Vlans - Anandp
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Vlans - Anandp as PDF for free.
More details
- Words: 12,024
- Pages: 36
Catalyst 6500 T e c h n i c al T r ai n i n g
November 2003
CHAPTER 11: Virtual LAN’s (VLAN’s) Carl Solder Technical Marketing Engineer Internetworking Systems Business Unit ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
1
Before we start…
Cisco Systems
NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. This is a training module that forms part of a complete Catalyst 6500 training materials. It is designed to provide an introduction to the topic in question, review the configuration commands and provide sample configurations… This update is based on a Catalyst 6500 running the Supervisor 720 with the 12.2SX version of IOS code… NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE..
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
2
Cisco Systems
CHAPTER 11.1 – Understanding VLAN’s
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
3
U n d erstan d i n g V L A N ’s
Cisco Systems
A Virtual LAN allows the grouping of different switch ports into the same broadcast domain as though they were connected via the same physical switch. A VLAN can span across non contiguous ports, across different modules and across different switch’s.
Switch A
Switch B
In the above diagram, there are three VLAN’s, Red, Green and Blue – all hosts belonging to a particular VLAN need to traverse a Layer 3 device to reach a host in another VLAN… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
4
U n d e r stan d i n g V L A N ’s Broadcast Domain
Cisco Systems
A VLAN creates a broadcast domain such that any broadcasts generated by hosts within the VLAN do not (by default) cross into another VLAN boundary…
Switch A A
In the above example, a broadcast sent by “Red” host A will be forwarded to all other hosts in the RED VLAN, but not to hosts in the BLUE or GREEN VLAN… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
5
U n d e r stan d i n g V L A N ’s V L A N ’s and I P S u b ne ts
It is common practice for a Virtual LAN to be associated with a single IP Subnet as follows. VLAN A - IP Subnet A
Cisco Systems While not common, it is valid for multiple subnets to exist wholly within the same VLAN but in this case each subnet needs a layer 3 device to communicate to another subnet… Switch
Switch
VLAN B - IP Subnet B ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
VLAN C - IP Subnet A & B 6
U n d erstan d i n g V L A N ’s V L A N
N u mb e r R ang e
Cisco Systems
When a VLAN is created, it has to be assigned a valid number within a specified range. Currently the VLAN number range is as follows… VLAN #
Range
0
Reserved
1
Usage
VTP Support
System Use only
N/A
Normal
Cisco Default – Usable but cannot be deleted
Yes
2 - 1001
Normal
Can be created, used and deleted
Yes
1002 - 1005
Normal
Defaults for Token Ring and FDDI – Cannot be deleted
Yes
1006 - 4094
Extended
For Ethernet VLAN’s only - Can be created, used and deleted
No
4095
Reserved
System Use only
N/A
NOTE: Configuring extended VLAN’s required additional configuration ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
7
U n d erstan d i n g V L A N ’s E x te nde d V L A N ’s
Cisco Systems
Each VLAN consumes a MAC address (used by Spanning Tree to build a bridge ID). As the switch only has 1024 MAC addresses, using extended VLAN’s (1006 – 4024) requires users to enable the “extended system-id” feature – this enables switch to build a unique bridge ID for all potential 4094 VLAN’s… Normal Spanning Tree Bridge ID is built as follows… Bridge Priority 2 bytes – 16 bits Bridge Priority without extended system-id configured… Bridge Priority 2 bytes – 16 bits ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
MAC Address 6 bytes – 48 bits Bridge Priority with extended system-id configured… Bridge Priority Extended System ID (VLAN) 4 bits
12 bits 8
U n d erstan d i n g V L A N ’s I nte rnal V L A N ’s
Cisco Systems
The Catalyst 6500 uses a VLAN number internally to represent a layer 3 port – that being a physical layer 3 port (like a FlexWAN or a routed Ethernet port) or a logical layer 3 port (like a sub-interface on a FlexWAN port, etc)… STD VLAN 1-1001
Standard Ethernet layer 2 port can be placed in any VLAN
VLAN interface can use any VLAN number EXTD VLAN 1006 to 4094
A layer 3 Ethernet port or a FLEXWAN/OSM layer 3 port each consumes 1 extended VLAN number A sub-interface consumes 1 extended VLAN number
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
9
U n d erstan d i n g V L A N ’s I nte rnal V L A N ’s
Cisco Systems
Once an extended VLAN is consumed by a layer 3 port, it cannot be used for other purposes… The switch can be configured to define the allocation policy – that is should extended VLAN numbers be allocated bottom up (from 1006 up) or top down (from 4094 down)… STD VLAN 1-1001
EXTD VLAN 1006 to 4094
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
1006 1007 1008 1009 …..
Allocation policy of ascending indicates the VLAN’s allocated to layer 3 interfaces will be assigned from 1006 and upwards…
INTERNAL VLAN ALLOCATION POLICY …… 4091 4092 4093 4094
Allocation policy of descending indicates the VLAN’s allocated to layer 3 interfaces will be assigned from 4094 and downwards… 10
U n d erstan d i n g V L A N ’s V L A N
P ort T y p e s
Cisco Systems
Switch Ports defined as an access port are placed in a VLAN. They can only belong to one VLAN at a time. Special Switch Ports can be defined as a VLAN Trunk Port which I designed to carry traffic from multiple VLAN’s… Trunk ports tend to be defined for links to other switches or routers… Port 2/1 – VLAN 20 Port 2/2 – VLAN 10 Switch
Port 2/3 – VLAN 10 Port 2/4 – VLAN 30
Switch
Port 2/5 – VLAN 20 Port 2/6 – VLAN 30 Access Ports ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
Trunk Ports 11
U n d erstan d i n g V L A N ’s V L A N
T ru nk s - T ag g ing
Cisco Systems
A VLAN trunk will tag data with its VLAN number, so the destination switch will know which VLAN to forward to packet to – There are two technologies supported in the Catalyst 6500 to “tag” VLAN’s and they are ISL and 802.1Q – these are typically implemented in ASIC’s to maximize performance Trunk Port to carry traffic from Multiple VLAN’s
VLAN 20
VLAN 20 VLAN 10
Switch
Switch
VLAN 10 VLAN 30
VLAN 30
Individual VLAN’s running on Access Ports ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
12
U n d erstan d i n g V L A N ’s V L A N
T ag g ing – I S L
Cisco Systems
Inter Switch Link (ISL) was the first VLAN tagging mechanism released by Cisco. It is a “two level” tagging mechanism as it prepends and appends tags both at the front and back of the encapsulated frame… Its supports 1024 VLAN numbers DA
Type
User
SA
LEN
ISL Header 26 Bytes
AAAA03
HSA
VLAN BPDU
Data
Data
VLAN 30 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
RES
FCS 4 Bytes
Data
Data VLAN 20
VLAN 20 VLAN 10
INDEX
Switch
Switch
VLAN 10 VLAN 30 13
U n d erstan d i n g V L A N ’s V L A N
T ag g ing – 8 0 2 . 1 Q
Cisco Systems
802.1Q is an IEEE standard for VLAN Tagging - It is a “one level” tagging mechanism inserting a single tag within the Ethernet frame… Unlike ISL, it supports the full 4096 VLAN numbers…
User Priority
DA
SA
CFI
ETH-TYPE
Data
VLAN Number
TAG
TYPE/LEN
Data
Data VLAN 20
VLAN 20 VLAN 10 VLAN 30 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
DATA
Switch
Switch
VLAN 10 VLAN 30 14
U n d erstan d i n g V L A N ’s M ap p ing Dot1 Q
to I S L V L A N ’s
Cisco Systems
There may be occasions where a user group is split across a Dot1Q network an ISL network – in this case, to allow communication between the two disparate groups, VLAN mapping must take place on a switch that bridges the two networks… Dot1Q
ISL SWITCH
Map Table
. . . . .
. . . . .
ISL
Dot1Q
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
The switch will maintain a map table that maps a Dot1Q VLAN to an ISL VLAN…
15
U n d erstan d i n g V L A N ’s M ap p ing Dot1 Q
to I S L V L A N ’s R u l e s
Dot1Q
Cisco Systems ISL
SWITCH
Rules for mapping Dot1Q VLAN’s to ISL VLAN’s 1. You can configure up to eight 802.1Q-to-ISL VLAN mappings on the Catalyst 6500 series switch. 2. You can only map 802.1Q VLAN’s to Ethernet-type ISL VLAN’s. 3. Do not enter the native VLAN of any 802.1Q trunk in the mapping table. 4. When you map an 802.1Q VLAN to an ISL VLAN, traffic on the 802.1Q VLAN corresponding to the mapped ISL VLAN is blocked. For example, if you map 802.1Q VLAN 1007 to ISL VLAN 200, traffic on 802.1Q VLAN 200 is blocked. 5. VLAN mappings are local to each Catalyst 6500 series switch. Make sure you configure the same VLAN mappings on all appropriate network devices ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
16
C on fi g u ri n g V L A N ’s E th e rne t De f au l t V L A N
C onf ig u ration
Cisco Systems
The default VLAN configuration for Ethernet ports in the Catalyst 6500 are… Parameter VLAN ID VLAN Name MTU Size
Default 1 “Default” for VLAN 1, “VLANvlan_id” for other VLAN’s 1500
Range 1-4094 --576 - 18190
Translational Bridge 1 0
0 - 1005
Translational Bridge 2 0
0 - 1005
VLAN State Eligible for Pruning
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
Active Prune eligible for VLAN’s 2-1001, VLAN’s 10064094 not eligible for pruning
Active/Suspend ---
17
C on fi g u ri n g V L A N ’s V L A N
C onf ig u ration O p tions
Cisco Systems
A VLAN can only be configured on a switch defined as a VTP Server or when it is in VTP Transparent Mode – VTP Clients cannot configure VLAN’s… There are two ways to configure VLAN’s – in Global Configuration Mode or VLAN Database Mode (which is being deprecated) 6500# % W a r n a s V do c u 6500(v V LA N 3 N a
6500# E n t e r 6500(c 6500(c
v l a n d a i n g : I t LA N da t m e n t a t i l a n )# v 20 a dde m e : V LA
c o c o o n o n
t a b i s a b a o n l a n d: N 03
VLAN Database Mode
a s e r e c o m m e n de d t o c o n f i g u r e V LA N f r o m c o n f i g m o de , s e m o de i s b e i n g de p r e c a t e d. P l e a s e c o n s u l t u s e r f o r c o n f i g u r i n g V T P /V LA N i n c o n f i g m o de . 3 2 0 20
Global Configuration Mode
n f t n f i g u r a t i o n c o m m a n ds , f i g )# v l a n 3 3 0 f i g -v l a n )#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
o n e
p e r
l i n e .
E n d w i t h C N T L/Z.
18
C on fi g u ri n g V L A N ’s C re ating and M odif y ing
Cisco Systems Once a VLAN has been created in global configuration mode, a range of options are then presented to the user with which to modify the VLAN from its defaults.. 6500(c 6500(c o V VL LA AN N c co a ar re e
on on
nf nf
fi fi
ig ig
g -v-v l gu ur ra
l a a n n )#)# ? at ti io on n M Ma ax z ze er b ba ac ck ku up pc cr rf f B Ba ac b br ri id dg ge e B Br ri e ex xi it t A Ap pp m me ed di ia a M Me ed m mt tu u V VL LA n na am me e A As sc n no o N Ne eg p pa ar re en nt t I ID D p p r r i i v v a a t t e e -v-v l l a a n n C C o o n r r e e m m o o t t e e -s-s p p a a n n C Co on r ri in ng g R Ri in s sa ai id d I IE EE s sh hu ut td do ow wn n S Sh hu s st ta at te e O Op pe s st te e M Ma ax (o(o r s st tp p S Sp pa t t b b -v-v l l a a n n 1 1 I ID D z ze er t t b b -v-v l l a a n n 2 2 I ID D z ze er
?
c co om xi im mu ro o i ck ku up id dg gi pl ly y di ia a AN N M ci ii i ga at te n nu um nf fi ig nf fi ig ng g n EE E 8 ut td do er ra at xi im mu r z ze an nn ni n nu um ro o i n nu um ro o i
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
mm um if p in
ma mn f
a n n d d s s :: n n nu um mb be er n no on ne e s sp C CR RF F m mo od de ng g c ch ha ar ra ac c ch ha an ng ge es s, , t ty yp pe e o of f t Ma ax xi im mu um m T Tr n na am me e o of f t e a a c co om mm ma an mb be er r o of f t th gu ur re e a a p pr ri gu ur re e a as s R Re nu um mb be er r o of f 8 0202 .1.1 00 S S A A I ow wn n V VL LA AN N s ti io on na al l s st ta um mn n n nu um mb be er er ro o i if f n no on in ng g t tr re ee e c mb be er r o of f t th i f f n n o o n n e e )) mb be er r o of f t th i f f n n o o n n e e ))
r o of pe ec ci e o of ct te er b bu um th he e ra an ns th he e nd d o he e P iv va at em mo ot F FD DD ID D sw wi it at te e r o of ne e s ch ha ar he e f
f A Al if fi ie f t th ri is st mp p r V VL LA sm mi is V VL LA or r s Pa ar re te e V te e S DI I o tc o
ch of f S sp pe ra ac fi ir
ll ed he ti re AN ss AN se en VL SP or
l R Ro d )) e V VL ic cs s ev vi is N si io on N et t i nt t V LA AN N PA AN N r T To
hi in ng f t th Sp pa an ec ci if ct te er rs st t
g
he nn fi ri
o u u t t e e E E x x p p l l o o r r e e r r h h o o p p s s f f o o r r t t h h i i s s V V L L A A N N (o(o r r LA o
AN N of f t th is i o o n n n
he e V nu um mb
n U Un ni it t it VL
VL be
LA er
ts s d de ef fa au ul lt LA AN N o of f F FD DD
AN N r, , a an nd d e ex xi it t m mo od de e ts s DI I o or r T To ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
V VL LA AN N ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
e V VL LA AN ni in ng g T i e e d d )) is st ti ic cs t tr ra an ns sl
N
Tr re ee e E Ex xp pl lo or re er r h ho op ps s f fo or r t th hi is s V VL LA AN N s o of f t la at ti io on
th na
he e V VL al l V VL
LA LA
AN N A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r
h e e s s e e c c o o n n d d t t r r a a n n s s l l a a t t i i o o n n a a l l V V L L A A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r 19
C on fi g u ri n g V L A N ’s
C re ating and M odif y ing E x te nde d V L A N ’s
Cisco Systems
Creating an extended VLAN will not work without some additional configuration… 6500(c 6500(c o 6500(c 6500(c o %% F F a a i i l l e S Sp pa an nn ni in
on nf fi ig on nf fi ig e dd t t o n g g -t-t r
g )# )# v g -v-v l l a o c cr re re ee e e
vl an ea ex
l a a n n 3 3 000 000 )# n )# a t t e e V V LALA N N s s 3 3 000 000 tx t e e n n dd s s y y s s t t e e m m -i-i dd n n e e e e dd t t o o b b e e e e n n a a b b l l e e d. d.
!
To create an extended VLAN, the extended system-id feature must be enabled… 6500(c 6500(c o o n n f f i i g g )# )# s s s y y s s t t e e m m -i-i dd E E x 6500(c 6500(c o o n n f f i i g g )# )# s 6d05h: 6d05h: %S%S P P A A N N T T R R E
sp pa an nn ni in x t t e e n n dd s sp pa an nn ni in E E E -5-E -5-E X
n g g -t-t r sy ys st te n g g -t-t r XT TE EN ND
re ee e e ex xt e m m -i-i dd i re ee e e ex xt DE ED D_ _S SY YS
t e e n n dd ?? in nt to o p pr ri t e e n n dd s s y y s S I I D D :: E E x x t
io st te
or te en
ri it ty y p po e m m -i-i dd n dede dd S S y
o r r t t i i o o n n o o f f t t hehe b b r r i i dgdg e e i i dd (P(P V V S S T T o o n n l l y y )) y s s I I dd e e n n a a b b l l e e dd f f o o r r t t y y p p e e v v l l a a n n
Following enabling this feature, extended VLAN’s can be created… 6500(c 6500(c o 6500(c 6500(c o
on on
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
nf nf
fi fi
ig ig
g )# )# v g -v-v l l a
vl an
l a a n n 3 3 000 000 )# n )# 20
C on fi g u ri n g V L A N ’s C re ating and M odif y ing
Cisco Systems
The maximum MTU size for this VLAN can be specified as follows... 6500(c 6500(c o o n n f f i i g g -v-v l l a a n n )# )# m m t t u u ?? <57 <57 6-18 6-18 1919 0> 0> V V a a l l u u e e o o f f V V LALA N N M M a a x x i i m m u u m m T T r r a a n n m m i i s s s s i i o o n n U U n n i i t t
A name other than the default “VLANvlan_number” can be assigned as follows... 6500(c 6500(c o o n n f f i i g g -v-v l W W O O R R D D T T hehe a a s
la sc
an ci
n )# )# n ii i n na
na am
a m m e e ?? m e e f f o o r r t t hehe V V LALA N N
Specify whether this VLAN is active or suspended... 6500(c 6500(c o a ac ct ti iv s su us sp pe
on ve en
nf fi ig e n dd
g -v-v l l a V V LALA N V V LALA N
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
an N N
n )# )# s A Ac ct ti S Su us sp
st iv pe
ta ve en
at te e e S St ta at n dede dd S
te e St ta at te e 21
C on fi g u ri n g V L A N ’s
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
Once the VLAN has been created, it can be assigned to an access port. First the port must first be defined as a layer 2 port – this is done by issuing the switchport command as shown below… 6500(c 6500(c o 6500(c 6500(c o
on nf fi on nf fi
i g g )# )# i i n n t t e i g g -i-i f f )# )# s
er sw
rf wi
fa it
ac tc
ce e g c hphp o
g 1/14 1/14 ro r t t
Next the VLAN can be assigned to this port as follows… 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f <1-4 <1-4 0909 4 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f
f i i g g )# )# i i n n t t e f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )# s 4 >> V V LALA N N I f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )#
er sw sw
rf wi wi
fa it it
ID D o sw wi it
ac tc tc
of tc
c e e g g 1/14 1/14 hp o r c hp o r t t c hphp o o r r t t a a c c c f t t hehe V V LALA N c hphp o o r r t t a a c c c
ce es ss s v N w w hehe n ce es ss s v
v l l a a n n ?? n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede v l l a a n n 3 3 3 3 00
Interface G1/14 in the example above is now in VLAN 330 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
22
C on fi g u ri n g V L A N ’s
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
