SlideShare una empresa de Scribd logo

Virtual Local Area Network

Descargar como PPTX, PDF
A
Atakan ATAK

The document discusses virtual local area networks (VLANs) and provides instructions for configuring VLANs and inter-VLAN routing on a switch and router. It defines VLANs, their benefits, types of VLANs including data, default, native and management VLANs. It also covers trunking, 802.1Q tagging, dynamic trunking protocol (DTP), VLAN trunking protocol (VTP) and configuring inter-VLAN routing using a router on a stick. Basic configurations and verification steps are provided for hands-on lab applications to create VLANs, assign ports, enable trunking and test inter-VLAN routing.

Tecnología
1 de 67
By: Atakan ATAK Network Engineer atakannatak@hotmail.co m July 30, 2017
Outline  Introduction  Virtual Local Area Network Benefits  Types of Virtual Local Area Network  Trunk and 802.1Q Tagged  Dynamic Trunking Protocol(DTP)  VLAN Trunking Protocol(VTP)  InterVLAN Routing  Troubleshooting  Secure of Virtual Local Area Network  Virtual Local Area Network Design Guidelines  Source
Collision and Broadcast Domain A collision domain is simply defined as any physical segment where a collision can occur. Hubs can only operate at half-duplex, and thus all ports on a hub belong to the same collision domain. Layer-2 switches can operate at full duplex. Each individual port on a switch belongs to its own collision domain. Thus, Layer-2 switches create more collision domains, which results in fewer collisions. Like hubs though, Layer-2 switches belong to only one broadcast domain. A Layer-2 switch will forward both broadcasts and multicasts out every port but the originating port. Only Layer-3 devices separate broadcast domains. Because of this, Layer-2 switches are poorly suited for large, scalable networks. The Layer-2 header provides no mechanism to differentiate one network from another, only one host from another. 1.Introduction
Collision and Broadcast Domain Example 2 Broadcast Domain 9 Collision Domain
What is Virtual Local Area Network? A VLAN is a logical, software-defined subnetwork. It allows similar devices on the network to be grouped together into one broadcast domain, irrespective of their physical position in the network. Multiple VLANs can be used to group workstations, servers, and other network equipment connected to the switch, according to similar data and security requirements. Also:  Broadcast packets sent by one of the workstations will reach all the others in the VLAN and will not reach any workstations that are not in the VLAN.  The workstations can all communicate with each other without needing to go through a gateway.  The workstations can communicate with each other using non-routable protocols.
The Purpose of Virtual Local Area Network The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. To understand this problem, we should look briefly at how LANs have evolved over the years to different goals. The structure used initially was very simple, all the workstations were connected to a single piece of coaxial cable, or to hubs. In this case, the package that any network device put on the internet allows all other devices in the LAN to see and send. As the capacities of the workstations in the LAN grew, this led to some drawbacks. For example; there were just too many collisions, because most of the time when a workstation tried to send a packet, it would find that the wire was already occupied by a packet sent by some other device.
2.Virtual Local Area Network Benefits  Advanced security -- since isolation is provided within the network, everyone just gets the data they need.  Cost reduction -- uses existing bandwidths more effectively  Better performance -- since more than one general broadcast field is created, traffic load on the network will be reduced  Shrink broadcast domains -- reduce the number of network devices in the public broadcast  Improved IT staff efficiency -- simplifies network management because users with similar network requirements are on the same VLAN  Simpler project and application management -- create according to needs IT Department VLAN 100 IT Department VLAN 100 IT Department VLAN 100 Employee Department VLAN 200 Employee Department VLAN 200 Employee Department VLAN 200
3.Types of Virtual Network Local Area Data VLAN  The data VLAN is the VLAN that is configured to carry user-originated traffic.  Data VLANs are used to divide the network into user or device groups.  VLANs carrying voice or management traffic are not part of the data VLAN. Default VLAN  All switch ports become part of the default VLAN after the initial preload of the switch that loads the default configuration.  The switch ports participating in the default VLAN are part of the same global broadcast domain. This allows each device connected to any switch port to communicate with devices on other switch ports.
Native VLAN  The 802.1Q trunk port is assigned a native VLAN. Trunk ports are connections between switches that support the transmission of traffic associated with multiple VLANs.  The 802.1Q trunk port supports tagged traffic as well as untagged traffic. The 802.1Q trunk port places untagged traffic in the native VLAN. Management VLAN  VLAN is any VLAN configured to access the management capabilities of the switch.
4.Trunk and 802.1Q VLAN Trunk  It is a point-to-point link that has multiple VLANs between two network devices. VLAN trunk extends VLANs across the entire network.  VLAN trunks allow all VLAN traffic to propagate among switches; So that devices in the same VLAN but connected to different switches can communicate without the intervention of the router.  VLAN trunk does not belong to a specific VLAN.
Tagging Ethernet Frame Destination MAC Source MAC Type/Length Data FCS Destination MAC Source MAC TAG Type/Length Data FCS Ethernet Type (0x8100) Priority CFI VLAN Identifier Ethernet Frame 802.1Q Frame 2 Bytes 3 Bits 1 Bit 12 Bits
Tagging Ethernet Frame(cont.)  It is used to properly transmit multiple VLAN frames through a trunk link.  Switches tag frames to identify the VLAN to that they belong.  Switches add VLAN tags to the frames before placing them into link and remove the tags before forwarding frames through nontrunk ports.  When properly tagged, the frames can transverse any number of switches via trunk links and still be forwarded within the correct VLAN at destination.
Native VLANs and 802.1Q Trunking  Frames that belong to the Native VLAN are not tagged.  Frames received untagged remain untagged and are placed in the Native VLAN when forwarded.  If there are no ports associated to the Native VLAN and no other trunk links, an untagged frame is dropped.  For example; when you configure an 802.1Q trunk port, a default port VLAN ID is assigned the value of the Native VLAN ID. If VLAN 33 is configured as the Native VLAN, the PVID is 33 and all untagged traffic is forward to VLAN 33.
Application 1 Basic Lab Application Lab Task:  Perform basic configuration tasks on a switch  Create VLANs  Assign switch ports to a VLAN  Add, move, and change ports  Verify VLAN configuration  Enable trunking on inter-switch connections  Verify trunk configuration
Topology
The essential commands for device configuration are listed below: 1.Perform Basic Switch Configurations: Switch(config)# hostname S1 S1(config)# no ip domain-lookup S1(config)# enable secret class S1(config)# line console 0 S1(config-line)# password cisco S1(config-line)# exit S1(config)# line vty 0 16 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# exit S1(config)# interface range FastEthernet 0/6, FastEthernet 0/11, FastEthernet 0/18 S1(config-if-range)# switchport mode access S1(config-if-range)# no shutdown
The settings that need to be done on computers are quite simple. A step by step illustration of the realization of these settings is below: 2.Configure the PCs: We choose the first option from this menu. Ip configuration is done as shown. The default gateway information has not been filled in because it is not required.
Below are the steps for creating a VLAN and adding interfaces in VLANs. Shares have been made so that we can check the vlan settings with different show commands. 3.Configure VLAN:
A management VLAN is any VLAN that you configure to access the management capabilities of a switch. VLAN 1 serves as the management VLAN if you did not specifically define another VLAN. You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP. From interface configuration mode, use the ip address command to assign the management IP address to the switches. 3.Configure VLAN(cont.):
Trunks are connections between the switches that allow the switches to exchange information for all VLANS. By default, a trunk port belongs to all VLANs, as opposed to an access port, which can only belong to a single VLAN. A native VLAN is assigned to an 802.1Q trunk port. In the topology, the native VLAN is VLAN 99. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN. One of the IEEE 802.1Q specifications for Native VLANs is to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. For the purposes of this lab, a native VLAN serves as a common identifier on opposing ends of a trunk link. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN. Use the interface range command in global configuration mode to simplify configuring trunking. 4.Configure Trunking and Native VLAN:
Verify that the trunks have been configured with the show interface trunk command. From S1, ping the management address on both S2 and S3. 4. Configure Trunking and Native VLAN (cont.): 5.Verify switches:
5.Dynamic Trunking Protocol(DTP)  The trunk agreement is governed by DTP, which simply acts as a point-to-point across network devices.  It's a Cisco proprietary protocol. The switches of the other providers do not support DTP.  The DTP manages the trunk agreement only if the neighboring port is configured in trunk mode that supports DTP.  Switch ports can be manually configured to form trunks.  DTP manages trunk negotiation. Dynamic Auto Dynamic Desirable Trunk Access Dynamic Auto Access Trunk Trunk Access Dynamic Desirable Trunk Trunk Trunk Access Trunk Trunk Trunk TRUNK Limited Connectivity Access Access Access Limited Connectivity ACCESS
6.VLAN Trunking Protocol(VTP) With trunk ports in networks with a large number of switchers, it allows VLANs to be carried to other switches. Various permissions are granted to the VTP network manager on VLANs, adding, deleting, changing the name such as and because of VTP, the new information is communicated to the other switchers on the network. With VTP, centralized management can be achieved in networks with more than one switch. It eliminates the need to individually configure all the switches and prevent them from errors that may occur during configuration. Modifications are made on a single switch and changes made to other switches through trunk ports are taught with VTP. When VLANs are wanted to be taught with VTP, a VTP domain is created in network. Switches in the same area are in VTP packet exchange and switches with the same VTP domain name are in the same domain.
 Modes that have the ability to make all changes on VLANs, send change information, get information, update them.  At least a VTP server mode switch is needed in VTP domain area.  Any changes made in this mode are announced to that VTP domain and other switches in the domain are taught.  Configurations are stored on NVRAM.  VTP is the switch mode that can receive information from servers, update it and send the information it receives. They can not make any changes to VLANs.  The configuration is temporary, not stored on NVRAM. Modes of VTP Server Client
 The switch working in this mode is actually like a server.  The changes made here can not be transferred to the other switches.  Does not use the information it receives over trunk ports, it does not update its own VLAN database with this information.  Configurations are stored on NVRAM. Modes of VTP Transparent
 When a change is made on VLANs within the network, the switch in server mode increments the revision number one. Changed revision number of the switch sends the VTP notification to the other switches in the same domain.  If the revision number in the notification received is larger than its revision number, the VLAN information is updated according to the notification.  There are a number of ways that can be done to reset the revision number of a switch with a configuration on it. Configuration Revision Number 1. Change the VTP domain name 2. Delete the vlan.dat file held in Flash 3. Get VTP in transparent mode
 There are 3 types of notifications:  If pruning is enabled on a domain, a switcher that is not an active port of a VLAN will not broadcast traffic related to that VLAN Advertisements 1. Summary: It contains information such as the VTP domain name, the current revision number, and other VTP configuration details. Every 5 minutes sent for a neighbors server or switch running in client mode with the VTP feature is 2. Subset: Contains VLAN information. The modified switch sends the other switches in the same domain immediately after the change is made. 3. Request: VTP domain name change, taking a summary advertisement higher than its revision number, no subset advertisement message due to any reason and switcher is switched on and off the switcher in the switcher domain is in the request notification. A request advertisement receives a subset of advertisements first, followed by a subset of advertisements. Puring
7.InterVLAN Routing  InterVLAN routing is the process of forwarding network traffic from one VLAN to another VLAN using a router.  • Traditionally, LAN routing has used routers with multiple physical interfaces.  Each interface needed to be connected to a separate network, configured for a different subnet.  Each router interface is connected to a switch port, associated with a specific VLAN.  The router can accept traffic from the VLAN associated with the switch interface it is connected to, and route the traffic to other VLANs Fa 0/0 Fa 0/1 Fa 0/1 Fa 0/2 Fa 0/3 Fa 0/4 172.17.40.21 172.17.20.31 VLAN 10 VLAN 10 VLAN 20 VLAN 20
 A type of router configuration in which a single router interface routes traffic between multiple VLANs.  The connection between the switch and the router is a single trunk link.  The router accept VLAN tagged traffic on the trunk interface.  Route traffic between the different VLANs.  The physical interface is divided into multiple subinterfaces.  Each subinterface is associated with one VLAN and one IP subnet.  By configuring IP addresses on the interfaces, the router can be used as a gateway to access devices connected to the other VLANs. Router on a Stick VLAN 40 VLAN 10 VLAN 20 VLAN 30 Fast Ethernet 0/0.10 192.168.10.1 Fast Ethernet 0/0.20 192.168.20.1 Fast Ethernet 0/0.30 192.168.30.1 Fast Ethernet 0/0.40 192.168.40.1
Application 2 Basic Lab Application Lab Task:  Create a basic switch configuration and verify it.  Create multiple VLANs, name them and assign multiple member ports to them.  Create a basic configuration on a router  Create an 802.1q trunk line between the switch and router to allow communication between VLANs .  Test the routing functionality Fa 0/4 Fa 0/1 Fa 0/8 PC-1 VLAN 10 - ADMIN 192.168.5.2 /24 PC-2 VLAN 20 - SALES 192.168.7.2 /24 VLAN 1-- NATIVE 10-- ADMIN 20-- SALES PORT Fa0/1-3 Fa0/4-7 Fa0/8-13 192.168.1.2/24 VLAN 1 IP ADDRESS
Configure the hostname, access, and command mode passwords, as well as the management LAN settings. Switch(config)# hostname Atakan Atakan(config)# enable secret cisco Atakan(config)# line console 0 Atakan(config-line)# password class Atakan(config-line)# exit Atakan(config)# line vty 0 16 Atakan(config-line)# password class Atakan(config-line)# login Atakan(config-line)# exit 1.Configure the switch:
Configure the hosts using the following information. To verify that the host and switch are correctly configured, ping the switch from the hosts or host from the another host. 2.Configure the hosts: 3.Verify Connectivity:  Ping operation failed. Some of the reasons: 1. The default gateways are not yet configured on the switch. 2. The relevant interfaces of the switch may be inactive.
Enter the following commands to create and name two VLANs: Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add: 4.Create two VLANs: 5.Assign ports to VLANs: Atakan(config)# vlan database Atakan(config-vlan)# vlan 10 name Admın Atakan(config-vlan)# vlan 20 name Sales Atakan(config-vlan)# exit Atakan(config)# interface range fastEthernet 0/4-7 Atakan(config-if)# switchport mode access Atakan(config-if)# switchport access vlan 10 Atakan(config-if)# exit Atakan(config)# interface range fastEthernet 0/8-13 Atakan(config-if)# switchport mode access Atakan(config-if)# switchport access vlan 20 Atakan(config-if)# exit
On Switch, type the command show vlan at the privileged EXEC prompt as follows: On Switch, type the following commands at the Fast Ethernet 0/1 interface command prompt. 6.Display the VLAN: 7.Create the trunk: Atakan(config)# interface fastEthernet 0/1 Atakan(config-if)# switchport mode trunk Atakan(config-if)# exit
Configure the router with the following data. Note that, in order to support trunking and inter-VLAN routing, the router must have a Fast Ethernet interface. Then configure the Fast Ethernet interface using the following commands: 8.Configure the Router: 1. Host name is R1 2. Console and VTY enable password are class 3. Enable secret password is cisco R1(config)# interface fastEthernet 0/0 R1(config-if)# no shutdown R1(config-if)# interface fastEthernet 0/0.1 R1(config-subif)# encapsulation dot1q 1 R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-if)# interface fastEthernet 0/0.2 R1(config-subif)# encapsulation dot1q 10 R1(config-subif)# ip address 192.168.5.1 255.255.255.0 R1(config-if)# interface fastEthernet 0/0.3 R1(config-subif)# encapsulation dot1q 20 R1(config-subif)# ip address 192.168.7.1 255.255.255.0 R1(config-subif)# end
On Router, type the command write memory at the privileged EXEC prompt as follows: Type show ip route at the privileged EXEC mode prompt. Ping from the host in Switch port 0/4 to the host in port 0/8. Ping from the host in Switch port 0/4 to the switch IP 192.168.1.2 . 9.Save the Router configuration: 10.Display the routing table: 11.Test the VLAN and the trunk:
Benefits of InterVLAN  Additional security and management is added.  Logical links converse physical ports.  Depending on the protocol, multimode configurations can be implemented.  Routers controll access to VLANs.  Up to 255 VLANs or more can be supported per router.
8.Troubleshooting IP Addressing Issues With VLAN  It is a common practice to associate a VLAN with an IP network.  Beacuse different IP networks only communicate through a router, all devices within a VLAN must be part of the same IP network to communicate.  Each VLAN should correspond to a unique IP subnet.  Two devices in the same VLAN can not communicate if they have different subnet addresses. This is a common problem and can be easily solved by determining the wrong configuration and replacing the subnet address with the correct one.
Missing VLANs  If all the IP addresses mismatches have been solved, but the device still cannot connect, check if the VLAN exists in the switch. show vlan show mac address-table show vlan show interfaces show interfaces switchport No connection among devices in same VLAN. Is port in correct VLAN? VLAN present in VLAN database? Verify connection among devices in same VLAN. Assign port to correct VLAN. Create VLAN in VLAN database. YES NO YES NO
Problem on Trunk show interfaces trunk show interfaces trunk Troubleshoot trunks. Native VLAN on local and peer ports match? Trunk mode on local and peer port compatible? Opretional trunk. Change native VLAN to match. Statically configure ports on both devices to trunk. YES NO YES NO
Problem on Trunk(cont.)  Trunking issues are usually associated with incorrect configurations.  The most common type of trunk configuration errors are:  If a trunk problem is detected, the best practice guidelines recommend to troubleshoot in the order shown above. 1. Native VLAN mismatches 2. Trunk mode mismatches 3. Allowed VLANs on trunks
Problem on Trunk(cont.)  Trunking problems are often associated with misconfigurations. The most common ones are: Trouble Result Example Incorrect native VLAN matches Constitutes a security risk Unintended consequences Incorrect trunk mode mappings Loss of network connection VLANs allowed in the trunk Causes no traffic to be sent over unexpected traffic or trunks A port vlan is defined as 100 other vlan 99. One port trunk mode is turned on and the other is configured as off. The list of allowed VLANs does not support the current VLAN trunking requirements.
Problem on Trunk(cont.)  If a port on trunk link is configured with a trunk mode that is incompatible with the neighboring trunk port, a trunk link fails to form between the two switches.  Use the show interfaces trunk command to check the status of the trunk ports on the switches.  To fix the problem, configure the interfaces with proper trunk modes. Dynamic Auto Dynamic Desirable Trunk Access Dynamic Auto Access Trunk Trunk Access Dynamic Desirable Trunk Trunk Trunk Access Trunk Trunk Trunk TRUNK Limited Connectivity Access Access Access Limited Connectivity ACCESS
Incorrect VLAN List  VLAN must be allowed in the trunk before their frames can be transmitted across the link.  Use the switchport trunk allowed vlan command to specify which VLANs are allowed in a trunk link.  Use te show interfaces trunk command to ensure the correct VLANs are permitted in a trunk.
9.Secure of Virtual Network Local Area  For example; VLAN hopping attack.  The default configuration of the switch port is dynamic auto.  By confuguring a host to act as a switch and form a trunk, an attacker could gain access to any VLAN in the network.  Because the attacker is now able to access other VLANs, this is called a VLAN hopping attack.  To prevent a basic switch spoofing attack, turn off trunking on all ports, expect the ones that specifially require trunking. Switch Spoofing Attack
 Takes advantage of the way that hardware on most switches de-encapsulation 802.1Q tags.  Most switches perform only one level of 802.1Q de-encapsulation allowing an attacker to embed a second, unauthorized attack header in the frame.  After removing the first legit 802.1Q header, the switch forwards the frame to the VLAN specified in the authorized 802.1Q header.  The best approach to mitigating double-tagging attacks is to ensure that the native VLAN of the trunk ports is different from the VLAN of any user ports. Double-Tagging Attack VLAN 10 PERSONE L VLAN 20 SERVER ATTACKE R I am switch, send me all traffic. TRUNK
Double-Tagging Attack(cont.) Attacker on VLAN 33, but puts a 66 tag in packet 1 The first switch strips off the first tag and does not retag it (native traffic is not retagged). It then forwards the packet to next switch.2 3 The second switch receives the packet, on the native VLAN 4 The second switch examines the packet, sees the VLAN 66 tag and forwards it accordingly. 66 802.1Q , Frame TRUNK (Native VLAN = 33) VICTIM (VLAN 66) Note: This attack works only if the trunk has the same native VLAN as the attacker.
 The Private VLAN Edge feature, also known as protected ports, ensures that there is no exchange of unicast, broadcast or multicast traffic between protected ports on the switch.  Local relavancy only.  A protected port only exchanges traffic with unprotected ports.  A protected port does not exchange traffic with another protected port. PVLAN Edge
The PVLAN Edge feature has the following characteristics:  A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port, except for control traffic. Data traffic cannot be forwarded between protected ports at Layer 2.  Forwarding behavior between a protected port and a nonprotected port proceeds as usual.  Protected ports must be manually configured. PVLAN Edge(cont.) Unprotected port Potected port Data traffic is not permitted. Potected port Data traffic is permitted.
10.Virtual Network Local Area Design Guidelines  Move all ports from VLAN 1 and assign them to a not in use VLAN.  Shutdown all unused switch ports.  Seperate management and user data traffic.  Change the management VLAN.  Ensure that only devices in the management VLAN can connect to the switches.  The switch should only accept SSH connections.  Disable autonegotiation on trunk ports.  Do not use the auto desirable switch port modes.
Application 3 Advance Lab Application  Create VLAN on Core SW1 and Core SW2.  Configure VTP Server and Trunk on Core SW1 and Core SW2.  VTP Client and Trunk port on all Access Switch. Assign port to VLAN.  Configure STP on Core SW1 and Core SW2.  Configure EtherChannel, HSRP and OSPF. 1. VLAN 10 --- F0/1 2. VLAN 20 --- F0/1 3. VLAN 30 --- F0/1 4. VLAN 40 --- F0/3-5
Topology
We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Core Switches with reference to the following figure: 1.Create VLAN on Core Switches:
We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Core Switches with reference to the following figure: 2.Configure VTP Server and Trunk on Core Switches: CoreSW1(config)# vtp mode server CoreSW1(config)# vtp domain cisco.com CoreSW1(config)# vtp version 2
Due to STP, all trunk ports in CoreSw1 switch are not active at the same time. Use the necessary commands on Core Switches with reference to the following figure: 2.Configure VTP Server and Trunk on Core Switches(cont.): CoreSW1(config)# interface range fastEthernet 0/21-24 CoreSW1(config-if-range)# switchport trunk encapsulation dot1q CoreSW1(config-if-range)# exit CoreSW1(config-if-range)# switchport mode trunk
We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Access Switches with reference to the following figure: 3.VTP Client and Trunk Port on All Access Switches: AccSW1(config)# vtp mode client AccSW1(config)# vtp version 2 AccSW4(config)# interface range fastEthernet 0/4-5 AccSW4(config-if-range)# switchport mode trunk AccSW4(config-if-range)# exit AccSW4(config)# interface fastEthernet 0/1 AccSW4(config-if)# switchport mode access AccSW4(config-if)# switchport Access vlan 30
Use the necessary commands on Core Switches with reference to the following figure: 4.Configure STP: CoreSW2(config)# spaning-tree vlan 30,40 root primary CoreSW1(config)# spaning-tree vlan 10,20 root primary If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show spaning-tree
We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 5.Configure EtherChannel: CoreSW1(config-if-range)# channel-group 1 mode on CoreSW1(config)# interface range fastEthernet 0/21-24 If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show etherchannel CoreSW2(config)# interface range fastEthernet 0/21-24 CoreSW2(config-if-range)# channel-group 1 mode on
We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 5.Configure EtherChannel(cont.): CoreSW1(config-if-range)# channel-group 1 mode on CoreSW1(config)# interface range fastEthernet 0/21-24 If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show etherchannel CoreSW2(config)# interface range fastEthernet 0/21-24 CoreSW2(config-if-range)# channel-group 1 mode on CoreSW2(config)# interface port-channel 1 CoreSW2(config-if)# switchport trunk encapsulation dot1q
We need a virtual IP address for this protocol to work. This protocol has been included to show the importance of redundancy in network design and how redundancy can be achieved. Since it is not included in the contents of this slide, only the simple commands and the necessary output of the show commands will be shared in this section. Vırtual IP Addresses for VLANs with reference to the following figure: 6.Configure HSRP: 1. VLAN 10 --- 192.168.10.254 2. VLAN 20 --- 192.168.20.254 3. VLAN 30 --- 192.168.30.254 4. VLAN 40 --- 192.168.40.254
We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 6.Configure HSRP(cont.):
IP assignment to all of the interfaces of the routers and switches as shown below. 6.Configure IP Address on Interfaces: CoreSW1(config-if)# no switchport CoreSW1(config)# interface fastEthernet 0/20 CoreSW1(config-if)# ip address 1.1.1.2 255.255.255.0 CoreSW1(config-if)# shutdown CoreSW1(config-if)# exit
IP assignment to all of the interfaces of the routers and switches as shown below. When single area OSPF configuration commands are applied, the VLANs will have connections to the remote server. Since the subject is outside the VLAN content, it will not be entered into the technical sections. 7.Configure OSPF:
IP assignment to all of the interfaces of the routers and switches as shown below. When single area OSPF configuration commands are applied, the VLANs will have connections to the remote server. Since the subject is outside the VLAN content, it will not be entered into the technical sections. 7.Configure OSPF(cont.):
You can use the following commands to display the running OSPF settings. 7.Configure OSPF(cont.):
Here we show some ping commands to show that the network is working correctly: 8.Verify Network: Web Server to Server3. PC2 to 5.5.5.0 Network PC1 to 6.6.6.0 Network PC2 to 5.5.5.0 Network
 Cisco Systems  Router Alley  9tut  İstanbul Techinally University  Networklessons  Packetlife 11.Source

