Chapter 6: VLANs
Chapter 6: VLANsCCNA Routing and SwitchingRouting and Switching Essentials v6.0
Chapter 6 - Sections & Objectives 6.1 VLAN Segmentation Explain the purpose of VLANs in a switched network. Explain how a switch forwards frames based on VLAN configuration in a multi-switchenvironment. 6.2 VLAN Implementations Configure a switch port to be assigned to a VLAN based on requirements. Configure a trunk port on a LAN switch. Troubleshoot VLAN and trunk configurations in a switched network. 6.3 Inter-VLAN Routing Using Routers Describe the two options for configuring Inter-VLAN routing. Configure legacy Inter-VLAN Routing. Configure Router-on-a-Stick Inter-VLAN Routing 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential2
6.1 VLAN Segmentation 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential3
Overview of VLANsVLAN Definitions VLANs can segment LAN devices without regard forthe physical location of the user or device. In the figure, IT users on the first, second, and thirdfloors are all on the same LAN segment. The same istrue for HR and Sales users. A VLAN is a logical partition of a Layer 2 network. Multiple partitions can be created and multiple VLANscan co-exist. The partitioning of the Layer 2 network takes placeinside a Layer 2 device, usually via a switch. Each VLAN is a broadcast domain that can spanmultiple physical LAN segments. Hosts on the same VLAN are unaware of the VLAN’sexistence. VLANs are mutually isolated and packetscan only pass between VLANs via a router. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential4
Overview of VLANsBenefits of VLANs 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential5
Overview of VLANsTypes of VLANs Common types of VLANs: Default VLAN – Also known as VLAN 1. All switchports are members of VLAN 1 by default.Default VLAN Assignment Data VLAN – Data VLANs are commonly createdfor specific groups of users or devices. They carryuser generated traffic. Native VLAN – This is the VLAN that carries alluntagged traffic. This is traffic that does notoriginate from a VLAN port (e.g., STP BPDU trafficexchanged between STP enabled switches). Thenative VLAN is VLAN 1 by default.Initially, all switch ports are members of VLAN 1. Management VLAN – This is a VLAN that iscreated to carry network management trafficincluding SSH, SNMP, Syslog, and more. VLAN 1is the default VLAN used for networkmanagement. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential6
Overview of VLANsVoice VLANs To support time-sensitive voice traffic, Ciscoswitches support a voice VLAN that requires: Assured bandwidth Delay of less than 150 ms across the network toensure voice quality Transmission priority over other types of networktraffic Ability to be routed around congested areas on thenetwork. The voice VLAN feature enables access ports to carry user and IP voice traffic. In the figure, the S3 F0/18 interface has been configured to tag student traffic on VLAN 20 and voicetraffic on VLAN 150. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential7
VLANs in a Multi-Switched EnvironmentVLAN Trunks A VLAN trunk is a point-to-point linkthat carries more than one VLAN. Usually established between switchesto support intra VLAN communication. A VLAN trunk or trunk ports are notassociated to any VLANs. Cisco IOS supports IEEE 802.1q, apopular VLAN trunk protocol.The links between switches S1 and S2, and S1 and S3 areconfigured to transmit traffic coming from VLANs 10, 20, 30,and 99 across the network. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential8
VLANs in a Multi-Switched EnvironmentControlling Broadcast Domains with VLANs If a switch port receives a broadcast frame, it forwards it out all ports except the originating port. Eventually the entire network receives the broadcast because the network is one broadcast domain. VLANs can be used to limit the reach of broadcast frames because each VLAN is a broadcastdomain. VLANs help control the reach of broadcast frames and their impact in the network. In the figure, PC1 on VLAN 10 sends abroadcast frame. Trunk links between S2 - S1 and S1 - S3propagate the broadcast to other devices inVLAN 10. Only devices in the same VLAN receive thebroadcast therefore, PC4 would receive thebroadcast. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential9
