Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
|
A LAN includes all devices in the same broadcast domain.
|
a broadcast sent by one host in a VLAN will be received and processed by all the other hosts
|
|
|
Without VLANs, a switch considers all its interfaces to be in the same broadcast domain
|
These are just a few reasons for
separating hosts into different VLANs. Tocreate more flexible designs that group users by department, or by groups that work together, instead of by physical location ■ Tosegment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN ■ To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch ■ Toenforce better security by keeping hosts that work with sensitive data on a separate VLAN ■ Toseparate traffic sent by an IP phone from traffic sent by PCs connected to the phones |
|
|
VLAN tagging, by which the sending switch adds
another header to the frame before sending it over the trunk. This extra VLAN header includes a VLAN identifier (VLAN ID) field so that the sending switch can list the VLAN ID and the receiving switch can then know in what VLAN each frame belongs. |
Cisco switches support two different trunking protocols: Inter-Switch Link (ISL) and IEEE
802.1Q |
|
|
Cisco created ISL many years before the IEEE created the 802.1Q
ISL is Cisco proprietary |
ISL fully encapsulates each original Ethernet
frame in an ISL header and trailer. The original Ethernet frame inside the ISL header and trailer remains unchanged. |
|
|
Also, the source and destination addresses
in the ISL header use MAC addresses of the sending and receiving switch, as opposed to the devices that actually sent the original frame |
802.1Q inserts an extra 4-byte VLAN header into the original frame’s
Ethernet header |
|
|
unlike ISL, the frame still has the same original source and
destination MAC addresses |
because the original header has been expanded, 802.1Q
encapsulation forces a recalculation of the original frame check sequence (FCS) field |
|
|
Both trunking protocols support the same number of VLANs, specifically 4094 VLANs.
Both protocols use 12 bits of the VLAN header to number VLANs, supporting 212, or 4096, VLAN IDs, minus two reserved values (0 and 4095). |
ISL and 802.1Q both support a separate instance of Spanning Tree Protocol (STP) for each
VLAN |
|
|
802.1Q Header
|
DestAdd|SourAdd|Tag(new)|Len.Type|Data|FCS
Tag = Type(16b)|Pri(3b)|Flag(1b)|VlanID(12B) |
|
|
comparisons between 802.1Q and VSL:
Inserts another 4-byte header instead of completely encapsulating the original frame |
ISL: NO
802.1Q: Yes |
|
|
comparisons between 802.1Q and VSL:
Supports normal range (1-1005) and extended range (1006-4094) VLANS |
ISL: Yes
802.1Q: Yes |
|
|
comparisons between 802.1Q and VSL:
Allows multiple spanning trees |
ISL: Yes
802.1Q: Yes |
|
|
comparisons between 802.1Q and ISL:
Uses a native VLAN: |
ISL: No
802.1Q: Yes |
|
|
VTP Synchronization
(configuration revision numbers and the VTP update process) |
1. Configures a new VLAN from a CLI of a VTP server
2. VTP server updates its VLAN db revision number +1 3. The server sends VTP update messages out its trunk interfaces stating new revision number 4. The VTP client switches notice that the update list a higher revision number 5. The two client switches update there VLAN db based on the servers VTP updates. |