Recomendados

Dynamic Routing Protocol OSPF
Dynamic Routing Protocol OSPFDynamic Routing Protocol OSPF
Dynamic Routing Protocol OSPF
Atakan ATAK
 
IP Addressing and Subnetting
IP Addressing and SubnettingIP Addressing and Subnetting
IP Addressing and Subnetting
Atakan ATAK
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2
VISHNU N
 
Networking basics
Networking basicsNetworking basics
Networking basics
Sridhar Baithi
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
Ameer Agel
 
CCNA ppt Day 3
CCNA ppt Day 3CCNA ppt Day 3
CCNA ppt Day 3
VISHNU N
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
VISHNU N
 
CCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick NotesCCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick Notes
Eng. Emad Al-Atoum
 

Recomendados

Dynamic Routing Protocol OSPF
Dynamic Routing Protocol OSPFDynamic Routing Protocol OSPF
Dynamic Routing Protocol OSPF
Atakan ATAK
 
IP Addressing and Subnetting
IP Addressing and SubnettingIP Addressing and Subnetting
IP Addressing and Subnetting
Atakan ATAK
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2
VISHNU N
 
Networking basics
Networking basicsNetworking basics
Networking basics
Sridhar Baithi
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
Ameer Agel
 
CCNA ppt Day 3
CCNA ppt Day 3CCNA ppt Day 3
CCNA ppt Day 3
VISHNU N
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
VISHNU N
 
CCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick NotesCCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick Notes
Eng. Emad Al-Atoum
 
Switching Types
Switching TypesSwitching Types
Switching Types
Kishore Kumar
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
ernestlithur
 
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
sushmil123
 
Chapter6ccna
Chapter6ccnaChapter6ccna
Chapter6ccna
ernestlithur
 
Rip ospf and bgp
Rip ospf and bgpRip ospf and bgp
Rip ospf and bgp
Abhishek Kesharwani
 
Lesson.7: Configuring IP Routing A
Lesson.7: Configuring IP Routing ALesson.7: Configuring IP Routing A
Lesson.7: Configuring IP Routing A
Mahmmoud Mahdi
 
Ospf
OspfOspf
Ospf
Alp isik
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF Fundamental
Reza Farahani
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
Respa Peter
 
Open Shortest Path First
Open Shortest Path FirstOpen Shortest Path First
Open Shortest Path First
Atakan ATAK
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocols
assinha
 
Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.
igede tirtanata
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
Ospf
OspfOspf
Ospf
Vishnu Vardhan
 
CCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPTCCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPT
Nishant Goel
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
sarasanandam
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 Questions
Eng. Emad Al-Atoum
 
network convergence problem and solutions
network convergence problem and solutionsnetwork convergence problem and solutions
network convergence problem and solutions
Siddhi Viradiya
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switch
ADDY50
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
sushmil123
 
Vlan
Vlan Vlan
Vlan
sanss40
 
Chapter 8 .vlan.pdf
Chapter 8 .vlan.pdfChapter 8 .vlan.pdf
Chapter 8 .vlan.pdf
manojkumar595505
 

Más contenido relacionado

La actualidad más candente

Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.
igede tirtanata
 

La actualidad más candente (20)

Switching Types
Switching TypesSwitching Types
Switching Types
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
 
