Module 3 - Implementing Cisco LAN Connectivity Flashcards
Layer 2 - Switches
They operate at the OSI Layer 2, they are by default seen as one physical broadcast domain. Any broadcast frame sent is flooded everywhere. L2 Switches can be logicially split into VLANs. VLANs allow for the switch to be logically segmented… this can improve performance, improve security, provide flexibility.
Layer 3 device is needed to forward traffic from one broadcast domain to another.
VLANs
VLANs create separate broadcast domains.
VLAN 1 is the default VLAN and cannot be deleted.
VLANs can route by using ROAS - router on a stick or intervlan routing with use of SVI’s on a L3 switch.
VLANs can be departmental, physical location based such as floor based, they also have a number and generally a descriptive name.
Configuring and Showing VLANs
switch1 - vlan 2
Configuring Vlans by entering into global config mode :
name Sales
vlan 20
name IT
Show VLAN info
show vlan 2
show vlan brief - summary information
show interface fa0/3 switchport - shows capabilities of a switchport
Q.
Which command assigns a port to VLAN 20?
A.
switchport access vlan 20
VLANs Continued
Common VLAN traits:
- A VLAN is a virtual LAN.
- VLAN = broadcast domain
- VLAN = logical network (subnet)
VLANs address these needs:
- Segmentation
- Security
- Network flexibility
Addressing VLANs
VLANs are usually addressed by the VLAN number in the subnet. For example 3 VLANS - VLAN 10, 20, 30 could be IP addressed as follows
vlan 10 - 10.0.10.0/24
vlan20 - 10.0.20.0/24
vlan30- 10.0.30/0/24
this can help administratively and keeps things clean. This is common to see in networks.
Assigning a port to a VLAN
SwitchX# configure terminal SwitchX
(config)# interface FastEthernet 0/3
SwitchX(config-if)# switchport mode access
SwitchX(config-if)# switchport access vlan 2
SwitchX(config-if)# switchport voice vlan 20
After creating a VLAN, you can manually assign a port or many ports to this VLAN. An access port can belong to only one VLAN at a time.
Vlan Verification cmds
show vlan id 2 or show vlan name - command to display information about a particular VLAN.
show vlan brief - a summary information of VLANs
show vlan - command to display information on all configured VLANs. The show vlan command displays the switch ports that are assigned to each VLAN.
show interface FastEthernet0/3 switchport - for detailed switchport operational status and mode it is operating in.
Remember VLAN information created is stored in vlan.dat file on the device.
Trunks Overview
The 802.1q IEEE standard is used for trunking. Trunking is used between switches and adds a tag field into the header frame. Most important is the 12-bit vlan-id this tags the frame with the VLAN which allows for multiple tagged vlans to be forwarded over a trunk link.
Native VLAN
The Native VLAN by default is VLAN1, anything sent from an access port within VLAN 1 is left untagged. VLAN 1 or the native VLAN if it is changed is used to send untagged traffic such as CDP information or anything native across a trunk link.
Broadcast traffic does traverse a trunk link. If it is a 802.1q tagged frame then the tag is removed and flooded and if it is native then there if no tag but the same principle still applies.
Cisco switches use Cisco Discovery Protocol to warn of a native VLAN mismatch. On select versions of Cisco IOS Software, Cisco Discovery Protocol may not be transmitted or will be automatically turned off if VLAN 1 is disabled on the trunk.
Best practice - Is to configure a native vlan on something other than VLAN 1.
Remember - with native vlans the same side must be configured to use the same native vlan.
Trunking Interfaces
Trunks are simply interfaces which are configured in a specific way.
show interfaces fa0/0 switchport | trunk can be used to view trunking status
show interfaces trunk also is useful.
IEEE 802.1Q FRAME
The original frame is expanded and a 4 byte tag field is added into the frame. The 4 byte field includes the following:
- Type or Tag Protocol Identifier (16 bits) is set to a value of 0x8100 to identify the frame as an IEEE 802.1Q-tagged frame.
- Priority (3 bits) indicates the frame priority level that can be used for the prioritization of traffic.
- If flag (1 bit) is 1, the MAC address is in noncanonical format. If flag is 0, the MAC address is in canonical format.
- VLAN ID(12 bits) uniquely identifies the VLAN to which the frame belongs.
Configuring a trunk interface
Steps to configure a trunk interface and change the native vlan
conf t - enter into global config mode
int fa0/1 enter interface config mode
switchport mode trunk change the switchport to mode to trunk
switchport trunk native vlan 99 change the native vlan to 99
show interface fa0/1 switchport verifies the switchport status
Many Cisco Catalyst switches support DTP (Dynamic Trunking Protocol), which manages automatic trunk negotiation. DTP is a Cisco proprietary protocol. Switches from other vendors do not support DTP. DTP is automatically enabled on a switch port when certain trunking modes are configured on the switch port. DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP.
Q.
Which type of port allows for frames from many VLANs to be tagged indicating to which VLAN they belong?
Trunk port.
Inter-vlan routing
Routing is neccessary to route traffic between VLANs. A layer 3 device is needed to perform this. The ‘traditional approach’ of having a switch with multiple links for each vlan going into a router is not practical as it doesn’t scale well. ROAS is recommended for simple configurations and small networks.
ROAS uses a trunk link, makes use of sub-interfaces. If using a L3 switch then remember that IP Routing must be enabled.
Remember these key concepts with VLANS:
- Inter-VLAN communication occurs between broadcast domains via a Layer 3 device.
- A VLAN creates a separate switching segment.
- Traffic cannot be switched between VLANs.
- VLANs have different IP subnets.
- Routing is necessary to forward traffic between VLANs.
Layer 3 based Inter-vlan based routing
ip routing !
interface Vlan10
ip address 10.1.10.1 255.255.255.0
no shutdown !
interface Vlan20
ip address 10.1.20.1 255.255.255.0
no shutdown
This is more flexible than a router based ROAS as the trunk links can be quite busy. Just remember to enable IP routing and ensure that the ports are correctly configured.
In general, a Layer 3 switch is primarily a Layer 2 device that has been upgraded to have some routing capabilities. A router is a Layer 3 device that can perform some switching functions.
Q.
Which two statements about inter-VLAN routing in the following topology are true? (Choose two.)
2) The Ethernet 0/0 interface on R1 must be configured with subinterfaces.
5) The same encapsulation type must be configured on the Ethernet 0/0 interface on R1 and Ethernet 0/0 on SW2.
