Data Switch- Class 2-7 April

8/12/2019 Data Switch- Class 2-7 April

1/64

Data Switch Class II

Data Switch Shyam Krishna Khadka


2/64


3/64

Virtual Local Area Network

VLANs



4/64

VLANsA VLAN is a logical grouping of network users and

resources connected to administratively defined ports ona switch.

Ability to create smaller broadcast domains within a layer2 switched internetwork b assi nin different orts on

the switch to different subnetworks. Frames broadcast onto the network are only switched

between the ports logically grouped within the same

VLAN By default, no hosts in a specific VLAN can communicate

with any other hosts that are members of another VLAN,

For nter VLAN communication you need routers



5/64

VLANs

VLAN implementation combines Layer 2 switching and Layer ! routingtechnologies to limit both collision domains and broadcast domains.

VLANs can also be used to provide security by creating the VLANgroups according to function and by using routers to communicatebetween VLANs.

N"#$% #his is the only way a switch can break up a broadcast domain&



6/64

VLAN "#er#iew

$ Segmentation

A VLAN = A Broadcast Domain = Logical Network (Subnet)

$ Flexibility

$ Security



7/64

Local VLANs

VLAN % VLAN &

Switch

'dge !orts

VLAN % nodes VLAN & nodes


8/64

VLANs across switches

()*+, Trunk

Tagged -rames

VLAN % VLAN &VLAN % VLAN &

Trunk Port

This is called .VLAN Trunking/


9/64

0istory

os s are connec e o e sw cAll From same Broadcast domainNeed to divide them in separate logical segment(igh broadcast traffic reasons

A)*

+(*-A*/indowsNetB"-



10/64


11/64

0ow VLANs Sim!li1y Network 2anagement

f we need to break the broadcast domain we need to connect a

router

By using VLAN0s we can divide Broadcast domain at Layer52

A group of users needing high security can be put into a VLAN sothat no users outside of the VLAN can communicate with them.

As a logical grouping of users by function, VLANs can be consideredindependent from their physical locations.



12/64

VLAN

o!eration

Switch 1172.30.1.21255.255.255.0

VLAN 1

172.30.2.10

255.255.255.0

VLAN 2

172.30.1.23

255.255.255.0

VLAN 1

172.30.2.12

255.255.255.0

VLAN 2

1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN

Two SubnetsIm!ortant notes on VLANs3+* VLANs are assigned on the switch !ort* There is no .VLAN/ assignment done on the host

4usually5*

* In order 1or a host to 6e a !art o1 that VLAN7 it must 6e assigned an IP address that

6elongs to the !ro!er su6net*8emem6er3 VLAN 9 Su6net

:* Assigning a host to the correct VLAN is a ;ste! !rocess3

+* Connect the host to the correct !ort on the switch*

* Assign to the host the correct IP address de!ending on the VLAN meme6ershi!



13/64

Switch 1172.30.1.21

255.255.255.0 172.30.2.12255.255.255.0

ARP Request

Without VLANs No Broadcast Control

No VLANs

Same as a single VLAN

Two Subnets

172.30.2.10

255.255.255.0

172.30.1.23

255.255.255.0

Without VLANs, the ARP Request would be seen by all hosts. Again, consuming unnecessary network bandwidth and host processing

cycles.



14/64

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12

255.255.255.0

VLAN 2

Switch Port: VLAN IDARP Request

With VLANs Broadcast Control

Two VLANs

Two Subnets

172.30.2.10

255.255.255.0

VLAN 2

172.30.1.23

255.255.255.0

VLAN 1 1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN



15/64

sing VLANs* Switch is con1igured withthe !orts on the a!!ro!riate VLAN* Still7each grou! on a di11erent IP network?howe#er7 They are all on the same switch*

=hat are the 6roadcast domains in each@

One link per VLAN or a single VLANTrunk (later)

2) With

VLANs

10.1.0.0/16

10.2.0.0/16

10.3.0.0/16



16/64

VLAN o!eration

'ach switch !ort can 6e assigned to a di11erent VLAN*

Ports assigned to the same VLAN share 6roadcasts*

Ports that do not 6elong to that VLAN do not share these 6roadcasts*

Dynamic VLAN is created through Cisco =orks ))) or V2PSData Switch Shyam Krishna Khadka


17/64


18/64

VLAN Ty!es



19/64

Protocol 6ased VLAN means that a host 6elongs to a !articular VLAN 6ased on which

!rotocol it uses 1or communication* -or eam!le7 the host P in the !icture is a Netware

client which normally uses IP% !rotocol7 which means that it 6elongs to IP% VLAN*



20/64

VLAN Tagging

VLAN agging is used w!en a link needs to carry tra""ic "or more t!an one VLAN#

runk link$ As !ackets are recei#ed 6y the switch 1rom any attached end; 7 *

!is !eader in"ormation designates t!e VLAN members!i% o" eac! %acket*

The !acket is then 1orwarded to the a!!ro!riate switches or routers 6ased on theVLAN identi1ier and 2AC address*

>!on reaching the destination node 4Switch5 the VLAN ID is remo#ed 1rom the

!acket 6y the adEacent switch and 1orwarded to the attached de#ice* Packet tagging !ro#ides a mechanism 1or controlling the 1low o1 6roadcasts and

a!!lications while not inter1ering with the network and a!!lications*

This is known as a trunk link or VLAN trunking*



21/64

VLAN TaggingNo VLAN Tagging

VLAN Tagging

VLAN Tagging is used when a single link needsto carry tra11ic 1or more than one VLAN*



22/64

VLAN Tagging

There are two maEor methods o1 1rame tagging7 Cisco !ro!rietary &nter'

Switc! Link (&SL) and & *+#,-* ISL used to 6e the most common7 6ut is now 6eing re!laced 6y ()*+, 1rame

tagging*

Cisco recommends using ()*+,* VLAN Tagging and Trunking will 6e discussed in the net cha!ter*

802.10



23/64

Access links

A link that is !art o1 only one VLAN

Identi1ying VLANs

Trunk linksCarries multi!le VLANs



24/64

Identi1ying VLANs contd**

Access Link



25/64

Con1iguring static VLANs

The 1ollowing guidelines must 6e 1ollowed when con1iguring VLANs on CiscoF switches3

F switches commonly allow G7)FH VLANs VLAN + is one o1 the 1actory;de1ault VLANs* VLAN + is the de1ault 'thernet VLAN* Cisco Disco#ery Protocol 4CDP5 and VLAN Trunking Protocol 4VTP5

ad#ertisements are sent on VLAN +*

The Catalyst F IP address is in the VLAN + 6roadcast domain 6yde1ault*

.The switch must 6e in VTP ser#er mode to create7 add7 or delete VLANs*/(!is is not true# Switc! could be in V. rans%arent mode# V. will bediscussed in a moment#)



26/64

Creating VLANs

'

Switch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan vlan_number

/reate t!e VLAN$ Switch#vlan database

Switch(vlan)#vlan vlan_number

Switch(vlan)#exit



27/64

Creating VLANs

vlan10

Defaultvlan 1

Defaultvlan 1

Switch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan 10

access Denotes this !ort as an access !ort and not a trunk link 4later5



28/64

Creating VLANs

vlan300

Defaultvlan 1

Defaultvlan 1



29/64

Con1iguring 8anges o1 VLANs

vlan 2

SydneySwitch(config)#interface fastethernet 0/5SydneySwitch(config-if)#switchport access vlan 2

SydneySwitch(config-if)#exit

SydneySwitch(config)#interface fastethernet 0/6

SydneySwitch(config-if)#switchport access vlan 2






30/64

Con1iguring 8anges o1 VLANs

vlan 3

SydneySwitch(config)#interface range fastethernet 0/8,fastethernet 0/12



!is command does not work on all +0** switc!es1 suc! as t!e +0** Series 2L#

&t does work on t!e +03*#



31/64

Creating VLANs

vlan300

Defaultvlan 1

Defaultvlan 1


y ney w c con g-


Note3 The switchport mode access command should 6e con1igured on

all !orts that the network administrator does not want to 6ecome a trunk

!ort*

This will 6e discussed in more in the net cha!ter7 section on DTP*



32/64

Creating VLANs

Default: dynamic desirable

This link will become a trunking link unless one of the

ports is configured with as an access link, I.e.switchport mode access


33/64

Veri1ying VLANs show #lan

vlan 3vlan 2vlan 1default



34/64

Veri1ying VLANs show #lan 6rie1

vlan 3vlan 2vlan 1default



35/64

#lan data6ase commands

"!tional Command to add7 delete7 or modi1y VLANs*

VLAN names7 num6ers7 and V. 4VLAN Trunking Protocol5 in1ormation can 6eentered which .may/ a11ect other switches 6esides this one* 4Discussed

later5* This does not assign any VLANs to an inter1ace*

Switch vlan database

Switch(vlan)#?

VLAN database editing buffer manipulation commands:

abort Exit mode without applying the changes

apply Apply current changes and bump revision number

exit Apply changes, bump revision number, and exit mode

no Negate a command or set its defaultsreset Abandon current changes and reread current database

show Show database information

vlan Add, delete, or modify values associated with a single VLAN

vtp Perform VTP administrative functions.



36/64

Deleting a Port VLAN 2em6ershi!

