Module_2_-_VLANsStudent - VLANs DTP VTP Etherchannel Edited by Fiona Mitchell Sept 2014 BCMSN 2 5 2006 Cisco Systems Inc All rights reserved Cisco

Module_2_-_VLANsStudent - VLANs DTP VTP Etherchannel Edited...

This preview shows page 1 - 9 out of 71 pages.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 1 BCMSN v3.0—2-1 VLANs DTP VTP Etherchannel Edited by Fiona Mitchell Sept 2014
Image of page 1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 2 Virtual Local Area Network (VLAN) A VLAN is a logical group of end devices. Broadcasts are contained within VLANs. Modern design has 1 VLAN = 1 IP subnet. Trunks connect switches so as to transport multiple VLANs. Layer 3 devices interconnect VLANs.
Image of page 2
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 3 End-to-End VLANs Each VLAN is distributed geographically throughout the network. Users are grouped into each VLAN regardless of the physical location, theoretically easing network management. As a user moves throughout a campus, the VLAN membership for that user remains the same. Switches are configured for VTP server or client mode.
Image of page 3
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential BCMSN 2 - 5 4 Local VLANs Create local VLANs with physical boundaries in mind rather than job functions of the users. Local VLANs exist between the access and distribution layers. Traffic from a local VLAN is routed at the distribution and core levels. Switches are configured in VTP transparent mode. Spanning tree is used only to prevent inadvertent loops in the wiring closet. One to three VLANs per access layer switch recommended.
Image of page 4
Cisco Confidential BCMSN 2 - 5 5 VLANs in Enterprise Campus Design
Image of page 5
Benefits of Local VLANs 1. Deterministic traffic flow 2. Active redundant paths 3. High availability 4. Finite failure domain 5. Scalable design
Image of page 6
Best Practices for VLAN Design One to three VLANs per access module and limit those VLANs to a couple of access switches and the distribution switches. Avoid using VLAN 1 as the "blackhole" for all unused ports. Use a dedicated VLAN separate from VLAN 1 to assign all the unused ports. Separate the voice VLANs, data VLANs, the management VLAN, the native VLAN, blackhole VLANs, and the default VLAN (VLAN 1). Avoid VTP when using local VLANs; use manually allowed VLANs on trunks. For trunk ports, turn off Dynamic Trunking Protocol (DTP) and configure trunking. Use IEEE 802.1Q rather than ISL because it has better support for QoS and is a standard protocol. Manually configure access ports that are not specifically intended for a trunk link. Prevent all data traffic from VLAN 1; only permit control protocols to run on VLAN 1 (DTP, VTP, STP BPDUs, PAgP, LACP, CDP, etc.). Avoid using Telnet because of security risks; enable SSH support on management VLANs.
Image of page 7
Configuration: Create a VLAN To create a new VLAN in global configuration mode. Switch(config)# vlan vlan-id vlan-id numbers range Standard VLANs 2-1001 Extended VLANs 025-4094
Image of page 8
Image of page 9

You've reached the end of your free preview.

Want to read all 71 pages?

  • Fall '16
  • Fiona
  • Cisco Systems, VLAN Trunking Protocol, Cisco Confidential

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture