Cisco Discovery 3 Module 3 Picture Descriptions 3.0- Switching in an Enterprise Network 3.0 - Chapter Introduction 3.0.1 - Introduction One Diagram Diagram 1, Slideshow Introduction Slide 1 Enterprise networks rely on switches in the Access, Distribution and Core Layers to provide network segmentation and high-speed connectivity. Slide 2 Spanning Tree Protocol is used in a hierarchical network to prevent switching loops. Slide 3 Virtual LANs logically segment networks and contain broadcasts to improve network security and performance. Slide 4 Switches configured with trunking enable VLANs to span multiple geographic locations. Slide 5 Virtual Trunking Protocol is used to simplify the configuration and management of VLANs in a complex enterprise level switched network. Slide 6 After completion of this chapter, you should be able to: Compare the types of switches used in an enterprise network. Explain how Spanning Tree Protocol prevents switching loops. Describe and configure VLANs on a Cisco switch. Describe and configure trunking and Inter-VLAN routing. Maintain VLANs in an enterprise network. 3.1. - Describing Enterprise Level Switching 3.1.1 - Switching and Network Segmentation Five Diagrams Diagram 1, Image A switch is connected to four PCs and builds a MAC address table from information gathered from these PCs. The PCs are named H1 to H4. MAC Address Table H1 Port Number: fa0/1 MAC Address: 260d.8c01.0000 H2 Port Number: fa0/2 MAC Address: 260d.8c01.1111 H3 Port Number: fa0/3 MAC Address: 260d.8c01.2222 H4 Port Number: fa0/4 MAC Address: 260d.8c01.3333 Diagram 2, Animation Switch (S1) is connected to H1 on fa0/1, H2 on fa0/2 and H3 on fa0/3. H1 sends a packet to H2. As it passes through the switch the aging timer resets and the switch says ?I already have this MAC entry for port fa0/1. I will reset the aging timer on the port.? The fa0/1 port aging timer expired and the Switch says ?I have not heard from the host of fa0/1 and the aging timer has expired I will remove the MAC address from my table.? H1 sends another packet as it passes through the switch the switch says ?I do not have a MAC address in the table for this port. I will add the MAC address and start the aging timer.? Diagram 3, Animation Switch S1 is connected to four hosts named H1 to H4. Switch S2 is connected to four hosts named H5 to H8. S1 is connected to S2. H1 sends as packet to destination MAC address: FFFF.FFFF.FFFF. When S1 receives the packet it looks for the destination MAC address. It is a broadcast so the packet is forwarded to all ports except the port the packet can in on. When S2 receives the packet that S1 has broadcast it sees it is a broadcast so the packet is forwarded to all ports except the port the packet can in on. Diagram 4, Image Image shows a picture of a hub with eight hosts all sharing the same network media. Image of a switch with eight hosts connected to it. These eight hosts are divided into four different network segments of two hosts each. (segmented) Diagram 5, Activity Determine how the switch forwards a frame based on the Source MAC and Destination MAC addresses and information in the switch MAC table. Answer the questions below using the information provided. The switch is connected to four hosts, host OA is connected to port Fa1, host OB is connected to port Fa3, host OC is connected to port Fa5 and host OD is connected to port Fa7. Port Fa9 is connected to a hub; the hub is connected to host OE and host OF. The frame in question: Preamble; Destination MAC OD; Source MAC OA; Length; Encapsulate; End of frame. The switches MAC table is as follows: Fa3 is connected to OB Fa7 is connected to OD Fa9 is connected to OE All the other ports have blank entries 1. Where will the switch forward the frame? (FA1-12) 2. When the switch forwards the frame, which statement(s) are true? Switch adds the source MAC address to the MAC table. Frame is a broadcast frame and will be forwarded to all ports. Frame is a unicast frame and will be sent to specific port only. Frame is a unicast frame and will be flooded to all ports. Frame is a unicast frame but it will be dropped at the switch. 3.1.2 - Multilayer Switching Two Diagrams Diagram 1, image Image shows the OSI stack with the router attached to Layer 3 (the network layer) and the switch attached to Layer 2 (the data link layer). Layer 2 Switching Hardware-based switching Wire-speed performance High-speed scalability Low latency Uses MAC address Low cost Layer 3 Routing Software based packet forwarding Higher latency Higher per interface cost Uses IP address Security QoS Diagram 2, Image Image shows a stack of Cisco 2960 switches, these are Layer 2 switched and a stack of Cisco 3560 switches, these are Layer 3 switches. 