CCNA2 - Module 3&4.1 Flashcards
are logical connections with other similar devices.
VLANs
Benefits of VLAN Design:
- Smaller Broadcast Domains: Dividing the LAN reduces the number of broadcast domains.
- Improved Security: Only users in the same VLAN can communicate together.
- Improved IT Efficiency: VLANs can group devices with similar requirements, e.g., faculty vs. students.
- Reduced Cost: One switch can support multiple groups or VLANs.
- Better Performance: Small broadcast domains reduce traffic, improving bandwidth.
- Simpler Management: Similar groups will need similar applications and other network resources.
VLAN 1 is the following:
* The default VLAN
* The default Native VLAN
* The default Management VLAN
* Cannot be deleted or renamed
Note: While we cannot delete VLAN1 Cisco will recommend that we assign these default features to other VLANs
Default VLAN
Dedicated to user-generated traffic (email and web traffic).
VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN.
Data VLAN
This is used for trunk links only.
All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.
Native VLAN
This is used for SSH/Telnet VTY traffic and should not be carried with end user traffic.
Typically, the VLAN that is the SVI for the Layer 2 switch.
Management VLAN
A separate VLAN is required because Voice traffic requires:
* Assured bandwidth
* High QoS priority
* Ability to avoid congestion
* Delay less that 150 ms from source to destination
The entire network must be designed to support voice.
Voice VLAN
is a point-to-point link between two network devices(VLAN).
trunk
Without ____, all devices connected to the switches will receive all unicast, multicast, and broadcast traffic.
VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a _____ to connect the VLANs, devices in different VLANs cannot communicate.
Layer 3 device
- 2-byte field with hexadecimal
- reffered as Tag Protocol ID (TPID)
- 3-bit user priority
- 1-bit Canonical Format Identifier (CFI)
- 12-bit vlan up to 4069
802.1Q
- tagged with appropriate layer 2 class of service priority value
voice VLAN
The ______ command can show us both data and voice VLANs assigned to the interface.
show interfaces fa0/18 switchport
Native vs Extended Range VLAN
Normal Range VLAN 1 - 1005
* Used in Small to Medium sized businesses
* 1002 - 1005 are reserved for legacy VLANs
* 1, 1002 - 1005 are auto created and cannot be deleted
* Stored in the vlan.dat file in flash
* VTP can synchronize between switches
Extended Range VLAN 1006 - 4095
* Used by Service Providers
* Are in Running-Config
* Supports fewer VLAN features
* Requires VTP configurations
Commands to verify VLAN info
brief Display VLAN name, status, and its ports one VLAN per line.id vlan-id Display information about the identified VLAN ID number. name vlan-name Display information about the identified VLAN name. The vlan-name is an ASCII string from 1 to 32 characters.summary Display VLAN summary information.
use the______ to place interface back in VLAN 1 & change VLAN port membership
no switchport access vlan
command to delete all VLANS
delete flash:vlan.dat or delete vlan.dat
Is set to trunk administratively
Is set as trunk operationally (functioning)
Encapsulation is dot1q
sh int fa0/1 switchport command
reset trunk to the default state
no sw trunk alllowed vlan
no sw trunk native vlan
is a proprietary Cisco protocol.
characteristics are as follows:
- On by default on Catalyst 2960 and 2950 switches
- Dynamic-auto is default on the 2960 and 2950 switches
- May be turned off with the nonegotiate command
- May be turned back on by setting the interface to dynamic-auto
- Setting a switch to a static trunk or static access will avoid negotiation issues with the switchport mode trunk or the switchport mode access commands.
Dynamic Trunking Protocol (DTP)
interface configuration command to stop DTP negotiation.
switchport nonegotiate
negotiated int modes
-
access:
Permanent access mode and negotiates to convert the neighboring link into an access link. -
dynamic auto:
Will become a trunk interface if the neighboring interface is set to trunk or desirable mode. -
dynamic desirable:
Actively seeks to become a trunk by negotiating with other auto or desirable interfaces. -
trunk:
Permanent trunking mode and negotiates to convert the neighboring link into a trunk link.
command to determine the current DTP mode
show dtp interface f0/1
are used to segment switched Layer 2 networks for a variety of reasons. Regardless of the reason, hosts in one VLAN cannot communicate with hosts in another VLAN unless there is a router or a Layer 3 switch to provide routing services.
