VLANs - Anandp

Catalyst 6500 November 2003
T e c h n i c al T r ai n i n g
CHAPTER 11: Virtual LAN’s (VLAN’s)
Carl Solder
Technical Marketing Engineer
Internetworking Systems Business Unit
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d . 1
Before we start…
Cisco Systems
NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE..
This is a training module that forms part of a complete Catalyst 6500 training materials.
It is designed to provide an introduction to the topic in question, review the
configuration commands and provide sample configurations…
This update is based on a Catalyst 6500 running the Supervisor 720 with the 12.2SX
version of IOS code…
NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE.. NOTE..
©2 0 0 3 , C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
2
Cisco Systems
CHAPTER 11.1 – Understanding VLAN’s
3
U n d erstan d i n g V L A N ’s
Cisco Systems
A Virtual LAN allows the grouping of different switch ports into the same broadcast domain as
though they were connected via the same physical switch. A VLAN can span across non
contiguous ports, across different modules and across different switch’s.
Switch A Switch B
In the above diagram, there are three VLAN’s, Red, Green and Blue – all hosts belonging to
a particular VLAN need to traverse a Layer 3 device to reach a host in another VLAN…
4
U n d e r stan d i n g V L A N ’s
Broadcast Domain
Cisco Systems
A VLAN creates a broadcast domain such that any broadcasts generated by hosts within the
VLAN do not (by default) cross into another VLAN boundary…
Switch A
A
In the above example, a broadcast sent by “Red” host A will be forwarded to all other
hosts in the RED VLAN, but not to hosts in the BLUE or GREEN VLAN…
5
U n d e r stan d i n g V L A N ’s
V L A N ’s and I P S u b ne ts
Cisco Systems
It is common practice for a Virtual LAN to be While not common, it is valid for multiple
associated with a single IP Subnet as follows. subnets to exist wholly within the same
VLAN but in this case each subnet needs a
VLAN A - IP Subnet A layer 3 device to communicate to another
subnet…
Switch
Switch
VLAN C - IP Subnet A & B

VLAN B - IP Subnet B
6
V L A N N u mb e r R ang e
Cisco Systems
When a VLAN is created, it has to be assigned a valid number within a specified range.
Currently the VLAN number range is as follows…
VLAN # Range Usage VTP Support

0 Reserved System Use only N/A
1 Normal Cisco Default – Usable but cannot be deleted Yes
2 - 1001 Normal Can be created, used and deleted Yes
Defaults for Token Ring and FDDI – Cannot be
1002 - 1005 Normal Yes
deleted
For Ethernet VLAN’s only - Can be created, used

1006 - 4094 Extended No
and deleted
4095 Reserved System Use only N/A
NOTE: Configuring extended VLAN’s required additional configuration

7
E x te nde d V L A N ’s
Cisco Systems
Each VLAN consumes a MAC address (used by Spanning Tree to build a bridge ID). As the
switch only has 1024 MAC addresses, using extended VLAN’s (1006 – 4024) requires users to
enable the “extended system-id” feature – this enables switch to build a unique bridge ID for
all potential 4094 VLAN’s…
Normal Spanning Tree Bridge ID is built as follows…
Bridge Priority MAC Address
2 bytes – 16 bits 6 bytes – 48 bits
Bridge Priority without extended system-id Bridge Priority with extended system-id
configured… configured…
Bridge Priority Bridge Priority Extended System ID (VLAN)
2 bytes – 16 bits 4 bits 12 bits

8
I nte rnal V L A N ’s
Cisco Systems
The Catalyst 6500 uses a VLAN number internally to represent a layer 3 port – that being a
physical layer 3 port (like a FlexWAN or a routed Ethernet port) or a logical layer 3 port (like a
sub-interface on a FlexWAN port, etc)…
STD
VLAN Standard Ethernet layer 2 port can be placed in any VLAN
1-1001
VLAN interface can use any VLAN number

EXTD
VLAN
1006 A layer 3 Ethernet port or a FLEXWAN/OSM layer 3 port
to each consumes 1 extended VLAN number
4094
A sub-interface consumes 1 extended VLAN number
9
I nte rnal V L A N ’s
Cisco Systems
Once an extended VLAN is consumed by a layer 3 port, it cannot be used for other purposes…
The switch can be configured to define the allocation policy – that is should extended VLAN
numbers be allocated bottom up (from 1006 up) or top down (from 4094 down)…
1006 Allocation policy of ascending indicates

STD 1007 the VLAN’s allocated to layer 3
VLAN 1008 interfaces will be assigned from 1006
1-1001 1009 and upwards…
…..
EXTD
INTERNAL VLAN ALLOCATION
VLAN POLICY
1006
to ……
4094 4091 Allocation policy of descending
4092 indicates the VLAN’s allocated to layer 3
4093 interfaces will be assigned from 4094
4094 and downwards…
10
V L A N P ort T y p e s
Cisco Systems
Switch Ports defined as an access port are placed in a VLAN. They can only belong to one
VLAN at a time. Special Switch Ports can be defined as a VLAN Trunk Port which I designed to
carry traffic from multiple VLAN’s… Trunk ports tend to be defined for links to other switches
or routers…
Port 2/1 – VLAN 20