|
|
3 requirements for VTP to work between 2 switches
|
1. The link between the switches must be operating as a VLAN trunk.
2. The two switches case sensitive VTP domain name must match. 3. If configured on at least one of the switches the two swithces case sensitive VTP passwords must math. |
|
|
VTP features summery:
Only sends VTP messages out ISL or 802.1Q trunks |
Server: Yes
Client: Yes Transparent: Yes |
|
|
VTP features summery:
Supports CLI configuration of VLANS |
Server: Yes
Client: No Transparent: Yes |
|
|
VTP features summery:
Can use normal range VLANS (1-1005) |
Server: Yes
Client: Yes Transparent: Yes |
|
|
VTP features summery:
Can use extended range Vlans (1006-4095) |
Server: No
Client: No Transparent: Yes |
|
|
VTP features summery:
Synchronizes its own config database when recieving VTP messages with a higher revision number |
Server: Yes
Client: Yes Transparent: Yes |
|
|
VTP features summery:
Creates and sends preiodic VTP updates every 5 minutes |
Server: Yes
Client: Yes Transparent: No |
|
|
VTP features summery:
Does not process recieved VTP updates, but does forward recieved VTP updates out other trunks |
Server: No
Client: No Transparent: Yes |
|
|
VTP features summery:
Places the VLAN ID, VLAN name and VTP configuration into the Running-config file |
Server: No
Client: No Transparent: Yes |
|
|
VTP features summery:
Places the VLAN ID, VLAN name and VTP configuration into the vlan.dat file in flash |
Server: Yes
Client: Yes Transparent: Yes |
|
|
Default VTP and VLAN config
|
1. VTP server mode
2. No VTP domain name 3. VLAN1, VLans 1002-1005 are automatically configured (cannot be deleted) 4. All access interfaces are assigned to VLAN1 |
|
|
Options of the Switchport Mode command
|
Access, trunk, dynamic desirable, dynamic auto
|
|
|
Expected trunking operational mode based on configured administrative modes.
Access: |
Access: Access
Dynamic Auto: Access Trunk: Access Dynamic Desireable: Access |
|
|
Expected trunking operational mode based on configured administrative modes.
Dynamic Auto: |
Access: Access
Dynamic Auto: Access Trunk: Trunk Dynamic Desirable: Trunk |
|
|
Expected trunking operational mode based on configured administrative modes.
Trunk: |
Access: Access
Dynamic Auto: Trunk Trunk: Trunk Dynamic Desireable: Trunk |
|
|
Expected trunking operational mode based on configured administrative modes.
Dynamic Desireable |
Access: Access
Dynamic Auto: Trunk Trunk: Trunk Dynamic Desireable: Trunk |
|
|
4 reasons why a trunk doesn't pass traffic for a vlan:
|
1. A VLAN has been removed from the trunks allowed VLAN list
2. A VlAN does not exist, or is not active, in the switches VLAN database. 3. A VLAN has been automaticaly pruned by VTP 4. A VLAN's STP instance has placed the trunk interface into a state other than a forwarding state. |
|
|
Recomendations on how to protect unused switch ports
|
1. Administratively disable the unused interface, using the shutdown interface subcommand
2. Prevent trunking from being negotiated when the port is enabled by using the switchport nonegotiate interface subcommand to disable negotiation, or the switchport mode access interface subcommand to statically configure the interface as an access interface. 3. Assign the port to an unused VLAN, sometimes called a parking lot VLAN using the switchport access vlan number interface subcommand. |
|
|
Vlan configuration checklist:
Step1: |
Configure the VTP mode using the vtp mode {server|client} global configuration command
|
|
|
Vlan configuration checklist
Step 2: |
Configure the VTP (case-sensitive) domain name using the vtp domain domain-name global configuration command
|
|
|
Vlan configuration checklist
Step 3. |
(optional) On both clients and servers, configure the same case-sensitive password using the vtp password password-value global configuration command
|
|
|
Vlan configuration checklist
Step 4 |
(optional) Configure VTP pruning on the VTP servers using the vtp pruning global configuration command
|
|
|
Vlan configuration checklist
Step 5 |
(optional) Enable VTP version 2 global configuration command
|
|
|
VTP configuration checklist
Step 6: |
Bring up trunks between switches
|
|
|
Configuration command:
vtp domain |
Stored: vlan.dat
view: show vtp status |
|
|
configuration command:
vtp mode |
stored: vlan.dat
view: show vtp status |
|
|
configuration command:
vtp password |
stored: vlan.dat
view: show vtp password |
|
|
configuration command:
vtp pruning |
stored: vlan.dat
view: show vtp status |
|
|
configuration command:
vlan vlan-id |
stored: vlan.dat
view: show vlan [brief] |
|
|
configuration command:
name vlan-name |
stored: vlan.dat
view: show vlan[brief] |
|
|
configuration command:
switchport access vlan vlan-id |
stored: running-config
view: show running-config, show interfaces switchport |
|
|
configuration command:
switchport voice vlan vlan-id |
stored: running-config
view: show running-config, show interfaces switchport |