Chapter6ccna
Chapter6ccnaChapter6ccna
Chapter6ccna
 
Rip ospf and bgp
Rip ospf and bgpRip ospf and bgp
Rip ospf and bgp
 
Lesson.7: Configuring IP Routing A
Lesson.7: Configuring IP Routing ALesson.7: Configuring IP Routing A
Lesson.7: Configuring IP Routing A
 
Ospf
OspfOspf
Ospf
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF Fundamental
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
 
Open Shortest Path First
Open Shortest Path FirstOpen Shortest Path First
Open Shortest Path First
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocols
 
Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Ospf
OspfOspf
Ospf
 
CCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPTCCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPT
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 Questions
 
network convergence problem and solutions
network convergence problem and solutionsnetwork convergence problem and solutions
network convergence problem and solutions
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switch
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
 

Similar a Virtual Local Area Network

Virtual local area network
Virtual local area networkVirtual local area network
Virtual local area network
Veena Rao
 
Ccna 3 v4.0 final-exam-17-07-2010
Ccna 3 v4.0 final-exam-17-07-2010Ccna 3 v4.0 final-exam-17-07-2010
Ccna 3 v4.0 final-exam-17-07-2010
irbas
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
irbas
 
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
Lecture_Network Design, InterVlan Routing and Trunking_.pptxLecture_Network Design, InterVlan Routing and Trunking_.pptx
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
SaqibAhmedKhan4
 

Similar a Virtual Local Area Network (20)

Vlan
Vlan Vlan
Vlan
 
Chapter 8 .vlan.pdf
Chapter 8 .vlan.pdfChapter 8 .vlan.pdf
Chapter 8 .vlan.pdf
 
Vlan Types
Vlan TypesVlan Types
Vlan Types
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
 
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdfW3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
 
Vlan final
Vlan finalVlan final
Vlan final
 
Virtual local area network
Virtual local area networkVirtual local area network
Virtual local area network
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
VLANs_Module_3.pptx
VLANs_Module_3.pptxVLANs_Module_3.pptx
VLANs_Module_3.pptx
 
Vlan configuration in medium sized network
Vlan configuration in medium sized networkVlan configuration in medium sized network
Vlan configuration in medium sized network
 
Ccna 3 v4.0 final-exam-17-07-2010
Ccna 3 v4.0 final-exam-17-07-2010Ccna 3 v4.0 final-exam-17-07-2010
Ccna 3 v4.0 final-exam-17-07-2010
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
 
Switching
SwitchingSwitching
Switching
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtp
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtp
 
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
Lecture_Network Design, InterVlan Routing and Trunking_.pptxLecture_Network Design, InterVlan Routing and Trunking_.pptx
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and Trunking
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Virtual Local Area Network

