Você está na página 1de 434

AACS5324 Advanced Computer Networks

Chapter 6 LAN Design

ACN-1

Chapter 6

Objectives
Upon completion of this chapter, student should be able to understand the followings:

Switched LAN Architecture Benefits and Principles of Hierarchical Network Design


Converged Network Considerations and Features for Network Switches

ACN-2

Chapter 6

LAN Design

Switched LAN Architecture

ACN-3

Chapter 6

Switched LAN Architecture


When building a LAN that satisfies the needs of a small or medium-sized business, your plan is more likely to be successful if a hierarchical design model is used. Divided into discrete layers. Each layer has a specific purpose. Becomes modular maintenance, performance.

ACN-4

Chapter 6

Switched LAN Architecture

ACN-5

Chapter 6

Access Layer

Interfaces with end devices. Routers, switches, bridges, wireless access points. Provides a means of connecting and controlling which devices are allowed to communicate on the network.
ACN-6 Chapter 6

Distribution Layer

Aggregates (funnels) data receives from the access Layer switches before it is transmitted to the core layer for routing to its final destination. Controls the flow of network traffic using policies performing routing functions between virtual LANs (VLANs) defined at the access layer. Distribution layer switches are typically high-performance devices that have high availability and redundancy to ensure reliability
ACN-7 Chapter 6

Core Layer

High speed backbone of the network. Connects to the Internet resources. Must be highly available and redundant as it is critical for interconnectivity between distribution layer devices Must be capable of quickly forwarding large amounts of data as it aggregates the traffic from all the distribution layer devices.
ACN-8 Chapter 6

Medium Sized Business

Logical Layout

Physical Layout

ACN-9

Chapter 6

Benefits of a Hierarchical Network


Benefits: Scalability Redundancy Performance Security Manageability Maintainability

ACN-10

Chapter 6

Benefits of a Hierarchical Network


Scalability

Hierarchical Networks can be expanded easily.


ACN-11 Chapter 6

Benefits of a Hierarchical Network


Redundancy

ACN-12

Redundancy at the core and distribution layers ensure availability.

Chapter 6

Benefits of a Hierarchical Network


Performance

Link aggregation and high performance distribution and core layer switches provide near-wire speed at all layers. Chapter 6 ACN-13

Benefits of a Hierarchical Network


Security

Port security at the access layer and policies at the distribution layer make the network more secure. Chapter 6 ACN-14

Benefits of a Hierarchical Network


Manageability

Configurations Additional Switch

Functionality
Rapid Recovery

Easier Troubleshooting

ACN-15

Consistency among switches at each layer makes management more simple.

Chapter 6

Benefits of a Hierarchical Network


Maintainability

The modular design allows a network to scale easily without becoming over-complicated or burdensome. Chapter 6 ACN-16

Principles of Hierarchical Network Design


Just because a network is hierarchical, it doesnt mean its well designed. Network Diameter: The number of devices that a packet has to cross before it reaches its destination. Keeping the network diameter low ensures low and predictable latency between devices Bandwidth Aggregation: After the bandwidth requirements of the network are known, links between specific switches can be aggregated or combined to provide higher bandwidth. Redundancy: The practice of providing multiple paths to a destination Chapter 6 ACN-17 or multiple instances of a device.

Principles of Hierarchical Network Design


Network Diameter: For PC1 to communicate with PC3, the data must traverse 6 intermediate switches. In this case, the network diameter is 6. Each switch introduces some latency. In a hierarchical network, network diameter is always going to be a predictable number of hops between the source and destination devices.
ACN-18 Chapter 6

Principles of Hierarchical Network Design


Bandwidth Aggregation: Link aggregation allows multiple switch port links to be combined so as to achieve higher throughput between switches. The determining factor is using link aggregation is the requirements of the user applications.

ACN-19

Chapter 6

Principles of Hierarchical Network Design


Redundancy: Redundancy is one part of creating a highly available network. Multiple links between switches or multiple devices. It can get expensive and most likely will not be done on the access layer because of the cost and variety of devices. It is feasible at the distribution and core layers.
ACN-20 Chapter 6

What is a Converged Network?


A Converged Network is one where voice and video communications have been combined on a single data network. Legacy Equipment: Until now, mainly feasible on large enterprise networks.

ACN-21

Chapter 6

What is a Converged Network?


Advanced Technology: More popular to medium and small sized businesses. Can be a difficult decision considering current investments in technology. Benefit: Only one network to manage.

ACN-22

Chapter 6

What is a Converged Network?


New Options: You can now tie voice and video communications directly into an employee's personal computer system. Software integrated on a PC eliminates an expensive handset. Add a webcam and video conference.

ACN-23

Chapter 6

LAN Design

Matching Switches to Specific LAN Functions

Traffic Flow Analysis

User Community Analysis


Data Stores and Data Servers Analysis

Topology Diagrams
Switch Features

ACN-24

Chapter 6

Considerations for Network Switches


Traffic Flow Analysis: The process of measuring the bandwidth usage on a network and analyzing the data.

Performance tuning. Capacity planning. Hardware improvement decisions.


ACN-25 Chapter 6

Considerations for Network Switches


User Community Analysis: The process of identifying various groupings of users and their impact on network performance.

ACN-26

Chapter 6

Considerations for Network Switches


Data Stores and Data Servers Analysis: When analyzing traffic on a network, consider the location of the data stores and data servers. Consider both client-server and server-server traffic.

ACN-27

Chapter 6

Considerations for Network Switches


Topology Diagram: A graphical representation of a network infrastructure. Switch connections with port numbers. Aggregated ports and redundant paths. Identify configuration by switch name. Could contain user information.

ACN-28

Chapter 6

Switch Features
Switch Form Factors: When selecting a switch, you need to decide between Fixed configuration or modular configuration. Stackable or non-stackable. The switch form factor (physical size) is important depending upon where the switch will be installed. Wiring closet with limited space. Computer room with free standing racks. Shelf in a central area.

ACN-29

Chapter 6

Switch Features
Fixed Configuration Switches: Fixed in their configuration. You cannot add features or options to the switch beyond those that originally came with the switch.

ACN-30

Chapter 6

Switch Features
Modular Switches: Offer more flexibility. Typically come with different sized chassis that allow for the installation of different numbers of modular line cards. The line cards actually contain the ports.

ACN-31

Chapter 6

Switch Features
Stackable Switches: Interconnected using a special backplane cable that provides high-bandwidth throughput between the switches (Cisco StackWise). The stacked switches effectively operate as a single, larger switch. Desirable when fault tolerance and bandwidth availability are critical and a modular switch is too costly to implement.

ACN-32

Chapter 6

Switch Performance
When selecting a switch for the access, distribution, or core layer, consider the ability of the switch to support: Port Density. Forwarding Rate. Bandwidth Aggregation Requirements.

ACN-33

Chapter 6

Switch Performance
Port Density: Port density is the number of ports available on a single switch. 24 Port

48 Port

Very high density. Catalyst 6500 - 1,000 Ports


ACN-34 Chapter 6

Switch Performance
Forwarding Rate: Defines the processing capabilities of a switch by rating how much data the switch can process per second. If the switch forwarding rate is too low, it cannot accommodate full wire-speed communication across all of its switch ports. A 48 port Gigabit switch is capable of switching 48 Gigabits of traffic.

ACN-35

Chapter 6

Switch Performance
Forwarding Rate: Access layer switches typically do not need to operate at full wire speed because they are physically limited by their uplinks to the distribution layer. Allows the use of: Less expensive, lower performing switches at the access layer. More expensive, higher performing switches at the distribution and core layers, where the forwarding rate makes a bigger difference.

ACN-36

Chapter 6

Switch Performance
Link Aggregation: As part of bandwidth aggregation, you should determine if there are enough ports on a switch to aggregate to support the required bandwidth. 24 Port Gigabit Up to 8 ports bound together to provide up to Single Port - 1 Gigabit 8 Gigabits. BOTTLE NECK

ACN-37

Chapter 6

Switch Performance
Power over Ethernet (PoE): Allows the switch to deliver power to a device over the existing Ethernet cabling.

Adds considerable cost to the switch.


ACN-38 Chapter 6

Switch Performance
Layer 3 Functionality: Switches typically operate at Layer 2 of the OSI Model.

ACN-39

Chapter 6

Switch Features Hierarchical Network


Access Layer Switch Features: Port Security

Link Aggregation

VLANs
PoE FastEthernet/Gigabit

Quality of Service (QoS)

ACN-40

Chapter 6

Switch Features Hierarchical Network


Distribution Layer Switch Features:

Layer 3 Support
High Forwarding Rate

Link Aggregation

Redundant Components

Gigabit/10 Gigabit

Quality of Service (QoS) Security Policies


ACN-41 Chapter 6

Switch Features Hierarchical Network


Core Layer Switch Features:

Layer 3 Support Link Aggregation

Very High Forwarding Rate


Gigabit/10 Gigabit Redundant Components

Quality of Service (QoS)


ACN-42 Chapter 6

Switches Small and Medium Business (SMB)


Cisco has seven switch product lines. Each product line offers different characteristics and features, allowing you to find the right switch to meet the functional requirements of your network. The Cisco switch product lines are: Catalyst Express 500 Catalyst 2960 Catalyst 3560 Catalyst 3750 Catalyst 4500 Catalyst 4900 Catalyst 6500
ACN-43 Chapter 6

Switches Small and Medium Business (SMB)


Access Bandwidth (Link) Aggregation FastEthernet/Gigabit Ethernet Distribution Core

u u

u u u u

u u u

Gigabit Ethernet/10 Gigabit Ethernet


High Forwarding Rate Layer 3 Support Port Security Power Over Ethernet (PoE) Quality of Service (QoS) Redundant Components

u u u

u u u

u u u

Security Policies/Access Control Lists


Very High Forwarding Rate VLANs
ACN-44

u
Chapter 6

AACS5324 Advanced Computer Networks


Chapter 7 Switch Concepts and Configuration
ACN-45 Chapter 6

Objectives
Upon completion of this chapter, student should be able to understanding the followings: Operations of Ethernet Ethernet Network Design Considerations Switch Forwarding & Buffering Methods Common Security Attacks on Switches Switch Configurations & Basic Management

ACN-46

Chapter 6

Switch Concepts and Configuration

Key Elements of Ethernet/802.3 LANs

ACN-47

Chapter 6

CSMA/CD

ACN-48

Chapter 6

Ethernet Communications

Unicast: one-to-one

Broadcast: one-to-all

Multicast: one-to-many

ACN-49

Chapter 6

Ethernet Communications
Ethernet Frame: Minimum 64 bytes, Maximum 1518 bytes

Preamble/SOFD: Synchronize to medium. Destination Address: MAC Address of destination device. Source Address: MAC address of source device. Length/Type: Length of frame or protocol type code. Data: Encapsulated data from OSI Layers 7 to 3. FCS: Frame Check Sequence.
Chapter 6

ACN-50

Ethernet Communications
MAC Address:

Broadcast: Indicates a broadcast or multicast frame. Local: indicates whether the address can be modified locally. OUI Number: Manufacturer of the NIC. Vendor Number: Unique, vendor assigned number. MAC address= Layer 2 add/ Physical add/ Hardware add/ Burn-in-address (BIA) 6-byte OR 48-bit OR 12-hexadecimal digit Format: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800 Chapter 6 ACN-51

Ethernet Communications

ACN-52

Chapter 6

Ethernet Communications
Switch Port Settings: AUTO: (more) Auto-negotiation of duplex mode. The two ports communicate to determine the best mode. Default for FastEthernet and 10/100/1000 ports. FULL: Full-duplex mode. Default for 100BASE-FX ports. HALF: Half-duplex mode.

ACN-53

Chapter 6

Ethernet Communications
Switch Port Settings: AUTO: Auto-negotiation of duplex mode. The two ports communicate to determine the best mode. Auto-negotiation can produce unpredictable results. If auto-negotiation fails because the attached device does not support it, the Catalyst switch defaults the switch port to half-duplex mode. Half-duplex on one end and full-duplex on the other causes late collision errors at the half-duplex end. To avoid this, manually set the duplex parameters of the switch to match the attached device.
ACN-54 Chapter 6

Late Collisions A late collision is a collision packet usually larger than 64 bytes with a corrupted CRC field value. a collision occurs with less than the normal 64 bytes of transmission means a normal collision A collision occurs with greater than 64 bytes of data is considered "late" because it did not occur before the 64-byte transmission ratio. Late collisions can cause a high number of bytes to be transmitted on the network than with a normal collision under 64 bytes. More often this indicates that the station's NIC transmitting the collision cannot hear properly to stop its transmission and will continue to broadcast high collision rates on the network.
ACN-55

Chapter 6

Ethernet Communications
Switch Port Settings: Auto-MDIX feature: In the past, either a cross-over or a straight-through cable was required depending on the type of device that was being connected to the switch. Instead, the mdix auto interface configuration command enables the automatic medium-dependent interface crossover (auto-MDIX) feature. With this feature enabled, the switch detects the interface required for copper media and configures the interface accordingly.

ACN-56

Chapter 6

Switch MAC Address Table


Switches use MAC addresses to direct network traffic to the appropriate port. A switch builds a MAC address table by learning the source MAC addresses of each device connected to each of its ports. Once the MAC address has been added to the table, the switch uses the table entry to forward traffic to that node. If a destination address is not in the table, the switch forwards the frame out all ports except the receiving port. When the destination responds, the MAC address is added to the table. If the port is connected to another switch or a hub, multiple MAC addresses will be recorded in the table.
ACN-57 Chapter 6

Switch MAC Address Table


Example Step 1: The switch receives a broadcast frame from PC 1 on Port 1.

ACN-58

Chapter 6

Switch MAC Address Table


Example Step 2: The switch enters the source MAC address and the switch port that received the frame into the address table.

ACN-59

Chapter 6

Switch MAC Address Table


Example Step 3: Because the destination address is a broadcast, the switch floods the frame to all ports, except the port on which it received the frame.

ACN-60

Chapter 6

Switch MAC Address Table


Example Step 4: The destination device replies to the broadcast with a unicast frame addressed to PC 1.

ACN-61

Chapter 6

Switch MAC Address Table


Example Step 5: The switch enters the source MAC address of PC 2 and the port number of the switch port that received the frame into the address table. The destination address of the frame and its associated port is found in the MAC address table.

ACN-62

Chapter 6

Switch MAC Address Table


Example Step 6: The switch can now forward frames between source and destination devices because it has entries in the address table that identify the associated ports.

ACN-63

Chapter 6

Design Considerations Ethernet/802.3


Bandwidth and Throughput: A major disadvantage of Ethernet is collisions. When two hosts transmit frames simultaneously, the collision results in the transmitted frames being corrupted or destroyed. The sending hosts stop sending based on the Ethernet 802.3 rules of CSMA/CD. It is important to understand that when stating the bandwidth of the Ethernet network is 10 Mb/s, full bandwidth for transmission is available only after any collisions have been resolved.
ACN-64 Chapter 6

Design Considerations Ethernet/802.3


Bandwidth and Throughput: A major disadvantage of Ethernet is collisions. A hub offers no mechanisms to either eliminate or reduce collisions and the available bandwidth that any one node has to transmit is correspondingly reduced. As a result, the number of nodes sharing the Ethernet network will have effect on the throughput.

ACN-65

Chapter 6

Design Considerations Ethernet/802.3


Collision Domains: To reduce the number of nodes on a given network segment, you can create separate physical network segments called collision domains. The network area where frames originate and collide is called the collision domain. All shared media environments, such as those created by using hubs are collision domains. When a host is connected to a switch port, the switch creates a dedicated connection. This connection is an individual collision domain.

ACN-66

Chapter 6

Design Considerations Ethernet/802.3


Microsegment:
When two connected hosts want to communicate with each other, the switch uses the switching table to establish a virtual connection/circuit between the ports. The virtual circuit is maintained until the session is terminated. Multiple virtual circuits are active at the same time. The microsegment behaves as if the network has only two hosts, providing maximum available bandwidth to both hosts. Switches reduce collisions and improve bandwidth use on network segments because they provide dedicated bandwidth to each network segment.
ACN-67 Chapter 6

Design Considerations Ethernet/802.3


Broadcast Domains: Although switches filter most frames based on MAC addresses, they do not filter broadcast frames. Why? Because a switch runs at Layer 2 and cannot learn the MAC address FF-FF-FF-FF-FF-FF. A collection of interconnected switches forms a broadcast domain. Only Layer 3 devices or a VLAN form separate broadcast domains.

ACN-68

Chapter 6

Design Considerations Ethernet/802.3

Interconnecting switches extends the broadcast domain.

ACN-69

Chapter 6

Design Considerations Ethernet/802.3


Network Latency: Latency is the time a frame or a packet takes to travel from the source to the final destination.

ACN-70

Chapter 6

Design Considerations Ethernet/802.3


Network Congestion: The primary reason for segmenting a LAN into smaller parts is to isolate traffic and to achieve better use of bandwidth per user. Without segmentation, a LAN quickly becomes clogged with traffic and collisions. Most common causes: Increasingly powerful computer and network technologies. Increasing volume of network traffic. High-bandwidth applications.

ACN-71

Chapter 6

Design Considerations Ethernet/802.3


LAN Segmentation: LANs are segmented into a number of smaller collision and broadcast domains using routers and switches.
Broadcast

Hub
ACN-72 Chapter 6

Design Considerations Ethernet/802.3


LAN Segmentation: LANs are segmented into a number of smaller collision and broadcast domains using routers and switches.
JAM JAM JAM JAM JAM JAM JAM JAM

Collision

JAM

JAM

JAM

JAM

JAM

JAM

JAM

JAM

Hub
ACN-73 Chapter 6

Design Considerations Ethernet/802.3


LAN Segmentation: LANs are segmented into a number of smaller collision and broadcast domains using routers and switches. Collision Domains Broadcast Domain

Switch
ACN-74 Chapter 6

Design Considerations Ethernet/802.3


LAN Segmentation: LANs are segmented into a number of smaller collision and broadcast domains using routers and switches. Collision Broadcast Domains Domains

Router
ACN-75 Chapter 6

Design Considerations Ethernet/802.3


LAN Segmentation: LANs are segmented into a number of smaller collision and broadcast domains using routers and switches.

ACN-76

Chapter 6

LAN Design Considerations


There are two primary considerations when designing a LAN: Controlling network latency Removing bottlenecks

ACN-77

Chapter 6

LAN Design Considerations


Controlling Network Latency: Consider the latency caused by each device on the network.

Switches at Layer 2 can introduce latency on a network when oversubscribed on a busy network. If a core level switch has to support 48 ports, each one capable of running at 1000 Mb/s full duplex, the switch should support around 96 Gb/s internal throughput if it is to maintain full wire speed across all ports simultaneously.
ACN-78 Chapter 6

LAN Design Considerations


Controlling Network Latency: Consider the latency caused by each device on the network.

The use of higher layer devices can also increase latency on a network. When a Layer 3 device, such as a router, needs to examine the Layer 3 addressing information contained within the frame, it must read further into the frame than a Layer 2 device, which creates a longer processing time.
ACN-79 Chapter 6

LAN Design Considerations


Removing Network Bottlenecks: Each workstation and the server are connected at 1000Mbps. Add 4 workstations If all additional 1000Mbps NICs to at access the server the same time. server.

ACN-80

Chapter 6

Switch Concepts and Configuration

Forwarding Frames Using a Switch

Store-and-forward
Symmetric Cut-through Asymmetric

Fast-forward
Fragment-free
ACN-81

Memory Buffering

Layer 2 and Layer 3 Switching


Chapter 6

Switch Forwarding Methods


Methods switches use to forward Ethernet frames. Store-and-forward. Cut-through: Fast-forward switching. Fragment-free switching.

ACN-82

Chapter 6

Switch Forwarding Methods


Store-and forward: Receives the entire frame. Computes the CRC and checks the frame length. If valid, checks the switch table for the destination CRC address and forwards the frame.Destination Frame found in 123896745 is If invalid, the frame is dropped. Switching =
Destination Source Data FCS
Good Table 123896745

ACN-83

Chapter 6

Switch Forwarding Methods


Store-and forward: Receives the entire frame. Computes the CRC and checks the frame length. If valid, checks the switch table for the destination address and forwards the frame. If invalid, the frame is dropped. Store-and forward is the only method used on current Cisco Catalyst switches. Needed for QoS on converged networks.

ACN-84

Chapter 6

Switch Forwarding Methods


Cut-through: Forwards a frame before it is entirely received. At a minimum, it must read the destination and source MAC addresses. Faster than store-and-forward. No error checking. Any corrupt frames are still forwarded and consume network bandwidth.

ACN-85

Chapter 6

Switch Forwarding Methods


Cut-through Fast-forward: Typical method of cut-through. Forwards a frame immediately after it reads and finds the destination address. Cut-through Fragment-free: Stores the first 64 bytes of the frame before forwarding. The first 64 bytes of the frame is where most network errors and collisions occur. Checks for a collision before forwarding the frame. Some switches are configured to use cut-through on each port until a user defined error threshold is reached. At that time, they change to store-and forward.
ACN-86 Chapter 6

Symmetric and Asymmetric Switching


Symmetric: All ports are of the same bandwidth. Optimized for a reasonably distributed traffic load. For example, a peer-to-peer network.

ACN-87

Chapter 6

Symmetric and Asymmetric Switching


Asymmetric: Provides switched connections between ports of unlike bandwidth. For example, more bandwidth can be assigned to a server to prevent bottlenecks.

ACN-88

Chapter 6

Memory Buffering
A switch analyzes some or all of a packet before it forwards it to the destination host based on the forwarding method. It stores the packet for the brief time in a memory buffer. Built into the hardware Two types: Port based. Shared.

ACN-89

Chapter 6

Memory Buffering
Port Based: Frames are stored in queues that are linked to specific incoming and outgoing ports. A frame is transmitted to the outgoing port only when all the frames ahead of it in the queue have been successfully transmitted. It is possible for a single frame to delay the transmission of all the frames in memory because of a busy destination port.

ACN-90

Chapter 6

Memory Buffering
Shared: Deposits all frames into a common memory buffer that all the ports on the switch share. The amount of buffer memory required by a port is dynamically allocated. The frames in the buffer are linked dynamically to the destination port. Allows the packet to be received on one port and then transmitted on another port, without moving it to a different queue.

ACN-91

Chapter 6

Layer 2 and Layer 3 Switching


Layer 2 Switching: Performs switching and filtering based only on the OSI Data Link layer (Layer 2) MAC address. Completely transparent to network protocols and user applications. Can learn which MAC addresses are associated with which ports.

Cisco Catalyst 2960 Series

ACN-92

Chapter 6

Layer 2 and Layer 3 Switching


Layer 3 Switching: Functions similarly to a Layer 2 switch but instead of using only the Layer 2 MAC address for forwarding decision, a Layer 3 switch can also use IP address information. can also learn which IP addresses are associated with its interfaces. This allows the Layer 3 switch to direct traffic throughout the network based on IP address information. capable of performing Layer 3 routing functions, reducing the need for dedicated routers on a LAN. Because Layer 3 switches have specialized switching hardware, they can typically route data as quickly as they can switch.
ACN-93 Chapter 6

Layer 2 and Layer 3 Switching


Layer 3 Switching: However, Layer 3 switches do not completely replace the need for routers on a network. Routers perform additional Layer 3 services that Layer 3 switches are not capable of performing.

ACN-94

Chapter 6

Switch Concepts and Configuration

Switch Management Configuration

ACN-95

Chapter 6

Navigating Command-Line Interface Modes


CLI itself is basically the same as a router: Access modes with a password. Help Facility and Command History Configure console and telnet access. Commands to configure options for each interface. Commands to verify the status of the switch. The difference is the functions to be configured: Commands to create and control VLANs (Chapter 3) Configure a default gateway. Manage the MAC Address table. Switch security.
ACN-96 Chapter 6

Navigating Command-Line Interface Modes


Access Levels: User EXEC. Privileged EXEC.

ACN-97

Chapter 6

Navigating Command-Line Interface Modes


Configuration Modes: Global Configuration Mode. Interface Configuration Mode (and more.)

ACN-98

Chapter 6

Navigating Command-Line Interface Modes


GUI-Based Alternatives to the CLI: Cisco Network Assistant. Configure and manage groups of switches or standalone switches. Free from www.cisco.com with a Cisco ID and Password.