Switch Switch
Access Ports Trunk Ports
11
V L A N T ru nk s - T ag g ing
Cisco Systems
A VLAN trunk will tag data with its VLAN number, so the destination switch will know which
VLAN to forward to packet to – There are two technologies supported in the Catalyst 6500 to
“tag” VLAN’s and they are ISL and 802.1Q – these are typically implemented in ASIC’s to
maximize performance
Trunk Port to carry traffic from Multiple VLAN’s
VLAN 20 VLAN 20
VLAN 10 Switch Switch VLAN 10
VLAN 30 VLAN 30
Individual VLAN’s running on Access Ports

12
V L A N T ag g ing – I S L
Cisco Systems
Inter Switch Link (ISL) was the first VLAN tagging mechanism released by Cisco. It is a “two
level” tagging mechanism as it prepends and appends tags both at the front and back of the
encapsulated frame… Its supports 1024 VLAN numbers
DA Type User SA LEN AAAA03 HSA VLAN BPDU INDEX RES
ISL Header 26 Bytes Data FCS 4 Bytes
Data Data Data
VLAN 20 VLAN 20
VLAN 30 VLAN 30
13
V L A N T ag g ing – 8 0 2 . 1 Q
Cisco Systems
802.1Q is an IEEE standard for VLAN Tagging - It is a “one level” tagging mechanism inserting
a single tag within the Ethernet frame… Unlike ISL, it supports the full 4096 VLAN numbers…
User Priority CFI VLAN Number
DA SA ETH-TYPE TAG TYPE/LEN DATA
Data Data Data
VLAN 20 VLAN 20
VLAN 30 VLAN 30
14
M ap p ing Dot1 Q to I S L V L A N ’s
Cisco Systems
There may be occasions where a user group is split across a Dot1Q network an ISL network –
in this case, to allow communication between the two disparate groups, VLAN mapping must
take place on a switch that bridges the two networks…
Dot1Q ISL
SWITCH
Map Table
. .
. .
. . The switch will maintain a map table that maps a Dot1Q VLAN to an
. . ISL VLAN…
. .
ISL Dot1Q
15
M ap p ing Dot1 Q to I S L V L A N ’s R u l e s
Cisco Systems
Dot1Q ISL
SWITCH
Rules for mapping Dot1Q VLAN’s to ISL VLAN’s

1. You can configure up to eight 802.1Q-to-ISL VLAN mappings on the Catalyst 6500 series
switch.
2. You can only map 802.1Q VLAN’s to Ethernet-type ISL VLAN’s.
3. Do not enter the native VLAN of any 802.1Q trunk in the mapping table.
4. When you map an 802.1Q VLAN to an ISL VLAN, traffic on the 802.1Q VLAN corresponding
to the mapped ISL VLAN is blocked. For example, if you map 802.1Q VLAN 1007 to ISL VLAN
200, traffic on 802.1Q VLAN 200 is blocked.
5. VLAN mappings are local to each Catalyst 6500 series switch. Make sure you configure the
same VLAN mappings on all appropriate network devices
16
C on fi g u ri n g V L A N ’s
E th e rne t De f au l t V L A N C onf ig u ration
Cisco Systems
The default VLAN configuration for Ethernet ports in the Catalyst 6500 are…
Parameter Default Range

VLAN ID 1 1-4094
“Default” for VLAN 1, “VLANvlan_id” for other

VLAN Name ---
VLAN’s
MTU Size 1500 576 - 18190

Translational Bridge 1 0 0 - 1005
Translational Bridge 2 0 0 - 1005
VLAN State Active Active/Suspend
Prune eligible for VLAN’s 2-1001, VLAN’s 1006-

Eligible for Pruning ---
4094 not eligible for pruning
17
V L A N C onf ig u ration O p tions
Cisco Systems
A VLAN can only be configured on a switch defined as a VTP Server or when it is in VTP
Transparent Mode – VTP Clients cannot configure VLAN’s… There are two ways to configure
VLAN’s – in Global Configuration Mode or VLAN Database Mode (which is being deprecated)
VLAN Database Mode

6500# v l a n d a t a b a s e
% W a r n i n g : I t i s r e c o m m e n de d t o c o n f i g u r e V LA N f r o m c o n f i g m o de ,
a s V LA N da t a b a s e m o de i s b e i n g de p r e c a t e d. P l e a s e c o n s u l t u s e r
do c u m e n t a t i o n f o r c o n f i g u r i n g V T P /V LA N i n c o n f i g m o de .
6500(v l a n )# v l a n 3 2 0
V LA N 3 20 a dde d:
N a m e : V LA N 03 20
Global Configuration Mode