3.1.3 - Types of Switching Three Diagrams Diagram 1, Animation Switch connected to three hosts and a server. Two of the hosts are named Source and Destination. The Source host sends a frame to the Destination host, the switch thinks ?I am recalculating the CRC value.? Incoming frame CRC value: 435869123 Recalculated CRC value: 435869123 These values are identical. Switch says ?The CRC value is correct. I will forward the frame? before forwarding the frame to the Destination host. Diagram 2, Animation Fast-forward Switch connected to three hosts and a server. One host sends a frame to another host via the switch. When the switch receives the packet it thinks ?I am receiving a frame. I will forward it immediately based on the destination MAC address.? Fragment-free Switch connected to three hosts and a server. One host sends a frame to another host via the switch. When the switch receives the packet it thinks ?I am receiving a frame. I will check the first 64 bytes of the frame to ensure this is a valid ethernet frame.? Once the switch completes the check it thinks ?This is a valid frame. I will forward it based on the destination MAC address.? Diagram 3, Image Diagram of a switch showing store-and-forward switching when the number of errors is increasing number of errors and cut-through switching when the errors are decreasing number of errors. 3.1.4 - Switch Security Two Diagrams Diagram 1, Image Image of a stack of switches labeled with a series of different security measures as follows: Physical Security Switches are a critical link in the network. Secure them physically, by mounting them in a rack and installing the rack in a secure room. Limit access to authorized network staff. Secure Passwords Configure all passwords (user mode, privilege mode and VTY access) with a minimum of six non-repeating characters. Change passwords on a regular basis. Never use words found in a dictionary. Use the enable secret command for privileged level password protection, since it uses advanced encryption techniques. Encrypt all passwords in the display of the running configuration file using the IOS command: service password-encryption. Enable SSH for Secure Remote VTY Access SSH is a client server protocol used to login to another device over a network. It provides strong authentication and secure communication over insecure channels. SSH encrypts the entire login session, including password transmission. Monitor Access and Traffic Monitor all traffic passing through a switch to ensure that it complies with company policies. Additionally, record the MAC address of all devices connecting to a specific switch port and all login attempts on the switch. If the switch detects malicious traffic or unauthorized access, take action according to the security policy of the organization. Disable http Access Disable http access so that no-one enters the switch and modifies the configuration via the Web. The command to disable http access is no ip http server. Disable Unused Ports Disable all unused ports on the switch to prevent unknown PCs or wireless access points from connecting to an available port on the switch. Accomplish this by issuing a shutdown command on the interface. Enable Port Security Port security restricts access to a switch port to a specific list of MAC addresses. Enter the MAC addresses manually or have the switch learn them dynamically. The specific switch port associates with the MAC addresses allowing only traffic from those devices. If a device with a different MAC address plugs into the port, the switch automatically disables the port. Disable Telnet A telnet connection sends data over the public network in clear text. This includes usernames, passwords and data. Disable telnet access to all networking devices by not configuring a password for any VTY sessions at login. Diagram 2, Activity Hands-on Lab: Applying Basic Switch Security 3.2 ? Preventing Switching Loops 3.2.1 ? Redundancy in a Switched Network 4 Diagrams Diagram 1, Image The diagram depicts three separate blocks each named, Wiring Closet, Backbone with Redundant Links and Server Farm. The Wiring Closet has two switches named S1 and S5 located inside the block. The two switches in the wiring closet are directly linked to the next block which is named the, ?Backbone with Redundant Links.? Housed within this block are four switches named S2, S3, S6 and S7. S1 is linked to S2 and S2 is linked to S3. S5 is linked to S6 and S6 is linked to S7. There are redundant links between all these 6 switches. Switches S3 and S7 are linked to S4 and S8 by redundant links within the Server Farm. Switches S4 and S8 are linked to seven servers located with the server farm. Diagram 2, Image The diagram depicts a server and two PC?s named H1 and H3 connected to a switch. The switch S1 s connected by dual links to switch S2, which also has a router named R1 and two PC?s named H2 and H4 connected. The router has a serial link in use. The server that is connected to switch S1 sends a broadcast message out to the switch S1. The switch S1 sends the message out to all ports except the originating port from which the message came. Switch S2 receives the message and sends the message to all connected clients including S1 on both links. Switch S1 receives the message and sends it back to the hosts that are directly connected to it including the switch S2. This is commonly known as a broadcast storm. Diagram 3, Image The diagram depicts a server and two PC?s named H1 and H3 connected to a switch. The switch S1 is connected by