ACN-99

Chapter 6

Navigating Command-Line Interface Modes

ACN-100

Chapter 6

Navigating Command-Line Interface Modes


GUI-Based Alternatives to the CLI: Cisco View. Displays a physical view of the switch that you can use to set configuration parameters. View switch status and performance information. Purchased separately. Can be a standalone application or part of a Simple Network Management Protocol (SNMP) platform.

ACN-101

Chapter 6

Navigating Command-Line Interface Modes

ACN-102

Chapter 6

Navigating Command-Line Interface Modes


GUI-Based Alternatives to the CLI: Cisco Device Manager. Web-based software that is stored in the switch memory. Configure and manage switches. Access from anywhere in your network through a web browser.

ACN-103

Chapter 6

Navigating Command-Line Interface Modes

ACN-104

Chapter 6

Navigating Command-Line Interface Modes


GUI-Based Alternatives to the CLI: SNMP Network Management. You can manage switches from a SNMP-compatible management station, such as HP OpenView. The switch is able to provide comprehensive management information. SNMP network management is more common in large enterprise networks.

ACN-105

Chapter 6

Navigating Command-Line Interface Modes

ACN-106

Chapter 6

Using the Help Facility


Word / Command line syntax Help:

ACN-107

Chapter 6

Using the Help Facility


Console Error Messages:

ACN-108

Chapter 6

Switch Boot Sequence


Switch loads the Boot Loader program. Small program stored in NVRAM. CPU Initialization. POST. Initializes flash memory. Loads a default OS image into memory and boots the switch. The OS then initializes the interfaces using the Cisco IOS commands found in the operating system configuration file config.text, stored in the switch flash memory.

ACN-109

Chapter 6

Prepare to Configure the Switch


A PC connected to the console port. A terminal emulator application (e.g.. HyperTerminal) is running and configured correctly. Attach the power cord to the switch. Some Catalyst switches, including the 2950 and 2960 series switches do not have a power button.

ACN-110

Chapter 6

Prepare to Configure the Switch


Observe the Boot Sequence. When the switch is powered on, the POST begins. During POST, the LEDs blink while a series of tests determine that the switch is functioning properly. Successful: the SYST LED rapidly blinks green. Fails: the SYST LED turns amber.

ACN-111

Chapter 6

Prepare to Configure the Switch


Observe the Boot Sequence. The Port Status LEDs turn amber for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer.

ACN-112

Chapter 6

Prepare to Configure the Switch

ACN-113

Chapter 6

Basic Switch Configuration


Key Configuration Sequences: Switch Management Interface: To manage a switch remotely using TCP/IP, you need to assign the switch an IP address. An access layer switch is much like a PC in that you need to configure an IP address, a subnet mask, and a default gateway. Duplex and Speed of active interfaces: Usually the default but can be modified. Support for HTTP access. We will restrict ourselves to the CLI. MAC address table management.
ACN-114 Chapter 6

Basic Switch Configuration


Switch Management Interface:

ACN-115

Chapter 6

Basic Switch Configuration


Switch Management Interface: Note that a Layer 2 switch, such as the Cisco Catalyst 2960, only permits a single VLAN interface to be active at a time. This means that the Layer 3 interface (interface VLAN 99) is active, but the Layer 3 interface (interface VLAN 1) is not active.

ACN-116

Chapter 6

Basic Switch Configuration


Configure Default Gateway: You need to configure the switch so that it can forward IP packets to distant networks. Remember, the switch is treated like a host in this setup. This is only used to forward switch management traffic. It has nothing to do with any of the regular user data traffic. Why does it have to be forwarded? You can make a Telnet or SSH connection to a switch from another subnet to perform maintenance or troubleshoot.

ACN-117

Chapter 6

Basic Switch Configuration

ACN-118

Chapter 6

Basic Switch Configuration


Verify Configuration:

ACN-119

Chapter 6

Basic Switch Configuration


Configure Duplex and Speed: You can use the duplex interface configuration command to specify the duplex mode of operation for switch ports. You can manually set the duplex mode and speed of switch ports to avoid inter-vendor issues with autonegotiation.

ACN-120

Chapter 6

Basic Switch Configuration


Configure Duplex and Speed

ACN-121

Chapter 6

Basic Switch Configuration


Configure HTTP Access: Modern Cisco switches have a number of web-based configuration tools that require that the switch is configured as an HTTP server. These applications include: Cisco web browser user interface. Cisco Router and Security Device Manager (SDM). IP Phone and Cisco IOS Telephony Service applications. Be aware that these services are not necessarily activated in a configuration. The availability of this option does not mean that you do not need to know how to use the CLI commands.
ACN-122 Chapter 6

Basic Switch Configuration


Configure HTTP Access:

ACN-123

Chapter 6

Basic Switch Configuration


MAC Address Table Management: Switches use MAC address tables to determine how to forward traffic between ports. These MAC tables include dynamic and static addresses.

ACN-124

Chapter 6

Basic Switch Configuration

ACN-125

Chapter 6

Basic Switch Configuration


Dynamic MAC Addresses: The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port. It then adds the source MAC address and its associated port number to the MAC address table. As devices are added or removed from the network, the switch updates the MAC address table. It adds new entries and ages out those that are currently not in use.

ACN-126

Chapter 6

Basic Switch Configuration


Static MAC Addresses: A network administrator can specifically assign static MAC addresses to certain ports. Static addresses are not aged out. The switch always knows which port to send out traffic destined for that specific MAC address. To create a static mapping in the MAC address table, use the command: mac-address-table static <MAC address> vlan {1-4096, ALL} interface interface-id To remove it, use the no form of the command.
ACN-127 Chapter 6

Verifying Switch Configuration


Using the show commands:

ACN-128

Chapter 6

Basic Switch Management


Backing up and Restoring Switch Configuration Files: Backup to the flash drive.

ACN-129

Chapter 6

Basic Switch Management


Backing up and Restoring Switch Configuration Files: Restore from the flash drive.

ACN-130

Chapter 6

Basic Switch Management


Backing up and Restoring Switch Configuration Files: Backup to a TFTP server. Make sure that the TFTP server is running. Login to the switch. Upload the configuration to the TFTP server.
S1#copy system:running-config tftp://172.16.2.155/S1Rconfig.txt

or.S1#copy run tftp

ACN-131

Chapter 6

Basic Switch Management


Backing up and Restoring Switch Configuration Files: Restore from a TFTP server. Make sure that the TFTP server is running. Login to the switch. download the configuration to the TFTP server.
S1#copy tftp://172.16.2.155/S1Rconfig.txt system:running-config S1#copy running-config startup-config S1#reload

or.S1#copy tftp run S1#copy run start S1#reload


ACN-132 Chapter 6

Basic Switch Management


Backing up and Restoring Switch Configuration Files: Clearing configuration files.

Deleting files from the flash drive. delete flash:filename

ACN-133

Chapter 6

Switch Concepts and Configuration

Configuring Switch Security


MAC Address Flooding Console

Security Tools
Passwords Encryption Telnet Attacks Port Security CDP Attacks Telnet / SSH
ACN-134

Spoofing Attacks

Password Recovery
Chapter 6

Configuring Password Options


Securing Console Access:

ACN-135

Chapter 6

Configuring Password Options


Securing Virtual Terminal Access: There are 16 available default Telnet sessions as opposed to the 5 sessions set up for a router.

ACN-136

Chapter 6

Configuring Password Options


Securing Privileged EXEC Access: Always use enable secret for password encryption.

ACN-137

Chapter 6

Configuring Password Options


Encrypting Switch Passwords: You can encrypt all passwords assigned to a switch using the service password-encryption command.

password cisco

ACN-138

Chapter 6

Configuring Password Options


Password Recovery: To recover a switch password: Power up the switch with the Mode button pressed. Initialize flash. Load helper files Rename the current configuration file. Reboot the system. Reinstate the name of the configuration file and copy it into RAM. Change the password. Copy to start up configuration Reload the switch.
ACN-139 Chapter 6

Login Banners
Login Banner:

Message-Of-The-Day (MOTD) Banner:

ACN-140

Chapter 6

Configure Telnet and SSH


Telnet: Most common method. Virtual Terminal application. Send in clear text. Not secure. Secure Shell (SSH): Virtual Terminal application. Sends an encrypted data stream. Is secure.

ACN-141

Chapter 6

Configure Telnet and SSH


Configuring Telnet: Telnet is the default transport for the vty lines. No need to specify it after the initial configuration of the switch has been performed. If you have switched the transport protocol on the vty lines to permit only SSH, you need to enable the Telnet protocol to permit Telnet access.

ACN-142

Chapter 6

Configure Telnet and SSH


Configuring Secure Shell (SSH): SSH is a cryptographic security feature that is subject to export restrictions. To use this feature, a cryptographic image must be installed on your switch. Perform the following to configure SSH ONLY Access:

ACN-143

Chapter 6

Common Security Attacks


MAC Address Flooding: Recall that the MAC address table in a switch: Contains the MAC addresses available on a given physical port of a switch. Contains the associated VLAN parameters for each. Is searched for the destination address of a frame. If it IS in the table, it is forwarded out the proper port. If it IS NOT in the table, the frame is forwarded out all ports of the switch except the port that received the frame.

ACN-144

Chapter 6

Common Security Attacks


MAC Address Flooding: The MAC address table is limited in size. An intruder will use a network attack tool that continually sends bogus MAC addresses to the switch. (e.g. 155,000 MAC addresses per minute) The switch learns each bogus address and in a short span of time, the table becomes full. When a switch MAC table becomes full and stays full, it has no choice but to forward each frame it receives out of every port just like a hub. The intruder can now see all the traffic on the switch.

ACN-145

Chapter 6

Common Security Attacks


Spoofing Attacks: Man-In-The-Middle: Intercepting network traffic. DHCP or DNS spoofing. The attacking device responds to DHCP or DNS requests with IP configuration or address information that points the user to the intruders destination. DHCP Starvation: The attacking device continually requests IP addresses from a real DHCP server with continually changing MAC addresses. Eventually the pool of addresses is used up and actual users cannot access the network.
ACN-146

Chapter 6

Common Security Attacks


CDP Attacks: Cisco Discovery Protocol (CDP) is a proprietary protocol that exchanges information among Cisco devices. IP address Usually on by default. If you dont need it, turn it off. Software version Platform Capabilities Native VLAN (Trunk Links Chapter 3). With a free network sniffer (Wireshark) an intruder could obtain this information. It can be used to find ways to perform Denial Of Service (DoS) attacks and others.
ACN-147 Chapter 6

Common Security Attacks


Telnet Attacks: Recall that Telnet transmits in plain text and is not secure. While you may have set passwords, the following types of attacks are possible. Brute force (password guessing) DoS (Denial of Service) With a free network sniffer (Wireshark) an intruder could obtain this information.

Use strong passwords and change them frequently. Use SSH.


ACN-148 Chapter 6

Network Security Tools


Help you test your network for various weaknesses. They are tools that allow you to play the roles of a hacker and a network security analyst. Network Security Audits: Reveals what sort of information an attacker can gather simply by monitoring network traffic. Determine MAC address table limits and age-out period. Network Penetration Testing: Identify security weaknesses. Plan to avoid performance impacts.

ACN-149

Chapter 6

Network Security Tools


Common Features: Service Identification: IANA port numbers, discover FTP and HTTP servers, test all of the services running on a host. Support of SSL Service: Testing services that use SSL Level security. HTTPS, SMTPS, IMAPS and security certificates. Non-destructive and Destructive Testing: Security audits that can degrade performance. Database of Vulnerabilities: Compile a database that can be updated over time.
ACN-150 Chapter 6

Network Security Tools


You can use them to: Capture chat messages. Capture files from NFS traffic. Capture HTTP requests. Capture mail messages. Capture passwords. Display captured URLs in a browser in real-time. Flood a switched LAN with random MAC addresses. Forge replies to DNS addresses. Intercept packets.

ACN-151

Chapter 6

Configuring Port Security


Implement Port Security to: Port security is disabled by default. Limit the number of valid MAC addresses allowed on a port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. Specify a group of valid MAC addresses allowed on a port. Or Allow only one MAC address access to the port. Specify that the port automatically shuts down if an invalid MAC address is detected.
ACN-152 Chapter 6

Configuring Port Security


Secure MAC Address types: Static: Manually specify that a specific MAC address is the ONLY address allowed to connect to that port. They are added to the MAC address table and stored in the running configuration. Dynamic: MAC addresses are learned dynamically when a device connects to the switch. They are stored in the address table and are lost when the switch reloads.