6500# c o n f t
E n t e r c o n f i g u r a t i o n c o m m a n ds , o n e p e r l i n e . E n d w i t h C N T L/Z.
6500(c o n f i g )# v l a n 3 3 0
6500(c o n f i g -v l a n )#
18
C re ating and M odif y ing
Cisco Systems
Once a VLAN has been created in global configuration mode, a range of options are then
presented to the user with which to modify the VLAN from its defaults..
6500(c
6500(c o on nf fi ig g -v-v l
l a a n n )#)# ? ?
V VL LA AN N c co on nf fi ig gu ur ra
at ti io on n c co om mm ma a n n d d s s ::
a ar re e M Ma ax xi im mu um mn n n nu um mb be er r o of f A Al ll l R Ro o u u t t e e E E x x p p l l o o r r e e r r h h o o p p s s f f o o r r t t h h i i s s V V L L A A N N (o(o r r
z ze er ro o i if n no on ne e s sp
f pe ec ci if fi ie ed d ))
b ba ac ck ku up pc cr rf f B Ba ac ck ku up C CR RF F m mo od de
p e o of f t th he e V VL LA AN N
b br ri id dg ge e B Br ri id dg gi in ng g c ch ha ar ra ac ct te er ri is st ti ic cs s o of f t th he e V VL LA AN N
e ex xi it t A Ap pp pl ly y c ch ha an ng ge es s, , b bu um mp p r re ev vi is is i o o n n n nu um mb be er r, , a an nd d e ex xi it t m mo od de e
m me ed di ia a M Me ed di ia a t ty yp pe e o of f t th he e V VL LA AN N
m mt tu u V VL LA AN N M Ma ax xi im mu um m T Tr ra an ns sm mi is ss si io on n U Un ni it t
n na am me e A As sc ci ii i n na am me e o of f t th he e V VL LA AN N
n no o N Ne eg ga at te e a a c co om mm ma an nd d o or r s se et t i it ts s d de ef fa au ul lt ts s
p pa ar re en nt t I ID D n nu um mb be er r o of f t th he e P Pa ar re en nt t V VL LA AN N o of f F FD DD DI I o or r T To ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
p p r r i i v v a a t t e e -v-v l l a a n n C C o o n nf fi ig gu ur re e a a p pr ri iv va at te e V VL LA AN N
r r e e m m o o t t e e -s-s p p a a n n C Co on nf fi ig gu ur re e a as s R Re em mo ot te e S SP PA AN N V VL LA AN N
r ri in ng g R Ri in ng g n nu um mb be er r o of f F FD DD DI I o or r T To ok ke en n R Ri in ng g t ty yp pe e V VL LA AN Ns s
s sa ai id d I IE EE EE E 8 8 0202 .1.1 00 S S A A I ID D
s sh hu ut td do ow wn n S Sh hu ut td do ow wn n V VL LA AN N s sw wi it tc ch hi in ng g
s st ta at te e O Op pe er ra at ti io on na al l s st ta at te e o of f t th he e V VL LA AN N
s st te e M Ma ax xi im mu um mn n n nu um mb be er r o of f S Sp pa an nn ni in ng g T Tr re ee e E Ex xp pl lo or re er r h ho op ps s f fo or r t th hi is s V VL LA AN N
(o(o r r z ze er ro o i if f n no on ne e s sp pe ec ci if fi i e e d d ))
s st tp p S Sp pa an nn ni in ng g t tr re ee e c ch ha ar ra ac ct te er ri is st ti ic cs s o of f t th he e V VL LA AN N
t t b b -v-v l l a a n n 1 1 I ID D n nu um mb be er r o of f t th he e f fi ir rs st t t tr ra an ns sl la at ti io on na al l V VL LA A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r
z ze er ro o i i f f n n o o n n e e ))
t t b b -v-v l l a a n n 2 2 I ID D n nu um mb be er r o of f t th h e e s s e e c c o o n n d d t t r r a a n n s s l l a a t t i i o o n n a a l l V V L L A A N N f f o o r r t t h h i i s s V V L L A A N N (o(o r r
z ze er ro o i i f f n n o o n n e e ))
19
C re ating and M odif y ing E x te nde d V L A N ’s
Cisco Systems
Creating an extended VLAN will not work without some additional configuration…
6500(c
6500(c o on nf fi ig g )#)# v vl l a a n n 3 3 000000
6500(c
6500(c o on nf fi ig g -v-v l l a an )#
!
n )#
%% F F a a i i l l e e dd t t o o c cr re ea a t t e e V V LALA N N s s 3 3 000 000
S Sp pa an nn ni in n g g -t-t r re ee e e ex tx t e e n n dd s s y y s s t t e e m m -i-i dd n n e e e e dd t t o o b b e e e e n n a a b b l l e e d.
d.
To create an extended VLAN, the extended system-id feature must be enabled…
6500(c
6500(c o o n n f f i i g g )# )# s sp pa an nn ni in n g g -t-t r re ee e e ex xt t e e n n dd ??
s s y y s s t t e e m m -i-i dd E E x x t t e e n n dd s sy ys st te e m m -i-i dd i in nt to o p pr ri io or ri it ty y p po o r r t t i i o o n n o o f f t t hehe b b r r i i dgdg e e i i dd (P(P V V S S T T o o n n l l y y ))
6500(c
6500(c o o n n f f i i g g )# )# s sp pa an nn ni in n g g -t-t r re ee e e ex xt t e e n n dd s s y y s st te e m m -i-i dd
6d05h:
6d05h: %S%S P P A A N N T T R R E E E E -5-E
-5-E X XT TE EN ND DE ED D_ _S SY YS S I I D D :: E E x x t te en n dede dd S S y y s s I I dd e e n n a a b b l l e e dd f f o o r r t t y y p p e e v v l l a a n n
Following enabling this feature, extended VLAN’s can be created…
6500(c
6500(c o on nf fi ig g )#)# v vl l a a n n 3 3 000
000
6500(c
6500(c o on nf fi ig g -v-v l l a an )#
n )#
20
C re ating and M odif y ing
Cisco Systems
The maximum MTU size for this VLAN can be specified as follows...
6500(c
6500(c o o n n f f i i g g -v-v l l a a n n )#
)# m m t t u u ??
<57
<57 6-18
6-18 1919 0> 0> V V a a l l u u e e o o f f V V LALA N N M M a a x x i i m m u u m m T T r r a a n n m m i i s s s s i i o o n n U U n n i i t t
A name other than the default “VLANvlan_number” can be assigned as follows...
6500(c
6500(c o o n n f f i i g g -v-v l la an n )#)# n na a m m e e ??
W W O O R R D D T T hehe a a s sc ci ii i n na am m e e f f o o r r t t hehe V V LALA N N
Specify whether this VLAN is active or suspended...
6500(c
6500(c o on nf fi ig g -v-v l l a an n )# )# s st ta at te e
a ac ct ti iv ve e V V LALA N N A Ac ct ti iv ve e S St ta at te e
s su us sp pe en n dd V V LALA N N S Su us sp pe en n dede dd S St ta at te e
21
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
Once the VLAN has been created, it can be assigned to an access port. First the port must first
be defined as a layer 2 port – this is done by issuing the switchport command as shown
below…
6500(c
6500(c o on nf fi i g g )#
)# i i n n t t e er rf fa ac ce e g g 1/14
1/14
6500(c
6500(c o on nf fi i g g -i-i f f )#
)# s sw wi it tc c hphp o ro r t t
Next the VLAN can be assigned to this port as follows…
6500(c
6500(c o o n n f f i i g g )#
)# i i n n t t e er rf fa ac c e e g g 1/14
1/14
6500(c
6500(c o o n n f f i i g g -i-i f f )# )# s sw wi it tc c hp o r t t
hp o r
6500(c
6500(c o o n n f f i i g g -i-i f f )#
)# s sw wi it tc c hphp o o r r t t a a c c c ce es ss s v v l l a a n n ??
<1-4
<1-4 0909 4 4 >> V V LALA N N I ID D o of f t t hehe V V LALA N N w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede
6500(c
6500(c o o n n f f i i g g -i-i f f )#)# s sw wi it tc c hphp o o r r t t a a c c c ce es ss s v v l l a a n n 3 3 3 3 00
6500(c
6500(c o o n n f f i i g g -i-i f f )# )#
Interface G1/14 in the example above is now in VLAN 330
22
A ssig ning V L A N ’s to S w itch P orts
Cisco Systems
The VLAN assignment can be confirmed by using the following show command…
6500(c 6500(c o o n n f f i i g g )# )# s s hoho w w i i n n t t e e r r f f a a c c e e g g 1/14 1/14 s s w w i i t t c c hphp o o r r t t