The VLAN assignment can be confirmed by using the following show command… 6500(c 6500(c o o n n f f i i g g )# )# s s hoho w w i i n n t t e e r r f f a a c c e e g g 1/14 1/14 N N a a m m e e :: G G i i 1/14 1/14 S S w w i i t t c c hphp o o r r t t :: E E n n a a b b l l e e dd A A dmdm i i n n i i s s t t r r a a t t i i v v e e M M o o dede :: dydy n n a a m m i i c c dede s s i i r r a O O p p e e r r a a t t i i o o n n a a l l M M o o dede :: dodo w w n n A A dmdm i i n n i i s s t t r r a a t t i i v v e e T T r r u u n n k k i i n n g g E E n n c c a a p p s s u u l l a a t t i N N e e g g o o t t i i a a t t i i o o n n o o f f T T r r u u n n k k i i n n g g :: O O n n A A c c c c e e s s s s M M o o dede V V LALA N N :: 3 3 3 3 00 (V(V LALA N N 0303 3 3 0) 0) T T r r u u n n k k i i n n g g N N a a t t i i v v e e M M o o dede V V LALA N N :: 11 (de (de f f a a u V V o o i i c c e e V V LALA N N :: n n o o n n e e A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n hoho s s t t -a-a s A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n m m a a p p p p i i n n g O O p p e e r r a a t t i i o o n n a a l l p p r r i i v v a a t t e e -v-v l l a a n n :: n n o o n n e e T T r r u u n n k k i i n n g g V V LALA N N s s E E n n a a b b l l e e d: d: A A LL LL P P r r u u n n i i n n g g V V LALA N N s s E E n n a a b b l l e e d: 2-1001 d: 2-1001 C C a a p p t t u u r r e e M M o o dede D D i i s s a a b b l l e e dd C C a a p p t t u u r r e e V V LALA N N s s A A l l l l o o w w e e d: d: A A LL LL U Un nk U Un nk
kn kn
no no
ow ow
wn n u un wn n m mu
ni ul
ic lt
ca ti
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
as ic
st t b bl lo oc ca as st t b bl
ck lo
ke oc
e d: d: didi s s a a b c k k e e d: d: didi s
bl sa
le ab
s s w w i i t t c c hphp o o r r t t ab bl le e
i o o n n :: n n e e g g o o t t i i a a t t e e u l l t t )) ss so oc g :: n
ci no
Port placed in VLAN 330 ia on
a t t i i o o n n :: n n o o n n e e ne e
e dd b l l e e dd 23
C on fi g u ri n g V L A N ’s I nte rnal V L A N
A l l ocation P ol icy
Cisco Systems
Internal VLAN usage on the switch can be viewed using the following command… 6500# 6500# s s hoho w w v v l l a a n n i i n n t t e e r r n n a a l l u u s s a a g g e e
V V LALA N N U U s s a a g g e e ------- --------------------------------------1006 o 1006 o n n l l i i n n e e didi a a g g v v l l a a n n 00 1007 1007 o o n n l l i i n n e e didi a a g g v v l l a a n n 11 1008 1008 o o n n l l i i n n e e didi a a g g v v l l a a n n 22 1009 1009 o o n n l l i i n n e e didi a a g g v v l l a a n n 3 3 1010 1010 o o n n l l i i n n e e didi a a g g v v l l a a n n 4 4 1011 1011 o o n n l l i i n n e e didi a a g g v v l l a a n n 55 1012 1012 P P M M v v l l a a n n p p r r o o c c e e s s s s (t(t r r u u n n k k t t a 1013 1013 L3L3 m m u u l l t t i i c c a a s s t t p p a a r r t t i i a a l l s s hoho r 1014 1014 v v r r f f _ _ 0_0_ v v l l a a n n 1016 1016 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 5/1 5/1 1018 G i g a b i t E t he r n e t 1/1 1018 G i g a b i t E t he r n e t 1/1 1019 1019 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 1/13 1/13
ag rt
gg tc
gi cu
in ut
n g g )) t s s f f o o r r V V P P N N 00
In this example above, it can be seen that the allocation policy is “Ascending”, that being the internal VLAN’s have been allocated from 1006 and upwards… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
24
C on fi g u ri n g V L A N ’s I nte rnal V L A N
A l l ocation P ol icy
Cisco Systems
If the Internal VLAN allocation policy needs to be changed, then the following command can be used… 1006 1007 1008 1009 ….. 6500(c 6500(c o a as sc ce en dede s s c c e
…… 4091 4092 4093 4094 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
on nf fi ig n didi n n g e n n didi n
g )# )# v v l l a A Al ll g ng g A Al ll
an n lo oc lo oc
i in nt ca at te ca at te
te er rn e i in e i in
na al l nt te er nt te er
a al ll rn na al rn na al
lo oc ca at ti l V V LALA N l V V LALA N
io on n p po ol li ic N i in n a as sc ce N i i n n dede s s c
c y y ?? e n n didi n n g g o o r r dede r r c e e n n didi n n g g o o r r dede r r
If the policy is changed, then the switch needs to be reloaded for the change to take effect
! 25
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems
A Switchport can be configured as a VLAN Trunk Port. It must first be defined as a layer 2 port as follows… 6500(c 6500(c o 6500(c 6500(c o
on nf fi on nf fi
i g g )# )# i i n n t t e i g g -i-i f f )# )# s
er sw
rf wi
fa it
ac tc
ce e g c hphp o
g 1/15 1/15 ro r t t
Next the interface can be enabled as a Trunk port – first the VLAN trunk encapsulation must be defined… 6500(c 6500(c o o n n f dodo t t 1q 1q i is sl l n ne eg go ot ti ia
f i i g g -i-i f f )# )# s I In nt te er I In nt te er at te e D De ev vi ic i in nt te er
sw rf rf ce rf
wi fa fa e fa
it ac ac
tc ce ce w wi ac ce
c hphp o e u us e u us il ll l e
or se se
rt es es n ne
t t tr s o on s o on eg go ot
ru nl nl ti
un ly ly ia
nk y y at
k e en nc ca ap ps su 8 8 02.1q 02.1q t I I S S LL t t r r u u n te e t tr ru un nk ki
ul tr nk in
la ru ki ng
at ti io un nk ki in ng g g e en
on n in ng e en nc ca
?? g e en nc ca ap ap ps su
nc ps ul
ca su la
ap ul at
ps la ti
su at io
ul ti on
la io n
at ti io on n w o n n w w hehe n w w i i t t hh p
w hehe n n t tr pe ee er
n t tr ru un nk r o on
ru ki n
un in
nk ki in ng g ng g
For the purposes of this exercise, we will assume a Dot1Q trunk has been defined… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
26
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems
After the encapsulation type is chosen, the mode in which this trunk port is going to operate must be defined.. 6500(c 6500(c o o n n f f i i g g -i-i f a ac cc ce es ss s dodo t t 1q-t 1q-t u u n n n n e e l dydy n n a a m m i i c c p p r r i i v v a a t t e e -v-v l l a a n t tr ru un nk k
f )# )# s S Se l s se S Se n S Se S Se
sw et et et et et
wi t t t t t
i t t c c hphp o t tr ru un nk t tr ru un nk t tr ru un nk t t hehe m t tr ru un nk
or ki ki ki mo ki
rt t m in ng g in ng g in ng g o dede in ng g
m o o dede ?? m m o o dede t t o m m o o dede t t o m m o o dede t t o t to o p pr ri iv m m o o dede t t o
o A AC CC CE ES o T TU UN NN NE o dydy n n a a m v a a t t e e -v-v l o T TR RU UN NK
SS S u E LL u mi ic ca la an n K u un
un un al
nc co nc co ll ly hoho s nc co on
o n n didi t o n n didi t y n ne eg st t o or n didi t t i
ti ti go r io
io io ot
on on ti p pr on na
na na ia ro al
al al at om ll
ll ll te mi ly
ly ly e is y y
y
a ac cc sc cu uo
ce ou
e s s s s o o r r t t r r u u n n k k m m o o dede us s
Assuming we want the trunk to initiate negotiation – we would choose the “dynamic” option – dynamic specifies a further sub category of auto and desirable to specify to finish off the configuration of the trunk port 6500(c 6500(c o a au ut to o dede s s i i r
o n n f f i i g g -i-i f f )# )# s S Se et t t ra ab bl le e S Se et t t
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it tr ru un tr ru un
t c c hphp o nk ki in ng nk ki in ng
or rt t g m mo g m mo
m m o o dede dydy n o dede dydy n n a a m o dede dydy n n a a m
na am mi mi ic c mi ic c
ic c n ne n ne
?? eg go ot eg go ot
ti ti
ia ia
at at
ti ti
io io
on n p pa on n p pa
ar ar
ra ra
am am
me me
et et
te te
er r t to o A AU er r t to o D DE
UT ES
TO O S I I R R A A B B LELE
27
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems By default the trunk will allow all VLAN’s to be carried across the link – this behavior can be changed by specifying which VLAN’s are allowed..
