SWITCHM2L1 [Compatibility Mode]

7/30/2019 SWITCHM2L1 [Compatibility Mode]

http://slidepdf.com/reader/full/switchm2l1-compatibility-mode 1/15

1

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—1-1

Lesson 1

Applying Best Practices for VLANTopologies


Objectives

Describe the different VLAN segmentation models

Given an enterprise VLAN network design, describe theinformation needed to create an implementation plan,indentify choices that need to be made, and analyze theconsequences of those choices

Given an enterprise VLAN network design that contains end-

to-end VLANs and trunks, create an implementation andverification plan; then successfully execute that plan

Given an enterprise VLAN network design that contains VTP,create an implementation and verification plan; thensuccessfully execute the plan



2


VLAN Deployment

End-to-End VLANs

Users are grouped into VLANsindependent of physical location.

If users are moved within thecampus, their VLAN membershipremains the same.

Local VLANs

This is recommended solution in

the Cisco Enterprise CampusArchitecture

Users are grouped into VLANsdepending on physical location

If users are moved within thecampus, their VLAN membershipchanges


End-to-End VLANs vs. Local VLANs

End-to-End VLANs

Pros:

Geographically dispersed usersappear on the same segment

Same policy (security, QoS) can beapplied to the same group of usersregardless of their physicallocation.

Cons:

All switches need to know allVLANs

Broadcast messages flood allswitches

Troubleshooting may bechallenging

Local VLANs

Pros:

Design is scalable

Troubleshooting is easy

Traffic flow is predictable

Redundant paths can be built easily

Cons:

More routing devices are requiredthan in end-to-end models

Users belong to the samebroadcast domain when they are atthe same location

The end-to-end VLANs design model was attractive whenIP addressing was static and network traffic follow the80/20 rule



3


Planning an End-to-End VLANImplementation

Basic tasks:

How many IP subnets (data, voice, etc.)?

Gather VLAN numbers, names, and users

Gather VLAN-to-IP mapping

Local VLANs (recommended) or end-to-end VLANs?

Where is each VLAN needed in the campus?

How are VLANs assigned? Are trunks necessary?

Will VTP be used (not recommended)?

Create the test plan


VLAN Configuration

Configure VLANs on all switches

Configure access mode on port

Configure access VLAN on port

Switch(config)# vlan 3

Switch(config-vlan)# name Accounting

Switch(config-vlan)# exit

Switch(config)# interface Fa0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 3

Switch(config-if)# end



4


Verifying the VLAN Configuration

Switch#show vlan

VLAN Name Status Ports---- -------------------------------- --------- ---------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/911 asw11_data active12 asw12_data active95 VLAN0095 active Fa0/899 Trunk_Native active100 Internal_Access active111 voice-for-group-11 active112 voice-for-group-12 active1002 fddi-default act/unsup1003 token-ring-default act/unsup

1004 fddinet-default act/unsup1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1----- ---------- ----- ------ ------ -------- ---- -------- ------

1 enet 100001 1500 - - - - - 011 enet 100011 1500 - - - - - 0. . . . .. . . .. . .


Verifying the VLAN Configuration

Switch#show vlan

VLAN Name Status Ports---- -------------------------------- --------- ---------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/911 asw11_data active12 asw12_data active95 VLAN0095 active Fa0/899 Trunk_Native active100 Internal_Access active111 voice-for-group-11 active112 voice-for-group-12 active1002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup. . . . .. . . .. . .



5


Implementing Trunks


Trunk Configuration

Configure VLANs

Disable trunk negotiation

Configure trunk mode

Set native VLAN to unused VLAN

Allow only required VLANs on trunks

Switch(config)#vlan 5,7-9

Switch(config-vlan)#exit

Switch(config)#interface fastethernet 0/1

Switch(config-if)#shutdown

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport nonegotiate

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk allowed vlan 3,5,8,99

Switch(config-if)#switchport trunk native vlan 99

Switch(config-if)#no shutdown



6


The 802.1Q Tagging Process


ISL Encapsulation



7


Switchport Mode Interactions

Configure the port as trunk or access on both switches

Disable negotiation and do not use dynamic (default)

Manual configuration is recommended


Trunk Configuration Recommendations

Configure VLANs

Configure trunk mode

Disable trunk negotiation

Manually remove unneccessary VLANs from trunks

Configure native VLAN to unused VLAN

Disable trunking on host ports

Do not use VTP



8


VTP Configuration

Configure VTP mode transparent (mode server is default)