N N a a m m e e :: G G i i 1/14 1/14
S S w w i i t t c c hphp o o r r t t :: E E n n a a b b l l e e dd
A A dmdm i i n n i i s s t t r r a a t t i i v v e e M M o o dede :: dydy n n a a m m i i c c dede s s i i r r a ab bl le e
O O p p e e r r a a t t i i o o n n a a l l M M o o dede :: dodo w w n n
A A dmdm i i n n i i s s t t r r a a t t i i v v e e T T r r u u n n k k i i n n g g E E n n c c a a p p s s u u l l a a t t i i o o n n :: n n e e g g o o t t i i a a t t e e
N N e e g g o o t t i i a a t t i i o o n n o o f f T T r r u u n n k k i i n n g g :: O O n n
A A c c c c e e s s s s M M o o dede V V LALA N N :: 3 3 3 3 00 (V(V LALA N N 0303 3 3 0) 0) Port placed in VLAN 330
T T r r u u n n k k i i n n g g N N a a t t i i v v e e M M o o dede V V LALA N N :: 11 (de (de f f a a u u l l t t ))
V V o o i i c c e e V V LALA N N :: n n o o n n e e
A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n hoho s s t t -a-a s ss so oc ci ia a t t i i o o n n :: n n o o n n e e
A A dmdm i i n n i i s s t t r r a a t t i i v v e e p p r r i i v v a a t t e e -v-v l l a a n n m m a a p p p p i i n n g g :: n no on ne e
O O p p e e r r a a t t i i o o n n a a l l p p r r i i v v a a t t e e -v-v l l a a n n :: n n o o n n e e
T T r r u u n n k k i i n n g g V V LALA N N s s E E n n a a b b l l e e d: d: A A LL LL
P P r r u u n n i i n n g g V V LALA N N s s E E n n a a b b l l e e d: d: 2-10012-1001
C C a a p p t t u u r r e e M M o o dede D D i i s s a a b b l l e e dd
C C a a p p t t u u r r e e V V LALA N N s s A A l l l l o o w w e e d: d: A A LL LL
U Un nk kn no ow wn n u un ni ic ca as st t b bl lo oc ck ke e d: d: didi s s a a b bl le e dd
U Un nk kn no ow wn n m mu ul lt ti ic ca as st t b bl lo oc c k k e e d:
d: didi s sa ab b l l e e dd
23
I nte rnal V L A N A l l ocation P ol icy
Cisco Systems
Internal VLAN usage on the switch can be viewed using the following command…
6500#
6500# s s hoho w w v v l l a a n n i i n n t t e e r r n n a a l l u u s s a a g g e e
V V LALA N N U U s s a a g g e e
----
---- --------------------
--------------------
1006
1006 o n n l l i i n n e e didi a a g g v v l l a a n n 00
o
1007
1007 o o n n l l i i n n e e didi a a g g v v l l a a n n 11
1008
1009
1009 o o n n l l i i n n e e didi a a g g v v l l a a n n 3 3
1010
1010 o o n n l l i i n n e e didi a a g g v v l l a a n n 4 4
1011
1012
1012 P P M M v v l l a a n n p p r r o o c c e e s s s s (t(t r r u u n n k k t t a ag gg gi in n g g ))
1013
1013 L3L3 m m u u l l t t i i c c a a s s t t p p a a r r t t i i a a l l s s hoho r rt tc cu ut t s s f f o o r r V V P P N N 00
1014
1014 v v r r f f _ _ 0_0_ v v l l a a n n
1016
1016 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 5/1
5/1
1018 G i g a b i t E
1018 G i g a b i t E t he r n e t 1/1t he r n e t 1/1
1019
1019 G G i i g g a a b b i i t t E E t t hehe r r n n e e t t 1/13
1/13
In this example above, it can be seen that the allocation policy is “Ascending”, that being
the internal VLAN’s have been allocated from 1006 and upwards…
24
I nte rnal V L A N A l l ocation P ol icy
Cisco Systems
If the Internal VLAN allocation policy needs to be changed, then the following command can
be used…
1006
1007
1008
1009
…..
6500(c
6500(c o on nf fi ig g )#)# v v l l a an n i in nt te er rn na al l a al ll lo oc ca at ti io on n p po ol li ic c y y ??
a as sc ce en n didi n n g g A Al ll lo oc ca at te e i in nt te er rn na al l V V LALA N N i in n a as sc ce e n n didi n n g g o o r r dede r r
dede s s c c e e n n didi n ng g A Al ll lo oc ca at te e i in nt te er rn na al l V V LALA N N i i n n dede s s c c e e n n didi n n g g o o r r dede r r
…… If the policy is changed, then the switch needs to be
!
4091 reloaded for the change to take effect
4092
4093
4094
25
C re ating V L A N T ru nk s
Cisco Systems
A Switchport can be configured as a VLAN Trunk Port. It must first be defined as a layer 2 port
as follows…
6500(c
6500(c o on nf fi i g g )#
)# i i n n t t e er rf fa ac ce e g g 1/15
1/15
6500(c
6500(c o on nf fi i g g -i-i f f )#
)# s sw wi it tc c hphp o ro r t t
Next the interface can be enabled as a Trunk port – first the VLAN trunk encapsulation
must be defined…
6500(c
6500(c o o n n f f i i g g -i-i f f )# )# s sw wi it tc c hphp o or rt t t tr ru un nk k e en nc ca ap ps su ul la at ti io on n ??
dodo t t 1q 1q I In nt te er rf fa ac ce e u us se es s o on nl ly y 8 8 02.1q
02.1q t tr ru un nk ki in ng g e en nc ca ap ps su ul la at ti io on n w w hehe n n t tr ru un nk ki in ng g
i is sl l I In nt te er rf fa ac ce e u us se es s o on nl ly y I I S S LL t t r r u u n nk ki in ng g e en nc ca ap ps su ul la at ti io o n n w w hehe n n t tr ru un nk ki in ng g