6500(c 6500(c o W WO OR RD D a a dd dd a al ll l e ex xc ce ep n no on ne e r re em mo ov
o n n f f i i g g -i-i f f )# )# s V V LALA N N I I D D s a a dd dd V V LALA N a a l l l l V V LALA N p t t a a l l l l V V LALA N n n o o V V LALA N N s ve e r re em mo ov ve e V
sw wi it s o of Ns s t Ns s Ns s e s V LALA N
t c c hphp o o r r t f t t hehe a t o o t t hehe
t t tr al ll lo c cu ur
ru un nk k a o w w e e dd V rr re en nt t
al ll lo V LALA N l li is
o w w e e dd v v l l a a n n ?? N s s w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede st t
e x x c c e e p p t t t t hehe f f o o l l l l o o w w i i n n g g
N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
VLAN’s can also be configured to be pruned from the trunk using the following command 6500(c 6500(c o a a dd dd e ex xc ce ep n no on ne e r re em mo ov
o n n f f i i g g -i-i f f )# )# s a a dd dd V V LALA N p t t a a l l l l V V LALA N n n o o V V LALA N N s ve e r re em mo ov ve e V
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it Ns s t Ns s e s V LALA N
t c c hphp o o r r t t t t r r u t o o t t hehe c c u u r r r e x x c c e e p p t t t t hehe
un nk k re en nt f fo ol
p pr ru t l li ll lo ow
u n n i i n n g g v v l l a a n n ?? is st t wi in ng g
N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
28
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems If the port were to stop trunking, you can define the access vlan that the trunk port would become a part of using the following command.. 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f <1-4 <1-4 0909 4 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f
f i i g g )# )# i i n n t t e f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )# s 4 >> V V LALA N N I f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )#
er sw sw
rf wi wi
fa it it
ID D o sw wi it
ac tc tc
of tc
c e e g g 1/15 1/15 hp o r c hp o r t t c hphp o o r r t t a a c c c f t t hehe V V LALA N c hphp o o r r t t a a c c c
ce es ss s v N w w hehe n ce es ss s v
v l l a a n n ?? n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede v l l a a n n 500 500
An optional command is the ability to change the default native vlan from 1 to another number for this trunk. The native VLAN can be changed using the following command… 6500(c 6500(c o o n n f <1-4 <1-4 0909 4
f i i g g -i-i f f )# )# s 4 >> V V LALA N N I
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it ID D o
t c c hphp o o r r t t t o f f t t hehe n n a
tr ru un at ti iv
n k k n n a a t t i i v v e e v v l l a a n n ?? v e e V V LALA N N w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede
29
C on fi g u ri n g V L A N ’s M ap p ing 8 0 2 . 1 Q
V L A N ’s to I S L V L A N ’s
Cisco Systems
Dot1Q VLAN’s can be manually mapped to an ISL VLAN using the following command… Specify the dot1q vlan below 6500(c 6500(c o o n n f f igig )# )# v v l l a a n n m m a a p p p p inin g g d d o o t t 1q1q ?? <1-409 5> <1-409 5> V V LALA N N I I D D o o f f t t h h ee .1Q .1Q V V LALA N N t t o o m m a a p p f f r r o o m m /t/t o o o o n n a a l l l l inin c c o o m m inin g g /o/o u u t t g g o o inin g g .1Q .1Q t t r r u u n n k k s s
Then the ISL keyword with the ISL VLAN 6500(c 6500(c o o n n f f igig )# )# v v l l a a n n m m a a p p p p inin g g d <1-409 4> <1-409 4> V V LALA N N I I D D o o f f t t h h ee I
d o o t t 1q1q 3000 3000 isis l l ?? SI S LL V V LALA N N t t o o m m a a p p t t o o /f/f r r o o m m o o n n t t h h ee l l o o c c a a l l d d evev icic ee
6500(c 6500(c o o n n f f i i g g )# )# v v l l a a n n m m a a p p p p i i n n g g dodo t t 1q 1q 3 3 000 000 i i s s l l 200 200
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
30
C on fi g u ri n g V L A N ’s M ap p ing 8 0 2 . 1 Q
V L A N ’s to I S L V L A N ’s
Cisco Systems
The results of the mapping can be viewed using the following command…
6500# 6500# s s h h o o w w v v l l a a n n m G Ge en ne er ra al l V VL LA AN N T Tr ra an
ma ns
ap sl
pp la
pi at
in ti
ng g i o o n n s s ::
O Or ri - -- --
an --
ns --
sl --
la --
at --
te --
ig --
gi --
in --
na --
al l V -- -- --
8 8 0202 .1Q .1Q T T r 8 8 0202 .1Q .1Q V V L - -- -- -- -- -- -- -- -3 3 000 000 6500# 6500#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
ru LA
VL --
LA --
AN N T Tr -- - - --
ra --
un nk k R Re em ma ap I IS SL AN N - -- -- --- -- 2
pp pe ed d L V VL LA -- -- -- -2 00 00
ed d V -- -- --
VL --
LA --
AN N -- -
V V L L A A N N s s :: AN N -- -- -- -
31
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
Information on VLAN’s can be shown using a range of show commands… 6500# 6500# s s hoho w w v a a c c c c e e s s s s -l-l o o g a a c c c c e e s s s s -m-m a a p b br ri ie ef f c co ou un nt te er rs s dodo t t 1q 1q f fi il lt te er r i i dd i i f f i i n n dede x x i in nt te er rn na al l m ma ap pp pi in ng g n na am me e p p r r i i v v a a t t e e -v-v l r r e e m m o o t t e e -s-s p p a s su um mm ma ar ry y | |>
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
v l l a a n n ?? V V A A C C LL LoLo g g g g i i n n g g g V V LALA N N a a c c c c e e s s s s -m-m a a p p p V V T T P P a a l l l l V V LALA N N s s t t a V V LALA N N t t r r a a f f f f i i c c c c o o u D D i i s s p p l l a a y y dodo t t 1q 1q p p a V V LALA N N f f i i l l t t e e r r i i n n f f o V V T T P P V V LALA N N s s t t a a t t u u s s S S N N M M P P i i f f I I n n dede x x V V LALA N N i i n n t t e e r r n n a a l l u u s S S hoho w w V V LALA N N m m a a p p p p i i n V V T T P P V V LALA N N s s t t a a t t u u s s l a a n n P P r r i i v v a a t t e e V V LALA N N i i n n f R R e e m m o o t t e e S S P P A A N N V V LALA N an n V V LALA N N s s u u m m m m a a r r y y i i n n f O O u u t t p p u u t t m m o o didi f f i i e e r r s
at tu us un nt te ar ra am or rm ma b by y sa ng
fo Ns
b
s
fo
ag gs by or s or
ge s y rm
s i in n er rs s f me et te er at ti io on V V LALA N e
n
b br ri ie ef f f o o r r a a l l l l V V LALA N N s s rs s N i i dd
V V LALA N N n n a a m m e e ma at ti io on n
rm ma at ti io on n
32
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
6500# 6500# s s h h o o w w v v l l a a n n b b r r ief ief V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s ------- --------------------------------------------------------------- ----------------- ------------------------------------------------------------11 d d efef a a u u l l t t a a c c t t iviv ee G G i1/2, i1/2, G G i1/5, i1/5, G G i1/6, i1/6, G G i1/7 i1/7 G G i1/8, G i1/12, G i1/14, i1/8, G i1/12, G i1/14, G G i3/3 i3/3 G G i3/4, G i3/5, G i3/6, G i3/7 i3/4, G i3/5, G i3/6, G i3/7 G G i4/1, i4/1, G G i4/2, i4/2, G G i4/3, i4/3, G G i4/4 i4/4 G G i4/5, G i4/6, G i4/8 i4/5, G i4/6, G i4/8 101 V LA N 0101 a c t iv e G i3/2 101 V LA N 0101 a c t iv e G i3/2 300 V LA N 0300 a c t iv e 300 V LA N 0300 a c t iv e 310 a a c c t t iviv ee 310 m m a a r r k k etet inin g g 320 a a c c t t iviv ee 320 V V LALA N N 0320 0320 330 a a c c t t iviv ee 330 V V LALA N N 0330 0330 1002 a a c c t t /u/u n n s s u u p p 1002 f f d d d d i-d i-d efef a a u u l l t t 1003 a a c c t t /u/u n n s s u u p p 1003 t t r r c c r r f f -d-d efef a a u u l l t t 1004 f d d in et -d ef a u l t a 1004 f d d in et -d ef a u l t a c c t t /u/u n n s s u u p p 1005 a a c c t t /u/u n n s s u u p p 1005 t t r r b b r r f f -d-d efef a a u u l l t t 3000 a a c c t t iviv ee 3000 V V LALA N N 3000 3000 802.1Q 802.1Q T T r r u u n n k k R R emem a a p p p p eded V V LALA N N s s :: 802.1Q I I S S LL V V LALA N N 802.1Q V V LALA N N --------------------- --------------------3000 200 3000 200
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
33
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
VLAN counters for each VLAN can be displayed as follows… 6500# 6500# s s h h o * * M M u u l l t t icic a V Vl la an L2 L2 U L2 L2 U L3 L3 I L3 L3 I L3 L3 O L3 L3 O L3 L3 O L3 L3 O L3 L3 I L3 L3 I L2 L2 M L2 L2 M
ow w v vl la an n c as st t c co ou un nt
n I Id d U n n icic a a s s t U n n icic a a s s t In np pu ut t U In np pu ut t U Ou ut tp pu ut t Ou ut tp pu ut t Ou ut tp pu ut t Ou ut tp pu ut t In np pu ut t M In np pu ut t M M u u l l t t icic a M u u l l t t icic a
c o o u u n n t t erer s s t erer s s inin c c l l u u d d ee b b r r o o a a d d c c a a s s t t p p a a c c k k etet s s
t P P a a c c k k etet s s t O O c c t t etet s s U n n icic a a s s t t P P a a c U n n icic a a s s t t O O c c t U U n n icic a a s s t t P P a U U n n icic a a s s t t O O c M M u u l l t t icic a a s s t t M M u u l l t t icic a a s s t t M u u l l t t icic a a s s t t P M u u l l t t icic a a s s t t O a s s t t P P a a c c k k etet s a s s t t O O c c t t etet s s
c k k etet s s t etet s s a c c k k etet s s c t t etet s s P P a a c c k k etet s s O O c c t t etet s s P a a c c k k etet s s O c c t t etet s s s
:: 11 :: 37602 37602 :: 370159 370159 11 :: 12025 12025 :: 1259 1259 7979 9 9 9 9 :: 13855 13855 :: 1662068 1662068 :: 00 :: 00 :: 00 :: 00 :: 1919 42 42 :: 124312 124312
<s<s n n ipip > >
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
34
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
6500# 6500# s s h h o o w w v v l l a a n n idid 3000 3000
V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s ------- --------------------------------------------------------------- ----------------- ------------------------------------------------------------3000 E n g in eer in g a c t iv e G 3000 E n g in eer in g a c t iv e G i1/2, i1/2, G G i1/5, i1/5, G G i1/6, i1/6, G G i1/7 i1/7 G G i1/8, G i1/12, G i1/14, i1/8, G i1/12, G i1/14, G G i3/3 i3/3 G G i3/4, G i3/5, G i3/6, G i3/7 i3/4, G i3/5, G i3/6, G i3/7 G G i4/1, i4/1, G G i4/2, i4/2, G G i4/3, i4/3, G G i5/2 i5/2 V V LALA N N T T y y p p ee S S A A I I D D M MT TU U P P a a r r enen t t R R inin g g N N o o B B r r idid g g eNeN o o S S t t p p B B r r d d g g M M o o d d ee T T r r a a n n s s 11 T T r r a a n n s s 22 ------- --------- ------------------- --------- ----------- ----------- --------------- ------- --------------- ----------- ----------3000 en et 103000 1500 0 0 3000 en et 103000 1500 0 0 R R emem o o t t ee S S P P A A N N V V LALA N N ------------------------------D D isis a a b b l l eded P P r r imim a a r r y y S S ecec o o n n d d a a r r y y T T y y p p ee P Po or rt ts s ------------- ----------------- --------------------------------- ----------------------------------------------------------------------------------6500# 6500#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
35
Cisco Systems
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
36
November 2003
CHAPTER 11: Virtual LAN’s (VLAN’s) Carl Solder Technical Marketing Engineer Internetworking Systems Business Unit ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
1
Before we start…
Cisco Systems
NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. This is a training module that forms part of a complete Catalyst 6500 training materials. It is designed to provide an introduction to the topic in question, review the configuration commands and provide sample configurations… This update is based on a Catalyst 6500 running the Supervisor 720 with the 12.2SX version of IOS code… NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE..
