Chapter3 VLANS
By creating a VLAN, you can specify a smaller broadcast domain to specify the switch port for different subnets in the switch. In this chapter, you will learn the following:
l What is VLAN?
l How to set up VLAN on CLI and iOS switches
l VLAN TRUNK and VTP settings
Trunk allows you to deliver multiple VLANs on a link
VTP sends VLAN settings information between switches
l Frame Tagging and Identification Method
Identification mechanisms are packaged in the frame and insert a new field in the frame to sign yourself in the exchange interconnection structure.
Use VLAN meaning:
The VLAN can isolate the broadcast domain at the second layer. Different VLANs can communicate with each other using routers, third floors, and RSM. The second layer network is a flat network. Because there is only one broadcast domain, it is called a flat network. In the flat network, the only security policy is a password. All users can see all machines. As a manager, you must ensure that the network is correctly segmented, ensuring that the problem is not spreading to other parts on a segment. The most effective way is routing and exchange.
Traditional network - the physically lan connected to the router
Each node attached to a particular physical network must match the network number before you can communicate in the Internet.
Look at how the switch removes the physical boundary.
The switch defines the network VLAN and VLAN port assignments.
Define the VLAN border:
When building a switching block, there are two ways to define a VLAN boundary.
L-terminal-end VLAN
The end-end VLAN extension the switch structure from one end to the other end, and the end-end switch understands all set VLANs. End-end VLANs are set to allow members such as functionality, engineering, and departments. The biggest advantage of end-end VLAN is whether the user is allowed to put the user in the VLAN regardless of the physical location of the user. When the user moves, the administrator defines their new port as an existing VLAN member. Follow 80/20 rules. 80% of traffic is in local VLAN, 20% flow extends to VLAN.
l Local VLAN
Press the physical location, rather than the LATER-end VLAN according to function, engineering, department, etc. Local VLANs apply in centralized host blocks. Reflect 20/80 rules. Use the third layer of equipment.
Vlan member
When VLAN is created, you need to specify the switch port. There are two VLAN port setting methods, static VLANs and dynamic VLANs. The static VLAN is less work, but the administrator maintains more difficult. Dynamic VLAN is more working in the initial work, but it is easy to maintain.
l static VLAN
Specifies the switch port to the VLAN. This is a typical way to create a VLAN. You can use the network management software to set the port but not mandatory.
l Dynamic VLAN
If the administrator does prepare before setting, specify the hardware address of all devices in the database, and the host in the network can dynamically assign VLAN. With intelligent management software, you can set up dynamic VLANs based on MAC addresses, protocols, and even applications. If a node is attached to a switch port without a specified switch, the VLAN's management database can find the hardware address, assign the switch port to the correct VLAN.
Set static VLAN
l 5000 series
Set VLAN
Todd5000> (enable) Set VLAN 2 Name Sales
Specify port for each VLAN
Todd5000> (Enable) SET VLAN 2 2 / 1-2
VLAN is not used if it is not mapped to the port.
l 1900 series
1900n (config) #VLAN 2 Name Sales
You can use the show VLAN to view VLAN information. Use VLAN-MemberShip to set each port to the VLAN. In the 1900 Series, only one port is set.
1900n # config t
ENTER Configuration Commands, One Per line. End with cntl / z1900n (config) #int E0 / 2
1900EN (config-if) # VLAN-MEMBERSHIP?
Dynamic Set VLAN Membership Type As Dynamic
Static Set VLAN Membership Type As Static
1900EN (config-if) # VLAN-MEMBERSHIP STATIC?
<1-1005> ISL VLAN INDEX
1900EN (config-if) # vlan-membership static 2
1900EN (config-if) #int E0 / 4
1900EN (config-if) # vlan-membership static 3
1900EN (config-if) #int E0 / 5
1900EN (config-if) # vlan-membership static 4
1900n (config-if) #exit
1900n (config) #Exit
Sign VLAN
VLANs can extend to multiple connections, Cisco called switch structures. The switch uses a frame tag to send the frame to the appropriate port. There are two different connections in the exchange environment.
l Accessing link
Connect a VLAN. Any device connected to the link does not know other VLAN members. The switch shifts any VLAN information from the frame before transmitting data to an access link device. Access Link devices cannot communicate with devices other than their VLAN unless used.
l Relay link
The relay can carry multiple VLANs. The relay link is used to connect the switch to the switch to the router or even the host. In order to identify which VLAN belongs to, Cisco supports two different identification technologies, ISL, and 802.1q. There is still a local VLAN in the relay link, which is used after the relay link is broken.
Frame mark
The frame labeled assigns a user-defined unique ID to each frame transmitted on the relay link, which may be a VLAN number or color. When each switch on the relay link is subject to the frame, check his frame sign number to determine which VLAN is the frame. If the frame must be sent to another relay link, the VLAN identifier remains in the frame. If it is sent to a access link, the switch deletes the VLAN identifier before the frame is sent to the device.
VLAN identification method
Multiple relay methods:
l isl
It is used to relay the server in the switch port, router interface, and server network card. If you want to create multiple VLANs, don't want to destroy 80/20 rules