VLANs in a Multi-Switched EnvironmentTagging Ethernet Frames for VLAN Identification Before a frame is forwarded across a trunk link, it must be tagged with its VLAN information. Frame tagging is the process of adding a VLAN identification header to the frame. It is used to properly transmit multiple VLAN frames through a trunk link. IEEE 802.1Q is a vey popular VLAN trunking protocol that defines the structure of the tagging headeradded to the frame. Switches add VLAN tagging information after theSource MAC address field. The fields in the 802.1Q VLAN tag includes VLAN ID(VID). Trunk links add the tag information before sending theframe and then remove the tags before forwardingframes through non-trunk ports. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential10
VLANs in a Multi-Switched EnvironmentNative VLANs and 802.1Q Tagging Control traffic sent on the native VLAN should notbe tagged. Frames received untagged, remain untagged andare placed in the native VLAN when forwarded. If there are no ports associated to the native VLANand no other trunk links, an untagged frame isdropped. When configuring a switch port on a Cisco switch,configure devices so that they do not send taggedframes on the native VLAN. In Cisco switches, the native VLAN is VLAN 1, bydefault. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential11
VLANs in a Multi-Switched EnvironmentVoice VLAN Tagging An access port connecting a Cisco IPphone can be configured to use twoseparate VLANs: A VLAN for voice traffic A VLAN for data traffic from a deviceattached to the phone. The link between the switch and the IPphone behaves like a trunk to carry trafficfrom both VLANs. Cisco IP Phone contains an integrated three-port 10/100switch dedicated to these devices: Port 1 connects to the switch or other VoIP device. Port 2 is an internal 10/100 interface that carries theIP phone traffic. Port 3 (access port) connects to a PC or other device. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential12
6.2 VLAN Implementation 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential13
VLAN AssignmentVLAN Ranges on Catalyst Switches VLANs are split into two categories: Normal range VLANs VLAN numbers from 1 to 1,005 Configurations stored in the vlan.dat (in the flashmemory) Cisco Catalyst 2960 and 3560 Seriesswitches support over 4,000 VLANs. IDs 1002 through 1005 are reserved for legacy TokenRing and Fiber Distributed Data Interface (FDDI)VLANs, automatically created and cannot beremoved. Extended Range VLANs VLAN numbers from 1,006 to 4,096 Configurations stored in the running configuration(NVRAM) VLAN Trunking Protocol (VTP) does not learnextended VLANs 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential14
VLAN AssignmentCreating a VLAN 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential15
VLAN AssignmentAssigning Ports to VLANsExample 1Example 2 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential16
VLAN AssignmentChanging VLAN Port Membership Remove VLAN AssignmentEven though interfaceF0/18 was previouslyassigned to VLAN 20, itreset to the defaultVLAN1. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential17
VLAN AssignmentDeleting VLANs Use the no vlan vlan-id global configuration mode command to remove VLAN. To delete the entire vlan.dat file, use the delete flash:vlan.dat privileged EXEC mode command. delete vlan.dat can be used if the vlan.dat file has not been moved from its default location. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential18
VLAN AssignmentVerifying VLAN Information VLAN configurations can be validated using the Cisco IOS show vlan and show interfacescommand options. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential19
VLAN TrunksConfiguring IEEE 802.1q Trunk LinksNative VLANVLAN 99172.17.99.0/24 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential20
VLAN TrunksResetting the Trunk to Default StateF0/1 isconfiguredas anaccessport whichremovesthe trunkfeature. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential21
VLAN TrunksVerifying Trunk Configuration 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential22
Troubleshoot VLANs and TrunksIP Addressing Issues with VLANs Common practice to associate aVLAN with an IP network. Different IP networks mustcommunicate through a router. All devices within a VLAN must bepart of the same IP network tocommunicate. In the figure, PC1 cannotcommunicate to the server because ithas a wrong IP address configured. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential23
Troubleshoot VLANs and TrunksMissing VLANs If all the IP address mismatches have been solved, but the device still cannot connect, check if theVLAN exists in the switch.If the VLAN to which the port belongs isdeleted, the port becomes inactive and isunable to communicate with the rest of thenetwork. It is not functional until the missing VLAN iscreated or the VLAN is removed from the port. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential24