ACN-153

Chapter 6

Configuring Port Security


Secure MAC Address types: Sticky: Specifies that MAC addresses are: Dynamically learned. Added to the MAC address table. Stored in the running configuration. You may also manually add a MAC address. MAC addresses that are sticky learned (you will hear that phrase) will be lost if you fail to save your configuration.

ACN-154

Chapter 6

Configuring Port Security


Security Violation Modes: Violations occur when: A station whose MAC address is not in the address table attempts to access the interface and the address table is full. An address is being used on two secure interfaces in the same VLAN. Modes: Protect: drop frames no notify Restrict: drop frames - notify Shutdown: disable port - notify
ACN-155 Chapter 6

Configuring Port Security


Default Security Configuration:

ACN-156

Chapter 6

Configuring Port Security


Configure Static Port Security: ONLY address allowed. Add to MAC table and running configuration. Configure the Interface

Enable Port Security

Specify the MAC address

ACN-157

Chapter 6

Configuring Port Security


Configure Dynamic Port Security: Dynamically learned when the device connects. Added to MAC table only. Configure the Interface

Enable Port Security

ACN-158

Chapter 6

Configuring Port Security


Configure Sticky Port Security: Dynamically learn MAC addresses. Add to MAC table and running configuration. Configure the Interface Enable Port Security

Specify a maximum
ACN-159

Enable sticky learning


Chapter 6

Verify Port Security


Verify Port Security Settings:

ACN-160

Chapter 6

Verify Port Security


Verify Secure MAC Addresses:

ACN-161

Chapter 6

Securing Unused Ports


Disable unused ports:

You can specify a range of interfaces. For example, to specify the first 10 interfaces: interface range fastethernet 0/1 - 10
ACN-162 Chapter 6

AACS5324 Advanced Computer Networks


Chapter 8 Virtual Local Area Networks (VLANs)

ACN-163

Chapter 6

Objectives
Upon completion of this chapter, students should be able to understand the followings: Overview of VLAN Benefits of VLANs Types of VLANs Network Traffic Types Controlling Broadcast Domains with VLANs VLAN Trunking & 802.1Q Tagging VLAN Configurations

ACN-164

Chapter 6

Defining VLANs
In traditional switched LANs, the physical topology is closely related to the logical topology. Generally, workstations must be grouped by their physical proximity to a switch. To communicate among LANs, each segment must have a separate port on the backbone device or a connection to a common backbone.
ACN-165

Separate Broadcast Domains

Chapter 6

Defining VLANs
VLANs provide segmentation based on broadcast domains. VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. Communication among VLANs still require a router. BUT, only one physical connection will handle all routing.
ACN-166

Separate Broadcast Domains

Chapter 6

Defining VLANs
VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations. They address: Scalability Security Network Management Broadcast Filtering Traffic Flow Management Switches may not forward any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain. Traffic must be routed between VLANs.
ACN-167 Chapter 6

What Does This Mean?

Requirements: - Different department on each floor. - Three different LANs per floor. - Separate networks

ACN-168

Chapter 6

What Does This Mean?

With routers:

Expen$ive!
- 4 Ports each - 3 hubs / floor - 10 Broadcast domains - Inefficient traffic flow

ACN-169

Chapter 6

What Does This Mean?

With switches:

- More scalable - Easier to manage - 1 Router - 4 Broadcast Domains - Efficient traffic flow

ACN-170

Chapter 6

Defining VLANs

A VLAN, then, is a broadcast domain (IP Subnet) created by one or more switches.
ACN-171 Chapter 6

Defining VLANs

The above design shows 3 separate broadcast domains created using one router with 3 ports and 3 switches. The router filters the broadcasts for each LAN.
ACN-172 Chapter 6

Defining VLANs
One Physical Link

A better design still creates the 3 separate broadcast domains but only requires 1 switch. The router provides broadcast filtering over a single link.
ACN-173 Chapter 6

Defining VLANs
A VLAN allows: Creation of groups of logically networked devices. The devices to act as if they are on their own independent network. The devices can share a common infrastructure. Each VLAN is a separate broadcast domain. Broadcast traffic is controlled where a frame in a VLAN stays in that VLAN. Each VLAN is a assigned with a separate IP subnet address. To communicate among VLANs, you must use a router (more later).
ACN-174 Chapter 6

Benefits of VLANs
Security: Groups with specific security needs (sensitive data) are isolated from the rest of the network. decreasing the chances of confidential information breaches. Cost Reduction: Need for expensive hardware upgrades is reduced. Better use of existing bandwidth and links. Higher Performance: Dividing large, flat Layer 2 networks into separate broadcast domains reduces unnecessary traffic on each new subnet.

ACN-175

Chapter 6

Benefits of VLANs
Broadcast Storm Mitigation: Dividing a network into VLANs prevents a broadcast storm from propagating to the whole network. Improved IT Staff Efficiency: Easier to manage the network because users with similar network requirements share the same VLAN. Simpler Project or Application Management: Having separate functions makes working with a specialized application easier. For example, an e-learning development platform for faculty.

ACN-176

Chapter 6

VLAN ID Ranges
When configured, the number that is assigned to the VLAN becomes the VLAN ID. The numbers to be assigned are divided into two different ranges: Normal Range: 1 1005 Extended Range: 1006 - 4096 Each range has its own characteristics.

ACN-177

Chapter 6

VLAN ID Ranges
Normal Range: 1 1005 Used in small- and medium-sized business and enterprise networks. IDs 1002 1005: Token Ring and FDDI VLANs. IDs 1 and 1002 to 1005 are automatically created and cannot be removed. Configurations are stored within a VLAN database file, called vlan.dat, located in the flash memory of the switch. The VLAN Trunking Protocol (VTP), which helps manage VLAN configurations between switches, can only learn normal range VLANs and stores them in the VLAN database file.
ACN-178 Chapter 6

VLAN ID Ranges
Extended Range: 1006 4096 Enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need extended range VLAN IDs. Support fewer VLAN features than normal range VLANs. Are saved in the running configuration file not the vlan.dat file. VTP does not learn extended range VLANs.

ACN-179

Chapter 6

Types of VLANs
Traditionally, two methods of implementing VLANs: Static or Port-Based: Ports on a switch are assigned to a specific VLAN. Dynamic: VLANs created by accessing a Network Management server. The MAC address/VLAN ID mapping is set up by the Network Administrator and the server assigns a VLAN ID when the device contacts it.

Today, there is essentially one method of implementing VLANs: Port-Based.

ACN-180

Chapter 6

Types of Port-Based VLANs


Defined by the type of traffic they support or by the functions they perform. Data VLAN. Default VLAN. Native VLAN. Management VLAN. Voice VLAN.

ACN-181

Chapter 6

Types of Port-Based VLANs


Data VLAN: Configured to carry only user-generated traffic. A switch could carry voice-based traffic or traffic used to manage the switch, but this traffic would not be part of a data VLAN. A Data VLAN is sometimes referred to as a User VLAN.

ACN-182

Chapter 6

Types of Port-Based VLANs


Default VLAN: The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it and you can not delete it. By default, Layer 2 control traffic (CDP and STP) is associated with VLAN 1. It is a security best practice to change the default VLAN to a VLAN other than VLAN 1 (e.g. VLAN 99). VLAN Trunk: Carries data or control information (VLAN 1 data) for all VLANs from switch-to-switch or switch-to-router.

ACN-183

Chapter 6

Types of Port-Based VLANs


Default VLAN:

ACN-184

Chapter 6

Types of Port-Based VLANs


Native VLAN: An 802.1Q trunk port supports traffic coming from VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. Native VLANs are set out in the IEEE 802.1Q specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.

ACN-185

Chapter 6

Types of Port-Based VLANs


Native VLAN:

ACN-186

Chapter 6

Types of Port-Based VLANs


Management VLAN: A management VLAN is any VLAN you configure to access the management capabilities of a switch. You assign the management VLAN an IP address and subnet mask. A new switch has all ports assigned to VLAN 1. Using VLAN 1 as the management VLAN means that anyone connecting to the switch will be in the management VLAN. That assumes that all ports have not been assigned to another VLAN.

ACN-187

Chapter 6

Types of Port-Based VLANs


Management VLAN:

ACN-188

Chapter 6

Types of Port-Based VLANs


Voice VLANs: Voice-over-IP (VoIP) traffic requires: Assured bandwidth to ensure voice quality. Transmission priority over other types of network traffic. Ability to be routed around congested areas on the network. Delay of less than 150 milliseconds (ms) across the network. The details of how to configure a network to support VoIP are beyond the scope of the course, but it is useful to summarize how a voice VLAN works between a switch, a Cisco IP phone, and a computer.
ACN-189 Chapter 6

Types of Port-Based VLANs


Voice VLANs: VLAN 150 is designed to carry voice traffic.

Connections

ACN-190

Chapter 6

Types of Port-Based VLANs


Voice VLANs: A Cisco IP Phone is a switch.

Port 2 is an internal 10/100 interface that carries the phone traffic.

Port 3 connects to a PC or other device.

Port 1 connects to the switch or VoIP device.

ACN-191

Chapter 6

Types of Port-Based VLANs


Voice VLANs: A Cisco IP Phone is a switch. Sending: Switch S3 is configured Phone tags voice traffic with to carry voice traffic on VLAN 150 and sends data traffic VLAN 150 and data untagged. The switch will tag the traffic on VLAN 20. data traffic for VLAN 20.

MORE on the tagging process later Receiving: Phone acts on voice traffic and removes the tag for data traffic destined for the PC.

ACN-192

Chapter 6

Types of Port-Based VLANs


Voice VLANs: A Cisco IP Phone is a switch.

Link to the switch acts as a trunk link to carry both voice and data traffic.

CDP is used to communicate between the switch and the phone.

CDP

ACN-193

Chapter 6

Types of Port-Based VLANs


Voice VLANs:

Should make more sense now..

ACN-194

Chapter 6

Network Traffic Types


Management Traffic

CDP SNMP Rmon

ACN-195

Chapter 6

Network Traffic Types


IP Telephony Traffic

Signaling Data Packets

ACN-196

Chapter 6

Network Traffic Types


IP Multicast Traffic

VLAN Configuration Router Configuration

IP/TV Broadcasts

ACN-197

Sent from a particular source address to a multicast group that is identified by a single IP and MAC destination-group address pair.

Chapter 6

Network Traffic Types


Normal Data Traffic

File Sharing Printing Database Access Email Shared Applications

ACN-198

Chapter 6

Network Traffic Types


Scavenger Class Traffic

Less than best-effort services. Typically entertainment oriented. Peer-to-Peer Media Sharing (KaZaa, Napster), Gaming.

ACN-199

Chapter 6

Switch Port Membership Modes


Switch Ports: Layer 2-only interfaces associated with a physical port. Used for managing the physical interface and associated Layer 2 protocols. Do not handle routing or bridging. Can belong to one or more VLANs. Configuring VLANs: Must assign a VLAN number. Can configure a port specifying: The type of traffic. The VLANs to which it belongs.
ACN-200 Chapter 6

Switch Port Membership Modes


Static VLAN: Ports on a switch are manually assigned to a VLAN. Static VLANs are configured using the Cisco CLI or a GUI Management application (e.g. Cisco Network Assistant).

ACN-201

Chapter 6

Switch Port Membership Modes


Dynamic VLAN: Configured using a special server called a VLAN Membership Policy Server (VMPS). Assign switch ports to VLANs based on the source MAC address of the device connected to the port. Benefit is that moving a user to a different port on a switch or to a new switch, the user is assigned to the proper VLAN dynamically. Not widely used.
ACN-202 Chapter 6

Switch Port Membership Modes


Voice VLAN: A port is configured to be in voice mode so that it can support an IP phone. Before you configure a voice VLAN on the port, you first configure a VLAN for voice and a VLAN for data.

ACN-203

Chapter 6

Switch Port Membership Modes


Voice VLAN: Ensures that voice traffic is identified as priority traffic.

