- Flat network -- when a broadcast reaches all segments of a network (in a Layer-2 switched network). If a router is present, a broadcast is confined to the originating segment.
- VLANs -- logically grouped switch ports. Without a router, there can be no communication between VLANs.
- VLAN basic features:
- A VLAN can group several broadcast domains into multiple logical subnets.
- Network adds, moves, and changes are achieved by configuring a port into the appropriate VLAN.
- A group of users needing high security can be put into a separate VLAN.
- VLANs can be considered independent from their physical or geographic location.
- Broadcast Control -- broadcast-intensive applications can be placed in a separate VLAN, so they don't put a load on the rest of the network.
- Security -- Administrators have full control over every switch port. In addition, switches can be configured to notify a management station of any unauthorized access.
- Flexibility and Scalability -- Users can be added to a specific VLAN, regardless of their physical location. Also, a VLAN can be split into more VLANs, if necessary.
- VLAN 1 is an administrative VLAN. Cisco recommends you use it for administrative purposes only. So, usable VLANs start from 2.
- Static VLANs -- Each switch port is statically assigned to a particular VLAN, and this relationship never changes. This is how usually VLANs are set up. Monitoring is easy.
- Dynamic VLANs -- All MAC addresses are initially entered into a centralized VLAN management application. Then, when a host is plugged into a switch, VLAN association happens automatically.
- VLAN Management Policy Server (VMPS) -- contains the VMPS database maps, containing MAC addresses and their association with VLANs.
- Types of VLAN links:
- Access links -- Each switch port has a single native VLAN (access link). Whatever machine is connected to this port is unaware of the network design. It can ONLY communicate with machines on the same VLAN.
- Trunk links -- 100Mbps (FastE) or 1000Mbps (GigE). They can carry multiple VLANs (1 to 1005). Switches are "trunked" together via the trunk links. A server can be attached to a trunk link in order to be a direct member of 2 or more VLANs.
- Switch fabric -- a group of switches sharing the same VLAN information.
- Frame tagging -- each frame is assigned a tag, called a "VLAN ID" or a "color". When the frame reaches the destination port, the switch removes this ID, thus making the process transparent to the connected machines.
- VLAN Identification Methods:
- Inter-Switch Link (ISL) -- proprietary to Cisco switches, used for FastE or GigE links only. ISL routing can be used on a switch port, router interfaces, or server interface cards.
- IEEE 802.1q -- a standard method that inserts a field into the frame to identify the VLAN. IEEE 802.1q must be used if you are trunking between a Cisco switch an a different brand of switch.
- LAN emulation (LANE) -- used to communicate multiple VLANs over ATM.
- 802.10 (FDDI) -- proprietary to Cisco devices -- used for sending VLAN information over FDDI.
- 80/20 rule -- 80 percent of the data traffic should stay on the local segment, while 20 percent or less can cross a segmentation device.
- A trunked server can be on multiple VLANs simultaneously, so there is no need for a router to access this server.
- Inter-Switch Link (ISL) Protocol -- provides low-latency, full wire-speed performance, in contrast to FastE, which uses either half- or full-duplex mode:
- When using ISL, the original frame is encapsulated with a new 26-byte ISL header, plus a 4-byte frame check sequence (FCS) field. Only ISL-aware devices can read the frame, which can be as large as 1522 bytes (larger than the max 1518 byte frame on an Ethernet segment).
- ISL NICs are used in trunked servers. This eliminates the need for a router.
- ISL VLAN information is added to a frame only if the frame is forwarded out a port configured as a trunk link. This information is removed when the frame reaches an access link.
- VLAN Trunk Protocol (VTP) -- allows centralized VLAN management. An administrator can add, delete, and rename VLANs. VTP is NOT Cisco proprietary. Features:
- Consistent VLAN configuration across all switches in the network.
- VLANs can be trunked over mixed networks, like Ethernet to ATM LANE or FDDI.
- Accurate tracking and monitoring of VLANs.
- Dynamic reporting of added VLANs to all switches.
- Plug-and-Play VLAN adding.
- A VTP server uses a VTP domain. A switch can only be in one VTP domain. A VTP domain can be used if you have more than one switch. However, if all your switches are using a single VLAN, there is no need for VTP.
- VTP transparent mode -- switches forward VTP information through trunk ports, but do NOT accept information updates, or update their VTP databases.