n ne eg go ot ti ia at te e D De ev vi ic ce e w wi il ll l n ne eg go ot ti ia at te e t tr ru un nk ki in ng g e en nc ca ap ps su ul la at ti io on n w w i i t t hh p pe ee er r o on n
i in nt te er rf fa ac ce e
For the purposes of this exercise, we will assume a Dot1Q trunk has been defined…
26
Cisco Systems
After the encapsulation type is chosen, the mode in which this trunk port is going to
operate must be defined..
6500(c
)# s sw wi i t t c c hphp o or rt t m m o o dede ??
a ac cc ce es ss s S Se et t t tr ru un nk ki in ng g m m o o dede t t o o A AC CC CE ES SS S u un nc co o n n didi t ti io on na al ll ly y
dodo t t 1q-t 1q-t u u n n n n e e l l s se et t t tr ru un nk ki in ng g m m o o dede t t o o T TU UN NN NE E LL u un nc co o n n didi t ti io on na al ll ly y
dydy n n a a m m i i c c S Se et t t tr ru un nk ki in ng g m m o o dede t t o o dydy n n a a m mi ic ca al ll ly y n ne eg go ot ti ia at te e a ac cc ce e s s s s o o r r t t r r u u n n k k m m o o dede
p p r r i i v v a a t t e e -v-v l l a a n n S Se et t t t hehe m mo o dede t to o p pr ri iv v a a t t e e -v-v l la an n hoho s st t o or r p pr ro om mi is sc cu uo ou us s
t tr ru un nk k S Se et t t tr ru un nk ki in ng g m m o o dede t t o o T TR RU UN NK K u un nc co on n didi t t i io on na al ll ly y
Assuming we want the trunk to initiate negotiation – we would choose the “dynamic” option –
dynamic specifies a further sub category of auto and desirable to specify to finish off the
configuration of the trunk port
6500(c
6500(c o o n n f f i i g g -i-i f f )#)# s sw wi it t c c hphp o or rt t m m o o dede dydy n na am mi ic c ??
a au ut to o S Se et t t tr ru un nk ki in ng g m mo o dede dydy n n a a m mi ic c n ne eg go ot ti ia at ti io on n p pa ar ra am me et te er r t to o A AU UT TO O
dede s s i i r ra ab bl le e S Se et t t tr ru un nk ki in ng g m mo o dede dydy n n a a m mi ic c n ne eg go ot ti ia at ti io on n p pa ar ra am me et te er r t to o D DE ES S I I R R A A B B LELE
27
Cisco Systems
By default the trunk will allow all VLAN’s to be carried across the link – this behavior can
be changed by specifying which VLAN’s are allowed..
6500(c
6500(c o o n n f f i i g g -i-i f f )# )# s sw wi it t c c hphp o o r r t t t tr ru un nk k a al ll lo o w w e e dd v v l l a a n n ??
W WO OR RD D V V LALA N N I I D D s s o of f t t hehe a al ll lo o w w e e dd V V LALA N N s s w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede
a a dd dd a a dd dd V V LALA N Ns s t t o o t t hehe c cu ur rr re en nt t l li is st t
a al ll l a a l l l l V V LALA N Ns s
e ex xc ce ep p t t a a l l l l V V LALA N Ns s e e x x c c e e p p t t t t hehe f f o o l l l l o o w w i i n n g g
n no on ne e n n o o V V LALA N N s s
r re em mo ov ve e r re em mo ov ve e V V LALA N N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
VLAN’s can also be configured to be pruned from the trunk using the following command
6500(c
)# s sw wi it t c c hphp o o r r t t t t r r u un nk k p pr ru u n n i i n n g g v v l l a a n n ??
a a dd dd a a dd dd V V LALA N Ns s t t o o t t hehe c c u u r r r re en nt t l li is st t
e ex xc ce ep p t t a a l l l l V V LALA N Ns s e e x x c c e e p p t t t t hehe f fo ol ll lo ow wi in ng g
n no on ne e n n o o V V LALA N N s s
r re em mo ov ve e r re em mo ov ve e V V LALA N N s s f f r r o o m m t t hehe c c u u r r r r e e n n t t l l i i s s t t
28
Cisco Systems
If the port were to stop trunking, you can define the access vlan that the trunk port would
become a part of using the following command..
6500(c
6500(c o o n n f f i i g g )#
)# i i n n t t e er rf fa ac c e e g g 1/15
1/15
6500(c
6500(c o o n n f f i i g g -i-i f f )# )# s sw wi it tc c hp o r t t
hp o r
6500(c
)# s sw wi it tc c hphp o o r r t t a a c c c ce es ss s v v l l a a n n ??
<1-4
<1-4 0909 4 4 >> V V LALA N N I ID D o of f t t hehe V V LALA N N w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n a a c c c c e e s s s s m m o o dede
6500(c
6500(c o o n n f f i i g g -i-i f f )#)# s sw wi it tc c hphp o o r r t t a a c c c ce es ss s v v l l a a n n 500
500
6500(c
6500(c o o n n f f i i g g -i-i f f )# )#
An optional command is the ability to change the default native vlan from 1 to another
number for this trunk. The native VLAN can be changed using the following command…
6500(c
)# s sw wi it t c c hphp o o r r t t t tr ru un n k k n n a a t t i i v v e e v v l l a a n n ??
<1-4
<1-4 0909 4 4 >> V V LALA N N I ID D o o f f t t hehe n n a at ti iv v e e V V LALA N N w w hehe n n t t hihi s s p p o o r r t t i i s s i i n n t t r r u u n n k k i i n n g g m m o o dede
29
M ap p ing 8 0 2 . 1 Q V L A N ’s to I S L V L A N ’s
Cisco Systems
Dot1Q VLAN’s can be manually mapped to an ISL VLAN using the following command…
Specify the dot1q vlan below

