VLANs Flashcards
Campus Topology: Access Layer
Connects end hosts
Designed for high port count
Servers often have dual NICs & connect to a pair of redundant switches
Client access security measures are enabled at this layer
Campus Topology: Distribution Layer
Access layer switches uplink to distribution layer switches
This layer’s switches serve as an aggregation point for the access layer
Typically deployed in redundant pairs
End hosts are not connected here (typically)
Most software policy (QoS) is enabled here
Campus Topology: Core Layer
Distribution layer switches uplink to core layer switches
Switches are typically deployed in redundant pairs
Designed for speed/resiliency
(Traffic between different parts of campus travels through here)
Software policy should be avoided on this layer
(Slows performance)
Collapsed Distribution & Core
Common on smaller campuses
Don’t need 3 layer scalability
Distribution & Core layer functions perform on the same layer
Spine-Leaf Network Topology
Supports more East/West traffic as opposed to North/South with a campus topology
Switch Operations: Why we have VLANs
Switches forward broadcast traffic by default
By default, a campus-switched network is one large broadcast domain
Switches flood broadcast traffic everywhere, including between subnets
Security issue:
Traffic bypasses layer 3 security policies
Performance issue:
Every end host has to process the traffic
Uses bandwidth on links where traffic is not required
VLANs separate broadcast domains at layer 2
VLAN Access Ports
Configured on switch interfaces where end hosts are plugged in
Configured with one specific VLAN
Configuration is all on the switch
End host is not VLAN aware
Switches only allow traffic within the same VLAN
Default VLAN
VLAN 1
Command: VLAN Access Port Configuration
From Global Config:
vlan 10
name Sales
Then go into interface config:
int f0/1
switchport mode access
switchport access vlan 10
Command: Interface Range Configuration
interface range FastEthernet 0/3 - 5
Command: Show interface VLAN info
show interface f0/1 switchport
show vlan brief
VLAN Trunk Ports
Trunks are configured on the links between switches where we need to carry traffic for multiple VLANs
When the switch forwards traffic to another switch, it tags the layer 2 Dot1Q header with the correct VLAN
The receiving switch will only forward the traffic out ports that are in that VLAN
The switch removes the Dot1Q tag from the Ethernet frame when it sends it to the end host
ISL (Inter-Switch Link) was a Cisco proprietary trunking protocol (deprecated)
Command: Trunk Port Configuration
interface f0/24
description Trunk to SW2
switchport encapsulation dot1q (necessary for older switches that may default to ISL)
switchport mode trunk
Command: Voice VLAN Configuration
interface f0/10 description IP Phone switchport mode access (technically a trunk port, but we use access) switchport access vlan 10 switchport voice vlan 20
Native VLAN
The switch needs to know where to send untagged traffic
Native VLANs are used for this
Default native VLAN is VLAN 1
Raises security issues
Best practice is to change the native VLAN to an unused VLAN
Must match on both sides of a trunk for it to come up
Command: Configure Native VLAN to 199 on GigabitEthernet0/1
(From global config)
vlan 199
name Native
(Exit back to global config)
interface g0/1 description Trunk to SW2 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 199
Command: Configure interface G0/1 to allow VLANs 10 and 30
interface g0/1
switchport trunk allowed vlan 10,30
DTP
Dynamic Trunking Protocol:
If two Cisco switches are cabled together they can negotiate a trunk connection using DTP
It’s recommended to manually configure switch ports though (setting access/trunk)
DTP Mode: Auto
Forms a trunk if the neighbor switch port is set to trunk or desirable
Trunk will not be formed if both sides are set to auto (default)
DTP Mode: Desirable
Will form a trunk if the neighbor switch port is set to trunk, desirable, or auto (default on older switches)
Command: Configure Switchport to DTP Auto
switchport mode dynamic auto
Command: Configure switchport to DTP Desirable
switchport mode dynamic desirable
Command: Disable DTP on switchport
switchport nonegotiate
VTP
VLAN Trunking Protocol:
Allows you to add/edit/delete VLANs on switches configured as VTP Servers, and have other switches configured as VTP
Clients synchronize their VLAN database with them
This can be convenient if you manage a large campus
You will still need to perform port-level VLAN configuration on the switches
VTP Precaution
If you accidentally introduce a switch with a higher VLAN database revision number into the domain, it can wipe out all your production VLANs
If using DTP & VTP simultaneously
The VTP domain name has to match on neighbor switches for trunks to be formed by DTP
VTP Mode: Server
Can add/edit/delete VLANs
Synchronizes VLAN database from another Server with a higher revision number
VTP Mode: Client
Cannot add/edit/delete VLANs
Will synchronize its VLAN database from the Server with the highest revision number
VTP Mode: Transparent
Does not participate in the VTP domain
Does not advertise/learn VLAN info, but will pass it on
Can add/edit/delete VLANs in its own local VLAN database
Command: Configure VTP Domain Flackbox (commands for all modes)
vtp domain Flackbox
vtp mode server or vtp mode client or vtp mode transparent
Command: View VTP information
show vtp status
Command: View VLAN info
show vlan brief
