VLAN: Details, Details, Details

VLAN Database Mode

Enter at enable prompt, not global configuration mode.

You must use the word ‘apply’ or ‘exit’ to have changes saved, otherwise VLANs will not show in database.

VLAN Design Rules

Keep core switches available purely for switching

VLAN scheme should keep broadcasts and multicasts away from core

End to end VLAN 80/20 rule 80 percent of the local traffic stays within the local area and the other 20 will traverse the network.

Local VLANs 20/80 – 20 local in scope and 80 percent to traverse network

Users are grouped by location with local VLAN design

VLAN: Trunking Troubleshooting, Modes and Protocols

ISL will encapsulate every frame targeted to the native vlan

dot1q will not encapsulate anything targeted to the native vlan

ISL – 26 byte header containing VLAN ID, 4 byte trailer for CRC check (30 bytes overhead)

larger frames become ‘giants’ exceeding 1518 bytes

smaller frames than 64 bytes = ‘runts’

dot1q adds a 4 bytes header which is inserted into frame rather then re-encapsulating

Troubleshooting Trunks

Speed and Duplex must match

ISL doesn’t use native VLAN

802.3ac extends frame length to 1522 bytes

Switches have to be in same VTP domain for a trunk to form

Explicitly set as trunk mode then nonegotiate if required

Dynamic auto will NOT form a trunk, but will accept negotiation with remote switch

VLAN: VLAN Fundamentals and Trunking

Key concepts for broadcasting/vlan justification:

  • Unnecessary use of bandwidth
  • Unnecessary workload on switch to process and send all broadcasts

VLAN Membership of a host depends on 2 factors:

  • Static vlans – depandant on port host is connected to
  • Dynamic vlans – is dependant on the host MAC address (Switch looks at source MAC address 1st on frame)

Trunk ports by default belong to ALL VLANs

dynamic desirable trunking – bad

show vlan id NUMBER – quicker way of viewing ports in 1 particular VLAN. Handy when a large VLAN database.

Dynamic VLANs: VLAN Membership Policy Server – VMPS

VLAN membership is defined by MAC address value, a host can dynamically move from port to another port and still retain VLAN membership. (source mac address used in frame, 1st value!)

VMPS uses a TFTP server to assist in the dynamic port assignment. A database on the TFTP server maps source MAC addresses to VLANs, the downloading occurs every time you power cycle the VMPS server. VMPS uses UDP.

Portfast is enabled automatically on any VMPS port. Interesting default! Further reading required, potentially for the IE.

  • VMPS Server has to be configured BEFORE the ports.
  • Portfast enabled by default.
  • You must disable port security before a port can be made dynamic.
  • Trunking ports cannot be made dynamic. As the ports has to belong to multiple VLANs.

Default VLAN range 1-4094

Transmitting switch tags frame with a VLAN ID, when remote switch receives frame, the switch will examine this ID and forward the frame appropriately.

Trunk negotiation – speed/duplex/encapsulation must match

ISL and dot1q are P2p trunking protocols

  • ISL = Cisco proprietary
  • ISL will encapsulate the frame and add a header and trailer.
  • Has to be de-encapsulated at the other end (Double tagging)
  • ISL does not support the concept of the Native VLAN