  • 2. Outline  Introduction  Virtual Local Area Network Benefits  Types of Virtual Local Area Network  Trunk and 802.1Q Tagged  Dynamic Trunking Protocol(DTP)  VLAN Trunking Protocol(VTP)  InterVLAN Routing  Troubleshooting  Secure of Virtual Local Area Network  Virtual Local Area Network Design Guidelines  Source
  • 3. Collision and Broadcast Domain A collision domain is simply defined as any physical segment where a collision can occur. Hubs can only operate at half-duplex, and thus all ports on a hub belong to the same collision domain. Layer-2 switches can operate at full duplex. Each individual port on a switch belongs to its own collision domain. Thus, Layer-2 switches create more collision domains, which results in fewer collisions. Like hubs though, Layer-2 switches belong to only one broadcast domain. A Layer-2 switch will forward both broadcasts and multicasts out every port but the originating port. Only Layer-3 devices separate broadcast domains. Because of this, Layer-2 switches are poorly suited for large, scalable networks. The Layer-2 header provides no mechanism to differentiate one network from another, only one host from another. 1.Introduction
  • 4. Collision and Broadcast Domain Example 2 Broadcast Domain 9 Collision Domain
  • 5. What is Virtual Local Area Network? A VLAN is a logical, software-defined subnetwork. It allows similar devices on the network to be grouped together into one broadcast domain, irrespective of their physical position in the network. Multiple VLANs can be used to group workstations, servers, and other network equipment connected to the switch, according to similar data and security requirements. Also:  Broadcast packets sent by one of the workstations will reach all the others in the VLAN and will not reach any workstations that are not in the VLAN.  The workstations can all communicate with each other without needing to go through a gateway.  The workstations can communicate with each other using non-routable protocols.
  • 6. The Purpose of Virtual Local Area Network The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. To understand this problem, we should look briefly at how LANs have evolved over the years to different goals. The structure used initially was very simple, all the workstations were connected to a single piece of coaxial cable, or to hubs. In this case, the package that any network device put on the internet allows all other devices in the LAN to see and send. As the capacities of the workstations in the LAN grew, this led to some drawbacks. For example; there were just too many collisions, because most of the time when a workstation tried to send a packet, it would find that the wire was already occupied by a packet sent by some other device.
  • 7. 2.Virtual Local Area Network Benefits  Advanced security -- since isolation is provided within the network, everyone just gets the data they need.  Cost reduction -- uses existing bandwidths more effectively  Better performance -- since more than one general broadcast field is created, traffic load on the network will be reduced  Shrink broadcast domains -- reduce the number of network devices in the public broadcast  Improved IT staff efficiency -- simplifies network management because users with similar network requirements are on the same VLAN  Simpler project and application management -- create according to needs IT Department VLAN 100 IT Department VLAN 100 IT Department VLAN 100 Employee Department VLAN 200 Employee Department VLAN 200 Employee Department VLAN 200
  • 8. 3.Types of Virtual Network Local Area Data VLAN  The data VLAN is the VLAN that is configured to carry user-originated traffic.  Data VLANs are used to divide the network into user or device groups.  VLANs carrying voice or management traffic are not part of the data VLAN. Default VLAN  All switch ports become part of the default VLAN after the initial preload of the switch that loads the default configuration.  The switch ports participating in the default VLAN are part of the same global broadcast domain. This allows each device connected to any switch port to communicate with devices on other switch ports.
  • 9. Native VLAN  The 802.1Q trunk port is assigned a native VLAN. Trunk ports are connections between switches that support the transmission of traffic associated with multiple VLANs.  The 802.1Q trunk port supports tagged traffic as well as untagged traffic. The 802.1Q trunk port places untagged traffic in the native VLAN. Management VLAN  VLAN is any VLAN configured to access the management capabilities of the switch.
  • 10. 4.Trunk and 802.1Q VLAN Trunk  It is a point-to-point link that has multiple VLANs between two network devices. VLAN trunk extends VLANs across the entire network.  VLAN trunks allow all VLAN traffic to propagate among switches; So that devices in the same VLAN but connected to different switches can communicate without the intervention of the router.  VLAN trunk does not belong to a specific VLAN.
  • 11. Tagging Ethernet Frame Destination MAC Source MAC Type/Length Data FCS Destination MAC Source MAC TAG Type/Length Data FCS Ethernet Type (0x8100) Priority CFI VLAN Identifier Ethernet Frame 802.1Q Frame 2 Bytes 3 Bits 1 Bit 12 Bits
  • 12. Tagging Ethernet Frame(cont.)  It is used to properly transmit multiple VLAN frames through a trunk link.  Switches tag frames to identify the VLAN to that they belong.  Switches add VLAN tags to the frames before placing them into link and remove the tags before forwarding frames through nontrunk ports.  When properly tagged, the frames can transverse any number of switches via trunk links and still be forwarded within the correct VLAN at destination.
  • 13. Native VLANs and 802.1Q Trunking  Frames that belong to the Native VLAN are not tagged.  Frames received untagged remain untagged and are placed in the Native VLAN when forwarded.  If there are no ports associated to the Native VLAN and no other trunk links, an untagged frame is dropped.  For example; when you configure an 802.1Q trunk port, a default port VLAN ID is assigned the value of the Native VLAN ID. If VLAN 33 is configured as the Native VLAN, the PVID is 33 and all untagged traffic is forward to VLAN 33.
  • 14. Application 1 Basic Lab Application Lab Task:  Perform basic configuration tasks on a switch  Create VLANs  Assign switch ports to a VLAN  Add, move, and change ports  Verify VLAN configuration  Enable trunking on inter-switch connections  Verify trunk configuration
  • 16. The essential commands for device configuration are listed below: 1.Perform Basic Switch Configurations: Switch(config)# hostname S1 S1(config)# no ip domain-lookup S1(config)# enable secret class S1(config)# line console 0 S1(config-line)# password cisco S1(config-line)# exit S1(config)# line vty 0 16 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# exit S1(config)# interface range FastEthernet 0/6, FastEthernet 0/11, FastEthernet 0/18 S1(config-if-range)# switchport mode access S1(config-if-range)# no shutdown
  • 17. The settings that need to be done on computers are quite simple. A step by step illustration of the realization of these settings is below: 2.Configure the PCs: We choose the first option from this menu. Ip configuration is done as shown. The default gateway information has not been filled in because it is not required.
  • 18. Below are the steps for creating a VLAN and adding interfaces in VLANs. Shares have been made so that we can check the vlan settings with different show commands. 3.Configure VLAN:
  • 19. A management VLAN is any VLAN that you configure to access the management capabilities of a switch. VLAN 1 serves as the management VLAN if you did not specifically define another VLAN. You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP. From interface configuration mode, use the ip address command to assign the management IP address to the switches. 3.Configure VLAN(cont.):
  • 20. Trunks are connections between the switches that allow the switches to exchange information for all VLANS. By default, a trunk port belongs to all VLANs, as opposed to an access port, which can only belong to a single VLAN. A native VLAN is assigned to an 802.1Q trunk port. In the topology, the native VLAN is VLAN 99. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN. One of the IEEE 802.1Q specifications for Native VLANs is to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. For the purposes of this lab, a native VLAN serves as a common identifier on opposing ends of a trunk link. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN. Use the interface range command in global configuration mode to simplify configuring trunking. 4.Configure Trunking and Native VLAN:
  • 21. Verify that the trunks have been configured with the show interface trunk command. From S1, ping the management address on both S2 and S3. 4. Configure Trunking and Native VLAN (cont.): 5.Verify switches:
  • 22. 5.Dynamic Trunking Protocol(DTP)  The trunk agreement is governed by DTP, which simply acts as a point-to-point across network devices.  It's a Cisco proprietary protocol. The switches of the other providers do not support DTP.  The DTP manages the trunk agreement only if the neighboring port is configured in trunk mode that supports DTP.  Switch ports can be manually configured to form trunks.  DTP manages trunk negotiation. Dynamic Auto Dynamic Desirable Trunk Access Dynamic Auto Access Trunk Trunk Access Dynamic Desirable Trunk Trunk Trunk Access Trunk Trunk Trunk TRUNK Limited Connectivity Access Access Access Limited Connectivity ACCESS
