What is a VLAN
VLAN |
= Virtual Lan |
= Broadcast Domain |
= Logical Network subnet |
Addresses:
- Segmentation
- Security
- Network Flexibility
VLAN ranges on cisco Catalyst switches
VLANs |
Range Type |
Usage |
0. 4095 |
Reserved |
- For system use only.
- Cannot use these VLANs. |
1 |
Normal |
- Cisco default VLAN on a switch.
- Can be used this VLAN.
- Cannot delete it.
-All interfaces belong to this VLAN by default. |
2 -1001 |
Normal |
Used for Ethernet VLANs |
1002 - 1005 |
Normal |
For Legacy reasons:
- are used for Token Ring and Fiber Distributed Data Interface (FDDI) VLANs.
- Cannot delete VLANs 1002 - 1005
- stored in vlan.dat in flash memory and in running config if switch in transparent mode |
1006 - 4094 |
Extended |
Used for Ethernet VLANs
- Switch needs to be in transparent mode when creating extended VLANs
important in VTP version 3 extended-range vlans are stored in VLAN database and can be propagated by VTP. + supports VLANs creation and and modification in server and transparent modes |
IMPORTANT
If a VLAN is deleted, then the port associated to the vlan becomes inactive. |
Port becomes inactive if it is associate to a non-created VLAN |
The olde version of 802.1q(common encapsulation method todya) is ISL |
Native VLAN is used for backward compatibility, where untagged traffic is common |
VLAN 1 is the management VLAN (cannot be changed) ==> messages like cdp, stp, lldp are going to be carried over vlan 1. |
If on the connected switches there is a different native vlan, cdp will tell us there is a vlan mismatch |
Maximum number of VLANs might vary from one switch to the other depending on VTP, HSRP |
TO TRY
TRY also to delete a vlan
try creating a trunk link with != native vans of the ends and check cdp
|
|
LAN
A group of devices that share a common broadcast domain |
VTP : VLAN Trunking Protocol
Cisco proprietary Layer 2 messaging protocol.
Maintains VLAN configuration consistency (Manages VLAN addition, deletion, and renaming).
Modes:
- Client
- Server
- Client |
Voice VLAN
Phone traffic between ip phone and switch is tagged (tag 3)
COS can be applied on Voice traffic
User traffic from the PC is not tagged
Ethernet header + 802.1q tag
Ether type (16 bits) : 0x8100 to identify the frame as 802.1q tagged grame
Priority (3 bits): for QoS ==> priority level for traffic prioritiztion
CFI (1 bit): Canonical Format identifier: enables token ring frames to be carried accross ethernet links
VLAN ID (12 bits)
VTP - VLAN trunking protocol
- Cisco proprietary protocol
- Exchange VLAN information
- Synchronize vlan information (VLAN ID and name) with switches inside the same VTP domain |
VTP Client mode can't exchange vlan configuration(cannot create or delete)
Receives VTP updates(processes them) and forwards them |
VTP server mode can create and delete VLANs.
Propagates VLAN changes.
Default mode for Cisco switches |
VTP transparent mode does not share its VLAN database
Forwards received VTP advertisements
Creates and deletes VLANs on a VTP transporant switch. |
VTP mode off similar to VTP transparent mode but does not forward received updates
suported only in VTPv3 |
DTP - Dynamic Trunking Protocol
Used by cisco switches to automatically negotiate whether an interface used between two switches should be put in access or trunk mode. |
Dynamic Auto forms a trunk only if it receives DTP messages
- Do not negotiate
- Only listens |
Dynamic Desirable will negociate the mode automatically and dynamically tries to to convert the link to trunk
- Generates DTP messages
- Listens for incoming DTP messages |
DTP - Port combination
Dynamic auto |
Dynamic auto |
access |
Dynamic auto |
Dynamic desirable |
trunk |
Dynamic desirable |
Dynamic desirable |
trunk |
Dynamic auto or Dynamic desirable |
trunk |
trunk |
Dynamic auto or Dynamic desirable |
access |
access |
|
|
Change native VLAN and tag it
SW1# configure terminal
SW1(config)# interface Ethernet0/0
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk native vlan 90
SW1(config-if)# switchport trunk native vlan tag
|
SW1(config-if)# switchport trunk native vlan tag
does it really exist?
