will be discussed in a moment.)

.


19/29Rick Graziani [email protected] *

6reating VLANs

• Assigning access ports (non+trun ports) to a specific VLANSwitch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan vlan_number

• 6reate the VLAN4 (This step is not re3uired and will be discussedlater.)

Switch#vlan database

Switch(vlan)#vlan vlan_number

Switch(vlan)#exit

.


20/29Rick Graziani [email protected] 2=

6reating VLANs

• Assign ports to the VLANSwitch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan 10

• access : Benotes this "ort as an access "ort and not a trunk link later+

vlan

!%/efault

vlan !

/efault

vlan !

.


21/29Rick Graziani [email protected] 2*

6reating VLANs

vlan

%%/efault

vlan !

/efault

vlan !

.


22/29Rick Graziani [email protected] 22

6onfiguring 2anges of VLANs

SydneySwitch(config)#interface fastethernet 0/5

SydneySwitch(config-if)#switchport access vlan 2

SydneySwitch(config-if)#exit

SydneySwitch(config)#interface fastethernet 0/6SydneySwitch(config-if)#switchport access vlan 2




vlan $

.


23/29Rick Graziani [email protected] 2%

6onfiguring 2anges of VLANs

SydneySwitch(config)#interface range fastethernet 0/8,

fastethernet 0/12



This command does not wor on all $9%% switches1 such as the $9%%

*eries :L. 0t does wor on the $9-%.

vlan

.


24/29Rick Graziani [email protected] 2(

6reating VLANs

vlan

%%/efault

vlan !

/efault

vlan !


SydneySwitch(config-if)#switchport ode access


Note> 'he switchport mode access command should be conigured

on all "orts that the network administrator does not want to become atrunk "ort.

• 'his will be discussed in more in the ne1t cha"ter! section on B'.

.


25/29

Rick Graziani [email protected] 2)

6reating VLANs

/efault4 dynamic desirable

• Dy deault! all "orts are conigured as switchport ode d!naicdesirable! which means that i the "ort is connected to another switch with

an "ort conigured with the same deault mode or desirable or auto+! this link

will become a trunking link. &ee my article on B' on my web site or more

inormation.+

• /hen the switchport access vlan command is used! the switchportmode access command is not necessary since the switchport access

vlan command conigures the interace as an 8access9 "ort nonEtrunk "ort+.

• 'his will be discussed in more in the ne1t cha"ter! section on B'.

This lin will become a truning lin unless one of the

ports is configured with as an access lin1 0.e.

switchport mode access

.


26/29


Verifying VLANs ; show vlan

vlan vlan $vlan !

default

.


27/29


Verifying VLANs ; show vlan brief

vlan vlan $vlan !

default

.


28/29

Rick Graziani [email protected] 2<

vlan database commands

• ,"tional ommand to add! delete! or modiy VLANs.• VLAN names! numbers! and VT VLAN 'runking rotocol+inormation can be entered which 8may9 aect other switches besidesthis one. Biscussed later+.

• 'his does not assign any VLANs to an interace.

"witch#vlan database

"witch$vlan%#&

'()* database editing b+ffer anip+lation coands

abort -xit ode witho+t appl!ing the changes

appl! )ppl! c+rrent changes and b+p revision n+ber

exit )ppl! changes, b+p revision n+ber, and exit ode no *egate a coand or set its defa+lts

reset )bandon c+rrent changes and reread c+rrent database

show "how database inforation

vlan )dd, delete, or odif! val+es associated with a single '()*

vtp .erfor '. adinistrative f+nctions

.


29/29

/eleting VLANs

Switch(config-if)#no switchport access vlan vlan_number

.

ccna3-mod8-vlans day_1_1.2 ver 2

Documents