"Reasons for using VLANs:
*To reduce CPU overhead on each device, thereby improving host performance by reducing the number of devices that receive each broadcast frame
*To reduce CPU overhead on each device, thereby improving host performance by reducing the number of devices that receive each broadcast frame
*To reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood (broadcasts, multicasts, and unknown unicasts)
*To improve security for hosts through the application of different security policies per VLAN
*To improve security for hosts through the application of different security policies per VLAN
*To create more flexible designs that group users by department or by groups that work together instead of by physical location
*To solve problems more quickly, because the failure domain for many problems is the same set of devices as those in the same broadcast domain
*To reduce the workload for spanning tree protocol by limiting a VLAN in a single access switch
VLAN tagging- a process caused by setting up VLAN trunking (multi-switch, single VLAN) whereby the sending switch adds another header to the frame before sending it over the trunk (VLAN ID field)
VLANS can be set up across multiple switches without trunking using a separate cable between switches for each VLAN existing. This is not as ideal as trunking, in which one linked cable between switches uses VLAN tagging to handle multiple VLAN’s traffic.
2 VLAN standards- ISL(not typically supported now) and 802.1q. Both use 12-bit vlan tag, 802.1q also uses extra 4-byte header
No 802.1q header? Then defaults to native vlan (must be agreed upon by both switches)
Normal VLAN range = 1 to 1005 (on all switches) some switches use extended range VLANS of 1006 to 4094
Separate VLANS are also on separate subnets and can only communicate between each other via a router or a Layer 3 switch (which includes routing ability)
Separate VLANS are also on separate subnets and can only communicate between each other via a router or a Layer 3 switch (which includes routing ability)
Show interfaces fa0/12 switchport -shows admin settings and status of port,vlan, etc
Show interfaces trunk-displays info only on trunking links, not access. If no trunking links are configured, this will display nothing. Broken up into 3 output categories:
*VLANs allowed: VLANs 1 - 4094, minus those removed/left out by the switchport trunk allowed VLAN command
*VLANs allowed and active:Shows VLANs allowed, minus VLANs not configured or in shutdown (administratively disabled mode ) or not learned of through VTP
*VLANs in spanning tree: Same output as VLANS allowed and active., minus those in STP blocking state and those pruned/excluded from the trunk
*VLANs allowed: VLANs 1 - 4094, minus those removed/left out by the switchport trunk allowed VLAN command
*VLANs allowed and active:Shows VLANs allowed, minus VLANs not configured or in shutdown (administratively disabled mode ) or not learned of through VTP
*VLANs in spanning tree: Same output as VLANS allowed and active., minus those in STP blocking state and those pruned/excluded from the trunk
Switchport trunk native vlan 02 - command for setting native vlan. If two switches have a different native vlan set, this causes a frame mismatch issue called VLAN hopping.
Switchport access vlan - tells the switch to assign the port(s) to a single VLAN as opposed to using trunking
Switchport mode access -disables the protocol that negotiates trunking (Dynamic trunking protocol). Use this along with the above command.
VTP (virtual trunking protocol) - Cisco proprietary tool that advertises each VLAN configured in one switch (with the vlan number command) so that all other switches in the network learn about that vlan.
Vtp mode off - works on newer switches to disable vtp
Vtp mode transparent-works on older and newer switches to effectively disable vtp
^Both modes prevent VTP from learning and advertising about VLAN configs. The modes allow a switch to configure all VLANS, including standard and extended range VLANS. Switches using either of these modes also list the vlan config commands in running-config file
Switchport trunk allowed VLAN - If you want all VLANS on switch to utilize the trunk link, there is no need to use this command.However, if you want only a certain amount of the configured VLANS on a switch to utilize the trunk, this command is needed.
E.G. =switch(config-if)# switchport trunk allowed vlan 5-15 (thereby removing all others from traversing/utilizing the trunk)
E.G. =switch(config-if)# switchport trunk allowed vlan 5-15 (thereby removing all others from traversing/utilizing the trunk)
Never experiment with VTP settings on a switch in a production environment. You can end up deleting VLANs and causing outages.
Switchport mode access-always act as an access (non-trunking) port
Switchport mode trunk-always act as a trunk port
Switchport mode dynamic desirable- Initiates negotiation messages and responds to negotiation messages to dynamically choose whether to start using trunking
Switchport mode dynamic auto- Passively waits to receive trunk negotiation messages, at which point the switch will respond and negotiate whether to use trunking (If two connected switches are set to this, nothing will happen as both will not initiate negotiation. If one is set to dynamic desirable, communication/negotiation will then occur)
Show interfaces gigabit 0/1 switchport- If “Operational mode:static access” appears, switches both set to dynamic auto and trunking has not been initiated as communication has not gone through.
Switchport nonegotiate - disables Dynamic Trunking Protocol (DTP) . Setting a port to switchport mode access also disables DTP (DTP=negotiation between switches of either the use of 802.1q or ISL
The operational mode (static access) means that the port is not a trunking port but instead is assigned to one VLAN. The access mode VLAN (11) is the VLAN to which the port is assigned, assuming that it is acting as an access port.
IP Telephony port key topics:
*Configure these ports like a normal access port to begin: Configure it as a static access port and assign it an access VLAN
*Configure these ports like a normal access port to begin: Configure it as a static access port and assign it an access VLAN
*Add one more command to define the voice VLAN (switchport voice vlan 2 e.g.)
*Look for the mention of the voice VLAN ID, but no other new facts, in the output of the show interfaces fa0/2 switchport command
*Look for both the voice and data (access) VLAN IDs in the output of the show interfaces fa0/2 trunk command
Do not expect to see the port listed in the list of operational trunks as listed by the show interfaces trunk command
show interfaces trunk and show interfaces switchport are the best commands to check trunking-related facts (and for troubleshooting)
These commands are near-impossible to memorize without constant lab practice. I tend to bounce back and forth between using my physical lab and using Packet tracer. Packet tracer is great for scenarios involving equipment that I simply don't have the money to recreate in the physical capacity. Another great thing about packet tracer is the pre-made packet tracer labs/files that others have already made and are often free for download. www.thekeithbarker.com is a great resource for pre-made Packet Tracer labs (with accompanying videos) and Keith is a very energetic and informative host (no pun intended). This following link was also extremely helpful for putting VLAN commands to practice: https://www.youtube.com/watch?v=aBOzFa6ioLw
In the meantime, back to the lair! More posts coming soon!
