Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Más Contenido Relacionado

Лекц 9

 1. 1. Lecture 9
 2. 2.  VLAN нь сүлжээний логик групп ба switch-ийг нөөцтэй холбогдох оролтыг удирдан тодорхойлно.  Switch нь жижиг бүсийн интернетийг нэвтрүүлэх ба ялгаатай оролт нь бүрээр ялгаатай дэд сүлжээг үүсгэх боломжтой.  Frame дамжуулах сүлжээ нь зөвхөн 1 switch-д байх бөгөөд оролтуудын логик групп нь ижил VLAN-тай байна.  Host-гүй VLAN нь өөр VLAN-тай бусад host-уудтай харилцах боломжтой.  Inter VLAN-ийг холбоход router хэрэгтэй. 2
 3. 3. VLAN нь 2-р түвшиний switch ба 3-р түвшний router-ийн нэтгэн collision ба broadcast хоѐуланг нь хэрэглэнэ. VLAN нь VLAN группийг шинээр үүсгэхдээ хамгаалтаар хангах ба үүргийнхээ дагуу VLAN хооронд нь холбохдоо router-ыг ашиглана. Физик оролт нь VLAN-ний үүрэгийг хэрэгжүүлэхэд хэрэглэгдэнэ. VLAN хоорондын харилцаа нь router-ээр шууд гарна. broadcast domain-ний хязгаартай хэмжээ нь router-ийг хэрэглэж VLAN-ийг өөр VLAN-тай харилцахыг тодорхойлж өгнө. NOTE: This is the only way a switch can break up a broadcast domain! 3
 4. 4. •Хуваалт •Уян хатан •Хамгаалалт A VLAN = A Broadcast Domain = Logical Network (Subnet) 4
 5. 5. Бүх хостууд switch-д холбогдоно. Бүгд нэг бүсээс ирнэ. Логик сегмент болгон тусгаарлан хуваах хэрэгтэй. Өндөр хурдаар мэдээ дамжуулах шалтгаан ARP DHCP SAP XWindows NetBIOS 5
 6. 6.  LAN нь Switch-ийн програм хангамжийг үүсгэнэ.  VLAN-ийн бүх төхөөрөмжүүд нь ижил broadcast domain-тай ба бүх broadcasts-аас хүлээн авах боломжтой.  Switch-ийн бүх оролтуудад шүүлтүүр тавьж ижил VLAN-тай үгүйг шалгана. 6
 7. 7.  Интернет ажил нь холбогдож байгаа hub, switch, router бүгдэд нь хамгаалалт хэрэглэнэ.  VLAN-ийг үүсгэсэн admin нь оролт болгоны хэрэглэгч дээр хяналт тавих боломжтой. 7
 8. 8.  Broadcast domain-ийг салгах шаардлагатай тохиолдолд router- тай холбогдсон байх хэрэгтэй.  2-р түвшинд VLAN-ийг ашиглан Broadcast domain-ийг хуваах боломжтой.  VLAN группийн хэрэглэгчдэд өндөр түвшний хамгаалалт хэрэгтэй бөгөөд ямар ч хэрэглэгчгүй гадаад VLAN-тай харилцаж чадна. 8
 9. 9.  Оролт дээр суурилагдан үүссэн VLAN-ийг as Static VLAN нь гэнэ.  Текник хангамжийн хаягийн бааз дээр үндэслэгдэн үүсгэгдсэн VLAN-ийг dynamic VLAN гэнэ. 9
 10. 10. 10
 11. 11.  Маш аюулгүй  Зохион байгуулахад хялбар  Сүлжээ шилжихэд хэрэглэгчид нь сүлжээг дотор нь хянаж байдаг. 11
 12. 12.  dynamic VLAN нь node-уудын VLAN нь автоматаар тодорхойлно.  Програм хангамжийн менежементийг хэрэглэх ба VLAN нь техник хангамжийн (MAC) хаягийг сууриа болгоно.  Dynamic VLAN-д VLAN Management Policy Server (VMPS) хэрэгтэй. 12
 13. 13. port1 port5 To see the existing VLAN #Show vlan To create VLAN #vlan database Switch(vlan)#vlan 2 name red Switch(vlan)#vlan 3 name blue Assigning ports to VLAN Sw(config)# int fastEthernet 0/1 Sw(config-if)#switch mode access Sw(config-if)#switchport access vlan2 13
 14. 14. port1 port5 To delete VLAN Sw(config)# no vlan 2 Sw(config)# no vlan 3 To bring port back to VLAN 1 Sw(config-if)#switchport mode acces Sw(config-if)#switch port access vlan1 For a Range Sw(config)#int range fastethernet 0/1 - 5 Sw(config-if)#switch port access vlan1 14
 15. 15. VLAN Operation VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special encapsulation to distinguish between different VLANs. 15