Troubleshoot VLANs and TrunksIntroduction to Troubleshooting TrunksIn this example, the Native VLAN should be VLAN 99however, the output of the command identifies VLAN 2 asthe Native VLAN. To solve this problem, configure the same native VLAN onboth sides. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential25
Troubleshoot VLANs and TrunksCommon Problems with Trunks Trunking issues are usually associated with incorrect configurations. The most common type of trunk configuration errors are: When a trunk problem is suspected, it is recommended to troubleshoot in the order shown above. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential26
Troubleshoot VLANs and TrunksIncorrect Port Mode In this example, PC4 cannot reach the Web server. The trunk links on S1 and S3 are verified and reveal that theS3 trunk port has been configured as an access port.To resolve the issue, the S3 F03 portis configured as a trunk link. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential27
Troubleshoot VLANs and TrunksIncorrect VLAN List In this example, PC5 cannot reach the Student Email server. The output of the switchport trunk allowed vlan command reveals S1 is not allowing VLAN 20.To resolve the issue, the S1 F0/1 port isconfigured to allow VLANs 10, 20, and 99. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential28
6.3 Inter-VLAN Routing Using Routers 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential29
Inter-VLAN Routing OperationWhat is Inter-VLAN Routing? Layer 2 switches cannot forward traffic between VLANs without the assistance of a router. Inter-VLAN routing is a process for forwarding network traffic from one VLAN to another, using arouter. There are three options for inter-VLAN routing: Legacy inter-VLAN routing Router-on-a-Stick Layer 3 switching using SVIs 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential30
Inter-VLAN Routing OperationLegacy Inter-VLAN Routing In the past: Router interfaces were used to routebetween VLANs.In this example, the router was configured with two separatephysical interfaces to interact with the different VLANs and performthe routing. Each VLAN was connected to a differentphysical router interface. Packets would arrive on the router throughone interface, be routed and leave throughanother. Because the router interfaces wereconnected to VLANs and had IPaddresses from that specific VLAN,routing between VLANs was achieved. Large networks with large number ofVLANs required many router interfaces. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential31
Inter-VLAN Routing OperationRouter-on-a-Stick Inter-VLAN Routing The router-on-a-stick approach uses onlyone of the router’s physical interface. One of the router’s physical interfaces isconfigured as a 802.1Q trunk port so it canunderstand VLAN tags.In this example, the R1 interface is configured as a trunk link andconnects to the trunk F0/4 port on S1. Router accepts VLAN-tagged traffic on the trunk interface Router internally routes between the VLANs using subinterfaces. Router then forwards the routed traffic as VLAN-tagged for thedestination VLAN out the trunk link. Logical subinterfaces are created; onesubinterface per VLAN. Each subinterface is configured with an IPaddress from the VLAN it represents. VLAN members (hosts) are configured touse the subinterface address as a defaultgateway. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential32
Configure Legacy Inter-VLAN RoutingConfigure Legacy Inter-VLAN Routing: Preparation Legacy inter-VLAN routing requires routersto have multiple physical interfaces. Each one of the router’s physical interfacesis connected to a unique VLAN. Each interface is also configured with an IPaddress for the subnet associated with theparticular VLAN. Network devices use the router as agateway to access the devices connectedto the other VLANs. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential33
Configure Legacy Inter-VLAN RoutingConfigure Legacy Inter-VLAN Routing: Switch Configuration Configure the VLANs on the switch and thenassign the ports to their respective VLANs. In this example, the S1 ports are configured asfollows: Ports F0/4 and F0/11 of S1 are on VLAN 10 Ports F0/5 and F0/16 ports are on VLAN 30. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential34
Configure Legacy Inter-VLAN RoutingConfigure Legacy Inter-VLAN Routing: Router Interface Configuration Next configure the router interfaces. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential35