- Passwords can be set up with VTP to prevent unauthorized adding of switches to a VTP domain, but this can be time-consuming.
- Switches detect VLAN information within a VTP advertisement, and then listen on their trunk ports for additional updates.
- VTP updates include a VLAN ID, 802.10 SAID fields, or LANE information.
- VTP updates are sent out as revision numbers that are the notification plus 1. Anytime a switch sees a higher revision number, it knows the received information is more current, and the switch will overwrite its current database.
- VTP Modes of Operation:
- Server -- default for all Catalyst switches -- the switch can update VTP information and push it to the whole VTP domain. At least one server is needed per VTP domain.
- Client -- receives information from a VTP server. None of the ports on a client switch can be added to a VLAN without information from the VTP server, which notifies the switch of the new VLAN.
! Hint -- if you want a switch to become a server, make it a client first. After it receives all VLAN information, change it to a server.
- Transparent -- switches in transparent mode do not participate in the VTP domain, but they still forward VTP advertisements. They can add and delete VLANs, but those VLANs are unique per switch, they don't propagate in the VTP domain.
- Server and Transparent configuration is saved in NVRAM, while client configuration is not saved in NVRAM.
- VTP Pruning -- only send broadcast, multicast, unicast information to trunk links that absolutely need this information. VTP Pruning preserves bandwidth:
- If switch A does not have any ports configured for VLAN 5, and a broadcast is sent throughout VLAN 5, that broadcast will not pass the trunk port of switch A.
- By enabling pruning on a VTP server, you enable it for the entire domain. By default, VLANs 2-1005 are pruning-eligible. VLAN 1 cannot prune, as it is the administrative VLAN.
- Routing between VLANs -- there are several possibilities:
- A router that has an interface for each VLAN.
- A router that supports ISL routing and has at least a FastE interface -- the least expensive one is the 2600 series. 1600, 1700, and 2500 series do not support ISL routing.
- A Route Switch Module (RSM) for a 5000 series switch. The RSM can support up to 1005 VLANs and runs on the backplane of the switch.
- "Router-on-a-stick" -- Router connecting all Vlans together allowing for inter-vlan communication, using only one router interface.
-all ports on a switch are members of vlan 1, by default'
- VLANs -- logically grouped switch ports. Without a router, there can be no communication between VLANs.
- VLAN basic features:
- A VLAN can group several broadcast domains into multiple logical subnets.
- Network adds, moves, and changes are achieved by configuring a port into the appropriate VLAN.
- A group of users needing high security can be put into a separate VLAN.
- VLANs can be considered independent from their physical or geographic location.
- Broadcast Control -- broadcast-intensive applications can be placed in a separate VLAN, so they don't put a load on the rest of the network.
- Security -- Administrators have full control over every switch port. In addition, switches can be configured to notify a management station of any unauthorized access.
- Flexibility and Scalability -- Users can be added to a specific VLAN, regardless of their physical location. Also, a VLAN can be split into more VLANs, if necessary.
- VLAN 1 is an administrative VLAN. Cisco recommends you use it for administrative purposes only. So, usable VLANs start from 2.
- Static VLANs -- Each switch port is statically assigned to a particular VLAN, and this relationship never changes. This is how usually VLANs are set up. Monitoring is easy.
- Dynamic VLANs -- All MAC addresses are initially entered into a centralized VLAN management application. Then, when a host is plugged into a switch, VLAN association happens automatically.
- VLAN Management Policy Server (VMPS) -- contains the VMPS database maps, containing MAC addresses and their association with VLANs.
- Types of VLAN links:
- Access links -- Each switch port has a single native VLAN (access link). Whatever machine is connected to this port is unaware of the network design. It can ONLY communicate with machines on the same VLAN.
- Trunk links -- 100Mbps (FastE) or 1000Mbps (GigE). They can carry multiple VLANs (1 to 1005). Switches are "trunked" together via the trunk links. A server can be attached to a trunk link in order to be a direct member of 2 or more VLANs.
- Switch fabric -- a group of switches sharing the same VLAN information.
- Frame tagging -- each frame is assigned a tag, called a "VLAN ID" or a "color". When the frame reaches the destination port, the switch removes this ID, thus making the process transparent to the connected machines.
