Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Virtual LANs
Switch or
Trunk
Links
(later)
10.3.0.0/16
10.3.0.0/16
An Access Link …
is a link on a switch port that is a member of only one
VLAN
• This VLAN can be referred to as the native VLAN of the port,
though this term is most meaningful for trunk links (coming).
• Any device that is attached to the switch port is NOT aware that
a VLAN exists (& should not need to be).
A Trunk Link …
does not belong to a specific VLAN
is a single link designed to carry traffic for multiple VLANs, thereby
providing connectivity from switch to router, or between switches
can be configured to transport all VLANs or to transport a limited
number of VLANs
on a Cisco switch can be any port 100+ Mbps
A trunk link may, however, have a native VLAN.
• The native VLAN of a trunk is the VLAN it uses if trunking fails for
any reason (VLAN 1 by default but can be changed).
Trunk Encapsulation
Because a trunk carries multi-VLAN traffic, trunked frames
must be identified with their associated VLAN ID, or
encapsulated.
This tagging is removed before a trunked frame is forwarded
out an access port.
In Ethernet, two methods are used to identify the VLAN to
which a frame belongs:
• ISL (Inter-Switch Link) is Cisco proprietary – now depricated
some switches, like 2950T & 4000, don't support ISL
• IEEE 802.1Q (a.k.a. dot1q) is standards-based
• …more later
10
Static Membership
Switch 1
Port- 172.30.1.21
255.255.255.0
172.30.2.12
255.255.255.0
VLAN 1
Based VLAN 2
172.30.2.10 172.30.1.23
255.255.255.0 255.255.255.0
VLAN 2 VLAN 1
Two VLANs
1 2 3 4 5 6 . Port
Two Subnets
1 2 1 2 2 1 . VLAN
Dynamic Membership
VMPS = VLAN
Management
Policy Server
By Layer 3 address
(or Layer 3 protocol)
14
Benefits of VLANs
The key benefit of VLANs is that they permit the network administrator
to organize the LAN logically instead of physically.
Note: Can be done without VLANs, but VLANs limit the broadcast
domain!!
15
Default VLAN
• All switch ports become a member of the default VLAN after the initial boot
up of the switch.
• The default VLAN for Cisco switches is VLAN 1.
• VLAN 1 cannot be renamed and deleted.
• Layer 2 control traffic, such as CDP and spanning tree protocol traffic, will
always be associated with VLAN 1 - this cannot be changed.
• It is a security best practice to change the default VLAN to a VLAN other
than VLAN 1.
• VLAN trunks support the transmission of traffic from more than one VLAN.
16
18
20
IEEE 802.1Q
adding significantly less overhead than ISL, 802.1Q only
inserts an additional 4 bytes into the Ethernet frame
"Internal" tagging overwrites the original frame's FCS
21
802.1Q Frame
4 Bytes
Inserted
Trunking Example
x
1. A frame is
received
on switch Y.
2. The frame is
encapsulated
by Y (via ISL),
sent over the
trunk link to
switch W, and propagates through X to Z.
3. The VLAN tagging is removed before being
transmitted out the access link at switch Z.
23
Without Trunking …
two switch ports would be needed to transport each configured
VLAN between two switches, AND
every switch with a particular VLAN configured would have to be
directly connected together, or two more ports would be wasted
on each intermediary switch
24
Configuring Trunking
Note: On many
switches, the
switchport trunk
encapsulation
command must be
done BEFORE the
switchport mode
trunk command.
Trunk Modes
switch ports may attempt to negotiate trunking status by
sending Dynamic Trunking Protocol (DTP) frames to its
neighbour
Fast and Gigabit Ethernet trunking modes:
• On – periodic DTP frames
• Off – DTP frame only at the point it transitions to this mode
• (Dynamic) Desirable – periodic DTP frames
• (Dynamic) Auto – periodic DTP frames
• Nonegotiate – no DTP frames sent
26
27
28
29
30
"Nonegotiate" Mode
31
Summary of Trunking
Commands
IOS-Based Switch
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode {access | trunk}
Switch(config-if)# switchport trunk encapsulation {isl |
dot1q}
Switch(config-if)# switchport trunk allowed vlan
{ remove vlan-list explicitly disallow these VLANs
| add vlan-list explicitly allow these VLANs
| all implicitly allow ALL VLANs
| except vlan-list }implicitly allow ALL, except those listed
33
34
35
VLAN Configuration
Creating VLANs
37
38
Example: Creating/Assigning
a VLAN
39
vlan 2
40
vlan 3
41
access
ONLY
Switch(config)#int fa0/10
Switch(config-if)#switchport mode access
Depending upon the switch model, ports default to one of two modes:
• Catalyst 2900 – Trunk Mode: Dynamic, Auto
• Catalyst 2950 or 3550 – Trunk Mode: Dynamic, Desirable
(more when we discuss DTP)
Explicitly set ports to access mode to prevent accidental trunking and to
increase security.
Also shutdown ports not in use for security.
42
43
Switch#config t
Switch(config )#vlan ?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single
VLAN
vtp Perform VTP administrative functions.
44
Deleting VLANs
45
47
RTA(config)#interface fa0/0
RTA(config-if)#no ip address
RTA(config-if)#interface fa0/0.1
RTA(config-subif)#encapsulation dot1q 1
RTA(config-subif)#ip address 10.1.1.1 255.255.255.0
RTA(config-subif)#int fa0/0.2
RTA(config-subif)#encapsulation dot1q 20
RTA(config-subif)#ip address 10.1.2.1 255.255.255.0
RTA(config-subif)#int fa0/0.3
RTA(config-subif)#encapsulation dot1q 30
RTA(config-subif)#ip address 10.1.3.1 255.255.255.0
48