Configure Router-on-a-Stick Inter-VLAN RoutingConfigure Router-on-a Stick: Preparation An alternative to legacy inter-VLAN routing isto use VLAN trunking and subinterfaces. VLAN trunking allows a single physical routerinterface to route traffic for multiple VLANs. The physical interface of the router must beconnected to a trunk link on the adjacentswitch. On the router, subinterfaces are created foreach unique VLAN. Each subinterface is assigned an IP addressspecific to its subnet or VLAN and is alsoconfigured to tag frames for that VLAN. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential36
Configure Router-on-a-Stick Inter-VLAN RoutingConfigure Router-on-a Stick: Switch Configuration To enable inter-VLAN routingusing router-on-a stick, startby enabling trunking on theswitch port that is connectedto the router. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential37
Configure Router-on-a-Stick Inter-VLAN RoutingConfigure Router-on-a Stick: Router Subinterface Configuration The router-on-a-stick method requiressubinterfaces to be configured for eachroutable VLAN. The subinterfaces must be configured tosupport VLANs using the encapsulationdot1Q VLAN-ID interface configurationcommand. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential38
Configure Router-on-a-Stick Inter-VLAN RoutingConfigure Router-on-a Stick: Verifying Subinterfaces By default, Cisco routers are configured to route traffic between local subinterfaces. As a result, routing does not specifically need to be enabled. Use the show vlan and show ip route commands to verify the subinterface configurations.The show vlan command displays information about theCisco IOS VLAN subinterfaces.The show ip route command displays the routing table containingthe networks associated with outgoing subinterfaces. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential39
Configure Router-on-a-Stick Inter-VLAN RoutingConfigure Router-on-a Stick: Verifying Routing Remote VLAN device connectivity can be testedusing the ping command. The command sends an ICMP echo request andwhen a host receives an ICMP echo request, itresponds with an ICMP echo reply. Tracert is a useful utility for confirming the routedpath taken between two devices. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential40
6.4 Chapter Summary 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential41
ConclusionPacket Tracer - Skills Integration Challenge 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential42
ConclusionChapter 6: VLANs Explain how VLANs segment broadcast domains in a small to medium-sized business network. Implement VLANs to segment a small to medium-sized business network. Configure routing between VLANs in a small to medium-sized business network. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential43
Inter-VLAN routing is a process for forwarding network traffic from one VLAN to another, using a router. There are three options for inter-VLAN routing: Legacy inter-VLAN routing Router-on-a-Stick Layer 3 switching using SVIs Inter-VLAN
Part One: Heir of Ash Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Chapter 26 Chapter 27 Chapter 28 Chapter 29 Chapter 30 .
TO KILL A MOCKINGBIRD. Contents Dedication Epigraph Part One Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Part Two Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18. Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Chapter 26
DEDICATION PART ONE Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 PART TWO Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 .
VLANs “VLANs” on page 13 configures Virtual Local Area Networks (VLANs) for the various ports. System Settings “System Settings” on page 15 configures system settings and services. Tools “Tools” on page 21 offers the MAC forwarding table and
About the husband’s secret. Dedication Epigraph Pandora Monday Chapter One Chapter Two Chapter Three Chapter Four Chapter Five Tuesday Chapter Six Chapter Seven. Chapter Eight Chapter Nine Chapter Ten Chapter Eleven Chapter Twelve Chapter Thirteen Chapter Fourteen Chapter Fifteen Chapter Sixteen Chapter Seventeen Chapter Eighteen
18.4 35 18.5 35 I Solutions to Applying the Concepts Questions II Answers to End-of-chapter Conceptual Questions Chapter 1 37 Chapter 2 38 Chapter 3 39 Chapter 4 40 Chapter 5 43 Chapter 6 45 Chapter 7 46 Chapter 8 47 Chapter 9 50 Chapter 10 52 Chapter 11 55 Chapter 12 56 Chapter 13 57 Chapter 14 61 Chapter 15 62 Chapter 16 63 Chapter 17 65 .
HUNTER. Special thanks to Kate Cary. Contents Cover Title Page Prologue Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter
Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 . Within was a room as familiar to her as her home back in Oparium. A large desk was situated i