Voice VLAN Data VLAN

Remember that the entire network must be set up to prioritize voice traffic. You cannot just configure the switch port.
ACN-204 Chapter 6

Controlling Broadcast Domains with VLANs


Network without VLANs: Sends a Broadcast

ACN-205

Chapter 6

Controlling Broadcast Domains with VLANs


Network with VLANs: Sends a Broadcast

Sends a Broadcast

ACN-206

Chapter 6

Controlling Broadcast Domains with VLANs


Intra-VLAN Communications:

ACN-207

Chapter 6

Controlling Broadcast Domains with VLANs


Intra-VLAN Communications:

ACN-208

Chapter 6

Controlling Broadcast Domains with VLANs


Intra- Inter-VLAN Communications:

ACN-209

Chapter 6

Controlling Broadcast Domains with VLANs


Intra- Inter-VLAN Communications:

ACN-210

Chapter 6

Layer 3 Switch Forwarding


Layer 3 Switch: (more in Inter-VLAN routing) A Layer 3 switch has the ability to route transmissions between VLANs. The procedure is the same as described for the interVLAN communication using a separate router. Switch Virtual interface (SVI): A logical interface (SVI) is configured for each VLAN configured on the switch.

ACN-211

Chapter 6

Layer 3 Switch Forwarding


Layer 3 Switch:

SVI 10 knows about SVI 20 (the location of VLAN 20).

Contains the SVI 20 informationNOT SVI 10

ACN-212

Chapter 6

Virtual Local Area Networks

VLAN Trunking

ACN-213

Chapter 6

VLAN Trunking

The concept of trunking began with the telephone industry. Multiple calls were moved between customers and central offices or between the offices themselves over a single physical connection.
ACN-214 Chapter 6

VLAN Trunking
24 Channel T1 Line with Data and Voice

The same principle was applied to data communications to make better use of the communication line. Additional advantages and cost savings were gained by using the same line for voice communications.
ACN-215 Chapter 6

VLAN Trunking
No trunk

Trunk

The same principle of trunking is applied to network switching technologies. A trunk is a point-to-point physical and logical connection between two switches across which network traffic travels. The trunk by default carries all VLAN data, unless otherwise Chapter 6 ACN-216 configured for specific VLANs.

VLAN Trunking
It is also important to realize that a trunk link does not belong to a specific VLAN. The responsibility of a trunk link is to act as a conduit for VLANs. Between switches and routers. Between switches and switches.

ACN-217

Chapter 6

VLAN Trunks
What problem does it solve? Network 172.17.10.0/24 Network 172.17.20.0/24 Network 172.17.30.0/24 Network 172.17.99.0/24

ACN-218

Chapter 6

IEEE 802.1Q Frame Tagging


Remember that switches are Layer 2 devices. Only use the Ethernet frame header information. Frame header does not contain information about VLAN membership. VLAN membership (i.e. VLAN ID or VLAN Number) must be identified for each frame that is transferred over the trunk. The process is called 802.1Q VLAN Tagging.

ACN-219

Chapter 6

IEEE 802.1Q Frame Tagging


Length 1518 Bytes
6 Destination Address 6 Source Address 2 Type / Length 1500 Data Max of 1500 Bytes 4 FCS

Length 1522 Bytes


6 Destination Address 6 Source Address 2 2 2 Type/ Length 1500 Data Max of 1500 Bytes 4 New FCS

802.1Q Tag 8100 Tag

ACN-220

Chapter 6

IEEE 802.1Q Frame Tagging


Length 1522 Bytes
6 Destination Address 6 Source Address 2 2 2 Type/ Length 1500 Data Max of 1500 Bytes 4 New FCS 802.1Q Tag 8100 Tag

Ethernet Type

3 Bits
User Priority

1 Bit
CFI

12 Bits
VLAN ID

With the EtherType field set to the TPID value, the switch receiving the frame knows to look for information in the tag control information field.
ACN-221 Chapter 6

Native VLANs
Tagged Frames on the native VLAN. Some devices that support trunking tag native VLAN traffic as a default behavior. Control traffic sent on the native VLAN should be untagged. If an 802.1Q trunk port receives a tagged frame on the NATIVE VLAN ONLY, it drops the frame. When configuring a switch port on a Cisco switch, you need to identify these devices and configure them so that they do not send tagged frames on the native VLAN. Devices from other vendors that support tagged frames on the native VLAN include IP phones, servers, routers, and switches.
ACN-222 Chapter 6

Native VLANs
Un-Tagged Frames on the native VLAN. When a Cisco switch trunk port receives untagged frames it forwards those frames to the native VLAN. Default native VLAN is VLAN 1. When you configure an 802.1Q trunk port, a default Port VLAN ID (PVID) is assigned the value of the native VLAN. All untagged traffic coming in or out of the 802.1Q port is forwarded based on the PVID value.

ACN-223

Chapter 6

Native VLANs
Configure the trunk to default to native VLAN 1.

Configure the trunk for native VLAN 99.

ACN-224

Chapter 6

Native VLANs
Verify the configuration. VLAN 50 is a voice VLAN.

ACN-225

Chapter 6

Trunking Operation
The tagged frames are sent across the trunk links between S2 and S1 and S1 and S3.
10

PC1 and PC3 send a broadcast.


10

20

20

30

30

S2 receives the frames and tags them with the VLAN ID.
ACN-226

S3 strips the tags and forwards to the destination.


Chapter 6

Trunking Modes
A Cisco switch can be configured to support two types of trunk ports: IEEE 802.1Q ISL (Inter-Switch Link)

Today only 802.1Q is used. Legacy networks may still use ISL.

ACN-227

Chapter 6

Trunking Modes
IEEE 802.1Q: Assigned a default PVID. Supports simultaneous tagged and untagged traffic. Untagged traffic: Associated with the port default PVID. Null VLAN ID traffic belongs to the default PVID. Tagged traffic: VLAN ID equal to the outgoing port default PVID is sent untagged. Null VLAN ID traffic belongs to the default PVID. All other traffic is sent with a VLAN tag.

ACN-228

Chapter 6

Trunking Modes
ISL (Inter-Switch Link): All received packets are expected to be encapsulated with an ISL header. All transmitted packets are sent with an ISL header. Untagged frames received from an ISL trunk port are dropped. No longer recommended or supported. 30 bytes of overhead for each frame..

ACN-229

Chapter 6

Trunking Modes
Dynamic Trunking Protocol (DTP): Cisco proprietary protocol. Switches from other vendors do not support DTP. Automatically enabled on a switch port when certain trunking modes are configured on the switch port. DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP. DTP supports both ISL and 802.1Q trunks. Some Cisco switches and routers (older versions) do not support DTP.

ACN-230

Chapter 6

Trunking Modes
Dynamic Trunking Protocol (DTP): On (default): (switchport mode trunk) Periodically sends DTP advertisements, to the remote port that it is dynamically changing to a trunking state. Dynamic Auto: (switchport mode dynamic auto) The switch port periodically sends DTP frames to the remote port. It advertises to the remote switch port that it is able to trunk but does not request to go to the trunking state. Dynamic Desirable: (switchport mode dynamic desirable) DTP frames are sent periodically to the remote port. It advertises to the remote switch port that it is able to trunk and asks the remote switch port to go to the trunking state.
ACN-231 Chapter 6

Trunking Modes
Dynamic Trunking Protocol (DTP): Turn off DTP: (switchport nonegogiate) The local port does not send out DTP frames to the remote port. The local port is then considered to be in an unconditional trunking state. Use this feature when you need to configure a trunk with a switch from another switch vendor.

ACN-232

Chapter 6

Virtual Local Area Networks

Configure VLANs and Trunks

ACN-233

Chapter 6

Configure VLANs and Trunks


Overview: 1. Create the VLANs. 2. Assign switch ports to VLANs statically. 3. Verify VLAN configuration. 4. Enable trunking on the inter-switch connections. 5. Verify trunk configuration.

ACN-234

Chapter 6

Configure a VLAN
Command Syntax: S1#configure terminal S1(config)#vlan vlan id S1(config-vlan)#name vlan name S1(config-vlan)#end

ACN-235

Chapter 6

Configure a VLAN
Configure a VLAN

ACN-236

Chapter 6

Configure a VLAN
Assign switch ports to a VLAN

ACN-237

Chapter 6

Configure a VLAN
Verify VLAN configuration

ACN-238

Chapter 6

Managing VLANs
Other show vlan command options

ACN-239

Chapter 6

Managing VLANs
show interfaces command

ACN-240

Chapter 6

Managing VLANs
Manage VLAN Memberships

Remove port VLAN membership.

ACN-241

Chapter 6

Managing VLANs
Manage VLAN Memberships

Remove port VLAN membership.

Remove a VLAN

If you remove the VLAN before removing the port membership assignments, the ports become unusable until you issue the no switchport access vlan command.
ACN-242 Chapter 6

Managing VLANs
Restoring to Factory Defaults: To remove all VLAN configuration:

VLAN configuration stored here.

ACN-243

Chapter 6

Configure a Trunk
Command Syntax: S1#configure terminal S1(config)#interface interface-id S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan vlan-id S1(config-if)#switchport trunk allowed vlan add vlan-list S1(config-vlan)#end
ACN-244 Chapter 6

Configure a Trunk

ACN-245

Chapter 6

Configure a Trunk

The native VLAN must match on both switches.

ACN-246

Chapter 6

Verify Trunk Configuration

ACN-247

Chapter 6

Managing a Trunk Configuration

ACN-248

Chapter 6

Managing a Trunk Configuration


Pruning: The process of specifying the traffic that will be allowed to traverse the trunk link. Use the command:
switchport trunk allowed vlan add vlan-list

The vlan-list is a list of the VLAN IDs, separated by commas, that will be allowed to use the trunk link. The lists must match on both switches.

ACN-249

Chapter 6

Common Problems with Trunks


Native VLAN mismatches: Trunk ports are configured with different native VLANs. Trunk Mode mismatches: One trunk port is configured with trunk mode off and the other with trunk mode on. VLANs and IP Subnets: End user devices configured with incorrect IP addresses will not have network connectivity. Each VLAN is a logically separate IP subnetwork. Devices within the VLAN must be configured with the correct IP settings. Allowed VLANs on trunks: The list of allowed VLANs on a trunk does not match on both ends of the trunk.
ACN-250 Chapter 6

AACS5324 Advanced Computer Networks


Chapter 9 VLAN Trunking Protocol (VTP)

ACN-251

Chapter 6

Objectives
Upon completion of this chapter, students should be able to understand the followings: VTP Concepts VTP Operations VTP Configurations

ACN-252

Chapter 6

What is VTP?
The VLAN Trunking Protocol (VTP) allows you to simplify the management of the VLAN database across multiple switches. As the number of switches increases on a small- or mediumsized business network, the overall administration required to manage VLANs and trunks in a network becomes a challenge.

ACN-253

Chapter 6

What is VTP?
Simple Network.

Create VLAN 30 Choose interface(s). Add interface(s) to VLAN 30.


ACN-254 Chapter 6

What is VTP?
How about now?

ACN-255

Chapter 6

What is VTP?
How does it work?

VTP Server

VTP Advertisement for VLAN 30


VLAN 30 VLAN 30

VTP Clients
ACN-256 Chapter 6

Benefits of VTP
The VLAN Trunking Protocol (VTP) allows you to simplify the management of the VLAN database across multiple switches. Benefits: VLAN configuration consistency across the entire network. (created, deleted, or renamed) Accurate tracking and monitoring of VLANs. Dynamic reporting of added VLANs across a network. Dynamic trunk configuration when VLANs are added to the network

ACN-257

Chapter 6

VTP Components
VTP Domain: Consists of one or more interconnected switches. All switches in a domain share VLAN configuration details using VTP advertisements. Router or Layer 3 switch defines the boundary of domain.

ACN-258

Chapter 6

VTP Components
VTP Advertisement: VTP uses a hierarchy of advertisements to distribute and synchronize VLAN configurations across the network.

new

ACN-259

Chapter 6

VTP Components
VTP Modes: Three different modes: (more) Server, Client, Transparent

ACN-260

Chapter 6

VTP Components
VTP Server: VTP servers advertise the VTP VLAN information to other switches in the same VTP domain. The server is where VLANs can be created, deleted, or renamed for the domain.

ACN-261

Chapter 6

VTP Components
VTP Client: VTP clients Forward advertisements to other clients. You cannot create, change, or delete VLANs. You must configure VTP Client mode.

