Scribd Logo
Carica

Benvenuto in Scribd!

  • SWITCHM2L1 (Compatibility Mode)

    Caricato da

    Tran Thanh Danh
    11 visualizzazioni15 pagine
    End-to-end VLANs users are grouped into VLANs independent of physical location. If users are moved within the campus, their VLAN membership changes. Local VLANs users belong to the same broadcast domain when they are at the same location.

    Descrizione originale:

    Titolo originale

    SWITCHM2L1 [Compatibility Mode]

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    End-to-end VLANs users are grouped into VLANs independent of physical location. If users are moved within the campus, their VLAN membership changes. Local VLANs users belong to the same broadcast domain when they are at the same location.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    11 visualizzazioni15 pagine

    SWITCHM2L1 (Compatibility Mode)

    Caricato da

    Tran Thanh Danh
    End-to-end VLANs users are grouped into VLANs independent of physical location. If users are moved within the campus, their VLAN membership changes. Local VLANs users belong to the same broadcast domain when they are at the same location.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 15

    Lesson 1

    Applying Best Practices for VLAN Topologies

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-1

    Objectives
    Describe the different VLAN segmentation models Given an enterprise VLAN network design, describe the information needed to create an implementation plan, indentify choices that need to be made, and analyze the consequences of those choices Given an enterprise VLAN network design that contains endto-end VLANs and trunks, create an implementation and verification plan; then successfully execute that plan Given an enterprise VLAN network design that contains VTP, create an implementation and verification plan; then successfully execute the plan

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-2

    VLAN Deployment
    End-to-End VLANs Users are grouped into VLANs independent of physical location. If users are moved within the campus, their VLAN membership remains the same. Local VLANs This is recommended solution in the Cisco Enterprise Campus Architecture Users are grouped into VLANs depending on physical location If users are moved within the campus, their VLAN membership changes
    2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.01-3

    End-to-End VLANs vs. Local VLANs


    End-to-End VLANs Pros:
    Geographically dispersed users appear on the same segment Same policy (security, QoS) can be applied to the same group of users regardless of their physical location.

    Local VLANs Pros:


    Design is scalable Troubleshooting is easy Traffic flow is predictable Redundant paths can be built easily

    Cons:
    More routing devices are required than in end-to-end models Users belong to the same broadcast domain when they are at the same location

    Cons:
    All switches need to know all VLANs Broadcast messages flood all switches Troubleshooting may be challenging

    The end-to-end VLANs design model was attractive when IP addressing was static and network traffic follow the 80/20 rule
    2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.01-4

    Planning an End-to-End VLAN Implementation


    Basic tasks:
    How many IP subnets (data, voice, etc.)? Gather VLAN numbers, names, and users Gather VLAN-to-IP mapping Local VLANs (recommended) or end-to-end VLANs? Where is each VLAN needed in the campus? How are VLANs assigned? Are trunks necessary? Will VTP be used (not recommended)? Create the test plan

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-5

    VLAN Configuration
    Configure VLANs on all switches Configure access mode on port Configure access VLAN on port

    Switch(config)# vlan 3 Switch(config-vlan)# name Accounting Switch(config-vlan)# exit Switch(config)# interface Fa0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 3 Switch(config-if)# end

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-6

    Verifying the VLAN Configuration


    Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- --------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/7, Fa0/9 11 asw11_data active 12 asw12_data active 95 VLAN0095 active Fa0/8 99 Trunk_Native active 100 Internal_Access active 111 voice-for-group-11 active 112 voice-for-group-12 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type ----1 enet 11 enet . . . . . . . . . . . . SAID ---------100001 100011 MTU ----1500 1500 Parent -----RingNo -----BridgeNo -------Stp ---BrdgMode -------Trans1 -----0 0

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-7

    Verifying the VLAN Configuration


    Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- --------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/7, Fa0/9 11 asw11_data active 12 asw12_data active 95 VLAN0095 active Fa0/8 99 Trunk_Native active 100 Internal_Access active 111 voice-for-group-11 active 112 voice-for-group-12 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup . . . . . . . . . . . .

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-8

    Implementing Trunks

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-9

    Trunk Configuration
    Configure VLANs Disable trunk negotiation Configure trunk mode Set native VLAN to unused VLAN Allow only required VLANs on trunks

    Switch(config)#vlan 5,7-9 Switch(config-vlan)#exit Switch(config)#interface fastethernet 0/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport nonegotiate Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 3,5,8,99 Switch(config-if)#switchport trunk native vlan 99 Switch(config-if)#no shutdown
    2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.01-10

    The 802.1Q Tagging Process

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-11

    ISL Encapsulation

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-12

    Switchport Mode Interactions


    Configure the port as trunk or access on both switches Disable negotiation and do not use dynamic (default) Manual configuration is recommended

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-13

    Trunk Configuration Recommendations


    Configure VLANs Configure trunk mode Disable trunk negotiation Manually remove unneccessary VLANs from trunks Configure native VLAN to unused VLAN Disable trunking on host ports Do not use VTP

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-14

    VTP Configuration
    Configure VTP mode transparent (mode server is default) VLAN information is stored in switch configuration No VTP advertisement to other switches Recommended configuration

    Switch(config)#vtp mode transparent Switch(config)#vtp domain Cisco Switch(config)#vtp pasword xyz123

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-15

    Verifying the VTP Configuration


    Switch#show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 28 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : BCMSN VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49 Switch#

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-16

    Common Problems with VTP Configuration


    Missing VLANs Configuration has been overwritten by another VTP device Updates not received as expected VTP domain and password must match Too many VLANs Consider making VTP domain smaller

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-17

    Verifying General VLAN Operations


    show int switchport show running-config interface f0/8

    show vlan show interfaces trunk

    C:\> ping 10.1.1.2 pinging 10.1.1.2 with 32 bytes of data: Reply from 10.1.1.2: bytes=32 time=1ms TTL=64

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-18

    Common Trunk Link Problems


    Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not.

    Will any of the above combinations result in an operational trunk?


    2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.01-19

    Resolving Trunk Link Problems


    When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required.

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-20

    10

    Issues with 802.1Q Native VLAN


    Native VLAN frames are carried over the trunk link untagged. Native VLAN must match at the ends of a trunk A native VLAN mismatch will merge traffic between VLANs. Default native VLAN is VLAN 1 Configure an unused VLAN as native VLAN on trunks

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-21

    Summary
    VLAN segmentation is based on traffic flow patterns The creation of a VLAN implementation plan depends on the business and technical requirements VLAN configuration includes creating the VLAN, configuring access ports, and configuring trunk ports VTP configuration sometimes needs to be added to small network deployments, while VTP transparent mode is usually priviledged for larger networks When configuring VLANs over several switches, ensure that the configuration in compatible throughout switches in the same domain

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-22

    11

    Q-in-Q VLAN Tunnels(802.1Q tunneling)

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-23

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-24

    12

    interface FastEthernet0/1 switchport access vlan 30 switchport mode dot1q-tunnel l2protocol-tunnel cdp no cdp enable

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-25

    Native VLAN Hazard

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-26

    13

    These are a couple ways to solve the native VLAN problem


    1.Edge switch so that all packets going out an 802.1Q trunk, including the native VLAN, are tagged by using the vlan dot1q tag native command -The vlan dot1q tag native command is a global command that affects the tagging behavior on all trunk ports. 2.Ensure that the native VLAN ID on the edge switch trunk port is not within the customer VLAN range. For example, if the trunk port carries traffic of VLANs 100 to 200, assign the native VLAN a number outside that range

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-27

    Information About Layer 2 Protocol Tunneling


    -Layer 2 protocol tunneling allows Layer 2 protocol data units (PDUs) (CDP, STP, and VTP) to be tunneled through a network -To provide a single spanning tree domain for the customer, a generic scheme to tunnel BPDUs was created for control protocol PDUs (CDP, STP, and VTP). This process is referred to as Generic Bridge PDU Tunneling (GBPT) -An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Cisco proprietary multicast address (01-00-0c-cd-cd-d0). The PDU is then flooded to the native VLAN of the Layer 2 tunnel port -SWI(config-if)# l2protocol-tunnel [cdp | stp | vtp]

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-28

    14

    interface FastEthernet0/13 switchport access vlan 100 switchport mode dot1q-tunnel l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel point-to-point pagp interface FastEthernet0/14 switchport access vlan 200 switchport mode dot1q-tunnel l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel point-to-point pagp

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-29

    Swi(config-if)# switchport Swi(config-if)# l2protocol-tunnel shutdown-threshold cdp 400 Swi(config-if)# l2protocol-tunnel shutdown-threshold stp 400 Swi(config-if)# l2protocol-tunnel shutdown-threshold vtp 400 Swi(config-if)# l2protocol-tunnel drop-threshold vtp 200 Swi(config-if)# end Swi# show l2protocol-tunnel summary

    errdisable detect cause errdisable recovery

    2009 Cisco Systems, Inc. All rights reserved.

    SWITCH v1.01-30

    15

    Potrebbero piacerti anche