 16. 16.  Access links This type of link is only part of one VLAN  It’s referred to as the native VLAN of the port.  Any device attached to an access link is unaware of a VLAN Switches remove any VLAN information from the frame before it’s sent to an access-link device.  Trunk links Trunks can carry multiple VLANs These carry the traffic of multiple VLANs A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router. 16
 17. 17. 17
 18. 18. 18
 19. 19.  Can create VLANs to span more than one connected switch  Hosts are unaware of VLAN  When host A Create a data unit and reaches switch, the switch adds a Frame tagging to identify the VLAN  Frame tagging is a method to identify the packet belongs to a particular VLAN  Each switch that the frame reaches must first identify the VLAN ID from the frame tag  It finds out what to do with the frame by looking at the information in the filter table  Once the frame reaches an exit to an access link matching the frame’s VLAN ID, the switch removes the VLAN identifier 19
 20. 20.  There are two frame tagging methods Inter-Switch Link (ISL) IEEE 802.1Q  Inter-Switch Link (ISL)  proprietary to Cisco switches used for Fast Ethernet and Gigabit Ethernet links only  IEEE 802.1Q Created by the IEEE as a standard method of frame tagging it actually inserts a field into the frame to identify the VLAN If you’re trunking between a Cisco switched link and a different brand of switch, you have to use 802.1Q for the trunk to work. 20
 21. 21. ISL trunks enable VLANs across a backbone. Performed with ASIC ISL header not seen by client Effective between switches, and between routers and switches 21
 22. 22. 24 12 1 2 3 4 1 2 3 4 10.0.0.1 10.0.0.4 10.0.0.2 10.0.0.3 Create two VLAN's on each switches Trunk Port Configuration #vlan database sw(vlan)#vlan 2 name red sw#config t sw(vlan)#vlan 3 name blue sw(config)#int fastethernet 0/24 sw(vlan)#exit sw(config-if)#switchport trunk sw#config t encapsulation dot1q sw(config)#int fastethernet 0/1 sw(config-if)#switchport mode sw(config-if)#switch-portaccess trunk vlan 2 sw(config)#int fastethernet 0/4 * 2950 Only dot1q Encapsulation sw(config-if)#switch-portaccess vlan 3 To see Interface status #show interface status 22
 23. 23. Switch(config)#interface gigabitethernet 1/1 • Enters interface configuration mode Switch(config-if)#switchport mode access • Configures the interface as an access port Switch(config-if)#switchport access vlan 3 • Assigns the access port to a VLAN 23
 24. 24. Switch#show vlan [id | name] [vlan_num | vlan_name] VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/2 2 VLAN0002 active 51 VLAN0051 active 52 VLAN0052 active … VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 51 enet 100051 1500 - - - - - 0 0 52 enet 100052 1500 - - - - - 0 0 … Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 24
 25. 25. Switch#show running-config interface {fastethernet | gigabitethernet} slot/port • Displays the running configuration of the interface Switch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchport • Displays the switch port configuration of the interface Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression] • Displays the MAC address table information for the specified interface in the specified VLAN 25
 26. 26.  A messaging system that advertises VLAN configuration information  Maintains VLAN configuration consistency throughout a common administrative domain  Sends advertisements on trunk ports only