  • 23. 6.VLAN Trunking Protocol(VTP) With trunk ports in networks with a large number of switchers, it allows VLANs to be carried to other switches. Various permissions are granted to the VTP network manager on VLANs, adding, deleting, changing the name such as and because of VTP, the new information is communicated to the other switchers on the network. With VTP, centralized management can be achieved in networks with more than one switch. It eliminates the need to individually configure all the switches and prevent them from errors that may occur during configuration. Modifications are made on a single switch and changes made to other switches through trunk ports are taught with VTP. When VLANs are wanted to be taught with VTP, a VTP domain is created in network. Switches in the same area are in VTP packet exchange and switches with the same VTP domain name are in the same domain.
  • 24.  Modes that have the ability to make all changes on VLANs, send change information, get information, update them.  At least a VTP server mode switch is needed in VTP domain area.  Any changes made in this mode are announced to that VTP domain and other switches in the domain are taught.  Configurations are stored on NVRAM.  VTP is the switch mode that can receive information from servers, update it and send the information it receives. They can not make any changes to VLANs.  The configuration is temporary, not stored on NVRAM. Modes of VTP Server Client
  • 25.  The switch working in this mode is actually like a server.  The changes made here can not be transferred to the other switches.  Does not use the information it receives over trunk ports, it does not update its own VLAN database with this information.  Configurations are stored on NVRAM. Modes of VTP Transparent
  • 26.  When a change is made on VLANs within the network, the switch in server mode increments the revision number one. Changed revision number of the switch sends the VTP notification to the other switches in the same domain.  If the revision number in the notification received is larger than its revision number, the VLAN information is updated according to the notification.  There are a number of ways that can be done to reset the revision number of a switch with a configuration on it. Configuration Revision Number 1. Change the VTP domain name 2. Delete the vlan.dat file held in Flash 3. Get VTP in transparent mode
  • 27.  There are 3 types of notifications:  If pruning is enabled on a domain, a switcher that is not an active port of a VLAN will not broadcast traffic related to that VLAN Advertisements 1. Summary: It contains information such as the VTP domain name, the current revision number, and other VTP configuration details. Every 5 minutes sent for a neighbors server or switch running in client mode with the VTP feature is 2. Subset: Contains VLAN information. The modified switch sends the other switches in the same domain immediately after the change is made. 3. Request: VTP domain name change, taking a summary advertisement higher than its revision number, no subset advertisement message due to any reason and switcher is switched on and off the switcher in the switcher domain is in the request notification. A request advertisement receives a subset of advertisements first, followed by a subset of advertisements. Puring
  • 28. 7.InterVLAN Routing  InterVLAN routing is the process of forwarding network traffic from one VLAN to another VLAN using a router.  • Traditionally, LAN routing has used routers with multiple physical interfaces.  Each interface needed to be connected to a separate network, configured for a different subnet.  Each router interface is connected to a switch port, associated with a specific VLAN.  The router can accept traffic from the VLAN associated with the switch interface it is connected to, and route the traffic to other VLANs Fa 0/0 Fa 0/1 Fa 0/1 Fa 0/2 Fa 0/3 Fa 0/4 172.17.40.21 172.17.20.31 VLAN 10 VLAN 10 VLAN 20 VLAN 20
  • 29.  A type of router configuration in which a single router interface routes traffic between multiple VLANs.  The connection between the switch and the router is a single trunk link.  The router accept VLAN tagged traffic on the trunk interface.  Route traffic between the different VLANs.  The physical interface is divided into multiple subinterfaces.  Each subinterface is associated with one VLAN and one IP subnet.  By configuring IP addresses on the interfaces, the router can be used as a gateway to access devices connected to the other VLANs. Router on a Stick VLAN 40 VLAN 10 VLAN 20 VLAN 30 Fast Ethernet 0/0.10 192.168.10.1 Fast Ethernet 0/0.20 192.168.20.1 Fast Ethernet 0/0.30 192.168.30.1 Fast Ethernet 0/0.40 192.168.40.1
  • 30. Application 2 Basic Lab Application Lab Task:  Create a basic switch configuration and verify it.  Create multiple VLANs, name them and assign multiple member ports to them.  Create a basic configuration on a router  Create an 802.1q trunk line between the switch and router to allow communication between VLANs .  Test the routing functionality Fa 0/4 Fa 0/1 Fa 0/8 PC-1 VLAN 10 - ADMIN 192.168.5.2 /24 PC-2 VLAN 20 - SALES 192.168.7.2 /24 VLAN 1-- NATIVE 10-- ADMIN 20-- SALES PORT Fa0/1-3 Fa0/4-7 Fa0/8-13 192.168.1.2/24 VLAN 1 IP ADDRESS
  • 31. Configure the hostname, access, and command mode passwords, as well as the management LAN settings. Switch(config)# hostname Atakan Atakan(config)# enable secret cisco Atakan(config)# line console 0 Atakan(config-line)# password class Atakan(config-line)# exit Atakan(config)# line vty 0 16 Atakan(config-line)# password class Atakan(config-line)# login Atakan(config-line)# exit 1.Configure the switch:
  • 32. Configure the hosts using the following information. To verify that the host and switch are correctly configured, ping the switch from the hosts or host from the another host. 2.Configure the hosts: 3.Verify Connectivity:  Ping operation failed. Some of the reasons: 1. The default gateways are not yet configured on the switch. 2. The relevant interfaces of the switch may be inactive.
  • 33. Enter the following commands to create and name two VLANs: Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add: 4.Create two VLANs: 5.Assign ports to VLANs: Atakan(config)# vlan database Atakan(config-vlan)# vlan 10 name Admın Atakan(config-vlan)# vlan 20 name Sales Atakan(config-vlan)# exit Atakan(config)# interface range fastEthernet 0/4-7 Atakan(config-if)# switchport mode access Atakan(config-if)# switchport access vlan 10 Atakan(config-if)# exit Atakan(config)# interface range fastEthernet 0/8-13 Atakan(config-if)# switchport mode access Atakan(config-if)# switchport access vlan 20 Atakan(config-if)# exit
  • 34. On Switch, type the command show vlan at the privileged EXEC prompt as follows: On Switch, type the following commands at the Fast Ethernet 0/1 interface command prompt. 6.Display the VLAN: 7.Create the trunk: Atakan(config)# interface fastEthernet 0/1 Atakan(config-if)# switchport mode trunk Atakan(config-if)# exit
  • 35. Configure the router with the following data. Note that, in order to support trunking and inter-VLAN routing, the router must have a Fast Ethernet interface. Then configure the Fast Ethernet interface using the following commands: 8.Configure the Router: 1. Host name is R1 2. Console and VTY enable password are class 3. Enable secret password is cisco R1(config)# interface fastEthernet 0/0 R1(config-if)# no shutdown R1(config-if)# interface fastEthernet 0/0.1 R1(config-subif)# encapsulation dot1q 1 R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-if)# interface fastEthernet 0/0.2 R1(config-subif)# encapsulation dot1q 10 R1(config-subif)# ip address 192.168.5.1 255.255.255.0 R1(config-if)# interface fastEthernet 0/0.3 R1(config-subif)# encapsulation dot1q 20 R1(config-subif)# ip address 192.168.7.1 255.255.255.0 R1(config-subif)# end
  • 36. On Router, type the command write memory at the privileged EXEC prompt as follows: Type show ip route at the privileged EXEC mode prompt. Ping from the host in Switch port 0/4 to the host in port 0/8. Ping from the host in Switch port 0/4 to the switch IP 192.168.1.2 . 9.Save the Router configuration: 10.Display the routing table: 11.Test the VLAN and the trunk:
  • 37. Benefits of InterVLAN  Additional security and management is added.  Logical links converse physical ports.  Depending on the protocol, multimode configurations can be implemented.  Routers controll access to VLANs.  Up to 255 VLANs or more can be supported per router.
  • 38. 8.Troubleshooting IP Addressing Issues With VLAN  It is a common practice to associate a VLAN with an IP network.  Beacuse different IP networks only communicate through a router, all devices within a VLAN must be part of the same IP network to communicate.  Each VLAN should correspond to a unique IP subnet.  Two devices in the same VLAN can not communicate if they have different subnet addresses. This is a common problem and can be easily solved by determining the wrong configuration and replacing the subnet address with the correct one.
  • 39. Missing VLANs  If all the IP addresses mismatches have been solved, but the device still cannot connect, check if the VLAN exists in the switch. show vlan show mac address-table show vlan show interfaces show interfaces switchport No connection among devices in same VLAN. Is port in correct VLAN? VLAN present in VLAN database? Verify connection among devices in same VLAN. Assign port to correct VLAN. Create VLAN in VLAN database. YES NO YES NO
  • 40. Problem on Trunk show interfaces trunk show interfaces trunk Troubleshoot trunks. Native VLAN on local and peer ports match? Trunk mode on local and peer port compatible? Opretional trunk. Change native VLAN to match. Statically configure ports on both devices to trunk. YES NO YES NO
  • 41. Problem on Trunk(cont.)  Trunking issues are usually associated with incorrect configurations.  The most common type of trunk configuration errors are:  If a trunk problem is detected, the best practice guidelines recommend to troubleshoot in the order shown above. 1. Native VLAN mismatches 2. Trunk mode mismatches 3. Allowed VLANs on trunks