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
2
Cisco Systems
CHAPTER 11.1 – Understanding VLAN’s
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
3
U n d erstan d i n g V L A N ’s
Cisco Systems
A Virtual LAN allows the grouping of different switch ports into the same broadcast domain as though they were connected via the same physical switch. A VLAN can span across non contiguous ports, across different modules and across different switch’s.
Switch A
Switch B
In the above diagram, there are three VLAN’s, Red, Green and Blue – all hosts belonging to a particular VLAN need to traverse a Layer 3 device to reach a host in another VLAN… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
4
U n d e r stan d i n g V L A N ’s Broadcast Domain
Cisco Systems
A VLAN creates a broadcast domain such that any broadcasts generated by hosts within the VLAN do not (by default) cross into another VLAN boundary…
Switch A A
In the above example, a broadcast sent by “Red” host A will be forwarded to all other hosts in the RED VLAN, but not to hosts in the BLUE or GREEN VLAN… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
5
U n d e r stan d i n g V L A N ’s V L A N ’s and I P S u b ne ts
It is common practice for a Virtual LAN to be associated with a single IP Subnet as follows. VLAN A - IP Subnet A
Cisco Systems While not common, it is valid for multiple subnets to exist wholly within the same VLAN but in this case each subnet needs a layer 3 device to communicate to another subnet… Switch
Switch
VLAN B - IP Subnet B ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
VLAN C - IP Subnet A & B 6
U n d erstan d i n g V L A N ’s V L A N
N u mb e r R ang e
Cisco Systems
When a VLAN is created, it has to be assigned a valid number within a specified range. Currently the VLAN number range is as follows… VLAN #
Range
0
Reserved
1
Usage
VTP Support
System Use only
N/A
Normal
Cisco Default – Usable but cannot be deleted
Yes
2 - 1001
Normal
Can be created, used and deleted
Yes
1002 - 1005
Normal
Defaults for Token Ring and FDDI – Cannot be deleted
Yes
1006 - 4094
Extended
For Ethernet VLAN’s only - Can be created, used and deleted
No
4095
Reserved
System Use only
N/A
NOTE: Configuring extended VLAN’s required additional configuration ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
7
U n d erstan d i n g V L A N ’s E x te nde d V L A N ’s
Cisco Systems
Each VLAN consumes a MAC address (used by Spanning Tree to build a bridge ID). As the switch only has 1024 MAC addresses, using extended VLAN’s (1006 – 4024) requires users to enable the “extended system-id” feature – this enables switch to build a unique bridge ID for all potential 4094 VLAN’s… Normal Spanning Tree Bridge ID is built as follows… Bridge Priority 2 bytes – 16 bits Bridge Priority without extended system-id configured… Bridge Priority 2 bytes – 16 bits ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
MAC Address 6 bytes – 48 bits Bridge Priority with extended system-id configured… Bridge Priority Extended System ID (VLAN) 4 bits
12 bits 8
U n d erstan d i n g V L A N ’s I nte rnal V L A N ’s
Cisco Systems
The Catalyst 6500 uses a VLAN number internally to represent a layer 3 port – that being a physical layer 3 port (like a FlexWAN or a routed Ethernet port) or a logical layer 3 port (like a sub-interface on a FlexWAN port, etc)… STD VLAN 1-1001
Standard Ethernet layer 2 port can be placed in any VLAN
VLAN interface can use any VLAN number EXTD VLAN 1006 to 4094
A layer 3 Ethernet port or a FLEXWAN/OSM layer 3 port each consumes 1 extended VLAN number A sub-interface consumes 1 extended VLAN number
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
9
U n d erstan d i n g V L A N ’s I nte rnal V L A N ’s
Cisco Systems
Once an extended VLAN is consumed by a layer 3 port, it cannot be used for other purposes… The switch can be configured to define the allocation policy – that is should extended VLAN numbers be allocated bottom up (from 1006 up) or top down (from 4094 down)… STD VLAN 1-1001
EXTD VLAN 1006 to 4094
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
1006 1007 1008 1009 …..
Allocation policy of ascending indicates the VLAN’s allocated to layer 3 interfaces will be assigned from 1006 and upwards…
INTERNAL VLAN ALLOCATION POLICY …… 4091 4092 4093 4094
Allocation policy of descending indicates the VLAN’s allocated to layer 3 interfaces will be assigned from 4094 and downwards… 10
U n d erstan d i n g V L A N ’s V L A N
P ort T y p e s
Cisco Systems
Switch Ports defined as an access port are placed in a VLAN. They can only belong to one VLAN at a time. Special Switch Ports can be defined as a VLAN Trunk Port which I designed to carry traffic from multiple VLAN’s… Trunk ports tend to be defined for links to other switches or routers… Port 2/1 – VLAN 20 Port 2/2 – VLAN 10 Switch
Port 2/3 – VLAN 10 Port 2/4 – VLAN 30
Switch
Port 2/5 – VLAN 20 Port 2/6 – VLAN 30 Access Ports ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
Trunk Ports 11
U n d erstan d i n g V L A N ’s V L A N
T ru nk s - T ag g ing
Cisco Systems
A VLAN trunk will tag data with its VLAN number, so the destination switch will know which VLAN to forward to packet to – There are two technologies supported in the Catalyst 6500 to “tag” VLAN’s and they are ISL and 802.1Q – these are typically implemented in ASIC’s to maximize performance Trunk Port to carry traffic from Multiple VLAN’s
VLAN 20
VLAN 20 VLAN 10
Switch
Switch
VLAN 10 VLAN 30
VLAN 30
Individual VLAN’s running on Access Ports ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
12
U n d erstan d i n g V L A N ’s V L A N
T ag g ing – I S L
Cisco Systems
Inter Switch Link (ISL) was the first VLAN tagging mechanism released by Cisco. It is a “two level” tagging mechanism as it prepends and appends tags both at the front and back of the encapsulated frame… Its supports 1024 VLAN numbers DA
Type
User
SA
LEN
ISL Header 26 Bytes
AAAA03
HSA
VLAN BPDU
Data
Data
VLAN 30 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
RES
FCS 4 Bytes
Data
Data VLAN 20
VLAN 20 VLAN 10
INDEX
Switch
Switch
VLAN 10 VLAN 30 13
U n d erstan d i n g V L A N ’s V L A N
T ag g ing – 8 0 2 . 1 Q
Cisco Systems
802.1Q is an IEEE standard for VLAN Tagging - It is a “one level” tagging mechanism inserting a single tag within the Ethernet frame… Unlike ISL, it supports the full 4096 VLAN numbers…
User Priority
DA
SA
CFI
ETH-TYPE
Data
VLAN Number
TAG
TYPE/LEN
Data
Data VLAN 20
VLAN 20 VLAN 10 VLAN 30 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
DATA
Switch
Switch
VLAN 10 VLAN 30 14
U n d erstan d i n g V L A N ’s M ap p ing Dot1 Q
to I S L V L A N ’s
Cisco Systems
There may be occasions where a user group is split across a Dot1Q network an ISL network – in this case, to allow communication between the two disparate groups, VLAN mapping must take place on a switch that bridges the two networks… Dot1Q
ISL SWITCH
Map Table
. . . . .
. . . . .
ISL
Dot1Q
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
The switch will maintain a map table that maps a Dot1Q VLAN to an ISL VLAN…
15
U n d erstan d i n g V L A N ’s M ap p ing Dot1 Q
to I S L V L A N ’s R u l e s
Dot1Q
Cisco Systems ISL
SWITCH
Rules for mapping Dot1Q VLAN’s to ISL VLAN’s 1. You can configure up to eight 802.1Q-to-ISL VLAN mappings on the Catalyst 6500 series switch. 2. You can only map 802.1Q VLAN’s to Ethernet-type ISL VLAN’s. 3. Do not enter the native VLAN of any 802.1Q trunk in the mapping table. 4. When you map an 802.1Q VLAN to an ISL VLAN, traffic on the 802.1Q VLAN corresponding to the mapped ISL VLAN is blocked. For example, if you map 802.1Q VLAN 1007 to ISL VLAN 200, traffic on 802.1Q VLAN 200 is blocked. 5. VLAN mappings are local to each Catalyst 6500 series switch. Make sure you configure the same VLAN mappings on all appropriate network devices ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
16
C on fi g u ri n g V L A N ’s E th e rne t De f au l t V L A N
C onf ig u ration
Cisco Systems
The default VLAN configuration for Ethernet ports in the Catalyst 6500 are… Parameter VLAN ID VLAN Name MTU Size
Default 1 “Default” for VLAN 1, “VLANvlan_id” for other VLAN’s 1500
Range 1-4094 --576 - 18190
Translational Bridge 1 0
0 - 1005
Translational Bridge 2 0
0 - 1005
VLAN State Eligible for Pruning
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
Active Prune eligible for VLAN’s 2-1001, VLAN’s 10064094 not eligible for pruning
Active/Suspend ---
17
C on fi g u ri n g V L A N ’s V L A N
C onf ig u ration O p tions
Cisco Systems
A VLAN can only be configured on a switch defined as a VTP Server or when it is in VTP Transparent Mode – VTP Clients cannot configure VLAN’s… There are two ways to configure VLAN’s – in Global Configuration Mode or VLAN Database Mode (which is being deprecated) 6500# % W a r n a s V do c u 6500(v V LA N 3 N a
6500# E n t e r 6500(c 6500(c
v l a n d a i n g : I t LA N da t m e n t a t i l a n )# v 20 a dde m e : V LA
c o c o o n o n
t a b i s a b a o n l a n d: N 03
VLAN Database Mode
a s e r e c o m m e n de d t o c o n f i g u r e V LA N f r o m c o n f i g m o de , s e m o de i s b e i n g de p r e c a t e d. P l e a s e c o n s u l t u s e r f o r c o n f i g u r i n g V T P /V LA N i n c o n f i g m o de . 3 2 0 20
Global Configuration Mode
n f t n f i g u r a t i o n c o m m a n ds , f i g )# v l a n 3 3 0 f i g -v l a n )#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
o n e
p e r
l i n e .
E n d w i t h C N T L/Z.
18
C on fi g u ri n g V L A N ’s C re ating and M odif y ing
Cisco Systems Once a VLAN has been created in global configuration mode, a range of options are then presented to the user with which to modify the VLAN from its defaults.. 6500(c 6500(c o V VL LA AN N c co a ar re e
on on
nf nf
fi fi
ig ig
g -v-v l gu ur ra
l a a n n )#)# ? at ti io on n M Ma ax z ze er b ba ac ck ku up pc cr rf f B Ba ac b br ri id dg ge e B Br ri e ex xi it t A Ap pp m me ed di ia a M Me ed m mt tu u V VL LA n na am me e A As sc n no o N Ne eg p pa ar re en nt t I ID D p p r r i i v v a a t t e e -v-v l l a a n n C C o o n r r e e m m o o t t e e -s-s p p a a n n C Co on r ri in ng g R Ri in s sa ai id d I IE EE s sh hu ut td do ow wn n S Sh hu s st ta at te e O Op pe s st te e M Ma ax (o(o r s st tp p S Sp pa t t b b -v-v l l a a n n 1 1 I ID D z ze er t t b b -v-v l l a a n n 2 2 I ID D z ze er
?
c co om xi im mu ro o i ck ku up id dg gi pl ly y di ia a AN N M ci ii i ga at te n nu um nf fi ig nf fi ig ng g n EE E 8 ut td do er ra at xi im mu r z ze an nn ni n nu um ro o i n nu um ro o i
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
mm um if p in
ma mn f
a n n d d s s :: n n nu um mb be er n no on ne e s sp C CR RF F m mo od de ng g c ch ha ar ra ac c ch ha an ng ge es s, , t ty yp pe e o of f t Ma ax xi im mu um m T Tr n na am me e o of f t e a a c co om mm ma an mb be er r o of f t th gu ur re e a a p pr ri gu ur re e a as s R Re nu um mb be er r o of f 8 0202 .1.1 00 S S A A I ow wn n V VL LA AN N s ti io on na al l s st ta um mn n n nu um mb be er er ro o i if f n no on in ng g t tr re ee e c mb be er r o of f t th i f f n n o o n n e e )) mb be er r o of f t th i f f n n o o n n e e ))
r o of pe ec ci e o of ct te er b bu um th he e ra an ns th he e nd d o he e P iv va at em mo ot F FD DD ID D sw wi it at te e r o of ne e s ch ha ar he e f
f A Al if fi ie f t th ri is st mp p r V VL LA sm mi is V VL LA or r s Pa ar re te e V te e S DI I o tc o
ch of f S sp pe ra ac fi ir
ll ed he ti re AN ss AN se en VL SP or
l R Ro d )) e V VL ic cs s ev vi is N si io on N et t i nt t V LA AN N PA AN N r T To
hi in ng f t th Sp pa an ec ci if ct te er rs st t
g
he nn fi ri
o u u t t e e E E x x p p l l o o r r e e r r h h o o p p s s f f o o r r t t h h i i s s V V L L A A N N (o(o r r LA o
AN N of f t th is i o o n n n
he e V nu um mb
n U Un ni it t it VL
VL be
LA er
ts s d de ef fa au ul lt LA AN N o of f F FD DD
AN N r, , a an nd d e ex xi it t m mo od de e ts s DI I o or r T To ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
V VL LA AN N ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
e V VL LA AN ni in ng g T i e e d d )) is st ti ic cs t tr ra an ns sl
N
Tr re ee e E Ex xp pl lo or re er r h ho op ps s f fo or r t th hi is s V VL LA AN N s o of f t la at ti io on
th na
he e V VL al l V VL
LA LA
AN N A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r
h e e s s e e c c o o n n d d t t r r a a n n s s l l a a t t i i o o n n a a l l V V L L A A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r 19
C on fi g u ri n g V L A N ’s
C re ating and M odif y ing E x te nde d V L A N ’s
Cisco Systems
Creating an extended VLAN will not work without some additional configuration… 6500(c 6500(c o 6500(c 6500(c o %% F F a a i i l l e S Sp pa an nn ni in
on nf fi ig on nf fi ig e dd t t o n g g -t-t r
g )# )# v g -v-v l l a o c cr re re ee e e
vl an ea ex
l a a n n 3 3 000 000 )# n )# a t t e e V V LALA N N s s 3 3 000 000 tx t e e n n dd s s y y s s t t e e m m -i-i dd n n e e e e dd t t o o b b e e e e n n a a b b l l e e d. d.
!
To create an extended VLAN, the extended system-id feature must be enabled… 6500(c 6500(c o o n n f f i i g g )# )# s s s y y s s t t e e m m -i-i dd E E x 6500(c 6500(c o o n n f f i i g g )# )# s 6d05h: 6d05h: %S%S P P A A N N T T R R E
sp pa an nn ni in x t t e e n n dd s sp pa an nn ni in E E E -5-E -5-E X
n g g -t-t r sy ys st te n g g -t-t r XT TE EN ND
re ee e e ex xt e m m -i-i dd i re ee e e ex xt DE ED D_ _S SY YS
t e e n n dd ?? in nt to o p pr ri t e e n n dd s s y y s S I I D D :: E E x x t
io st te
or te en
ri it ty y p po e m m -i-i dd n dede dd S S y
o r r t t i i o o n n o o f f t t hehe b b r r i i dgdg e e i i dd (P(P V V S S T T o o n n l l y y )) y s s I I dd e e n n a a b b l l e e dd f f o o r r t t y y p p e e v v l l a a n n
Following enabling this feature, extended VLAN’s can be created… 6500(c 6500(c o 6500(c 6500(c o
on on
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
nf nf
fi fi
ig ig
g )# )# v g -v-v l l a
vl an
l a a n n 3 3 000 000 )# n )# 20
C on fi g u ri n g V L A N ’s C re ating and M odif y ing
Cisco Systems
The maximum MTU size for this VLAN can be specified as follows... 6500(c 6500(c o o n n f f i i g g -v-v l l a a n n )# )# m m t t u u ?? <57 <57 6-18 6-18 1919 0> 0> V V a a l l u u e e o o f f V V LALA N N M M a a x x i i m m u u m m T T r r a a n n m m i i s s s s i i o o n n U U n n i i t t
A name other than the default “VLANvlan_number” can be assigned as follows... 6500(c 6500(c o o n n f f i i g g -v-v l W W O O R R D D T T hehe a a s
la sc
an ci
n )# )# n ii i n na
na am
a m m e e ?? m e e f f o o r r t t hehe V V LALA N N
Specify whether this VLAN is active or suspended... 6500(c 6500(c o a ac ct ti iv s su us sp pe
on ve en
nf fi ig e n dd
g -v-v l l a V V LALA N V V LALA N
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
an N N
n )# )# s A Ac ct ti S Su us sp
st iv pe
ta ve en
at te e e S St ta at n dede dd S
te e St ta at te e 21
C on fi g u ri n g V L A N ’s
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
Once the VLAN has been created, it can be assigned to an access port. First the port must first be defined as a layer 2 port – this is done by issuing the switchport command as shown below… 6500(c 6500(c o 6500(c 6500(c o
on nf fi on nf fi
i g g )# )# i i n n t t e i g g -i-i f f )# )# s
er sw
rf wi
fa it
ac tc
ce e g c hphp o
g 1/14 1/14 ro r t t
Next the VLAN can be assigned to this port as follows… 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f <1-4 <1-4 0909 4 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f
f i i g g )# )# i i n n t t e f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )# s 4 >> V V LALA N N I f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )#
er sw sw
rf wi wi
fa it it
ID D o sw wi it
ac tc tc
of tc
c e e g g 1/14 1/14 hp o r c hp o r t t c hphp o o r r t t a a c c c f t t hehe V V LALA N c hphp o o r r t t a a c c c
ce es ss s v N w w hehe n ce es ss s v
v l l a a n n ?? n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede v l l a a n n 3 3 3 3 00
Interface G1/14 in the example above is now in VLAN 330 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
22
C on fi g u ri n g V L A N ’s
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
The VLAN assignment can be confirmed by using the following show command… 6500(c 6500(c o o n n f f i i g g )# )# s s hoho w w i i n n t t e e r r f f a a c c e e g g 1/14 1/14 N N a a m m e e :: G G i i 1/14 1/14 S S w w i i t t c c hphp o o r r t t :: E E n n a a b b l l e e dd A A dmdm i i n n i i s s t t r r a a t t i i v v e e M M o o dede :: dydy n n a a m m i i c c dede s s i i r r a O O p p e e r r a a t t i i o o n n a a l l M M o o dede :: dodo w w n n A A dmdm i i n n i i s s t t r r a a t t i i v v e e T T r r u u n n k k i i n n g g E E n n c c a a p p s s u u l l a a t t i N N e e g g o o t t i i a a t t i i o o n n o o f f T T r r u u n n k k i i n n g g :: O O n n A A c c c c e e s s s s M M o o dede V V LALA N N :: 3 3 3 3 00 (V(V LALA N N 0303 3 3 0) 0) T T r r u u n n k k i i n n g g N N a a t t i i v v e e M M o o dede V V LALA N N :: 11 (de (de f f a a u V V o o i i c c e e V V LALA N N :: n n o o n n e e A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n hoho s s t t -a-a s A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n m m a a p p p p i i n n g O O p p e e r r a a t t i i o o n n a a l l p p r r i i v v a a t t e e -v-v l l a a n n :: n n o o n n e e T T r r u u n n k k i i n n g g V V LALA N N s s E E n n a a b b l l e e d: d: A A LL LL P P r r u u n n i i n n g g V V LALA N N s s E E n n a a b b l l e e d: 2-1001 d: 2-1001 C C a a p p t t u u r r e e M M o o dede D D i i s s a a b b l l e e dd C C a a p p t t u u r r e e V V LALA N N s s A A l l l l o o w w e e d: d: A A LL LL U Un nk U Un nk
kn kn
no no
ow ow
wn n u un wn n m mu
ni ul
ic lt
ca ti
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
as ic
st t b bl lo oc ca as st t b bl
ck lo
ke oc
e d: d: didi s s a a b c k k e e d: d: didi s
bl sa
le ab
s s w w i i t t c c hphp o o r r t t ab bl le e
i o o n n :: n n e e g g o o t t i i a a t t e e u l l t t )) ss so oc g :: n
ci no
Port placed in VLAN 330 ia on
a t t i i o o n n :: n n o o n n e e ne e
e dd b l l e e dd 23
C on fi g u ri n g V L A N ’s I nte rnal V L A N
A l l ocation P ol icy
Cisco Systems
Internal VLAN usage on the switch can be viewed using the following command… 6500# 6500# s s hoho w w v v l l a a n n i i n n t t e e r r n n a a l l u u s s a a g g e e
V V LALA N N U U s s a a g g e e ------- --------------------------------------1006 o 1006 o n n l l i i n n e e didi a a g g v v l l a a n n 00 1007 1007 o o n n l l i i n n e e didi a a g g v v l l a a n n 11 1008 1008 o o n n l l i i n n e e didi a a g g v v l l a a n n 22 1009 1009 o o n n l l i i n n e e didi a a g g v v l l a a n n 3 3 1010 1010 o o n n l l i i n n e e didi a a g g v v l l a a n n 4 4 1011 1011 o o n n l l i i n n e e didi a a g g v v l l a a n n 55 1012 1012 P P M M v v l l a a n n p p r r o o c c e e s s s s (t(t r r u u n n k k t t a 1013 1013 L3L3 m m u u l l t t i i c c a a s s t t p p a a r r t t i i a a l l s s hoho r 1014 1014 v v r r f f _ _ 0_0_ v v l l a a n n 1016 1016 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 5/1 5/1 1018 G i g a b i t E t he r n e t 1/1 1018 G i g a b i t E t he r n e t 1/1 1019 1019 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 1/13 1/13
ag rt
gg tc
gi cu
in ut
n g g )) t s s f f o o r r V V P P N N 00
In this example above, it can be seen that the allocation policy is “Ascending”, that being the internal VLAN’s have been allocated from 1006 and upwards… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
24
C on fi g u ri n g V L A N ’s I nte rnal V L A N
A l l ocation P ol icy
Cisco Systems
If the Internal VLAN allocation policy needs to be changed, then the following command can be used… 1006 1007 1008 1009 ….. 6500(c 6500(c o a as sc ce en dede s s c c e
…… 4091 4092 4093 4094 ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
on nf fi ig n didi n n g e n n didi n
g )# )# v v l l a A Al ll g ng g A Al ll
an n lo oc lo oc
i in nt ca at te ca at te
te er rn e i in e i in
na al l nt te er nt te er
a al ll rn na al rn na al
lo oc ca at ti l V V LALA N l V V LALA N
io on n p po ol li ic N i in n a as sc ce N i i n n dede s s c
c y y ?? e n n didi n n g g o o r r dede r r c e e n n didi n n g g o o r r dede r r
If the policy is changed, then the switch needs to be reloaded for the change to take effect
! 25
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems
A Switchport can be configured as a VLAN Trunk Port. It must first be defined as a layer 2 port as follows… 6500(c 6500(c o 6500(c 6500(c o
on nf fi on nf fi
i g g )# )# i i n n t t e i g g -i-i f f )# )# s
er sw
rf wi
fa it
ac tc
ce e g c hphp o
g 1/15 1/15 ro r t t
Next the interface can be enabled as a Trunk port – first the VLAN trunk encapsulation must be defined… 6500(c 6500(c o o n n f dodo t t 1q 1q i is sl l n ne eg go ot ti ia
f i i g g -i-i f f )# )# s I In nt te er I In nt te er at te e D De ev vi ic i in nt te er
sw rf rf ce rf
wi fa fa e fa
it ac ac
tc ce ce w wi ac ce
c hphp o e u us e u us il ll l e
or se se
rt es es n ne
t t tr s o on s o on eg go ot
ru nl nl ti
un ly ly ia
nk y y at
k e en nc ca ap ps su 8 8 02.1q 02.1q t I I S S LL t t r r u u n te e t tr ru un nk ki
ul tr nk in
la ru ki ng
at ti io un nk ki in ng g g e en
on n in ng e en nc ca
?? g e en nc ca ap ap ps su
nc ps ul
ca su la
ap ul at
ps la ti
su at io
ul ti on
la io n
at ti io on n w o n n w w hehe n w w i i t t hh p
w hehe n n t tr pe ee er
n t tr ru un nk r o on
ru ki n
un in
nk ki in ng g ng g
For the purposes of this exercise, we will assume a Dot1Q trunk has been defined… ©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
26
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems
After the encapsulation type is chosen, the mode in which this trunk port is going to operate must be defined.. 6500(c 6500(c o o n n f f i i g g -i-i f a ac cc ce es ss s dodo t t 1q-t 1q-t u u n n n n e e l dydy n n a a m m i i c c p p r r i i v v a a t t e e -v-v l l a a n t tr ru un nk k
f )# )# s S Se l s se S Se n S Se S Se
sw et et et et et
wi t t t t t
i t t c c hphp o t tr ru un nk t tr ru un nk t tr ru un nk t t hehe m t tr ru un nk
or ki ki ki mo ki
rt t m in ng g in ng g in ng g o dede in ng g
m o o dede ?? m m o o dede t t o m m o o dede t t o m m o o dede t t o t to o p pr ri iv m m o o dede t t o
o A AC CC CE ES o T TU UN NN NE o dydy n n a a m v a a t t e e -v-v l o T TR RU UN NK
SS S u E LL u mi ic ca la an n K u un
un un al
nc co nc co ll ly hoho s nc co on
o n n didi t o n n didi t y n ne eg st t o or n didi t t i
ti ti go r io
io io ot
on on ti p pr on na
na na ia ro al
al al at om ll
ll ll te mi ly
ly ly e is y y
y
a ac cc sc cu uo
ce ou
e s s s s o o r r t t r r u u n n k k m m o o dede us s
Assuming we want the trunk to initiate negotiation – we would choose the “dynamic” option – dynamic specifies a further sub category of auto and desirable to specify to finish off the configuration of the trunk port 6500(c 6500(c o a au ut to o dede s s i i r
o n n f f i i g g -i-i f f )# )# s S Se et t t ra ab bl le e S Se et t t
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it tr ru un tr ru un
t c c hphp o nk ki in ng nk ki in ng
or rt t g m mo g m mo
m m o o dede dydy n o dede dydy n n a a m o dede dydy n n a a m
na am mi mi ic c mi ic c
ic c n ne n ne
?? eg go ot eg go ot
ti ti
ia ia
at at
ti ti
io io
on n p pa on n p pa
ar ar
ra ra
am am
me me
et et
te te
er r t to o A AU er r t to o D DE
UT ES
TO O S I I R R A A B B LELE
27
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems By default the trunk will allow all VLAN’s to be carried across the link – this behavior can be changed by specifying which VLAN’s are allowed..
