© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 1 BCMSN v3.0—2-1 VLANs DTP VTP Etherchannel Edited by Fiona Mitchell Sept 2014
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 2 Virtual Local Area Network (VLAN) A VLAN is a logical group of end devices. Broadcasts are contained within VLANs. Modern design has 1 VLAN = 1 IP subnet. Trunks connect switches so as to transport multiple VLANs. Layer 3 devices interconnect VLANs.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 3 End-to-End VLANs Each VLAN is distributed geographically throughout the network. Users are grouped into each VLAN regardless of the physical location, theoretically easing network management. As a user moves throughout a campus, the VLAN membership for that user remains the same. Switches are configured for VTP server or client mode.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 4 Local VLANs Create local VLANs with physical boundaries in mind rather than job functions of the users. Local VLANs exist between the access and distribution layers. Traffic from a local VLAN is routed at the distribution and core levels. Switches are configured in VTP transparent mode. Spanning tree is used only to prevent inadvertent loops in the wiring closet. One to three VLANs per access layer switch recommended.
Cisco Confidential BCMSN 2 - 5 5 VLANs in Enterprise Campus Design
Benefits of Local VLANs 1. Deterministic traffic flow 2. Active redundant paths 3. High availability 4. Finite failure domain 5. Scalable design
Best Practices for VLAN Design One to three VLANs per access module and limit those VLANs to a couple of access switches and the distribution switches. Avoid using VLAN 1 as the "blackhole" for all unused ports. Use a dedicated VLAN separate from VLAN 1 to assign all the unused ports. Separate the voice VLANs, data VLANs, the management VLAN, the native VLAN, blackhole VLANs, and the default VLAN (VLAN 1). Avoid VTP when using local VLANs; use manually allowed VLANs on trunks. For trunk ports, turn off Dynamic Trunking Protocol (DTP) and configure trunking. Use IEEE 802.1Q rather than ISL because it has better support for QoS and is a standard protocol. Manually configure access ports that are not specifically intended for a trunk link. Prevent all data traffic from VLAN 1; only permit control protocols to run on VLAN 1 (DTP, VTP, STP BPDUs, PAgP, LACP, CDP, etc.). Avoid using Telnet because of security risks; enable SSH support on management VLANs.
Configuration: Create a VLAN To create a new VLAN in global configuration mode. Switch(config)# vlan vlan-id vlan-id numbers range Standard VLANs 2-1001 Extended VLANs 025-4094
You've reached the end of your free preview.
Want to read all 71 pages?
- Fall '16
- Cisco Systems, VLAN Trunking Protocol, Cisco Confidential