dual links to switch S2, which also has a router named R1 and two PC?s named H2 and H4 connected. The H2 client sends a message to the switch S2. The switch S2 says, ?I do not see the server in my MAC table. I will send this frame out all active ports.? The switch S2 sends the message out to all connected devices except the originating port. The dual links between switch S1 and S2 mean that the intended client receives two of the same message, this is known as Multiple Frame Transmission. In the second scenario, the server connected to switch S1 decides to send a message to client H4 on the other side of switch S2. Switch S1 looks in its MAC table for the MAC address for client H4, which it does not find and entry for. Two messages propagate forward to switch S2 and back to the two clients connected to switch S1. Switch S2 realizes the message is destined for the client H4 and says, ? I will update my MAC table with information for the originating server? and forwards the message to client H4. Diagram 4, Packet Tracer Activity 3.2.2 ? Spanning Tree Protocol (STP) 4 Diagrams Diagram 1, Image The diagram depicts four switches arranged in a square topology with a computer connected to switch 2 and switch 4. There are dual links between the four switches indicating the flow of data from switch 1 to switch 2 to switch 3 and then switch 4. This configuration has no STP in use and a switching loop is evident. When STP is implemented the link between S3 and S4 is blocked by removing access to the port. The link between S3 and S4 ceases to exist thereby eliminating the loop. Diagram 2, Image The diagram depicts the BPDU?s (Bridge Protocol Data Units) and the composition of the specific components of the BPDU, these are listed below: Protocol Identifier: Always 0 Version: Always 0 Message Type: Identifies the type of BPDU (configuration or topology change notification) the frame contains. Flags: used to handle changes in the topology Root ID: contains the bridge ID of the root bridge, contains the same value after convergence as all BPDU?s in the bridged network. Root Path Cost: the cumulative cost of all links leading to the Root Bridge Bridge ID: Always 0 Port ID: Always 0 Message Age: Specifies the BPDU (configuration or topology change notification) the frame contains. Max Age: maximum time that a BPDU is saved, influences the bridge table aging timer during the topology change notification process. Hello Time: time between periodic configuration BPDU?s Forward Delay: the time spent in the listening and learning state, influences timers during the topology change notification process. Diagram 3, Image The diagram depicts a layer two switch with the switch port transitioning through the states of STP. The states are listed below along with a description of each state. Blocking: steady amber, receive BPDUs, discard date frames, does not learn addresses, takes up to 20 seconds to change to listening state. Listening: blinking amber, listens for BPDUs, does not forward frames, does learn MAC addresses, determine if switch has more than one trunking port that might create a loop, if loop ? returns to the lblocking state, if no loops ? returns to learning state, takes 15 seconds to transition to learning state, also called forward delay Learning: blinking amber, processes BPDUs, learns MAC addresses from traffic received, does not forward frames, takes 15 seconds to transition to forwarding Forwarding: blinking green, processes BPDUs, learns MAC addrssses, forwards frames Diagram 4, Activity Associate the processes with the correct spanning tree process. (Blocked, Listening, Learning or forwarding) Processes BPDUs Learns MAC addresses Discards frames Forwards frames Does not forward frames Recieves BPDUs Does not learn MAC addresse 3.2.3 ? Root Bridges 4 Diagrams Diagram 1, Image The diagram depicts the BID of 8 bytes. The BID is broken down into a Bridge Priority of 2 bytes with a range of 0-65535 and a default of 37268. The next six bytes are the MAC and this is from the backplane/supervisor. Diagram 2, Image The diagram depicts three switches S1, S2 and S3 and they are connected to each other S1 to S2, S2 to S3 and S2 back to S1. S1?s 1/1 has been assigned the root port and the 1 /2 port has been assigned the designated port. Switch S2?s 1/1 has been assigned the designated port and this switch is the Root Bridge. S2?s second port 1 /2 is also a designated port. Switch S3 has its port 1/1 designated as the root port and its 1 /2 port has been blocked. Diagram 3, Image The diagram depicts four switches arranged in a square topology with all switches connected to each other. The switches have been named S1, S2, S3 and S4. S3 has been named the root bridge and it has the lowest priority number of 4096. S2 has a priority number of 32768, S1 has a priority number of 32768 and S4 has a priority number of 8192. Diagram 4, Hands On Lab 3.2.4 ? Spanning Tree in Hierarchical Network 5 Diagrams Diagram 1, Image The diagram depicts four switches connected in a square topology arrangement with a client connected to switch 1 and a server connected to switch 3. The server sends a message to the client H1 which passes through switch 3, switch 2 and then switch 1 to get to the client H1. Once the message has reached client H1 the four switches become busy recalculating the STP. The server tries to send another message and the switch that it is directly connected to announces that it needs a new root port. Switch 4 announces that its blocked port is ready to forward traffic and switch 1 announces that its port priority remains the same. Switch 2 is assigned as the Root Bridge and announces that it can still see connectivity to all the switches. The server that is directly connected to switch 3 sends a message out and it travels from switch 3 to switch 4 to switch 1 and to the client H1. Diagram 2, Image The diagram depicts a man sitting in front of his laptop computer with a timer sitting next to the laptop indicating that the man is waiting an undetermined amount of time for the process to be complete. Diagram 3, Image The diagram depicts two scenarios, STP with port-fast configured and STP without port-fast configured. The diagram is indicating that the time taken to send a message with port-fast configured is about 15 seconds whereas the message sent without port-fast configured has taken about 45 seconds to complete. Diagram 4, Image The diagram depicts the outputs for the commands listed below. For the output of these commands the STP protocol must be configured. As part of the lab you will configure STP and generate output displays of the below commands. ***show spanning-tree*** ***show spanning-tree root*** ***show spanning-tree interface*** ***show spanning-tree summary*** ***show spanning-tree detail*** ***show spanning-tree blockedports*** Diagram 5, Hands on Lab 3.2.5 ? Rapid Spanning Tree Protocol (RSTP) 1 Diagram Diagram 1, Image The diagram depicts two different scenario?s, the first is the Spanning Tree Protocol implementation and the second is the Rapid Spanning Tree Protocol implementation. In the spanning tree scenario, the light on the front of the switch is blinking amber indicating that the switch is listening/learning. This process takes approximately 15 seconds before the blinking green light flashes and forwarding begins. In the Rapid Spanning Tree implementation, the time taken from listening/learning ? blinking amber phase to forwarding = blinking green phase is 1 second. 3.3 - Configuring VLANs 3.3.1.0 - Virtual LAN Five Diagrams Diagram 1, Image A router is connected to three switches, one each on Floor 1, Floor 2 and Floor 3. The switch on Floor 3 is connected to three servers. The switch on Floor 2 is connected to three clients. The switch on Floor 1 is connected to three clients. The Accounting VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. The Marketing VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. The Engineering VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. Diagram 2, Animation A router is connected to three switches, one each on Floor 1, Floor 2 and Floor 3. The switch on Floor 3 is connected to three servers. The switch on Floor 2 is connected to three clients. The switch on Floor 1 is connected to three clients. The Accounting VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. The Marketing VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. The Engineering VLAN comprises of one server from Floor 3, one client from Floor 2 and one client from Floor 1. When packets come in from the router to the switches it is switched to the appropriate VLAN as required. Diagram 3, Image Two switches connected via a trunk share four different VLAN setup between them. Diagram 4, Animation A new host connects to the LAN. It sends out a packet ?00:07:B3:11:12:13 is requesting membership in a VLAN. ?The packet reaches the VLAN management server which says ?00:07:B3:11:12:13 is in my database. Assign that port to VLAN 18.? The packet is returned to the switch port the requesting host is connected to. The switch say ?I am assigning this port to VLAN 18.? Diagram 5, Activity Decide the problems solved by implementing VLANs. Select the scenarios where VLANs help to solve the problem stated. 1. Users in the warehouse are accessing records in the payroll department. Management has asked you to isolate the payroll department from the rest of the network. (Yes or No) 2. Staff in the sales department continually join the network and then leave. This causes quite a bit of broadcast traffic as machines try to discover each other. These broadcasts slow down network performance in the graphics department. (Yes or No) 3. During the execution of a large project, members of the Marketing, Sales and Public relations departments collaborate on different parts of the project. The Network administrator is concerned about response time on the collaboration server. (Yes or No) 4. The company plans on installing a VoIP system but worries that voice traffic will be unusable due to the large amount of data on the network. (Yes or No) 3.3.2 - Configuring a Virtual LAN Five Diagrams Diagram 1, Image Picture of a switch with a workstation connected to one of the ports. The man working at the workstation says ?I am