ACN-262

Chapter 6

VTP Components
VTP Transparent: forward VTP advertisements to VTP clients and VTP servers. do not participate in VTP. VLANs that are created, renamed, or deleted on transparent switches are local to that switch only.

new

ACN-263

Chapter 6

VTP Components
VTP Pruning: VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links used to reach the destination devices. Without VTP pruning, broadcasts, multicasts and unknown unicasts are flooded across all trunk links within a VTP domain. What it means is that the destination switch does not have the same VLAN as the switch that initiates the broadcast.
ACN-264 Chapter 6

VLAN Trunking Protocol

VTP Operation

ACN-265

Chapter 6

Default VTP Configuration


The version the switch is capable of running. Default is Version 1. Server Mode

NO Domain Name

Version 2 Disabled

ACN-266

Chapter 6

Default VTP Configuration


VTP automatically distributes and synchronizes domain name and VLAN configurations across the network. (benefit) However, this benefit comes with a cost, you can only add switches that are in their default VTP configuration. If you add a VTP-enabled switch that is configured with settings, the existing network VTP configurations will be superseded with these setting and are automatically propagated throughout the network. (demo S45)

new

ACN-267

Chapter 6

VTP Domains
VTP allows you to separate your network into smaller management domains to help reduce VLAN management. VTP domains limits the extent to which configuration changes are propagated in the network if an error occurs A switch can be a member of only one VTP domain at a time. Until the VTP domain name is specified, you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.

ACN-268

Chapter 6

VTP Domains

Two domains configured.

ACN-269

Chapter 6

VTP Domains
For a VTP server or client switch to participate in a VTPenabled network, it must be a part of the same domain. Domain name propagation uses three VTP components: servers, clients, and advertisements.

ACN-270

Chapter 6

VTP Advertising
VTP Frame Structure: VTP advertisements (or messages) distribute VTP domain name and VLAN configuration changes to VTPenabled switches. The VTP frame is encapsulated in the same manner as any other tagged frame.

ACN-271

Chapter 6

VTP Advertising
VTP Frame Details:

ACN-272

Chapter 6

VTP Revision Number


VTP Revision Number (Default Zero): The configuration revision number is a 32-bit number that indicates the level of revision for a VTP frame. Each time a VLAN is added or removed, the configuration revision number is incremented. Each VTP device tracks the VTP configuration revision number. A VTP domain name change resets the revision number to zero. The revision number plays an important role in enabling VTP to distribute and synchronize VTP domain and VLAN configuration information. (More to come)
ACN-273 Chapter 6

VTP Advertisement Types


Summary Advertisement: Contains the VTP domain name, the current revision number, and other VTP configuration details. Summary advertisements are sent: Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain. Immediately after a configuration change.

ACN-274

Chapter 6

VTP Advertisement Types


Subset Advertisement: A subset advertisement contains VLAN information. Changes that trigger the subset advertisement include: Creating or deleting a VLAN. Suspending or activating a VLAN. Changing the name of a VLAN. Changing the MTU of a VLAN.

ACN-275

Chapter 6

VTP Advertisement Types


Request Advertisement: A request advertisement is sent to a VTP server. The VTP server responds to the client by sending a summary advertisement followed by a subset advertisement. Request advertisements are sent if: The VTP domain name has been changed. The switch receives a summary advertisement with a higher configuration revision number than its own. A subset advertisement message is missed for some reason. The switch has been reset.
ACN-276 Chapter 6

VTP Advertisement Types


Details of the formats can be found in the text or in the online curriculum. Summary Advertisement Subset advertisement Request Advertisement

ACN-277

Chapter 6

VTP Modes
A Cisco switch can be configured in either: Server mode Client mode Transparent mode These modes differ in how they are used to manage and advertise VTP domains and VLANs.

ACN-278

Chapter 6

VTP Modes
VTP Server Mode:

ACN-279

Chapter 6

VTP Modes
VTP Client Mode:

ACN-280

Chapter 6

VTP Modes
VTP Transparent Mode:

ACN-281

Chapter 6

VTP Server to Client

ACN-282

Chapter 6

VTP Server to Transparent to Client

S1 Periodic S1 Response Updates

S4 Requests

ACN-283

Chapter 6

VTP Pruning
VTP Pruning: Prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. Permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and prune the VLANs that are not assigned to ports on the remote switch. Disabled by default. Enabled using the vtp pruning global configuration command.

ACN-284

Chapter 6

VTP Pruning

No pruning

VLAN 10, 20
ACN-285

VLAN 20
Chapter 6

Pruning enabled on S1

VLAN Trunking Protocol

Configure VTP

ACN-286

Chapter 6

Configuring VTP
Configuration Guidelines:

ACN-287

Chapter 6

Configuring VTP
VTP Server Configuration:

Adding a name to a VLAN is considered a revision. 3 VLANs + 3 Names = 6

ACN-288

Chapter 6

Configuring VTP
VTP Client Configuration:

ACN-289

Chapter 6

Configuring VTP
Connect the Devices and Verify VTP:

ACN-290

Chapter 6

Configuring VTP
Add the workstations to the appropriate VLAN. Use the show vlan brief command to verify.

ACN-291

Chapter 6

Troubleshooting VTP Configurations

ACN-292

Chapter 6

Troubleshooting VTP Configurations


Incorrect VTP Domain Name

Update

Not updated

ACN-293

Chapter 6

Troubleshooting VTP Configurations


All switches set to Client mode.

On a reboot, all VLAN configurations are lost. VTP clients do not store the configuration in NVRAM.
ACN-294 Chapter 6

Troubleshooting VTP Configurations


Incorrect Revision Number

ACN-295

Chapter 6

Managing VLANs on a VTP Server

ACN-296

Chapter 6

AACS5324 Advanced Computer Networks


Chapter 10 Spanning Tree Protocol (STP)

ACN-297

Chapter 6

Objectives
Upon completion of this chapter, students should be able to understand the followings: Redundant Layer 2 Topologies Issues with Redundancy The Spanning Tree Protocol (STP) STP Convergence PVST+, RSTP, Rapid-PVST+

ACN-298

Chapter 6

Redundant Layer 2 Topologies


As businesses become increasingly dependent on the network, the availability of the network infrastructure becomes a critical business concern. Redundancy is the solution for achieving the necessary availability. Layer 2 redundancy improves the availability of the network by implementing alternate network paths by adding equipment and cabling. Having multiple paths for data to traverse the network allows for a single path to be disrupted without impacting the connectivity of devices on the network.

ACN-299

Chapter 6

Redundancy

ACN-300

Chapter 6

Redundancy

Redundant paths create loops in the network.

How are they controlled? Spanning Tree Protocol

ACN-301

Chapter 6

Redundancy
The Spanning Tree Protocol (STP) is enabled on all switches. STP has placed some switch ports in forwarding state and other switch ports in blocking state.

Forward

Blocked
ACN-302 Chapter 6

Issues with Redundancy


Redundancy is an important part of the hierarchical design. When multiple paths exist between two devices on the network and STP has been disabled on those switches, a Layer 2 loop can occur. If STP is enabled on these switches, which is the default, a Layer 2 loop would not occur.

ACN-303

Chapter 6

Issues with Redundancy


Ethernet frames do not have a Time-To-Live (TTL) parameter like IP packets. As a result, if they are not terminated properly on a switched network, they continue to bounce from switch to switch endlessly.

ACN-304

Chapter 6

Issues with Redundancy

Remember that switches use the Source MAC address to learn where the devices are and enters this information into their MAC address tables. Switches will flood the frames for unknown destinations until they learn the MAC addresses of the devices.
ACN-305 Chapter 6

Issues with Redundancy

Additionally, multicasts and broadcasts are also flooded out all ports except the receiving port. (Multicasts will not be flooded if the switch has been specifically configured to handle multicasts.)
ACN-306 Chapter 6

Issues with Redundancy

S2 floods update the S3and S1 forward their and S1 the S3S3floodsoutthe S3 and S1 update S2 sends a its S2 updates all S2 and broadcast update S3 and S1S1 now PC1 receives again with their and tables MAC back the broadcastthe MACthe broadcast. MAC table updates frame MACagain broadcast with the ports tables flood except their the wrong broadcast.tables with information the wrongport. wrong to S2.information the MAC table. receiving information

ACN-307

Chapter 6

Issues with Redundancy


Broadcast Storms:

In fact, the entire network can no longer process new traffic and comes to a screeching halt.

Because of the high level PC2 sends a PC3 sends a STP so a a and PC1broadcast No ofsendsa it PC4 traffic, sends Another loop cannotbroadcastloop createsloopbebroadcast yet another broadcast is processed. created

ACN-308

Chapter 6

Issues with Redundancy


Duplicate Unicast Frames:

End result. PC4 receives two copies of the same S2 has no entry for One from S1 and one from S3. frame. S1 also forwards have Both S3 and S1 PC1 sends frame PC4 sofor PC4 so the the a entries frame the frame it unicast out the isframe from S3 flooded received is forwarded to PC4 remaining ports

ACN-309

Chapter 6

Real-World Redundancy Issues


Loops in the Wiring Closet: Usually caused by an error in cabling.

ACN-310

Chapter 6

Real-World Redundancy Issues


Loops in Cubicles: Some users have a personal switch or hub.

Affects all of the traffic on S1

ACN-311

Chapter 6

Introduction to STP
Redundancy: Increases the availability of the network topology by protecting the network from a single point of failure. In a Layer 2 design, loops and duplicate frames can occur, having severe consequences. The Spanning Tree Protocol (STP) was developed to address these issues. STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. The switches running STP are able to compensate for failures by dynamically unblocking the previously blocked ports and permitting traffic to traverse the alternate paths.
ACN-312 Chapter 6

Spanning-Tree Algorithm (STA)


STP Topology Avoiding a loop:

S1 forwards a andin STP is in use is S3 S2 forwards the Because F0/2 PC1 sends the broadcast portthe has placed but F0/2 blocking state, broadcast. broadcast. in not to S3.state to broadcast is not blocking forwarded back to avoid a loop. S2. NO LOOP!

ACN-313

Chapter 6

Spanning-Tree Algorithm (STA)


STP Topology Network Failure:

S3 port activated S3 port back to S3 and S1 forward S2 forwards a PC1 Sends the blocking mode. broadcast. the broadcast. broadcast.

Trunk 1 Failure Trunk 1 comes back up.

ACN-314

Chapter 6

Spanning-Tree Algorithm (STA)


Terminology: Root Bridge: A single switch used as the reference point for all calculations. (Lowest BID) (more) Root Ports: The switch port on a non-root bridge with the lowest path cost closest to the root bridge. Designated Port: (per segment) All non-root ports that are still permitted to forward traffic on the network. Non-designated Ports: (per segment) All ports configured to be in a blocking state to prevent loops.
ACN-315 Chapter 6

Spanning-Tree Algorithm (STA)


STP uses the Spanning Tree Algorithm (STA) to determine which switch ports on a network need to be configured for blocking to prevent loops. Through an election process, the algorithm designates a single switch as the root bridge and uses it as the reference point for all calculations. The election process is controlled by the Bridge-ID (BID).

Bridge Priority
2
ACN-316

MAC Address
6
Chapter 6

Root Bridge
Election Process: All switches in the broadcast domain participate. After a switch boots, it sends out Bridge Protocol Data Units (BPDU) frames containing the switch BID and the root ID every 2 seconds. The root ID identifies the root bridge on the network. By default, the root ID matches the local BID for all switches on the network. In other words, each switch considers itself as the root bridge when it boots.

ACN-317

Chapter 6

Root Bridge
Election Process: As the switches forward their BPDU frames, switches in the broadcast domain read the root ID information from the BPDU frame. If the root ID from the BPDU received is lower than the root ID on the receiving switch, the receiving switch updates its root ID identifying the adjacent switch as the root bridge. The switch then forwards new BPDU frames with the lower root ID to the other adjacent switches. Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning-tree instance.
ACN-318 Chapter 6

Best Path
Now that the root bridge has been elected, the STA starts the process of determining the best (lowest cost) paths to the root bridge from all destinations in the broadcast domain. The path information is determined by summing up the individual port costs along the path from the destination to the root bridge. The default port costs are specified by the IEEE and defined by the speed at which the port operates.
Link Speed 10Gbps 1Gbps 100Mbps 10Mbps
ACN-319

Cost 2 4 19 100
Chapter 6

Best Path
You are not restricted to the defaults. The cost of a path can be manually configured to specify that a specific path is the preferred path instead of allowing the STA to choose the best path. Realize, however, that changing the cost of a particular path will affect the results of the STA. The no form of the following command will return the cost to its default value.
switch(config)#interface fa0/1 switch(config-if)#spanning-tree cost [value] switch(config-if)#end

ACN-320

Chapter 6

Best Path
Verifying the port and path cost.