Verify trunk port -2-
SwitchX# show interfaces status
Port Name Status Vlan Duplex Speed Type
Et0/0 connected trunk auto auto unknown
Et0/1 connected 2 auto auto unknown
Et0/2 connected 1 auto auto unknown
Et0/3 connected 1 auto auto unknown
|
Tell what port is trunking, and if port is access what vlan is associated
Verify trunk port -1-
Switch# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Et0/0 on 802.1q trunking 99
Port Vlans allowed on trunk
Et0/0 10,20,30,99
Port Vlans allowed and active in management domain
Et0/0 10,20,30,99
<... output omitted ...>
|
mode on : we as administratives turned it on
dynamic desirable or auto : means it has been enabled with DTP: automatically formed a trunk
we can see the encapsulation type (802.1q)
we can see the native vlan on the far right
+ allowed vlans
Verify a trunk port
SwitchX# show interfaces Ethernet0/0 switchport
Name: Et0/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (VLAN0099)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
<... output omitted ...>
Trunking VLANs Enabled: 10,20,30,99
<... output omitted ...>
|
verify that operational mode is trunk
that the native vlan is 99
and also check the neabled vlans
Configure an 802.1q trunk
S1# conf t
S1(config)# interface e 0/0
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan 10, 20, 30
|
Pour ajouter un nouveau allowed vlan il faut reecrire la ligne
S1(config-if)# switchport trunk allowed vlan 10, 20, 30, 100
if :
S1(config-if)# switchport trunk allowed vlan 100
It will just overwrite the other items that were listed
Verifying VLANs -4- inactive VLAN
Switch# show interfaces Ethernet0/1 switchport
Name: Et0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (Inactive)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
|
Access Mode VLAN: 10 (Inactive)
==> VLAN not yet created or VLAN has been deleted
Verifying VLANs -4-
Switch# show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 aabb.cc00.2f00 DYNAMIC Fa0/0
1 aabb.cc00.3100 DYNAMIC Fa0/1
2 aabb.cc00.3000 DYNAMIC Fa0/2
|
Default MAC table aging time is 300 seconds
Verifying VLANs -3-
SW1# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7
2 data active Fa0/2
3 telephony active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
|
Displays one line per vlan
Verifying VLANs -2-
SW1# show vlan id 2
VLAN Name Status Ports
---- -------------------- ------- ---------------------
2 data active Fa0/2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ---- ------- ----- ------ ------ -------- --- --------- ------ ------
2 enet 100002 1500 - - - - - 0 0
<... output omitted ...>
|
Display information about a particular VLAN
Verifying VLANs - 1
SW1# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7
2 data active Fa0/2
3 telephony active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
|
VLAN 2 and VLAN 3 are created on the switch. Both are active and are assigned to fast ethernet 0/2
Verifying VLANs
SW1# show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 2 (data)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 3 (telephony)
<... output omitted ...>
|
Create Voice VLAN
S1# conf t
S1(config)# vlan 3
S1(config-vlan)# name telephony
S1(config-vlan)# exit
S1(config)# interface f 0/2
S1(config-if)# switchport mode access
S1(config-if)# switchport voice vlan 3
|
Create Data vlan
S1# conf t
S1(config)# interface f 0/3
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 2
|
Create a VLAN
S1# conf t
S1(config)# vlan 2
S1(config-vlan)# name Sales
|
If the vlan name was not entered, the default vlan name would be VLAN004
|
Created By
Metadata
Comments
No comments yet. Add yours below!
Add a Comment
Related Cheat Sheets