VLAN information is stored in switch configuration

No VTP advertisement to other switches

Recommended configuration

Switch(config)#vtp mode transparent

Switch(config)#vtp domain Cisco

Switch(config)#vtp pasword xyz123


Verifying the VTP Configuration

Switch#show vtp status

VTP Version : running VTP1 (VTP2 capable)

Configuration Revision : 28

Maximum VLANs supported locally : 1005

Number of existing VLANs : 17

VTP Operating Mode : Transparent

VTP Domain Name : BCMSN

VTP Pruning Mode : Enabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80

Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49

Switch#



9


Common Problems with VTPConfiguration

Missing VLANs

– Configuration has been overwritten by anotherVTP device

Updates not received as expected

– VTP domain and password must match

Too many VLANs

– Consider making VTP domain smaller


Verifying General VLAN Operations

show int switchport

show running-config interface f0/8

show vlan

show interfaces trunk

C:\> ping 10.1.1.2

pinging 10.1.1.2 with 32 bytes of data:

Reply from 10.1.1.2: bytes=32 time=1ms TTL=64



10


Common Trunk Link Problems

Trunks can be configured statically or autonegotiated with DTP.

For trunking to be autonegotiated, the switches must be in the sameVTP domain.

Some trunk configuration combinations will successfully configurea trunk, some will not.

Will any of the above combinations result in an operational trunk?


Resolving Trunk Link Problems

When using DTP, ensure that both ends of the link are in thesame VTP domain.

Ensure that the trunk encapsulation type configured on bothends of the link is valid.

On links where trunking is not required, DTP should beturned off.

Best practice is to configure trunk and nonegotiate wheretrunks are required.



11


Issues with 802.1Q Native VLAN

Native VLAN frames are carried over the trunk link untagged.

Native VLAN must match at the ends of a trunk

A native VLAN mismatch will merge traffic between VLANs.

Default native VLAN is VLAN 1

Configure an unused VLAN as native VLAN on trunks


Summary

VLAN segmentation is based on traffic flow patterns

The creation of a VLAN implementation plan depends on thebusiness and technical requirements

VLAN configuration includes creating the VLAN, configuringaccess ports, and configuring trunk ports

VTP configuration sometimes needs to be added to small

network deployments, while VTP transparent mode is usuallypriviledged for larger networks

When configuring VLANs over several switches, ensure thatthe configuration in compatible throughout switches in thesame domain



12


Q-in-Q VLAN Tunnels(802.1Q tunneling)




13


interface FastEthernet0/1switchport access vlan 30switchport mode dot1q-tunnell2protocol-tunnel cdpno cdp enable


Native VLAN Hazard



14


These are a couple ways to solve the native VLAN problem

1.Edge switch so that all packets going out an 802.1Q trunk,including the native VLAN, are tagged by using the vlan dot1q tagnative command

-The vlan dot1q tag native command is a global command thataffects the tagging behavior on all trunk ports.

2.Ensure that the native VLAN ID on the edge switch trunk port isnot within the customer VLAN range. For example, if the trunk port

carries traffic of VLANs 100 to 200, assign the native VLAN anumber outside that range


Information About Layer 2 Protocol Tunneling

-Layer 2 protocol tunneling allows Layer 2 protocol data units(PDUs) (CDP, STP, and VTP) to be tunneled through a network

-To provide a single spanning tree domain for the customer, ageneric scheme to tunnel BPDUs was created for control protocolPDUs (CDP, STP, and VTP). This process is referred to asGeneric Bridge PDU Tunneling (GBPT)

-An ingress edge switch rewrites the destination MAC address ofthe PDUs received on a Layer 2 tunnel port with the Ciscoproprietary multicast address (01-00-0c-cd-cd-d0). The PDU isthen flooded to the native VLAN of the Layer 2 tunnel port

-SWI(config-if)# l2protocol-tunnel [cdp | stp | vtp]



15


interface FastEthernet0/13switchport access vlan 100switchport mode dot1q-tunnell2protocol-tunnel cdpl2protocol-tunnel stpl2protocol-tunnel point-to-point pagp

interface FastEthernet0/14switchport access vlan 200switchport mode dot1q-tunnel

l2protocol-tunnel cdpl2protocol-tunnel stpl2protocol-tunnel point-to-point pagp


Swi(config-if)# switchportSwi(config-if)# l2protocol-tunnel shutdown-threshold cdp 400Swi(config-if)# l2protocol-tunnel shutdown-threshold stp 400Swi(config-if)# l2protocol-tunnel shutdown-threshold vtp 400Swi(config-if)# l2protocol-tunnel drop-threshold vtp 200Swi(config-if)# endSwi# show l2protocol-tunnel summary

errdisable detect causeerrdisable recovery

Documents

SWITCHM2L1 [Compatibility Mode]