 27. 27.  Benefits of VTP Consistent VLAN configuration across all switches in the network Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs to all switches in the VTP domain 27
 28. 28. •Creates VLANs •Modifies VLANs •Deletes VLANs •Sends/forwards advertisements •Synchronizes •Saved in NVRAM •Creates VLANs • Forwards •Modifies VLANs advertisements •Deletes VLANs • Synchronizes •Forwards • Not saved in advertisements NVRAM •Does not synchronize •Saved in NVRAM 28
 29. 29. VTP Operation • VTP advertisements are sent as multicast frames. • VTP servers and clients are synchronized to the latest update identified revision number. • VTP advertisements are sent every 5 minutes or when there is a change. 29
 30. 30.  VTP pruning provides a way for you to preserve bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets.  If Switch A doesn’t have any ports configured for VLAN 5, and a broadcast is sent throughout VLAN 5, that broadcast would not traverse the trunk link to Switch A.  By default, VTP pruning is disabled on all switches.  Pruning is enabled for the entire domain 30
 31. 31. VTP Pruning • Increases available bandwidth by reducing unnecessary flooded traffic • Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN 31
 32. 32. ◦ Configure the following:  VTP domain name  VTP mode (server mode is the default)  VTP pruning  VTP password Switch(config)#vtp mode server Switch(config)#vtp domain gates SwitchA#sh vtp status 32
 33. 33. Creating a VTP Domain Catalyst 1900 wg_sw_1900(config)#vtp [server | transparent | client] [domain domain-name] [trap {enable | disable}] [password password] [pruning {enable | disable}] wg_sw_1900#configure terminal Enter configuration commands, one per line. End with CNTL/Z wg_sw_1900(config)#vtp transparent wg_sw_1900(config)#vtp domain switchlab Catalyst 2950 wg_sw_2950#vlan database wg_sw_2950(vlan)#vtp [ server | client | transparent ] wg_sw_2950(vlan)#vtp domain domain-name wg_sw_2950(vlan)#vtp password password wg_sw_2950(vlan)#vtp pruning 33
 34. 34. Switch#show vtp status Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49 Switch# 34
 35. 35. Switch#show vtp counters Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 5 35
 36. 36.  Ifyou want to connect between two VLANs you need a layer 3 device 36
 37. 37. 10.0.0.1 20.0.0.1 FA0/0 9 24 12 1 2 3 4 1 2 3 4 10.0.0.2 20.0.0.3 20.0.0.2 10.0.0.3 Router Configuration Create two VLAN's on each switches Trunk Port Configuration R1#config t R1(config)#int fastethernet 0/0.1 #vlan database sw#config t R1(config-if)#encapsulation dot1q 2 sw(vlan)#vlan 2 name red sw(config)#int fastethernet 0/24 R1(config-if)#ip address 10..0.0.1 255.0.0.0 sw(vlan)#vlan 3 name blue R1(config-if# No shut sw(config-if)#switchport trunk sw(vlan)#exit encapsulation dot1q R1(config-Iif)# EXIT sw#config t R1(config)#int fastethernet 0/0.2 sw(config-if)#switchport mode sw(config)#int fastethernet 0/1 trunk R1(config-if)# encapsulation dot1q 3 sw(config-if)#switch-portaccess vlan 2 R1(config-if)#ip address 20..0.0.1 255.0.0.0 sw(config)#int fastethernet 0/4 R1(config-if# No shut sw(config-if)#switch-portaccess vlan Router-Switch Port to be made as Trunk 3 sw(config)#int fastethernet 0/9 sw(config-if)#switchport trunk To see Interface status enacapsulation dot1q #show interface status sw(config-if)#switchport mode trunk 37

×