Internode



CCIE chapter 2 VLAN’s

Material used:

Cisco Press CCNP Self Study BCMSN Official Exam Certification Guide 4th Edition chapter 5, chapter 6

CCIE Routing and Switching Exam Certification Guide 3rd Edition Nov 2007

Vlans are a selection of ports that share the same broadcast domain.

VLans can span multiple switches

Best practice is one subnet per Vlan,

A single vlan can contain many subnets

A subnet can span many vlans if proxy arp is used on the interconnecting router/L3 switch

A MLS ( mutli layer switch ) or router is need to forward traffic between vlans

The are two types of vlan ports, static and dynamic

Static vlans, the switchport is assign a vlan, what ever connect to that switchport is in the vlan configured on the switch port

Dynamic vlans, as based on mac address of the end user device, the switch querys a database known as VLAn membership policy server and runs on cisco works.

End to end vlans, are vlans that span the entire campus. He should follow the 80/20 rule and are generally not recommened.

Local vlans, are vlans that follow the 20/80 rule and should be design for a layer 3 core to handle intervlan or campus traffic loads.

Private vlans allow administraots to back switchports within the same vlan taking to each other. There are 3 kinds of ports in a private VLAN:

Ports that need to communicate with all devices

Ports that need to communicate with each other, and with shared devices, typically routers

Ports that need to communicate only with shared devices

Private vlans are vlans with multiple vlans within, the ports in primary vlan is know as promiscuous port and can talk to all other ports within the vlan. Secondary vlans are either community or isolated vlans. Community vlans can talk to the primary vlan as well as the ports within its own vlan. An Isolated vlan can only talk to the primary vlan it cant talk to any other ports in the same vlan.

The vlan database,

The vlan database is kept in flash vlan.dat , it is used to keep a record of the standard vlans configured on the switch , this vlan range is from 1 to 1005. cat switch support extended vlan id from 1006 to 4096. these vlans aren’t configured in the vlan database and if VTP(v1 &2) server/client mode is used they will not be advertised to other switches and they must be deleted. VTP v3 does support extended vlans but no cat switches currently support V3. So currently to use extended vlans VTP must be in transparent mode.

VTP

VTP domain, is a domain of management for vlans, a switch can only belong to one vtp domain. Switches in a vtp domain send several attributes to its directly connected switches in the same VTp domain such as VTP revision number, active vlans and vlans parameters.

VTP authentication, isn’t required but is recommened for a server/client setup

VTP server, has complete control over the VTP domain, form this point the administrator can create config and remove vlans, each time a set of changes is made the revision number in incremented by one. The vtp server propagates out the changes to the vtp domain.

VTP client, a client will only receive VTP updates and pass them along, it cannot delete or create vlans itself.

VTP Transparent mode, switches do not participate in VTP. While in

transparent mode, a switch does not advertise its own VLAN configuration, and a switch does not synchronize its VLAN database with received advertisements. In VTP version 1, a transparent-mode switch does not even relay VTP information it receives to other switches unless its VTP domain names and VTP version numbers match those of the other switches. In VTP version 2, transparent switches do forward received VTP advertisements out of their trunk ports, acting as VTP relays. This occurs regardless of the VTP domain name setting.

The VTP rev number is stored in NVRAM and isn’t altered by a power cycle. It can only be set to 0 by either changing th evtp domain name configed on the switch or changing its mode to transparent and then back to server.

VTP advertisements:

Summary advertisements, are sent every 300 seconds, and everytime a vlan database change occours VTP version, domain name, configuration revision number, time stamp, MD5 encryption hash code, and the number of subset advertisements to follow

Subset advertisements, are send after a change has occoured, there is advertisement per vlan

Request from client, the client can request for all vtp information to be sent to it so it can be updated.

There are two version of VTP on cat switches, V1 and V2. they are not interoperable so all switches with the same vtp domain must have the same vtp versio set.

Version-dependent transparent mode—In transparent mode, VTP version 1 matches the VTP version and domain name before forwarding the information to other switches using VTP. VTP version 2 in transparent mode forwards the VTP messages without checking the version number. Because only one domain is supported in a switch, the domain name doesn’t have to be checked.

Consistency checks—VTP version 2 performs consistency checks on the VTP and VLAN parameters entered from the command-line interface (CLI) or by the Simple Network Management Protocol (SNMP).

■ Token Ring support

■ Unrecognized Type-Length-Value (TLV) support—VTP version 2 switches propagate received configuration change messages out other trunk links, even if the switch supervisor cannot parse or understand the message. For example, a VTP advertisement contains a Type field to denote what type of VTP message is being sent. VTP message type 1 is a summary advertisement, and message type 2 is a subset advertisement. An extension to VTP that utilizes other message types and other message length values could be in use. Instead of dropping the unrecognized VTP message, version 2 still propagates the information and keeps

a copy in NVRAM.

VTP pruning

VTP puring allows trunks to prun vlans that aren’t being used on one of the switches that is connected to the trunk. Vlans can be exempt from pruning on a port by port basis. VTP puring has no effect on switches in transparent mode.

Trunking:

Two trunking protocols DOT1Q (IEEE standard) and ISL ( Cisco)

ISL, has a 26 byte header and a 4 byte trailer(CRC check) that it adds to the layer 2 frame

DOT1Q, has a 4 byte tag that is added to the layer 2 frame(after the source mac address), there is no encapsulation. DOT1Q also adds the idea of a native vlan, untagged frames will travel across a trunk using the native vlan and wont be tagged.

The first two bits of the tag are always 0x8100 as a mark to show that this is a dot1q trunk. The next 3 bits are TCI (tag control information) and is used for COS across a trunk.

The next 12 bits are for the VLAN ID.

Trunk encapsulation , ISL, Dot1q, negotiate, if set to negotiate then ISL is preferred over DOT1q

Dynamic trunking protocol

DTP only works between cat switches, it requires both switches to be in the same VTP domain or have there domains set to null,

DTP sends out helo packets every 30 seconds,

There are 3 DTP modes,

Trunk, no DTP hard set as a trunk

Dynamic desirable DTP actively tries to convert the link to a trunk (default setting)

Dynamic Auto DTP will convert to a trunk if asked to but wont actively try to create a trunk

Allowed vlans on a trunk, allowed vlans can be manually configured on a trunk using the command switchport trunk allowed vlan (a number of opitions that know like the back of my hand so I cant be fucked writing about them) *VLANID*

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download