Port Cost

Path Cost

ACN-321

Chapter 6

STP Bridge Protocol Data Unit


STP determines a root bridge for the spanning-tree instance by exchanging Bridge Protocol Data Units (BPDU).

Identifies the root bridge and the cost of the path to the root bridge.

ACN-322

Chapter 6

STP Bridge Protocol Data Unit


STP determines a root bridge for the spanning-tree instance by exchanging Bridge Protocol Data Units (BPDU).

ACN-323

Chapter 6

BPDU Process
Root Bridge Election Process:

S3 believes S2 is the root bridge. S1 still thinks it is the root bridge.


ACN-324 Chapter 6

BPDU Process
Root Bridge Election Process:

S2 and S1 both think that they are the root bridge.


ACN-325 Chapter 6

BPDU Process
Root Bridge Election Process:

S3 recognizes S1 as the root. S2 recognizes S1 as the root.


ACN-326 Chapter 6

BPDU Process
Root Bridge Election Process:

If the root bridge fails, the election process begins again.


ACN-327 Chapter 6

Bridge ID
Early STP implementation no VLANs.

That means that there is a separate instance of STP for each VLAN.

ACN-328

Changed to include VLAN ID.

Chapter 6

Bridge ID

ACN-329

Chapter 6

Bridge ID
Bridge Priority: A customizable value that you can use to influence which switch becomes the root bridge. (Another rigged election!) The switch with the lowest priority, which means lowest BID, becomes the root bridge. The lower the priority value, the higher the priority.

ACN-330

Chapter 6

Bridge ID
Bridge Priority: Notice that the addition of the VLAN ID leaves fewer bits available for the bridge priority (4 instead of 16). As a result, the bridge priority is assigned in multiples of 4096. The priority is added to the extended system value (VLAN ID) to uniquely identify the priority and VLAN of the BPDU frame.

ACN-331

Chapter 6

Bridge ID
Bridge Priority: For example: The default bridge priority is 32,769. (4096 * 8) + VLAN 1 ( native VLAN) If I assign bridge priority 24,576 for VLAN 1 (4096 *6), the bridge priority becomes 24,567 24,577 This switch will become the root bridge.

ACN-332

Chapter 6

Bridge ID
Bridge Priority:

Default Priority: Election based on MAC Address

ACN-333

Chapter 6

Bridge ID
Bridge Priority:

Modified Priority: Election based on priority.

ACN-334

Chapter 6

Configure and Verify the Bridge ID


Two Methods to configure the Bridge ID: Method 1: Ensures that the switch has the lowest priority value after determining the lowest value on the network.

Ensures that the switch will become the root bridge if the primary fails. This one assumes that all other switches have the default value.
ACN-335 Chapter 6

Configure and Verify the Bridge ID


Two Methods to configure the Bridge ID: Method 2: VLAN ID Number Priority value

ACN-336

Chapter 6

Configure and Verify the Bridge ID

ACN-337

Chapter 6

Port Roles
The root bridge is elected for the spanning-tree instance. The location of the root bridge in the network topology determines how port roles are calculated. Root Port: The switch port with the best path to forward traffic to the root bridge. Designated Port: The switch port that receives and forwards frames toward the root bridge as needed. Only one designated port is allowed per segment. Non-designated Port: A switch port that is blocked, so it is not forwarding data frames.
ACN-338 Chapter 6

Port Roles
The STA determines which port role is assigned to each switch port. To determine the root port on a switch: The switch compares the path costs on all switch ports participating in the spanning tree. When there are two switch ports that have the same path cost to the root bridge: The switch uses the customizable port priority value, or the lowest port ID to break the tie. The port ID is the number of the connected port.

ACN-339

Chapter 6

Port Roles Root Port


For Example: Default Port Priority = 128

F0/2 Priority = 128,2

F0/1 and F0/2 have the same path cost (19).

F0/1 Priority = 128,1

ACN-340

Chapter 6

Port Roles Root Port


You can specify the root port: Configure Port Priority:

Priority values 0 - 240, in increments of 16. Default port priority value is 128. The lower the port priority value, the higher the priority.

ACN-341

Chapter 6

Port Roles Root Port


Verifying the Port Priority:

ACN-342

Chapter 6

STP Port States and BPDU Timers


Port States: The spanning tree is determined by the exchange of the BPDU frames between the interconnected switches. Each switch port: Five possible port states. Three BPDU timers. WHY? The spanning tree is determined immediately after the switch has finished booting. Going directly from a blocking state to a forwarding state could create a temporary loop. The five states and the timers address this issue.
ACN-343 Chapter 6

STP Port States and BPDU Timers


Port States: Blocking: The port is a non-designated port and does not participate in frame forwarding. Listening: STP has determined that the port can participate in frame forwarding according to the BPDU frames that the switch has received thus far. Learning: The port prepares to participate in frame forwarding and begins to populate the MAC address table.

ACN-344

Chapter 6

STP Port States and BPDU Timers


Port States: Forwarding: The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames. Disabled: The Layer 2 port does not participate in STP and does not forward frames. (administratively shutdown)

ACN-345

Chapter 6

STP Port States and BPDU Timers


BPDU Timers: The amount of time that a port stays in the various port states depends on the BPDU timers. Only the switch in the role of root bridge may send information through the tree to adjust the timers.

ACN-346

Chapter 6

STP Port States and BPDU Timers


BPDU Timers: At power up: Topology change Delay Every switch port goes through the blocking, Maximum of listening and learning states. 20 + 15 + 15 = 50 seconds The ports then stabilize to the forwarding or blocking state. During a topology change: A port temporarily implements the listening and Power up Delay learning states for a specified period. Maximum of 15 + 15 = 30 Seconds

ACN-347

Chapter 6

STP Port States and BPDU Timers


BPDU Timers: There is a race between operating systems and CPU manufacturers. CPU manufacturers keep making the chips faster, while, at the same time, operating systems keep slowing down. As a result the BPDU timer delays can affect DHCP. A network device is often booted and ready to use the network before the switch port becomes active. This can prevent the device from immediately obtaining a useable IP configuration from DHCP.
ACN-348 Chapter 6

Cisco PortFast
Cisco has addressed this issue with their PortFast technology. The port is configured as an access port. The port transitions from blocking to forwarding state immediately, bypassing the listening and learning states. PortFast is disabled by default. It should be used only on access ports. If you enable PortFast on a port connecting to another switch, you risk creating a spanning-tree loop.

ACN-349

Chapter 6

Cisco PortFast

ACN-350

Chapter 6

Putting It All Together


STP Convergence: Convergence is the time it takes for the network to: Determine which switch is going to assume the role of the root bridge. Set switch ports to their final spanning-tree port roles where all potential loops are eliminated. Three Steps: 1. Elect a root bridge. 2. Elect the root ports. 3. Elect the Designated and Non-designated ports.

ACN-351

Chapter 6

Putting It All Together - Step 1


Elect a Root Bridge:
Root ID 32769.00A222 32769.00A111 Bridge ID 3279.00A222

Root

Root ID 24577.00A333 Bridge ID 24577.00A333

Root ID 32769.00A111 Bridge ID 3279.00A111

Root Root ID 32769.00A111 Bridge ID 3279.00A111

Root ID 32769.00A111 Bridge ID 3279.00A111


ACN-352

Root
Chapter 6

Putting It All Together Step 1


Elect a Root Bridge:
Root ID 32769.00A111 Bridge ID 3279.00A222 Root ID 24577.00A333 Bridge ID 24577.00A333

Root Root ID 32769.00A111 Bridge ID 3279.00A222


Root ID 32769.00A111 Bridge ID 3279.00A222

Root ID 32769.00A111 Bridge ID 3279.00A111


ACN-353

Root
Chapter 6

Putting It All Together Step 1


Elect a Root Bridge:
Root ID 32769.00A111 24577.00A333 Bridge ID 3279.00A222 Root ID 24577.00A333 Bridge ID 24577.00A333

Root ID 24577.00A333 Bridge ID 24577.00A333 Root ID 24577.00A333 Bridge ID 24577.00A333

Root

Root ID 32769.00A111 24577.00A333 Bridge ID 3279.00A111


ACN-354

Root
Chapter 6

Putting It All Together Step 2


Root Ports:
Throughout the root bridge election, the path cost has also been updated. All links are 100Mbps. Cost = 19 Root ID 24577.00A333 Bridge ID 24577.00A333

Root ID 24577.00A333 Bridge ID 3279.00A222

R 19

38

Root

19 38 Root ID 32769.00A111 24577.00A333 Bridge ID 3279.00A111


ACN-355 Chapter 6

Putting It All Together Step 3


Designated and Non-designated Ports:
Root ID 24577.00A333 Bridge ID 3279.00A222 Root ID 24577.00A333 Bridge ID 24577.00A333

Root

Root ID 24577.00A333 Bridge ID 3279.00A222

S1 is the root bridge so both ports become designated ports.

D
Root ID 32769.00A111 24577.00A333 Bridge ID 3279.00A111
ACN-356

Chapter 6

Putting It All Together Step 3


Designated and Non-designated Ports:
Root ID 24577.00A333 Bridge ID 3279.00A222 Root ID 24577.00A333 Bridge ID 24577.00A333

Root ID 24577.00A333 Bridge ID 3279.00A111

ND

Root

D
Root ID 32769.00A111 24577.00A333 Bridge ID 3279.00A111
ACN-357

Chapter 6

Putting It All Together


Root
R D D

Verifying STP Configuration:

ND

ACN-358

Chapter 6

Putting It All Together


Verifying STP Configuration:

Root
R D D ND

D
ACN-359

R
Chapter 6

Putting It All Together


Root
R D D

Verifying STP Configuration:

ND

ACN-360

Chapter 6

Spanning Tree Protocol (STP)

PVST+, RTSP and Rapid PVST+


Per-VLAN Spanning Tree (PVST) Per-VLAN Spanning Tree Plus (PVST+) Rapid Per-VLAN Spanning Tree Plus (Rapid PVST+)

Rapid Spanning Tree (RSTP)


Multiple Spanning Tree Protocol (MSTP)
ACN-361 Chapter 6

Cisco and IEEE STP Variants

ACN-362

Chapter 6

PVST+ (Cisco)
Cisco PVST+: A network can run an STP instance for each VLAN in the network. Cisco proprietary. More than one trunk can block for a VLAN. Load sharing can be implemented. Means that all switches in the network are engaged in converging the network. Switch ports have to accommodate the additional bandwidth used for BPDUs. Default for Cisco 2960 switches.

ACN-363

Chapter 6

PVST+ (Cisco)

ACN-364

Chapter 6

PVST+ (Cisco)
Extended System-ID

ACN-365

Chapter 6

PVST+ (Cisco)
Extended System-ID

ACN-366

Chapter 6

Configure PVST+

ACN-367

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


IEEE 802.1w RSTP: What is it? Is an evolution of the 802.1D standard. Terminology remains primarily the same. Most parameters have been left unchanged. Speeds the recalculation of the spanning tree on a topology change. Much faster convergence. Redefines the type of ports and their state. Alternate or backup ports can immediately change to a forwarding state without waiting for the network to converge.
ACN-368 Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


IEEE 802.1w RSTP: Characteristics: Preferred protocol for preventing Layer 2 loops. Cisco-proprietary enhancements, such as UplinkFast and BackboneFast, are not compatible with RSTP. Retains backward compatibility to 802.1D. Keeps the same BPDU format as IEEE 802.1D with the version field is set to 2 to indicate RSTP. Port can safely transition to the forwarding state without having to rely on any timer configuration.
ACN-369 Chapter 6

Rapid Spanning-Tree Protocol (RSTP)

802.1D (STP) Switch only sends an information BPDU when it receives one on the root port.

802.1w (RSTP) Switch sends an information BPDU every hello time (2 seconds) even if no BPDU has been received on the root port.