- VLAN Identification Methods:
- Inter-Switch Link (ISL) -- proprietary to Cisco switches, used for FastE or GigE links only. ISL routing can be used on a switch port, router interfaces, or server interface cards.
- IEEE 802.1q -- a standard method that inserts a field into the frame to identify the VLAN. IEEE 802.1q must be used if you are trunking between a Cisco switch an a different brand of switch.
- LAN emulation (LANE) -- used to communicate multiple VLANs over ATM.
- 802.10 (FDDI) -- proprietary to Cisco devices -- used for sending VLAN information over FDDI.
- 80/20 rule -- 80 percent of the data traffic should stay on the local segment, while 20 percent or less can cross a segmentation device.
- A trunked server can be on multiple VLANs simultaneously, so there is no need for a router to access this server.
- Inter-Switch Link (ISL) Protocol -- provides low-latency, full wire-speed performance, in contrast to FastE, which uses either half- or full-duplex mode:
- When using ISL, the original frame is encapsulated with a new 26-byte ISL header, plus a 4-byte frame check sequence (FCS) field. Only ISL-aware devices can read the frame, which can be as large as 1522 bytes (larger than the max 1518 byte frame on an Ethernet segment).
- ISL NICs are used in trunked servers. This eliminates the need for a router.
- ISL VLAN information is added to a frame only if the frame is forwarded out a port configured as a trunk link. This information is removed when the frame reaches an access link.
- VLAN Trunk Protocol (VTP) -- allows centralized VLAN management. An administrator can add, delete, and rename VLANs. VTP is NOT Cisco proprietary. Features:
- Consistent VLAN configuration across all switches in the network.
- VLANs can be trunked over mixed networks, like Ethernet to ATM LANE or FDDI.
- Accurate tracking and monitoring of VLANs.
- Dynamic reporting of added VLANs to all switches.
- Plug-and-Play VLAN adding.
- A VTP server uses a VTP domain. A switch can only be in one VTP domain. A VTP domain can be used if you have more than one switch. However, if all your switches are using a single VLAN, there is no need for VTP.
- VTP transparent mode -- switches forward VTP information through trunk ports, but do NOT accept information updates, or update their VTP databases.
- Passwords can be set up with VTP to prevent unauthorized adding of switches to a VTP domain, but this can be time-consuming.
- Switches detect VLAN information within a VTP advertisement, and then listen on their trunk ports for additional updates.
- VTP updates include a VLAN ID, 802.10 SAID fields, or LANE information.
- VTP updates are sent out as revision numbers that are the notification plus 1. Anytime a switch sees a higher revision number, it knows the received information is more current, and the switch will overwrite its current database.
- VTP Modes of Operation:
- Server -- default for all Catalyst switches -- the switch can update VTP information and push it to the whole VTP domain. At least one server is needed per VTP domain.
- Client -- receives information from a VTP server. None of the ports on a client switch can be added to a VLAN without information from the VTP server, which notifies the switch of the new VLAN.
! Hint -- if you want a switch to become a server, make it a client first. After it receives all VLAN information, change it to a server.
- Transparent -- switches in transparent mode do not participate in the VTP domain, but they still forward VTP advertisements. They can add and delete VLANs, but those VLANs are unique per switch, they don't propagate in the VTP domain.
- Server and Transparent configuration is saved in NVRAM, while client configuration is not saved in NVRAM.
- VTP Pruning -- only send broadcast, multicast, unicast information to trunk links that absolutely need this information. VTP Pruning preserves bandwidth:
- If switch A does not have any ports configured for VLAN 5, and a broadcast is sent throughout VLAN 5, that broadcast will not pass the trunk port of switch A.
- By enabling pruning on a VTP server, you enable it for the entire domain. By default, VLANs 2-1005 are pruning-eligible. VLAN 1 cannot prune, as it is the administrative VLAN.
- Routing between VLANs -- there are several possibilities:
- A router that has an interface for each VLAN.
- A router that supports ISL routing and has at least a FastE interface -- the least expensive one is the 2600 series. 1600, 1700, and 2500 series do not support ISL routing.
- A Route Switch Module (RSM) for a 5000 series switch. The RSM can support up to 1005 VLANs and runs on the backplane of the switch.
- "Router-on-a-stick" -- Router connecting all Vlans together allowing for inter-vlan communication, using only one router interface.
-all ports on a switch are members of vlan 1, by default'
No comments:
Post a Comment