6500(c
6500(c o o n n f f igig )#
)# v v l l a a n n m m a a p p p p inin g g d d o o t t 1q1q ??
<1-409
<1-409 5> V V LALA N N I I D D o o f f t t h h ee .1Q
5> .1Q V V LALA N N t t o o m m a a p p f f r r o o m m /t/t o o o o n n a a l l l l inin c c o o m m inin g g /o/o u u t t g g o o inin g g .1Q
.1Q t t r r u u n n k k s s
Then the ISL keyword with the ISL VLAN

6500(c
6500(c o o n n f f igig )#
)# v v l l a a n n m m a a p p p p inin g g d d o o t t 1q1q 3000
3000 isis l l ??
<1-409
<1-409 4> V V LALA N N I I D D o o f f t t h h ee I
4> SI S LL V V LALA N N t t o o m m a a p p t t o o /f/f r r o o m m o o n n t t h h ee l l o o c c a a l l d d evev icic ee
6500(c
6500(c o o n n f f i i g g )#
)# v v l l a a n n m m a a p p p p i i n n g g dodo t t 1q
1q 3 3 000
000 i i s s l l 200
200
30
M ap p ing 8 0 2 . 1 Q V L A N ’s to I S L V L A N ’s
Cisco Systems
The results of the mapping can be viewed using the following command…
6500#
6500# s s h h o o w w v v l l a a n n m ma ap pp pi in ng g
G Ge en ne er ra al l V VL LA AN N T Tr ra an ns sl la at ti i o o n n s s ::
O Or ri ig gi in na al l V VL LA AN N T Tr ra an ns sl la at te ed d V VL LA AN N
- -- -- -- -- -- -- -- -- -- -- -- -- - - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -
8 8 0202 .1Q .1Q T T r ru un nk k R Re em ma ap pp pe ed d V V L L A A N N s s ::

