Computer Networking Macedonia

VLAN’s, VTP, InterVLAN Routing, (And if there is enough time - STP)

Presenter Delyan Genkov, PhD, Principal

Assistant Professor at Technical University of Gabrovo, Bulgaria

CCNA, CCNP, CCAI, CCSI#33190 Working at Lirex BG Ltd – Gold Cisco Partner Instructor and Main Contact in the first Bulgarian

Cisco Networking Academy since 1999 Email: dgenkov@gmail.com

VLAN

Virtual Local Area Networks

Main goal – to divide the network into smaller parts

Why to divide a LAN?

Benefits:Decreases unnecessary trafficLimits broadcastsAllows the network to grow Increases security

DrawbacksMore complicated and expensive devicesMore administrator’s knowledge required

Traditional network division

Depends on geographic locations (Sometimes) requires more router

interfaces Do not allows

movement

VLAN division

Position independent Allows easy movement Increases security

(if properly configured) May use one or more

router interfaces

Two or more VLANs on a single switch? Possible, but not common Functions as two or more separate

switches I use this when there are free ports and I

need another switch in the same rack The true power is when you use more

switches

VLAN’s have

Mandatory number (VLAN ID)1 – 1024 Standard VLANs1001 – 1024 are reserved1025 – 4096 – Extended VLANs (SP)

Optional name (Default VLAN0001, …) Type (Ethernet) MTU (Typical 1500) and so on.

VLAN tasks

Create the VLANs in switch memory Assign ports to VLANs

Types of ports:Access – resides in only one VLANVoice VLAN – an additional VLAN for access portTrunk – allows packets for more than one VLAN

Typical scenario

Access ports –

connects computers Trunk ports –

connects switches

Routers?

VLAN Tagging

IEEE 802.1q (4bytes) - Standard ISL (30 bytes) – Cisco proprietary

IEEE 802.1q preferred

Native VLAN – no tag Native VLAN must match in both ends

Tagging and Untagging

Cisco defaults

Only VLAN 1 exists All ports are assigned in VLAN 1 All VLANs are allowed on a Trunk (you

can change this) Native VLAN on all trunks is VLAN 1 Security recommendation: Do not leave

computers in the native VLAN!

Deleting a VLAN

If you delete a VLAN and the switch have ports, assigned to it – these ports remains in a non-existing VLAN and are shutdown.

The right way is – first to reassign these ports in an existing VLAN, then to delete the VLAN.

VTP VLAN Trunking Protocol – Cisco

Proprietary What was the main tasks when you

configure VLANs?Creating VLANs into the switch memoryAssign ports into VLANs

VTP can assist you in the first task, but you still have to complete the second task

Imagine a network with 100 switches Instead of logging 100 times in every

switch and configure a VLAN, with VTP you can do it on a single switch

But be careful – with VTP you can stop the whole network with one command (or even with one connection)

VTP Switch modes

Server Client Transparent

There must be at least one server, preferably two

Another VTP Parameters

VTP Version – 1, 2 or 3 VTP Domain name VTP Password – optional VTP Pruning Configuration Revision

VTP Pruning

VTP Defaults

VTP mode: Server VTP Domain Name: null VTP Password: null VTP Version: 1 Configuration Revision: 0

Correct action

You configure new VLAN on the server It increases configuration revision All other switches learns for the change All other gets new VLAN information and

increases the configuration revision

Incorrect action

You have a production and test networks You get a switch from test network and

delete all the test VLANs, except VLAN 1 You forgot to reset the configuration

revision You connect the new switch to the

production network

InterVLAN Routing

When you need to pass traffic between VLANs

Not necessary in an ISP, probably needed in an organizational network

Needs Layer 3 device(s) Normally every VLAN is separate IP

network

Three common scenarios

Separate interface for every VLAN “Router-on-a-stick” Using a Layer 3 switch

Separate interfaces Router doesn’t have to

know IEEE 802.1q Every interface is

connected to an access port in correct VLAN

Every interface is a Default Gateway for it’s VLAN

Router-on-a-Stick One Routers interface,

connected to a trunk port Router must speak 802.1q You must create subinterfaces

for every VLAN with an IP address for default gateway

The single interface may create bottleneck

Layer 3 switch

Uses virtual interfaces There is no practical limitation for

VLANs count Most scalable and fastest solution Sometimes may not fulfill all the

requirements (i.e. BGP routing with the ISP’s)

Spanning Tree Protocol

IEEE 802.1D Enables redundant topologies Blocks the redundant links, enables only one If using for two or more links between two

switches, Etherchannel is preferrable But STP allows circular or more complex

topologies

Redundant topologies

Broadcast Storm

Spanning Tree Protocol

Избор на Root Bridge

Bridge Identifier (BID)

По – малкият идентификатор печели

Link Cost

Port Roles

Port states

Rapid STP (IEEE 802.1w)

Using STP with VLANs

MSTP, PVST+, RPVST+