VLANS:
- Normal VLANs range from 1 to 1005
- Extended VLANs range from 1006 to 4094
Configure, verify and troubleshoot Interswitch connectivity:
- Trunk port are used to interconnect switches
Trunk ports:
- Trunk ports are used to connect layer 2 devices together, when you need to expand your network
- adding and removing VLANs on a trunk can be done without interruption to network traffic
DTP:
Dynamic Trunking protocol is used to automatically negotiate the state of switchports
- Is how switchports automatically negotiate their mode before you ever configure them
- A switchport can be set to one of 4 modes: dynamic auto (default), dynamic desirable, trunk or access
- Recommended to keep off, as you avoid switch spoofing and VLAN hopping
VTP:
VLAN trunk protocol ( VTP) is used to automatically update VLAN configuration on a LAN network of switches
- Responsible for synchronizing VLAN information within a VTP domain and reduces the need to configure the same VLAN info on each switch – prevents inconsistencies of configurations when and if changes are made
- Cisco proprietary protocol
- Propagates VLAN information to other layer 2 devices on the LAN
- Switches must be in same domain to receive updates
- Switches can in one of 4 modes:
- Servers
- Client
- Transparent
- Off
- Switches by default are configured as VTP servers, but with no VTP domain or password
- Switches in server mode with highest revision number take precedence
- VTP provides following benefits:
- VLAN configuration consistency across the layer 2 network
- Dynamic distribution of added VLANs across the network
- Plug and play configuration when adding new VLANs
- VTP has the following drawbacks:
- A switch that is being added to the network can wipe out existing vlan databases if new switch is in server mode, and is configured for proper VTP domain and has higher revision number than other servers
- Swiches in different domains do not share VTP information. Non-matching VTP settings might result in issues in negotiating VLAN trunks, port challenges or virtual port channels.
802.1q:
- a way to tag vlans on an ethernet frame
Native VLAN:
- Used to pass untagged traffic ( non vlan associated) to a neighbouring switch)
- On a trunk link each frame must be distinguishable as being within exactly one vlan
- If a frame does not carry an 802.1q tag, it is considered to be in the native vlan
- Default native vlan is 1
- You should the native vlan to an unused vlan – to prevent double tagging
Configure and verify VLANS:
- Vlans used everywhere inside network switching
- Every single port on a switch represents it own collision domain
- Problem now is one big broadcast domain
- Vlans allows us to chop up a 48 port switch logically – meaning from one 48 port switch you can create smaller logical switches – for example: 48 ports – 8/8/8/ etc or 6/6/6/ etc
- If you do have a switch with 16 ports ( 8 on left, 8 on right) now if instead, you split that in 8 on top ( as one VLAN) and the bottom 8 as another VLAN you now have 2 different vlans, 2 different broadcast domains and 2 additional collision domains.
Important notes:
- Single vlans can span multiple switches and will work as if on a single switch
- If you do this, special consideration required, some ports you will have to leave alone so the vlans can communicate with one another across a switch. This is where you end up creating “trunks”
- These get reconfigured to become trunk ports
- Trunk ports allow for the idea of multiple vlans to be able to use a single link to go across these switches so they can communicate with each other
What happens if I do not use trunks ?
- Then for every vlan created here inside that particular vlan, I would have to run a single connection in to every single one of those in the created vlans across the multiple switches.
- Meaning you will lost ports just to make connections between vlans on switches
2 vlans (different) even if on same switch will not communication directly with one another, but can it be done ?
- YES using a L3 device which provides routing
Can it be done without a router ?
- YES, you willned a multilayer switch (L3 switch)
Inter VLAN routing:
- Configuring vlan tagging or encapsulation
- 802.1q vlan tagging
- ISL (cisco propiertary)
- Two L2 discovery protocols
- CDP
- LLDP
Native VLAN:
- If you are using 802.1q you will have something called native vlan
-Once you establish Trunks and VLANs everything that passes these two switches It will have a VLAN ag (ie VLAN 4, VLAN 5, etc) EXCEPT when you are sending data to the native vlan
-Native VLAN is essentially traffic that is untagged
Another note:
- Vlan 1 = is your default cannot change it or remove it, this is your native vlan
- Vlan.dat is stored in FLASH, not NVRAM needs to be manually deleted if you reset switch to factory settings.
- Vlans between 1002- 1005 are legacy
- Always hard set trunks for security reasons
- Do not leave ports on default vlan, security risk, create another vlan (call it 99 or 999) and move all ports to it – also do a shutdown on them so they cannot be accessed
Connecting switches:
- Trunking technologies
- Protocol – dynamic trunking protocol (DTP)
- VTP
- DTP turned on nearly all switches – sets trunking to auto
- BUT NEVER allow trunks to auto-negotiate for themselves
- Allows hard set switches on both sides
- VTP – virtual trunking protocol, switches use VTP
- Allows config from one switch to all others, saving time