going to configure VLANs?. The port the workstation is connected to is labeled VLAN1 Management VLAN. Diagram 2, Image Images of man sitting at a workstation configuring a VLAN as follows: Switch(config)#configure terminal Switch(config)#vlan 27 Switch(config-vlan)#name accounting Switch(config-vlan)#exit Switch(config)#interface fa0/13 Switch(config-if)#switchport access vlan 27 Switch(config-if)#exit Switch(config)#vlan 28 Switch(config-vlan)#name engineering Switch(config-vlan)#exit Switch(config)#interface fa0/6-12 Switch(config-if)#switchport access vlan 28 Switch(config-if)#end Switch#show vlan This command shows the setup of the VLAN. The headings for this show command are VLAN, Name, Status and Ports. (examine in the Hands on Lab) Diagram 3, Image The show VLAN command gives the following information VLAN, Name, Status and Ports. The show VLAN ID command gives the following information VLAN, Name, Status and Ports as well as the Type, SAID, MTU, Parent, RingNo, BridgeNo, Stp, BrdgMode, Tran1 and Tran2. The show VLAN Brief command gives the following information VLAN, Name, Status and Ports. The show VLAN Name command gives the following information VLAN, Type, SAID, MTU, Parent, RingNo, NoBridgeNo, Stp, BrdgMode and Tran1. (examine in the Hands on Lab) Diagram 4, Animation Man sitting at a workstation says ?I am deleting VLAN 27. I am also disassociating port 8 from VLAN 28.? As follows: Switch(config)#interface fa0/8 Switch(config-if)#no switchport access vlan 28 Switch(config-if)#exit Switch(config)#no vlan 27 Switch(config)#end Switch#show vlan This shows the VLAN name, Status and ports. Diagram 5, Activity, Hands-on Lab 3.3.3 - Identifying VLANs Three Diagrams Diagram 1, Animation Two switches are connected together. Client H1 on VLAN 2 says ?I have to send a message to H3.? He then sends the message to H3 also on VLAN 2. H1 on VLAN 2 say ?I have to send a message to H6.? H6 is on VLAN 3. H1 and H6 are unable to communicate because they are on different VLANs. Traffic cannot move between VLANs without the assistance of a router. Diagram 2, Image Image shows the insertion of a 802.1q tag into a frame. After the insertion the frame receives a new FCS value. The fields of the frame are as following: TPID The Tag Protocol Identifier is a 16-bit field. It is set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q tagged frame. PRIORITY It is known as user priority. This 3-bit field refers to the IEEE 802.1Q priority. The field indicates the frame priority level used for the prioritization of traffic. The field can represent 8 levels (0 through 7). CFID The Canonical Format Indicator is a 1-bit field. If the value of this field is 1, the MAC address is in no canonical format. If the value is 0, the MAC address is in canonical format. VID The VLAN Identifier is a 12-bit field. It uniquely identifies the VLAN to which the frame belongs. The field has a value between 0 and 4095. Diagram 3, Activity Decide whether to deliver each inbound frame to the destination host based on the port configurations. Check Delivered or Not Delivered based on the size of the frame, the VLAN# and the trunking protocols. See your instructor for information on how to complete this activity. 3.4 - Trunking and Inter-VLAN Routing 3.4.1 - Trunk Ports Five Diagrams Diagram 1, Image The picture depicts the use of Trunk Ports and Access Ports in a Network. There are three VLANs, which are connected via Access Ports to two Switches. The Switches are then linked to each other, and the Router via Trunk Port. Network One Router(R1) Two Switches (S1, S2) Three VLANs (VLAN100, VLAN200, VLAN300) R1 Connects to S1 via Trunk Port R1 connects to S2 via Trunk Port S1 connects to S2 via Trunk Port VLAN100 has two Hosts (H1, H2), and one Server, which are connected to S1 via Access Ports. VLAN200 has two Hosts (H3, H4), which are all connected to S1 via Access Ports. VLAN300 has one Host (H5), which is connected to S1 via Access Port. VLAN300 has two Hosts (H6, H7), and one Server, which are connected to S2 via Access Ports. Diagram 2, Image The picture depicts the use of Trunking between switches. There are two Examples, No Trunking & Trunking. No Trunking Two Switches (S1, S2) Three VLANs (VLAN1, VLAN2, VLAN3) Six Hosts (H1, H2, H3, H4, H5, H6) VLAN1 has H5, H3 VLAN2, has H6, H2 VLAN3 has H1, H4 S1 is connected to S2 via three links (All VLANs have separate link) S1 has H1, H5, H6 connected S2 has H2, H3, H4 connected H5(VLAN1), H6VLAN2, H1(VLAN3) send information to H3(VLAN1), H2(VLAN2), H4(VLAN3). As each VLAN has its own link from S1 to S2 the information is sent on the corresponding VLANs link from S1 to S2. Trunking Two Switches (S1, S2) Three VLANs (VLAN1, VLAN2, VLAN3) Six Hosts (H1, H2, H3, H4, H5, H6) VLAN1 has H5, H3 VLAN2, has H6, H2 VLAN3 has H1, H4 S1 is connected to S2 via trunk (All VLANs share link) S1 has H1, H5, H6 connected S2 has H2, H3, H4 connected H5(VLAN1), H6VLAN2, H1(VLAN3) send information to H3(VLAN1), H2(VLAN2), H4(VLAN3). As each VLAN shares the trunk the information is sent one after another across the link from S1 to S2. Diagram 3, Image The picture depicts two