VLANs Flashcards
Campus Topology: Access Layer
Connects end hosts
Designed for high port count
Servers often have dual NICs & connect to a pair of redundant switches
Client access security measures are enabled at this layer
Campus Topology: Distribution Layer
Access layer switches uplink to distribution layer switches
This layer’s switches serve as an aggregation point for the access layer
Typically deployed in redundant pairs
End hosts are not connected here (typically)
Most software policy (QoS) is enabled here
Campus Topology: Core Layer
Distribution layer switches uplink to core layer switches
Switches are typically deployed in redundant pairs
Designed for speed/resiliency
(Traffic between different parts of campus travels through here)
Software policy should be avoided on this layer
(Slows performance)
Collapsed Distribution & Core
Common on smaller campuses
Don’t need 3 layer scalability
Distribution & Core layer functions perform on the same layer
Spine-Leaf Network Topology
Supports more East/West traffic as opposed to North/South with a campus topology
Switch Operations: Why we have VLANs
Switches forward broadcast traffic by default
By default, a campus-switched network is one large broadcast domain
Switches flood broadcast traffic everywhere, including between subnets
Security issue:
Traffic bypasses layer 3 security policies
Performance issue:
Every end host has to process the traffic
Uses bandwidth on links where traffic is not required
VLANs separate broadcast domains at layer 2
VLAN Access Ports
Configured on switch interfaces where end hosts are plugged in
Configured with one specific VLAN
Configuration is all on the switch
End host is not VLAN aware
Switches only allow traffic within the same VLAN
Default VLAN
VLAN 1
Command: VLAN Access Port Configuration
From Global Config:
vlan 10
name Sales
Then go into interface config:
int f0/1
switchport mode access
switchport access vlan 10
Command: Interface Range Configuration
interface range FastEthernet 0/3 - 5
Command: Show interface VLAN info
show interface f0/1 switchport
show vlan brief
VLAN Trunk Ports
Trunks are configured on the links between switches where we need to carry traffic for multiple VLANs
When the switch forwards traffic to another switch, it tags the layer 2 Dot1Q header with the correct VLAN
The receiving switch will only forward the traffic out ports that are in that VLAN
The switch removes the Dot1Q tag from the Ethernet frame when it sends it to the end host
ISL (Inter-Switch Link) was a Cisco proprietary trunking protocol (deprecated)
Command: Trunk Port Configuration
interface f0/24
description Trunk to SW2
switchport encapsulation dot1q (necessary for older switches that may default to ISL)
switchport mode trunk
Command: Voice VLAN Configuration
interface f0/10 description IP Phone switchport mode access (technically a trunk port, but we use access) switchport access vlan 10 switchport voice vlan 20
Native VLAN
The switch needs to know where to send untagged traffic
Native VLANs are used for this
Default native VLAN is VLAN 1
Raises security issues
Best practice is to change the native VLAN to an unused VLAN
Must match on both sides of a trunk for it to come up