8 8 0202 .1Q .1Q V V L LA AN N I IS SL L V VL LA AN N
- -- -- -- -- -- -- -- -- -- -- - - -- -- -- -- -- -- -- -- -- -- -
3 3 000
000 2 2 00 00
6500#
6500#
31
Disp l ay V L A N ’s
Cisco Systems
Information on VLAN’s can be shown using a range of show commands…
6500#
6500# s s hoho w w v v l l a a n n ??
a a c c c c e e s s s s -l-l o o g g V V A A C C LL LoLo g g g g i i n n g g
a a c c c c e e s s s s -m-m a a p p V V LALA N N a a c c c c e e s s s s -m-m a a p p
b br ri ie ef f V V T T P P a a l l l l V V LALA N N s s t t a at tu us s i in n b br ri ie ef f
c co ou un nt te er rs s V V LALA N N t t r r a a f f f f i i c c c c o o u un nt te er rs s f f o o r r a a l l l l V V LALA N N s s
dodo t t 1q 1q D D i i s s p p l l a a y y dodo t t 1q 1q p p a ar ra am me et te er rs s
f fi il lt te er r V V LALA N N f f i i l l t t e e r r i i n n f f o or rm ma at ti io on n
i i dd V V T T P P V V LALA N N s s t t a a t t u u s s b by y V V LALA N N i i dd
i i f f i i n n dede x x S S N N M M P P i i f f I I n n dede x x
i in nt te er rn na al l V V LALA N N i i n n t t e e r r n n a a l l u u s sa ag ge e
m ma ap pp pi in ng g S S hoho w w V V LALA N N m m a a p p p p i i n ng gs s
n na am me e V V T T P P V V LALA N N s s t t a a t t u u s s b by y V V LALA N N n n a a m m e e
p p r r i i v v a a t t e e -v-v l l a a n n P P r r i i v v a a t t e e V V LALA N N i i n n f fo or rm ma at ti io on n
r r e e m m o o t t e e -s-s p p a an n R R e e m m o o t t e e S S P P A A N N V V LALA N Ns s
s su um mm ma ar ry y V V LALA N N s s u u m m m m a a r r y y i i n n f fo or rm ma at ti io on n
| | O O u u t t p p u u t t m m o o didi f f i i e e r r s s
<c<c r r >>
32
Cisco Systems
6500#
6500# s s h h o o w w v v l l a a n n b b r r ief
ief
V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s
----
---- --------------------------------
-------------------------------- --------- --------- --------------------------------------------------------------
11 d d efef a a u u l l t t a a c c t t iviv ee G G i1/2,i1/2, G G i1/5,
i1/5, G G i1/6,
i1/6, G G i1/7
i1/7
G G i1/8,
i1/8, G i1/12, G i1/14, G G i3/3
G i1/12, G i1/14, i3/3
G G i3/4, G i3/5, G i3/6,
i3/4, G i3/5, G i3/6, G i3/7 G i3/7
G G i4/1,
i4/1, G G i4/2,
i4/2, G G i4/3,
i4/3, G G i4/4
i4/4
G G i4/5, G i4/6,
i4/5, G i4/6, G i4/8 G i4/8
101 V
101 V LA N 0101 LA N 0101 a c t
a c t iv e iv e G i3/2
G i3/2
300 V
300 V LA N 0300 LA N 0300 a c t
a c t iv e iv e
310
310 m m a a r r k k etet inin g g a a c c t t iviv ee
320
320 V V LALA N N 0320 0320 a a c c t t iviv ee
330
1002
1002 f f d d d d i-d i-d efef a a u u l l t t a a c c t t /u/u n n s s u u p p
1003
1003 t t r r c c r r f f -d-d efef a a u u l l t t a a c c t t /u/u n n s s u u p p
1004 f d d in
1004 f d d in et -d ef a u l tet -d ef a u l t a a c c t t /u/u n n s s u u p p
1005
1005 t t r r b b r r f f -d-d efef a a u u l l t t a a c c t t /u/u n n s s u u p p
3000
802.1Q
802.1Q T T r r u u n n k k R R emem a a p p p p eded V V LALA N N s s ::
802.1Q
802.1Q V V LALA N N I I S S LL V V LALA N N
-----------
----------- ----------- -----------
3000
3000 200
200
33
Cisco Systems
VLAN counters for each VLAN can be displayed as follows…
6500#
6500# s s h h o ow w v vl la an n c c o o u u n n t t erer s s
* * M M u u l l t t icic a as st t c co ou un nt t erer s s inin c c l l u u d d ee b b r r o o a a d d c c a a s s t t p p a a c c k k etet s s
V Vl la an n I Id d :: 11
L2
L2 U U n n icic a a s s t t P P a a c c k k etet s s :: 37602
37602
L2
L2 U U n n icic a a s s t t O O c c t t etet s s :: 370159
370159 11
L3
L3 I In np pu ut t U U n n icic a a s s t t P P a a c c k k etet s s :: 12025
12025
L3
L3 I In np pu ut t U U n n icic a a s s t t O O c c t t etet s s :: 1259
1259 7979 9 9 9 9
L3
L3 O Ou ut tp pu ut t U U n n icic a a s s t t P P a a c c k k etet s s :: 13855
13855
L3
L3 O Ou ut tp pu ut t U U n n icic a a s s t t O O c c t t etet s s :: 1662068
1662068
L3
L3 O Ou ut tp pu ut t M M u u l l t t icic a a s s t t P P a a c c k k etet s s :: 00
L3
L3 O Ou ut tp pu ut t M M u u l l t t icic a a s s t t O O c c t t etet s s :: 00
L3
L3 I In np pu ut t M M u u l l t t icic a a s s t t P P a a c c k k etet s s :: 00
L3
L3 I In np pu ut t M M u u l l t t icic a a s s t t O O c c t t etet s s :: 00
L2
L2 M M u u l l t t icic a a s s t t P P a a c c k k etet s s :: 1919 42
42
L2
L2 M M u u l l t t icic a a s s t t O O c c t t etet s s :: 124312
124312
<s<s n n ipip > >
34
Cisco Systems
6500#
6500# s s h h o o w w v v l l a a n n idid 3000
3000
V V LALA N N N N a a m m ee S St ta at tu us s P Po or rt ts s
----
---- --------------------------------
-------------------------------- ---------
--------- -------------------------------
-------------------------------
3000 E n g
3000 E n g in eer in gin eer in g a c t iv
a c t iv e e G G i1/2,
i1/2, G G i1/5,
i1/5, G G i1/6,
i1/6, G G i1/7
i1/7
G G i1/8,
i1/8, G i1/12, G i1/14, G G i3/3
G i1/12, G i1/14, i3/3
G G i3/4, G i3/5, G i3/6,
i3/4, G i3/5, G i3/6, G i3/7 G i3/7
G G i4/1,
i4/1, G G i4/2,
i4/2, G G i4/3,
i4/3, G G i5/2
i5/2
V V LALA N N T T y y p p ee S S A A I I D D M MT TU U P P a a r r enen t t R R inin g g N N o o B B r r idid g g eNeN o o S S t t p p B B r r d d g g M M o o d d ee T T r r a a n n s s 11 T T r r a a n n s s 22
----
---- ----- ----- ----------
---------- -----
----- ------
------ ------ ------ -------- -------- ---- ---- --------
-------- ------ ------ ------ ------
3000
3000 en et en et 103000
103000 1500
1500 - - - - - - - - - - 0 0 0 0
R R emem o o t t ee S S P P A A N N V V LALA N N
----------------
----------------
D D isis a a b b l l eded
P P r r imim a a r r y y S S ecec o o n n d d a a r r y y T T y y p p ee P Po or rt ts s
-------
------- --------- --------- ----------------- ----------------- ------------------------------------------
------------------------------------------
6500#
6500#
35
Cisco Systems
36