Switches (S1, S2) connected via Trunk Link. S1 is showing a screen capture of the Command Line, the text displayed is as follows: Switch(config)#interface fa0/24 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk encapsulation dotlq Diagram 4, Image The picture depicts two Switches (S1, S2) connected via Trunk Link. Both switches are showing a screen capture of the Command Line, the text displayed is as follows: S1 S1(config)#interface fa0/1 S1(config-if)#switchport mode dynamic desirable S2 S2(config)#interface fa0/1 S2(config-if)#switchport mode dynamic desirable Diagram 5, Hands on Lab 3.4.2 - Extending VLANs across Switches Three Diagrams Diagram 1, animation Animation illustrates the insertion of tags and the calculation of a new FCS as the frame is sent from one switch to another over a trunk port. Taging is removed and the FCS recalculated at the destination switch. Diagram 2, Animation The animation depicts a Network with a single VLAN. There are two switches (S1, S2), each with one host (H1, H2). S1 is connected to S2 via Trunk Ports H1 is connected to S1 via Access Port H2 is connected to S2 via Access Port H1 and H2 are both on VLAN3(Native) H1 is going to send information to H2, H1 has a caption, which says ?VLAN3 is the native VLAN. Do not tag traffic?, H2 has a caption, which says ?Traffic is untagged. It is a member of the native VLAN?. S1 is showing a screen capture of the command line, the text reads: S1(config-if)#dotlq native vlan vlan3 Diagram 3, Hands on Lab 3.4.3 - Inter-VLAN Routing Five Diagrams Diagram 1, Image The picture depicts the use of a Layer 3 device (Router) to establish communication between multiple VLANs. There are two VLANs (VLAN1, VLAN200), each with its own link to the Router. There is a caption, which reads ?VLAN1 can communicate with VLAN200 if each has dedicated connection to the router? Network One Router (R1) One Switch (S1) S1 is connected to R1 via two links (one each VLAN) S1 has two VLANs (VLAN1, VLAN200) S1 has two hosts attached (H1, H2) H1 is on VLAN1 H2 is on VLAN 200 Diagram 2, Image The picture depicts the use of a Subinterface to establish communication between multiple VLANs. There are three VLANs (VLAN1, VLAN15, VLAN35), each represented by a different colored circle. All three VLANs connect to the Router via a single link (Subinterface). Network One Router (R1) One Switch (S1) R1 is connected to S1 via single link S1 has three VLANs (VLAN1, VLAN15, VLAN35) VLAN1 has one Host VLAN15 has two Hosts VLAN35 has one Host Diagram 3, Animation The animation depicts the use of a Subinterface to establish communication between multiple VLANs. There are three VLANs (VLAN1, VLAN15, VLAN35), each represented by a different colored circle. All three VLANs connect to the Router via a single link (Subinterface).The link has been broken up into three logical pathways (One each VLAN). Network One Router (R1) One Switch (S1) R1 is connected to S1 via single link S1 has three VLANs (VLAN1, VLAN15, VLAN35) VLAN1 has one Host VLAN15 has two Hosts VLAN35 has one Host Diagram 4, The picture depicts the use of a Subinterface to establish communication between multiple VLANs. There are three VLANs(VLAN1, VLAN15, VLAN35), each represented by a different colored circle. All three VLANs connect to the Router via a single link (Subinterface). Network One Router (R1) One Switch (S1) R1 is connected to S1 via single link S1 has three VLANs (VLAN1, VLAN15, VLAN35) VLAN1 has one Host VLAN15 has two Hosts VLAN35 has one Host The picture shows a screen capture of both the Switch and Routers Command line, displaying the Inter-VLAN Routing Configuration R1 ---output omitted--- ! interface FastEthernet0/1 no ip address duplex auto speed auto no shutdown ! Interface FastEthernet0/1.1 Encapsulation dotlq 1 native Ip address 10.20.1.1 255.255.255.0 No shutdown ! interface FastEthernet0/1.15 encapsulation dotlQ 15 ip address 10.20.15.1 255.255.255.0 no shutdown ! interface FastEthernet0/1.35 encapsulation dotlQ 35 ip address 10.20.15.1 255.255.255.0 no shutdown ! ---output omitted--- S1 ---output omitted--- interface FastEthernet0/1 switchport mode trunk no ip address no shutdown ! interface FastEthernet0/2 no ip address no shutdown ! interface FastEthernet0/3 no ip address no shutdown ! interface FastEthernet0/4 no ip address no shutdown ! interface FastEthernet0/5 no ip address no shutdown ! interface FastEthernet0/6 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/7 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/8 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/9 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/10 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/11 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/12 switchport access vlan 15 no ip address no shutdown ! interface FastEthernet0/13 switchport access vlan 35 no ip address no shutdown ! interface FastEthernet0/14 switchport access vlan 35 no ip address no shutdown ! interface FastEthernet0/15 switchport access vlan 35 no ip address no shutdown ! interface FastEthernet0/16 switchport access vlan 35 no ip address no shutdown ! interface FastEthernet0/17 switchport access vlan 35 no ip address no shutdown ! interface FastEthernet0/18 no ip address no shutdown ! interface FastEthernet0/19 no ip address no shutdown ! interface FastEthernet0/20 no ip address no shutdown ! interface FastEthernet0/21 no ip address no shutdown ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 no ip address ! interface FastEthernet0/24 no ip address ! Diagram 5, Hands on Lab 3.5 1? Maintaining VLANs on the Enterprise Network 5 Diagrams Diagram 1, Image The diagram depicts a network with 5 switches connected in series and two scenarios Without VTP and With VTP. The first scenario depicts the Without VTP and the network has the VLAN?s manually added/deleted/renamed by an administrator. The second scenario shows With VTP configured and the first switch has the VLAN?s manually added/deleted/renamed by an administrator which sends a message to switches further down the link to automatically add/delete/rename the VLAN?s connected and this continues down the link. Diagram 2, Image The diagram depicts three switches with a client, a server, and transparent device connected to each respectively. The information pertaining to each device is listed below: Transparent: Forwards VYP advertisements Ignores information in the VTP message Does not modify its database when receiving updates Does not send out an update that indicates a change of its own VLAN database Server Creates, modifies and deletes VLANs and VLAN configuration parameters for the entire domain Saves VLAN configuration information in the switches NVRAM Sends VTP out to all trunk ports Client Does not create of modify or delete VLAN onformation Modifies its own database with any VLAN changes sent from the server Sends VTP message out all trunk ports Diagram 3, Image The diagram depicts three switches configured in a triangular configuration with each switch given the names Server, Client and Client. They are all linked and there updates are sent from the server through the network as revision number 5 to all clients. Diagram 4, Image The diagram depicts three switches configured in a triangular configuration with each switch given the names Server, Client and Transparent. Each device has specific information attached, this is listed below: Transparent: VTP domain, name:null, mode:transparent, revision # 1, VLANs:null Client: VTP domain, name: cisco, mode: client, revision # 1, VLANs: 1 Server: VTP domain, name: cisco, mode: server, revision# 1, VLANS: 1 Diagram 5, Activity Select the characteristics of the server, client, transparent VTP modes. Options 1: VTP client mode 2: VTP server mode 3: VTP transparent mode Characteristics A: VLANs are local only B: Issues advertisement requests C: Uses VTP advertisements to update VLAN database D: Can create, modify or delete VLAN information for the entire domain E: Ignores VTP advertisements F: Default mode for Cisco switches 3.5.2 ? Configuring VTP 3 Diagrams Diagram 1, Image The diagram depicts a terminal window with a console session in progress with a switch, the steps listed below are the ones used to add a switch to a VLAN domain. Step 1. Switch(config)# vtp domain domain name Switch(config)# vtp mode server:chient:transparent Switch(config)# vtp password password Switch(config)# end Switch# copy running-config startup-config Step 2. Switch# show vtp status 2 VTP version 3 Configuration Revision 64 Maximum VLANS supported locally 8 Number of existing VLANS Server VTP Operating mode Cisco VTP domain Name Disabled VTP running mode Disabled VTP V2 Mode Disabled VTP Traps Generation Omitted MDS Digest Omitted Configuration last modified by Omitted Local Updater ID is Omitted Step 3 Switch# reload Switch# show vtp password Switch# Show vtp counters Diagram 2, Packet Tracer Activity Diagram 3, Packet Tracer Activity 3.5.3 ? VLAN support for IP Telephony and Wireless 3 Diagrams Diagram 1, Image The diagram depicts a woman sitting in front of her laptop with a video call in progress and an IP telephone communication also happening at the same time. Diagram 2, Image The diagram depicts a router named R1 at the top of a star topology with two switches named S1 and S2 directly connected. Directly connected to switch 1 and 2 are the following devices, on S1, VLAN ? 18 ? DATA, VLAN ? 17 ? VOICE, VLAN- 35 ? Wireless. Directly connected to switch 2 is VLAN ? 18 ? DATA, VLAN ? 17 ? VOICE, VLAN- 35 ? Wireless. Diagram 3, Packet Tracer Lab The diagram depicts the launch window for the Packet Tracer Lab named, ?Configuring Wireless and Voice VLANS.? The lab and the program are available for download in accessible format from the Cisco website. 