VLANs
is the process of forwarding network traffic from one VLAN to another VLAN.
Inter-VLAN routing
There are three inter-VLAN routing options:
Legacy Inter-VLAN routing - This is a legacy solution. It does not scale well.
Router-on-a-Stick - This is an acceptable solution for a small to medium-sized network.
Layer 3 switch using switched virtual interfaces (SVIs) - This is the most scalable solution for medium to large organizations.
The first inter-VLAN routing solution relied on using a router with multiple Ethernet interfaces. Each router interface was connected to a switch port in different VLANs. The router interfaces served as the default gateways to the local hosts on the VLAN subnet.
using physical interfaces works, but it has a significant limitation. It is not reasonably scalable because routers have a limited number of physical interfaces. Requiring one physical router interface per VLAN quickly exhausts the physical interface capacity of a router.
Note: This method of inter-VLAN routing is no longer implemented in switched networks and is included for explanation purposes only.
Legacy inter-VLAN routing
method overcomes the limitation of the legacy inter-VLAN routing method. It only requires one physical Ethernet interface to route traffic between multiple VLANs on a network.
* has subinterfaces
* max of 50 VLANS
‘router-on-a-stick’ inter-VLAN routing
The modern method of performing is to use Layer 3 switches and switched virtual interfaces (SVI). An SVI is a virtual interface that is configured on a Layer 3 switch, as shown in the figure.
layer 3 == multilayer switch
inter-VLAN routing
are created the same way that the management VLAN interface is configured. The SVI is created for a VLAN that exists on the switch. Although virtual, the SVI performs the same functions for the VLAN as a router interface would. Specifically, it provides Layer 3 processing for packets that are sent to or from all switch ports associated with that VLAN.
* much faster
* increase bandwidth
* more expensive
Inter-VLAN SVIs
- This command configures the subinterface to respond to 802.1Q encapsulated traffic from the specified vlan-id. The native keyword option is only appended to set the native VLAN to something other than VLAN 1.
encapsulation dot1q vlan_id [native]
- This command configures the IPv4 address of the subinterface. This address typically serves as the default gateway for the identified VLAN.
ip address ip-address subnet-mask
Common Inter-VLAN Issues
-
Missing VLANs
How to Fix: Create (or re-create) the VLAN if it does not exist. Ensure the host port is assigned to the correct VLAN.How to Verify: Use commands: show vlan [brief], show interfaces switchport, ping. -
Switch Trunk Port Issues
How to Fix: Ensure trunks are configured correctly. Ensure the port is a trunk port and enabled.How to Verify: Use commands: show interface trunk, show running-config. -
Switch Access Port Issues
How to Fix: Assign the correct VLAN to the access port. Ensure the port is an access port and enabled. Host may be incorrectly configured in the wrong subnet.How to Verify: Use commands: show interfaces switchport, show running-config interface, ipconfig. -
Router Configuration Issues
How to Fix: Router subinterface IPv4 address is incorrectly configured. Router subinterface should be assigned to the VLAN ID.How to Verify: Use commands: show ip interface brief, show interfaces.
- Missing VLANs
How to Fix: Create (or re-create) the VLAN if it does not exist. Ensure the host port is assigned to the correct VLAN.How to Verify: Use commands: show vlan [brief], show interfaces switchport, ping.
- Switch Trunk Port Issues
How to Fix: Ensure trunks are configured correctly. Ensure the port is a trunk port and enabled.How to Verify: Use commands: show interface trunk, show running-config.
- Switch Access Port Issues
How to Fix: Assign the correct VLAN to the access port. Ensure the port is an access port and enabled. Host may be incorrectly configured in the wrong subnet.How to Verify: Use commands: show interfaces switchport, show running-config interface, ipconfig.
- Router Configuration Issues
How to Fix: Router subinterface IPv4 address is incorrectly configured. Router subinterface should be assigned to the VLAN ID.How to Verify: Use commands: show ip interface brief, show interfaces.
Verify that the port connecting to the router is correctly configured as a trunk link using the .
show interface trunk command
If that port is missing from the output, examine the configuration of the port with the _____ command to see how the port is configured.
show running-config interface X
- correct address but unable to ping its default gateway
show vlan brief
show int X sw
show run int X
switch access port issues
is created using the interface interface_id subinterface_id global configuration mode command.
subinterface