6500(c 6500(c o W WO OR RD D a a dd dd a al ll l e ex xc ce ep n no on ne e r re em mo ov
o n n f f i i g g -i-i f f )# )# s V V LALA N N I I D D s a a dd dd V V LALA N a a l l l l V V LALA N p t t a a l l l l V V LALA N n n o o V V LALA N N s ve e r re em mo ov ve e V
sw wi it s o of Ns s t Ns s Ns s e s V LALA N
t c c hphp o o r r t f t t hehe a t o o t t hehe
t t tr al ll lo c cu ur
ru un nk k a o w w e e dd V rr re en nt t
al ll lo V LALA N l li is
o w w e e dd v v l l a a n n ?? N s s w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede st t
e x x c c e e p p t t t t hehe f f o o l l l l o o w w i i n n g g
N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
VLAN’s can also be configured to be pruned from the trunk using the following command 6500(c 6500(c o a a dd dd e ex xc ce ep n no on ne e r re em mo ov
o n n f f i i g g -i-i f f )# )# s a a dd dd V V LALA N p t t a a l l l l V V LALA N n n o o V V LALA N N s ve e r re em mo ov ve e V
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it Ns s t Ns s e s V LALA N
t c c hphp o o r r t t t t r r u t o o t t hehe c c u u r r r e x x c c e e p p t t t t hehe
un nk k re en nt f fo ol
p pr ru t l li ll lo ow
u n n i i n n g g v v l l a a n n ?? is st t wi in ng g
N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
28
C on fi g u ri n g V L A N ’s C re ating V L A N
T ru nk s
Cisco Systems If the port were to stop trunking, you can define the access vlan that the trunk port would become a part of using the following command.. 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f <1-4 <1-4 0909 4 6500(c 6500(c o o n n f 6500(c 6500(c o o n n f
f i i g g )# )# i i n n t t e f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )# s 4 >> V V LALA N N I f i i g g -i-i f f )# )# s f i i g g -i-i f f )# )#
er sw sw
rf wi wi
fa it it
ID D o sw wi it
ac tc tc
of tc
c e e g g 1/15 1/15 hp o r c hp o r t t c hphp o o r r t t a a c c c f t t hehe V V LALA N c hphp o o r r t t a a c c c
ce es ss s v N w w hehe n ce es ss s v
v l l a a n n ?? n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede v l l a a n n 500 500
An optional command is the ability to change the default native vlan from 1 to another number for this trunk. The native VLAN can be changed using the following command… 6500(c 6500(c o o n n f <1-4 <1-4 0909 4
f i i g g -i-i f f )# )# s 4 >> V V LALA N N I
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
sw wi it ID D o
t c c hphp o o r r t t t o f f t t hehe n n a
tr ru un at ti iv
n k k n n a a t t i i v v e e v v l l a a n n ?? v e e V V LALA N N w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede
29
C on fi g u ri n g V L A N ’s M ap p ing 8 0 2 . 1 Q
V L A N ’s to I S L V L A N ’s
Cisco Systems
Dot1Q VLAN’s can be manually mapped to an ISL VLAN using the following command… Specify the dot1q vlan below 6500(c 6500(c o o n n f f igig )# )# v v l l a a n n m m a a p p p p inin g g d d o o t t 1q1q ?? <1-409 5> <1-409 5> V V LALA N N I I D D o o f f t t h h ee .1Q .1Q V V LALA N N t t o o m m a a p p f f r r o o m m /t/t o o o o n n a a l l l l inin c c o o m m inin g g /o/o u u t t g g o o inin g g .1Q .1Q t t r r u u n n k k s s
Then the ISL keyword with the ISL VLAN 6500(c 6500(c o o n n f f igig )# )# v v l l a a n n m m a a p p p p inin g g d <1-409 4> <1-409 4> V V LALA N N I I D D o o f f t t h h ee I
d o o t t 1q1q 3000 3000 isis l l ?? SI S LL V V LALA N N t t o o m m a a p p t t o o /f/f r r o o m m o o n n t t h h ee l l o o c c a a l l d d evev icic ee
6500(c 6500(c o o n n f f i i g g )# )# v v l l a a n n m m a a p p p p i i n n g g dodo t t 1q 1q 3 3 000 000 i i s s l l 200 200
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
30
C on fi g u ri n g V L A N ’s M ap p ing 8 0 2 . 1 Q
V L A N ’s to I S L V L A N ’s
Cisco Systems
The results of the mapping can be viewed using the following command…
6500# 6500# s s h h o o w w v v l l a a n n m G Ge en ne er ra al l V VL LA AN N T Tr ra an
ma ns
ap sl
pp la
pi at
in ti
ng g i o o n n s s ::
O Or ri - -- --
an --
ns --
sl --
la --
at --
te --
ig --
gi --
in --
na --
al l V -- -- --
8 8 0202 .1Q .1Q T T r 8 8 0202 .1Q .1Q V V L - -- -- -- -- -- -- -- -3 3 000 000 6500# 6500#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
ru LA
VL --
LA --
AN N T Tr -- - - --
ra --
un nk k R Re em ma ap I IS SL AN N - -- -- --- -- 2
pp pe ed d L V VL LA -- -- -- -2 00 00
ed d V -- -- --
VL --
LA --
AN N -- -
V V L L A A N N s s :: AN N -- -- -- -
31
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
Information on VLAN’s can be shown using a range of show commands… 6500# 6500# s s hoho w w v a a c c c c e e s s s s -l-l o o g a a c c c c e e s s s s -m-m a a p b br ri ie ef f c co ou un nt te er rs s dodo t t 1q 1q f fi il lt te er r i i dd i i f f i i n n dede x x i in nt te er rn na al l m ma ap pp pi in ng g n na am me e p p r r i i v v a a t t e e -v-v l r r e e m m o o t t e e -s-s p p a s su um mm ma ar ry y | |
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
v l l a a n n ?? V V A A C C LL LoLo g g g g i i n n g g g V V LALA N N a a c c c c e e s s s s -m-m a a p p p V V T T P P a a l l l l V V LALA N N s s t t a V V LALA N N t t r r a a f f f f i i c c c c o o u D D i i s s p p l l a a y y dodo t t 1q 1q p p a V V LALA N N f f i i l l t t e e r r i i n n f f o V V T T P P V V LALA N N s s t t a a t t u u s s S S N N M M P P i i f f I I n n dede x x V V LALA N N i i n n t t e e r r n n a a l l u u s S S hoho w w V V LALA N N m m a a p p p p i i n V V T T P P V V LALA N N s s t t a a t t u u s s l a a n n P P r r i i v v a a t t e e V V LALA N N i i n n f R R e e m m o o t t e e S S P P A A N N V V LALA N an n V V LALA N N s s u u m m m m a a r r y y i i n n f O O u u t t p p u u t t m m o o didi f f i i e e r r s
at tu us un nt te ar ra am or rm ma b by y sa ng
fo Ns
b
s
fo
ag gs by or s or
ge s y rm
s i in n er rs s f me et te er at ti io on V V LALA N e
n
b br ri ie ef f f o o r r a a l l l l V V LALA N N s s rs s N i i dd
V V LALA N N n n a a m m e e ma at ti io on n
rm ma at ti io on n
32
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
6500# 6500# s s h h o o w w v v l l a a n n b b r r ief ief V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s ------- --------------------------------------------------------------- ----------------- ------------------------------------------------------------11 d d efef a a u u l l t t a a c c t t iviv ee G G i1/2, i1/2, G G i1/5, i1/5, G G i1/6, i1/6, G G i1/7 i1/7 G G i1/8, G i1/12, G i1/14, i1/8, G i1/12, G i1/14, G G i3/3 i3/3 G G i3/4, G i3/5, G i3/6, G i3/7 i3/4, G i3/5, G i3/6, G i3/7 G G i4/1, i4/1, G G i4/2, i4/2, G G i4/3, i4/3, G G i4/4 i4/4 G G i4/5, G i4/6, G i4/8 i4/5, G i4/6, G i4/8 101 V LA N 0101 a c t iv e G i3/2 101 V LA N 0101 a c t iv e G i3/2 300 V LA N 0300 a c t iv e 300 V LA N 0300 a c t iv e 310 a a c c t t iviv ee 310 m m a a r r k k etet inin g g 320 a a c c t t iviv ee 320 V V LALA N N 0320 0320 330 a a c c t t iviv ee 330 V V LALA N N 0330 0330 1002 a a c c t t /u/u n n s s u u p p 1002 f f d d d d i-d i-d efef a a u u l l t t 1003 a a c c t t /u/u n n s s u u p p 1003 t t r r c c r r f f -d-d efef a a u u l l t t 1004 f d d in et -d ef a u l t a 1004 f d d in et -d ef a u l t a c c t t /u/u n n s s u u p p 1005 a a c c t t /u/u n n s s u u p p 1005 t t r r b b r r f f -d-d efef a a u u l l t t 3000 a a c c t t iviv ee 3000 V V LALA N N 3000 3000 802.1Q 802.1Q T T r r u u n n k k R R emem a a p p p p eded V V LALA N N s s :: 802.1Q I I S S LL V V LALA N N 802.1Q V V LALA N N --------------------- --------------------3000 200 3000 200
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
33
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
VLAN counters for each VLAN can be displayed as follows… 6500# 6500# s s h h o * * M M u u l l t t icic a V Vl la an L2 L2 U L2 L2 U L3 L3 I L3 L3 I L3 L3 O L3 L3 O L3 L3 O L3 L3 O L3 L3 I L3 L3 I L2 L2 M L2 L2 M
ow w v vl la an n c as st t c co ou un nt
n I Id d U n n icic a a s s t U n n icic a a s s t In np pu ut t U In np pu ut t U Ou ut tp pu ut t Ou ut tp pu ut t Ou ut tp pu ut t Ou ut tp pu ut t In np pu ut t M In np pu ut t M M u u l l t t icic a M u u l l t t icic a
c o o u u n n t t erer s s t erer s s inin c c l l u u d d ee b b r r o o a a d d c c a a s s t t p p a a c c k k etet s s
t P P a a c c k k etet s s t O O c c t t etet s s U n n icic a a s s t t P P a a c U n n icic a a s s t t O O c c t U U n n icic a a s s t t P P a U U n n icic a a s s t t O O c M M u u l l t t icic a a s s t t M M u u l l t t icic a a s s t t M u u l l t t icic a a s s t t P M u u l l t t icic a a s s t t O a s s t t P P a a c c k k etet s a s s t t O O c c t t etet s s
c k k etet s s t etet s s a c c k k etet s s c t t etet s s P P a a c c k k etet s s O O c c t t etet s s P a a c c k k etet s s O c c t t etet s s s
:: 11 :: 37602 37602 :: 370159 370159 11 :: 12025 12025 :: 1259 1259 7979 9 9 9 9 :: 13855 13855 :: 1662068 1662068 :: 00 :: 00 :: 00 :: 00 :: 1919 42 42 :: 124312 124312
<s<s n n ipip > >
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
34
C on fi g u ri n g V L A N ’s Disp l ay V L A N ’s
Cisco Systems
6500# 6500# s s h h o o w w v v l l a a n n idid 3000 3000
V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s ------- --------------------------------------------------------------- ----------------- ------------------------------------------------------------3000 E n g in eer in g a c t iv e G 3000 E n g in eer in g a c t iv e G i1/2, i1/2, G G i1/5, i1/5, G G i1/6, i1/6, G G i1/7 i1/7 G G i1/8, G i1/12, G i1/14, i1/8, G i1/12, G i1/14, G G i3/3 i3/3 G G i3/4, G i3/5, G i3/6, G i3/7 i3/4, G i3/5, G i3/6, G i3/7 G G i4/1, i4/1, G G i4/2, i4/2, G G i4/3, i4/3, G G i5/2 i5/2 V V LALA N N T T y y p p ee S S A A I I D D M MT TU U P P a a r r enen t t R R inin g g N N o o B B r r idid g g eNeN o o S S t t p p B B r r d d g g M M o o d d ee T T r r a a n n s s 11 T T r r a a n n s s 22 ------- --------- ------------------- --------- ----------- ----------- --------------- ------- --------------- ----------- ----------3000 en et 103000 1500 0 0 3000 en et 103000 1500 0 0 R R emem o o t t ee S S P P A A N N V V LALA N N ------------------------------D D isis a a b b l l eded P P r r imim a a r r y y S S ecec o o n n d d a a r r y y T T y y p p ee P Po or rt ts s ------------- ----------------- --------------------------------- ----------------------------------------------------------------------------------6500# 6500#
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
35
Cisco Systems
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
36
Related Documents
Vlans - Anandp
December 2019 8
Vlans
November 2019 7
Vlans
May 2020 3
Vlans
June 2020 6
Configuring Vlans
November 2019 12