Chapter 6 Virtual LANs VLANs Objectives Describe Virtual LANs Describe Frame Tagging Describe Inter Switch Link Routing Describe Virtual Trunking Protocol Switch Basics Break up Collision Domains Forward Packets Store and Forward Cut Through Error Free Cut Through Fragment Spanning Free Tree Protocol STP Ethernet distance constraints removed Switch Basics con t MAC Address to Switch Port mapping Content Addressable Memory CAM table show cam dynamic 1 00 60 2f 9d a9 00 3 1 1 00 60 2f 86 ad 00 5 12 Scalability VLANs Wire Speed little latency Traditional Collapsed Backbone Each node must match unique network address in order to communicate Virtual LANs VLANs Definition A logical grouping of network users and resources connected to administratively defined ports on a switch Smaller broadcast domains Organized by Location Function Department Application or protocol Flat Network LAN Design Broadcast Control Broadcasts occur in every protocol Frequency of broadcasts depends on protocol application and use Bandwidth Broadcasts Bandwidth greedy Multimedia High density graphics Pro E Faulty Equipment Flat network Switches forward broadcasts to all segments VLANs Broadcasts Contain broadcast to VLAN Security Flat network problems Everyone can see all resources Must secure via Access Control Lists VLANs Only resources within VLAN can be seen Flexibility Scalability VLANs Essentially create broadcast domains Greatly reduces broadcast traffic Ability to add users to a VLAN regardless of their physical location Users connected to one or more connected switches switch fabric can participate in VLAN Additional VLANs can be created when network growth consumes more bandwidth Logically creates layer 3 networks Independent of physical location 1005 supported 1002 1005 defined for FDDI and Token Ring LANs Physically Connected to a Router Removing the Physical Boundary with Switches Switched Routed Network Inter VLAN communications must go through Router VLAN Memberships Static VLANs PORT Based Typical method of creating VLANs Most secure A switch port assigned to a VLAN always maintains that assignment until changed MAC Address very rare Maintains membership even if user moves USER Id very rare IP Address rare due to DHCP Added security VLAN Memberships con t Dynamic VLANs Node assignment to a VLAN is automatic MAC addresses protocols network addresses etc VLAN Management Policy Server VMPS MAC address database for dynamic assignments MAC address to VLAN mapping VLAN Design How Do many users will be on each VLAN VLANs need to span physical boundaries How much control is required over the creation of VLANs Identifying VLANs Access links A link that is part of only one VLAN Native VLAN of the Port All VLAN information removed before frame sent to access link Trunk links Required for switches to exchange VLAN information Carries multiple VLANs Fast or Gigabit Ethernet only Identifying VLANs cont Frame Tagging Definition A means of keeping track of users frames as they travel the switch fabric VLANs User defined ID assigned to each frame VLAN ID is removed before exiting to access links VLAN ID Methods Inter Switch Link ISL Cisco proprietary FastEthernet Gibabit Ethernet only IEEE 802 1q Must use if trunking between Cisco non Cisco switch LAN Emulation LANE Used to communication multiple VLANs over ATM 802 10 FDDI Used to send VLAN information over FDDI Inter Switch Link ISL Protocol Definition A means of explicitly tagging VLAN information onto an Ethernet frame Allows VLANs to be multiplexed over a trunk line Cisco proprietary External tagging process ISL Frame Format 26 Byte Header Destination Address Multicast Type Ethernet FDDI etc Source Address Source Switch Port VLAN ID color Encapsulated Packet CRC 802 1q VLAN Tagging Trunking Trunking Allows a single port to become part of multiple VLANs at the same time A server can be in 2 broadcast domains at the same time Cisco switches use Dynamic Trunking Protocol DTP for trunk management with Catalyst Switch software 4 2 Send trunk information across 802 1q trunks Without Trunking only VLAN 1 frames sent across link between switches VLANs Routing Routing A layer 3 device is necessary for any host or device to communicate between VLANs Alternatives Port for each VLAN Support for ISL One Fast Ethernet Port Router on a Stick RSM Route Switch Module Supports up to 1005 VLANs Individual VLAN Associations Router on a Stick VLAN Trunk Protocol VTP Purpose to manage all configured VLANs across a switch internetwork maintain consistency Allows an administrator to add delete rename VLANs Changes propagated to all switches in Domain Benefits VTP Benefits Consistent configuration Permits trunking over mixed networks Accurate tracking Dynamic reporting of added VLANs to all switches Plug and Play VLAN adding A VTP server must be created to manage VLANs Centralized Database VTP Modes of Operation Server Default for all Catalyst switches Minimum one server for a VTP domain Can only exchange information with Servers Clients in same Domain Not required if all switches are in only one VLAN Or using only one switch Advertises VLAN information and revision number Client Receives information sends receives updates Read only copy of the VLAN database Cannot make any changes before server notifies VTP Modes of Operation con t Transparent Does not participate in a VTP domain but forwards VTP advertisements Can add delete VLANs Maintains own database Locally significant VTP Modes Revision Number Pruning Limit VTP broadcasts to links that need them Disabled by default on all switches VLAN 1 can never prune it is an administrative VLAN VLAN 2 1005 pruning eligible VLANS Break up broadcast domains The 1900 switches support up to 64 A separate spanning tree instance for each VLAN default You can enable and disable STP on a per VLAN or a global basis Configuring VLANs Example en config t Enter configuration commands one per line End with CNTL Z config hostname 1900EN 1900EN config vlan 2 name sales 1900En config vlan 3 name marketing 1900En config vlan 4 name mis 1900EN config exit Configuring VLANs Assigning Switch Ports to VLANs config if vlan membership 1 1005 static dynamic sh vlan sh vlan sh vlan membership Configuring Trunk Ports config if trunk state auto will become trunked only if connected to on or desirable desirable will negotiate to become trunked nonnegotiate becomes a permanent trunk port off disabled from trunking on becomes a permanent ISL trunk port Configuring