Switch(config-if)#no switchport access vlan vlan_number

Deleting a VLAN Switch#vlan databaseSwitch(vlan)#No vlan vlan_number

Switch(vlan)#exit


L 2 B d S i


37/64

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12255.255.255.0

VLAN 2


Layer 2 Broadcast Segmentation

Two VLANs

Two Subnets

172.30.2.10255.255.255.0

VLAN 2

172.30.1.23255.255.255.0

VLAN 1

An ARP Request from 172.30.1.21 for 172.30.1.23 will only be seen byhosts on that VLAN.

The switch will flood broadcast traffic out only those ports belonging to

that particular VLAN, in this case VLAN 1.

1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN


With t VLAN N B d t C t l


38/64

Switch 1172.30.1.21

255.255.255.0 172.30.2.12

255.255.255.0

ARP Request

Without VLANs No Broadcast Control

No VLANs

Same as a single VLAN Two Subnets

172.30.2.10255.255.255.0

172.30.1.23255.255.255.0

Without VLANs, the ARP Request would be seen by all hosts. Again, consuming unnecessary network bandwidth and host processing

cycles.


With VLAN B d t C t l


39/64

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12255.255.255.0

VLAN 2


With VLANs Broadcast Control

Two VLANs

Two Subnets

172.30.2.10255.255.255.0

VLAN 2

172.30.1.23255.255.255.0

VLAN 1 1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN


I t VLAN T ffi


40/64

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12255.255.255.0

VLAN 2

Switch Port: VLAN ID

Inter-VLAN Traffic

Two VLANs

Two Subnets

172.30.2.10255.255.255.0

VLAN 2

172.30.1.23255.255.255.0

VLAN 1 1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN

1. Remember that VLAN IDs (numbers) are assigned to the switch portand not to the host. (Port-centric VLAN switches)

2. Be sure to have all of the hosts on the same subnet belong to the sameVLAN, or you will have problems.

Hosts on subnet 172.30.1.0/24 - VLAN 1

Hosts on subnet 172.30.2.0/24 - VLAN 2 etc.Data Switch Shyam Krishna Khadka

Inter VLAN Traffic


41/64

Switch 1172.30.1.21

255.255.255.0

VLAN 1

172.30.2.12255.255.255.0

VLAN 2

Switch Port: VLAN IDTo 172.30.2.12

Inter-VLAN Traffic

A switch cannot route data between different VLANs. Note: The host will not even send the Packet unless it has a default gateway to

forward it to.

We use router for this

Two VLANs

Two Subnets

172.30.2.10255.255.255.0

VLAN 2

172.30.1.23255.255.255.0

VLAN 1 1 2 3 4 5 6 .

1 2 1 2 2 1 .

Port

VLAN



42/64

Inter;VLAN 8outing ; Trunk Links

172.30.1.21/24 172.30.2.12/24

172.30.1.21/24

VLAN

Rtr(config)#interface fastethernet 0/1.1

Rtr(config-if)#description VLAN 1

Rtr(config-if)#encapsulation dot1q 1

Rtr(config-if)#ip address 172.30.1.1 255.255.255.0

It is recommended that VLAN + is not used 1or either 2anagement tra11ic oruser tra11ic*

172.30.2.12/24



43/64

Inter;VLAN 8outing ; Trunk Links

172.30.1.21/24 172.30.2.12/24

172.30.1.21/24

VLAN

Rtr(config)#interface fastethernet 0/1.2

Rtr(config-if)#description VLAN 2

Rtr(config-if)#encapsulation dot1q 2

Rtr(config-if)#ip address 172.30.2.1 255.255.255.0

It is recommended that VLAN + is not used 1or either 2anagement tra11ic oruser tra11ic*

172.30.2.12/24


VLAN + D 1 lt VLAN > VLAN


44/64

VLAN +7De1ault VLAN7>ser VLAN7

Nati#e VLAN7 2anagement VLAN ser VLAN7


45/64

VLAN +7De1ault VLAN7>ser VLAN7

Nati#e VLAN7 2anagement VLANcontd**

A management VLAN is any VLAN you

con1igure to accessthe management ca!a6ilities40TTP7 Telnet7

7 or o a sw c *



46/64

S!anning Tree Protocol



47/64

Switching Loo!

Switch A Switch < =hen there is more thanone !ath 6etween two

switches

Swtich C

=hat are the !otential

!ro6lems@


48/64

Switching Loo!

I1 there is more than one !ath 6etween two

switches3-orwarding ta6les 6ecome unsta6le

1rom di11erent !orts

Switches will 6roadcast each others 6roadcasts

All a#aila6le 6andwidth is utilied

Switch !rocessors cannot handle the load

S i hi L


49/64

Switching Loo!

Switch A Switch

Data Switch- Class 2-7 April

Documents

Transcript of Data Switch- Class 2-7 April