ACN-370

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Rapid Transition to Forwarding State: Rapid transition is the most important feature introduced by 802.1w. The legacy STA passively waited for the network to converge before it turned a port into the forwarding state. The new rapid STP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on any timer configuration. In order to achieve fast convergence on a port, the protocol relies upon two new variables: Edge Ports Link Type.
ACN-371 Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Edge Ports: An edge port is a switch port that is never intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled. Does this sound like anything weve already discussed? PortFast

Non-Edge Ports: A non-edge port is a switch port that is always intended to be connected to another switch device.
ACN-372 Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Non-Edge Ports

Cisco - Portfast

Edge Ports

ACN-373

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Link Types: The link type provides a categorization for each port participating in RSTP. Non-edge ports are categorized into two link types: Point-to-point: Connects to a single network device. Shared: Connects to a shared media where more switches may exist. The link type is automatically derived from the duplex mode of a port but this can be overridden.

ACN-374

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)

ACN-375

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Link Types: However, before the link type parameter is considered, RSTP must determine the port role. Root Ports: Do not use the link type parameter. Alternate and Backup Ports: Do not use the link type parameter in most cases. Designated Ports: Make the most use of the link type parameter only if it is a point-to-point link.

ACN-376

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port States: An RSTP topology change causes a transition to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization. With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be in the discarding state temporarily, even though its final state is to be forwarding.

ACN-377

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port States: Discarding: Prevents the forwarding of data frames. Learning: Accepts data frames to populate the MAC table. Forwarding: Forwards data frames and determines the topology.

ACN-378

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


STP

RSTP

ACN-379

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port Roles: The port role defines the ultimate purpose of a switch port and how it handles data frames. Port roles and port states are able to transition independently of each other. Root Port Designated Port Alternate Port Backup Port Creating the additional port roles allows RSTP to define a standby switch port before a failure or topology change.

ACN-380

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port Roles:

ACN-381

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port Roles:

ACN-382

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port Roles:

ACN-383

Chapter 6

Rapid Spanning-Tree Protocol (RSTP)


Port Roles:

ACN-384

Chapter 6

RSTP Proposal and Agreement Process


In IEEE 802.1D STP: A designated port must wait two times the forward delay before transitioning the port to the forwarding state. RSTP: Significantly speeds up the recalculation process after a topology change. It converges on a link-by-link basis and does not rely on timers expiring before ports can transition. Only on edge ports and point-to-point links.

ACN-385

Chapter 6

RSTP Proposal and Agreement Process

ACN-386

Chapter 6

Configuring Rapid-PVST+
Rapid PVST+ is a Cisco implementation of RSTP. Supports spanning tree for each VLAN. Rapid STP variant to use in Cisco-based networks.

ACN-387

Chapter 6

Design STP for Trouble Avoidance


Know where the root is:

Either not both!

ACN-388

Chapter 6

Design STP for Trouble Avoidance


Know where the root is:

Either not both!


ACN-389 Chapter 6

Design STP for Trouble Avoidance


Minimize the Number of Blocked Ports: The only critical action that STP takes is the blocking of ports. A good way to limit the risk inherent in the use of STP is to reduce the number of blocked ports as much as possible. In non-hierarchical networks you might need to tune the STP cost parameter to decide which ports to block.

ACN-390

Chapter 6

Design STP for Trouble Avoidance


Minimize the Number of Blocked Ports: You do not need more than two redundant links between two nodes in a switched network.

Know the location of redundant links and which ports are blocked.

ACN-391

Chapter 6

Design STP for Trouble Avoidance


VTP or Manual Pruning: Prune any VLAN that you do not need off your trunks.

ACN-392

Chapter 6

Design STP for Trouble Avoidance


Use Layer 3 Switching: There is no speed penalty with the Layer 3 switching means routing approximately at the routing hop and an additional speed of switching. segment between C1 and C2.

Core switch C1 and core switch C2 are Layer 3 switches so there is no possibility for a loop.

STP no longer blocks any single port. There is no potential for a bridging loop.
ACN-393 Chapter 6

Design STP for Trouble Avoidance


Final Points:

ACN-394

Chapter 6

Troubleshoot STP Operation


STP Failure:

Fully converged. As long as S2 receives BPDUs from S3, it will block broadcasts. BROADCAST STORM! to receive For some reason, F0/3 on S2 fails BPDUs within the age time of 20 seconds. TRANSITIONS TO THE FORWARDING STATE.
ACN-395 Chapter 6

Troubleshoot STP Operation


STP Failure: Unfortunately, there is no procedure to deal with this type of failure. In-band access may BROADCAST STORM! not be available during a bridging loopconsole access may be required. Before you can troubleshoot a bridging loop, you need to know how the network is set up when it works properly. Topology of the bridge network. Location of the root bridge. Location of the blocked ports and the redundant links.
ACN-396 Chapter 6

Troubleshoot STP Operation


PortFast Configuration Error: Typically PortFast is enabled only for a port or interface that connects to a host. Do not use PortFast on switch ports or interfaces that connect to other switches, hubs, or routers. You may create a network loop.

ACN-397

Chapter 6

Troubleshoot STP Operation

Do not use PortFast on switch ports or interfaces that connect to other switches, hubs, or routers. You may create a network loop.
ACN-398 Chapter 6

Troubleshoot STP Operation


Network Diameter Issues: The default values for the STP timers impose a maximum network diameter of seven. In other words, two distinct switches cannot be more than seven hops away. Part of this restriction comes from the age field that BPDUs carry. When a BPDU propagates from the root bridge toward the leaves of the tree, the age field increments each time the BPDU goes though a switch. If the root is too far away from some switches of the network, BPDUs will be dropped.
ACN-399 Chapter 6

Troubleshoot STP Operation

ACN-400

Chapter 6

AACS5324 Advanced Computer Networks


Chapter 11 Inter-VLAN Routing

ACN-401

Chapter 6

Objectives
Upon completion of this chapter, student should be able to understand the followings: What is Inter-VLAN Routing? Types of Inter-VLAN Routing Configuration of Inter-VLAN Routing

ACN-402

Chapter 6

Introducing Inter-VLAN Routing


What is Inter-VLAN Routing? Each VLAN is a unique broadcast domain. Computers on separate VLANs are, by default, not able to communicate. Each VLAN is a unique IP subnetwork. To allow VLANs to communicate, we need a router to communicate among separate broadcast domains and unique IP subnetworks. Inter-VLAN routing, then, is a process of forwarding traffic from one VLAN to another VLAN using a router.
ACN-403 Chapter 6

Introducing Inter-VLAN Routing


Methods: Traditional Inter-VLAN Routing. Router-on-a-stick Inter-VLAN Routing. Switch Based Inter-VLAN Routing.

ACN-404

Chapter 6

Introducing Inter-VLAN Routing


Traditional Inter-VLAN Routing: One router interface per VLAN. Internally Routed to the proper subnet.

VLAN Tag removed Tagged

ACN-405

Chapter 6

Introducing Inter-VLAN Routing


Router-on-a-stick Inter-VLAN Routing: Internally Routed to One router interface for all VLANs. the proper subnet.

VLAN Tag removed Tagged

ACN-406

Chapter 6

Introducing Inter-VLAN Routing


Layer 3 Switch Inter-VLAN Routing: Uses Switch Virtual Interfaces (SVI) to retag the frame.

TagVLAN removed Tagged (10)

ACN-407

Chapter 6

Interfaces and Subinterfaces


Traditional Inter-VLAN Routing: Traditional routing requires routers to have multiple physical interfaces to facilitate inter-VLAN routing. Each interface is also configured with an IP address for the subnet associated with the particular VLAN that it is connected to. In this configuration, network devices can use the router as a gateway to access the devices connected to the other VLANs.

ACN-408

Chapter 6

Interfaces and Subinterfaces


Router Router tags Traditional Inter-VLAN Routing the frame Responds for VLAN 30 Routing table: And switches it 172.17.10.0 F0/0 to Port F0/1. 172.17.30.0 F0/1

Tagged Tag Removed VLAN 10

ACN-409

Chapter 6

Interfaces and Subinterfaces


Traditional Inter-VLAN Routing

ACN-410

Chapter 6

Interfaces and Subinterfaces


Traditional Inter-VLAN Routing: Traditional inter-VLAN routing using physical interfaces does have a limitation. As the number of VLANs increases on a network, the physical approach of having one router interface per VLAN quickly becomes hindered by the physical hardware limitations of a router. Routers have a limited number of physical interfaces that they can use to connect to different VLANs. It is very expensive to add an Ethernet Interface.
ACN-411 Chapter 6

Interfaces and Subinterfaces

ACN-412

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Subinterfaces: Overcomes the hardware limitation of a router. Subinterfaces are software-based virtual interfaces that are assigned to physical interfaces. Each subinterface is configured with its own IP address, subnet mask, and unique VLAN assignment. Connected to a switch trunk link. Functionally the same as using the traditional routing model.

ACN-413

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing Routing table: 172.17.10.0 F0/0.10 172.17.30.0 F0/0.30 Tagged VLAN 30

Tagged Tag Tag Removed Removed VLAN 10 30

ACN-414

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Configuring Subinterfaces: Similar to configuring physical interfaces. Create the subinterface. Assign it to a VLAN. Assign an IP Address. Enable the interface.

ACN-415

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Create the subinterface: The syntax for the subinterface is always the physical interface, followed by a period and a subinterface number. The subinterface number is configurable, but it is typically associated to reflect the VLAN number. R1(config)#interface [interface].nn NOTE: The management VLAN must also be configured if you wish to use it on multiple switches that are not directly connected by trunk links.
ACN-416 Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Assign it to a VLAN: Before assigning an IP Address, the interface must to be configured to operate on a specific VLAN using the proper encapsulation. R1(config-subif)#encapsulation dot1q vlan-id

ACN-417

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Assign an IP Address: The IP Address assigned here will become the default gateway for that VLAN. R1(config-subif)#ip address [address] [mask]

ACN-418

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Enable the interface: Subinterfaces are not enabled individually. When the physical interface is enabled, all associated subinterfaces are enabled. R1(config-if)#no shutdown

ACN-419

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Configuring Subinterfaces:

VLAN 10 VLAN 30 Enable Interfaces

ACN-420

Chapter 6

Interfaces and Subinterfaces


Router-on-a-stick Inter-VLAN Routing: Configuring Subinterfaces:

Planning!

ACN-421

Chapter 6

Interfaces and Subinterfaces


Router Interface and Subinterface Comparison:

ACN-422

Chapter 6

Inter-VLAN Routing

Configuring Inter-VLAN Routing


(Putting It All Together)

ACN-423

Chapter 6

Configuring Inter-VLAN Routing


Traditional Inter-VLAN Routing:

ACN-424

Chapter 6

Configuring Inter-VLAN Routing


Traditional Inter-VLAN Routing:

ACN-425

Chapter 6

Configuring Inter-VLAN Routing


Traditional Inter-VLAN Routing:

ACN-426

Chapter 6

Configuring Inter-VLAN Routing


Router-on-a-stick Inter-VLAN Routing: VLANs Trunk in Trunk Native VLAN Interfaces VLANs

ACN-427

Chapter 6

Configuring Inter-VLAN Routing


Router-on-a-stick Inter-VLAN Routing:

VLAN 10 VLAN 30

Enable All Subinterfaces

ACN-428

Chapter 6

Inter-VLAN Routing

Troubleshooting Inter-VLAN Routing

ACN-429

Chapter 6

Configuring Inter-VLAN Routing


VLAN 30 is working but VLAN 10 cannot communicate with the Switch Configuration Issues: router or VLAN 30. Interface F0/4 is still in the default VLAN.

switchport access vlan 10

ACN-430

Chapter 6

Configuring Inter-VLAN Routing


Each of the configured Switch Configuration Issues: subinterfaces is unable to send or receive VLAN traffic.

Interface F0/5 is still in the default VLAN.

switchport mode trunk

ACN-431

Chapter 6

Configuring Inter-VLAN Routing


PC1 cannot communicate with the Router Configuration Issues: and the router router interface cannot route to VLAN 30. Switch port F0/4 is for VLAN 10.

Switch port F0/9 is Move the cable from F0/9 to F0/4. assigned to the default VLAN. One of the most common mistakes in Inter-VLAN routing.

ACN-432

Chapter 6

Configuring Inter-VLAN Routing


PC1 cannot communicate with the router interface Router Configuration Issues: and the router cannot route to VLAN 30.

ACN-433

Chapter 6

Configuring Inter-VLAN Routing


IP Addressing Issues:cannot communicate. PC1

Incorrect IP address for subnet 172.16.10.0/24. Incorrect IP address forfor Incorrect subnet mask subnet 172.16.10.0/24. subnet 172.16.10.0/24.

ACN-434

Chapter 6