3.5.4 ? VLAN Best Practice 2 Diagrams Diagram 1, Image The diagram depicts the six best practice methods for setting up VLANS, these are broken down into further information classes below: Server Placement - Ensure all servers required by a particular group are members of the same VLAN Unused Ports - disable unused ports - put unused ports in an unused VLAN - Stop unauthorized access by not granting connectivity or by placing a device into an unused VLAN Management VLAN - by default, the mamagement VLAN and the native VLAN are VLAN 1 - do not use VLAN 1 for in band management traffic - select a defferent dedicated VLAN to keep mamagement traffic separate from user, data and protocol traffic VLAN Trunking Protocol - standardizes the VLAN configuration across the enterprise - Provides for easy VLAN mamagement and maintenance - Reduces the time required for VLAN administration and maintenance VTP Domains - minimizes misconfiguration - propagates and synchronizes VLAN information across member switches - Provides extra security when combined with a VTP password VTP Revision Number - ensure that any new switch added to the network has a revision number of zero - Reset the revision number by either of the following: - 1. Set the new switch to transparent mode then switch it back to client or server - 2. Change the domain name to a something else. Change it back. Diagram 2, Packet Tracer Lab Module 3.6 ? Chapter Summary 3.6.1 ? Summary One Diagram Diagram 1, Tabular Summary Slide 1 Switches use microsegmentation to create single port collision domains Layer 3 switching takes place in special ASIC hardware. Switches forward traffic using store and forward or cut-through techniques. Basic security features should be applied to switches to ensure that only authorized personnel access the devices. The picture depicts the use of Store and Forward Switching, and cut through switching. The picture also shows how using Store and Forward Switching, is a better solution as there will be a decrease in the Number of errors. Slide 2 Spanning Tree Protocol shuts down redundant links to prevent switching loops. A root bridge is at the top of the spanning tree and it is elected based on the lowest bridge ID. Spanning tree recalculation can take up to 50 seconds to complete during which time the network has limited functionality. Rapid Spanning Tree has evolved to shorten the convergence time. The picture depicts a network, there are four looped Switches (last connects to first), One port has been blocked by STP to eliminate the loop. Network Four Switches(S1, S2, S3, S4) S1 is connected to S2 S2 is connected to S3 S3 is connected to S4 S4 is connected to S1 S1 and S3 each have one Host connected The port from S1 to S4 has been blocked by STP to eliminate the loop. Slide 3 A VLAN is a collection of hosts that are on the same local area network even though they may be physically separated from each other. VLAN1 is the management VLAN by default. Frame tagging applies the VLAN ID to the Ethernet frame so the switch can identify the source VLAN. IEEE 802.1Q is the open standard frame tagging protocol that inserts a 4-byte tag into the Ethernet frame. The picture depicts a buildings network, there are three different colored ovals (Orange Green Blue), which represent three VLANs. The VLANs are spread over three floors. Network Three Floors (Floor1, Floor2, Floor3) Three VLANs (Engineering VLAN, Marketing VLAN, Accounting VLAN) Three Switches (S1, S2, S3) S1 is connected to Floor1, and S2 S2 is connected to Floor2, S3 and a Router via FastEthernet S3 is connected to Floor3 Floor1 has three Servers(one each VLAN) Floor2 has three Hosts(one each VLAN) Floor3 has three Hosts(one each VLAN) Slide 4 An access port connects a device to a switch and is a member of one VLAN. A trunk port connects two switches or a switch and a router and forwards tagged frames from multiple VLANs. Untagged frames are forwarded using the native VLAN. A Layer 3 device is required to move traffic between different VLANs. A router interface is configured using subinterfaces to support multiple VLANs. The picture depicts the use of a Subinterface to establish communication between multiple VLANs. There are three VLANs(VLAN1, VLAN15, VLAN35), each represented by a different colored circle(VLAN1=Yellow, VLAN15=Grey, VLAN 35=Blue). All three VLANs connect to the Router via a single link(Subinterface) on the FA0/0 Interface. Network One Router (R1) One Switch (S1) R1 is connected to S1 via single link on Interface fa0/0. The link has been split into three sections(one each VLAN)fa0/0.1=VLAN1, FA0/0.15=VLAN15, Fa0/0.35=VLAN35 S1 has three VLANs (VLAN1, VLAN15, VLAN35) VLAN1 has one Host VLAN15 has two Hosts VLAN35 has one Host Slide 5 VLAN Trunking Protocol provides a method for the centralized control, distribution and maintenance of the enterprise VLAN database. Switches are either servers, clients or transparent. A server issues a VTP update by having a higher revision number than the other switches. VLANs are suited for time sensitive traffic such as voice. Best practices, such as consistent VTP domain name and revision number control increase network efficiency. The picture depicts a network, There are three Circles (Green, Blue, Red), each circle represents a different VLAN. Network One Router(R1 Two Switches(S1, S2) Three VLANs(VLAN1, VLAN2, VLAN3) R1 is connected to S1, and S2 S1 has a Host and Server on VLAN1 S1 has one Telephone on VLAN2 S1 has a wireless Router connected to a Host on VLAN3 S2 has a Host and Server on VLAN1 S2 has one Telephone on VLAN2 S2 has a wireless Router connected to a Host on VLAN3