  • 42. Problem on Trunk(cont.)  Trunking problems are often associated with misconfigurations. The most common ones are: Trouble Result Example Incorrect native VLAN matches Constitutes a security risk Unintended consequences Incorrect trunk mode mappings Loss of network connection VLANs allowed in the trunk Causes no traffic to be sent over unexpected traffic or trunks A port vlan is defined as 100 other vlan 99. One port trunk mode is turned on and the other is configured as off. The list of allowed VLANs does not support the current VLAN trunking requirements.
  • 43. Problem on Trunk(cont.)  If a port on trunk link is configured with a trunk mode that is incompatible with the neighboring trunk port, a trunk link fails to form between the two switches.  Use the show interfaces trunk command to check the status of the trunk ports on the switches.  To fix the problem, configure the interfaces with proper trunk modes. Dynamic Auto Dynamic Desirable Trunk Access Dynamic Auto Access Trunk Trunk Access Dynamic Desirable Trunk Trunk Trunk Access Trunk Trunk Trunk TRUNK Limited Connectivity Access Access Access Limited Connectivity ACCESS
  • 44. Incorrect VLAN List  VLAN must be allowed in the trunk before their frames can be transmitted across the link.  Use the switchport trunk allowed vlan command to specify which VLANs are allowed in a trunk link.  Use te show interfaces trunk command to ensure the correct VLANs are permitted in a trunk.
  • 45. 9.Secure of Virtual Network Local Area  For example; VLAN hopping attack.  The default configuration of the switch port is dynamic auto.  By confuguring a host to act as a switch and form a trunk, an attacker could gain access to any VLAN in the network.  Because the attacker is now able to access other VLANs, this is called a VLAN hopping attack.  To prevent a basic switch spoofing attack, turn off trunking on all ports, expect the ones that specifially require trunking. Switch Spoofing Attack
  • 46.  Takes advantage of the way that hardware on most switches de-encapsulation 802.1Q tags.  Most switches perform only one level of 802.1Q de-encapsulation allowing an attacker to embed a second, unauthorized attack header in the frame.  After removing the first legit 802.1Q header, the switch forwards the frame to the VLAN specified in the authorized 802.1Q header.  The best approach to mitigating double-tagging attacks is to ensure that the native VLAN of the trunk ports is different from the VLAN of any user ports. Double-Tagging Attack VLAN 10 PERSONE L VLAN 20 SERVER ATTACKE R I am switch, send me all traffic. TRUNK
  • 47. Double-Tagging Attack(cont.) Attacker on VLAN 33, but puts a 66 tag in packet 1 The first switch strips off the first tag and does not retag it (native traffic is not retagged). It then forwards the packet to next switch.2 3 The second switch receives the packet, on the native VLAN 4 The second switch examines the packet, sees the VLAN 66 tag and forwards it accordingly. 66 802.1Q , Frame TRUNK (Native VLAN = 33) VICTIM (VLAN 66) Note: This attack works only if the trunk has the same native VLAN as the attacker.
  • 48.  The Private VLAN Edge feature, also known as protected ports, ensures that there is no exchange of unicast, broadcast or multicast traffic between protected ports on the switch.  Local relavancy only.  A protected port only exchanges traffic with unprotected ports.  A protected port does not exchange traffic with another protected port. PVLAN Edge
  • 49. The PVLAN Edge feature has the following characteristics:  A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port, except for control traffic. Data traffic cannot be forwarded between protected ports at Layer 2.  Forwarding behavior between a protected port and a nonprotected port proceeds as usual.  Protected ports must be manually configured. PVLAN Edge(cont.) Unprotected port Potected port Data traffic is not permitted. Potected port Data traffic is permitted.
  • 50. 10.Virtual Network Local Area Design Guidelines  Move all ports from VLAN 1 and assign them to a not in use VLAN.  Shutdown all unused switch ports.  Seperate management and user data traffic.  Change the management VLAN.  Ensure that only devices in the management VLAN can connect to the switches.  The switch should only accept SSH connections.  Disable autonegotiation on trunk ports.  Do not use the auto desirable switch port modes.
  • 51. Application 3 Advance Lab Application  Create VLAN on Core SW1 and Core SW2.  Configure VTP Server and Trunk on Core SW1 and Core SW2.  VTP Client and Trunk port on all Access Switch. Assign port to VLAN.  Configure STP on Core SW1 and Core SW2.  Configure EtherChannel, HSRP and OSPF. 1. VLAN 10 --- F0/1 2. VLAN 20 --- F0/1 3. VLAN 30 --- F0/1 4. VLAN 40 --- F0/3-5
  • 53. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Core Switches with reference to the following figure: 1.Create VLAN on Core Switches:
  • 54. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Core Switches with reference to the following figure: 2.Configure VTP Server and Trunk on Core Switches: CoreSW1(config)# vtp mode server CoreSW1(config)# vtp domain cisco.com CoreSW1(config)# vtp version 2
  • 55. Due to STP, all trunk ports in CoreSw1 switch are not active at the same time. Use the necessary commands on Core Switches with reference to the following figure: 2.Configure VTP Server and Trunk on Core Switches(cont.): CoreSW1(config)# interface range fastEthernet 0/21-24 CoreSW1(config-if-range)# switchport trunk encapsulation dot1q CoreSW1(config-if-range)# exit CoreSW1(config-if-range)# switchport mode trunk
  • 56. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands on Access Switches with reference to the following figure: 3.VTP Client and Trunk Port on All Access Switches: AccSW1(config)# vtp mode client AccSW1(config)# vtp version 2 AccSW4(config)# interface range fastEthernet 0/4-5 AccSW4(config-if-range)# switchport mode trunk AccSW4(config-if-range)# exit AccSW4(config)# interface fastEthernet 0/1 AccSW4(config-if)# switchport mode access AccSW4(config-if)# switchport Access vlan 30
  • 57. Use the necessary commands on Core Switches with reference to the following figure: 4.Configure STP: CoreSW2(config)# spaning-tree vlan 30,40 root primary CoreSW1(config)# spaning-tree vlan 10,20 root primary If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show spaning-tree
  • 58. We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 5.Configure EtherChannel: CoreSW1(config-if-range)# channel-group 1 mode on CoreSW1(config)# interface range fastEthernet 0/21-24 If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show etherchannel CoreSW2(config)# interface range fastEthernet 0/21-24 CoreSW2(config-if-range)# channel-group 1 mode on
  • 59. We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 5.Configure EtherChannel(cont.): CoreSW1(config-if-range)# channel-group 1 mode on CoreSW1(config)# interface range fastEthernet 0/21-24 If you want to do extra network analysis, you can try the following command. You can get more detailed information at the end of the command. CoreSW2# show etherchannel CoreSW2(config)# interface range fastEthernet 0/21-24 CoreSW2(config-if-range)# channel-group 1 mode on CoreSW2(config)# interface port-channel 1 CoreSW2(config-if)# switchport trunk encapsulation dot1q
  • 60. We need a virtual IP address for this protocol to work. This protocol has been included to show the importance of redundancy in network design and how redundancy can be achieved. Since it is not included in the contents of this slide, only the simple commands and the necessary output of the show commands will be shared in this section. Vırtual IP Addresses for VLANs with reference to the following figure: 6.Configure HSRP: 1. VLAN 10 --- 192.168.10.254 2. VLAN 20 --- 192.168.20.254 3. VLAN 30 --- 192.168.30.254 4. VLAN 40 --- 192.168.40.254
  • 61. We will simply configure uses the necessary commands on Core Switches with reference to the following figure: 6.Configure HSRP(cont.):
  • 62. IP assignment to all of the interfaces of the routers and switches as shown below. 6.Configure IP Address on Interfaces: CoreSW1(config-if)# no switchport CoreSW1(config)# interface fastEthernet 0/20 CoreSW1(config-if)# ip address 1.1.1.2 255.255.255.0 CoreSW1(config-if)# shutdown CoreSW1(config-if)# exit
  • 63. IP assignment to all of the interfaces of the routers and switches as shown below. When single area OSPF configuration commands are applied, the VLANs will have connections to the remote server. Since the subject is outside the VLAN content, it will not be entered into the technical sections. 7.Configure OSPF:
  • 64. IP assignment to all of the interfaces of the routers and switches as shown below. When single area OSPF configuration commands are applied, the VLANs will have connections to the remote server. Since the subject is outside the VLAN content, it will not be entered into the technical sections. 7.Configure OSPF(cont.):
  • 65. You can use the following commands to display the running OSPF settings. 7.Configure OSPF(cont.):
  • 66. Here we show some ping commands to show that the network is working correctly: 8.Verify Network: Web Server to Server3. PC2 to 5.5.5.0 Network PC1 to 6.6.6.0 Network PC2 to 5.5.5.0 Network
  • 67.  Cisco Systems  Router Alley  9tut  İstanbul Techinally University  Networklessons  Packetlife 11.Source

Notas del editor

  1. Assigning a management address allows IP communication between the switches, and also allows any host connected to a port assigned to VLAN 99 to connect to the switches. Because VLAN 99 is configured as the management VLAN, any ports assigned to this VLAN are considered management ports and should be secured to control which devices can connect to these ports.