VLANs - Anandp

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

VLANs - Anandp

Hochgeladen von

Copyright:

Verfügbare Formate

Catalyst 6500 November 2003

CHAPTER 11.1 – Understanding VLAN’s

VLAN C - IP Subnet A & B

VLAN # Range Usage VTP Support

For Ethernet VLAN’s only - Can be created, used

NOTE: Configuring extended VLAN’s required additional configuration

Normal Spanning Tree Bridge ID is built as follows…

Bridge Priority MAC Address

2 bytes – 16 bits 6 bytes – 48 bits

Bridge Priority Bridge Priority Extended System ID (VLAN)

2 bytes – 16 bits 4 bits 12 bits

VLAN interface can use any VLAN number

1006 Allocation policy of ascending indicates

Port 2/1 – VLAN 20

Port 2/2 – VLAN 10

Port 2/3 – VLAN 10

Port 2/5 – VLAN 20

Port 2/6 – VLAN 30

Access Ports Trunk Ports

VLAN 10 Switch Switch VLAN 10

Individual VLAN’s running on Access Ports

DA Type User SA LEN AAAA03 HSA VLAN BPDU INDEX RES

ISL Header 26 Bytes Data FCS 4 Bytes

Data Data Data

VLAN 10 Switch Switch VLAN 10

User Priority CFI VLAN Number

DA SA ETH-TYPE TAG TYPE/LEN DATA

Data Data Data

VLAN 10 Switch Switch VLAN 10

Rules for mapping Dot1Q VLAN’s to ISL VLAN’s

Parameter Default Range

“Default” for VLAN 1, “VLANvlan_id” for other

MTU Size 1500 576 - 18190

Prune eligible for VLAN’s 2-1001, VLAN’s 1006-

VLAN Database Mode

Global Configuration Mode

To create an extended VLAN, the extended system-id feature must be enabled…

Following enabling this feature, extended VLAN’s can be created…

A name other than the default “VLANvlan_number” can be assigned as follows...

Specify whether this VLAN is active or suspended...

Next the VLAN can be assigned to this port as follows…

Interface G1/14 in the example above is now in VLAN 330

6500(c 6500(c o o n n f f i i g g )# )# s s hoho w w i i n n t t e e r r f f a a c c e e g g 1/14 1/14 s s w w i i t t c c hphp o o r r t t

…… If the policy is changed, then the switch needs to be

Specify the dot1q vlan below

Then the ISL keyword with the ISL VLAN

8 8 0202 .1Q .1Q T T r ru un nk k R Re em ma ap pp pe ed d V V L L A A N N s s ::

Das könnte Ihnen auch gefallen