VLAN Database Mode
Enter at enable prompt, not global configuration mode.
You must use the word ‘apply’ or ‘exit’ to have changes saved, otherwise VLANs will not show in database.
VLAN Design Rules
Keep core switches available purely for switching
VLAN scheme should keep broadcasts and multicasts away from core
End to end VLAN 80/20 rule 80 percent of the local traffic stays within the local area and the other 20 will traverse the network.
Local VLANs 20/80 – 20 local in scope and 80 percent to traverse network
Users are grouped by location with local VLAN design
ISL will encapsulate every frame targeted to the native vlan
dot1q will not encapsulate anything targeted to the native vlan
ISL – 26 byte header containing VLAN ID, 4 byte trailer for CRC check (30 bytes overhead)
larger frames become ‘giants’ exceeding 1518 bytes
smaller frames than 64 bytes = ‘runts’
dot1q adds a 4 bytes header which is inserted into frame rather then re-encapsulating
Speed and Duplex must match
ISL doesn’t use native VLAN
802.3ac extends frame length to 1522 bytes
Switches have to be in same VTP domain for a trunk to form
Explicitly set as trunk mode then nonegotiate if required
Dynamic auto will NOT form a trunk, but will accept negotiation with remote switch
Key concepts for broadcasting/vlan justification:
- Unnecessary use of bandwidth
- Unnecessary workload on switch to process and send all broadcasts
VLAN Membership of a host depends on 2 factors:
- Static vlans – depandant on port host is connected to
- Dynamic vlans – is dependant on the host MAC address (Switch looks at source MAC address 1st on frame)
Trunk ports by default belong to ALL VLANs
dynamic desirable trunking – bad
show vlan id NUMBER – quicker way of viewing ports in 1 particular VLAN. Handy when a large VLAN database.
Dynamic VLANs: VLAN Membership Policy Server – VMPS
VLAN membership is defined by MAC address value, a host can dynamically move from port to another port and still retain VLAN membership. (source mac address used in frame, 1st value!)
VMPS uses a TFTP server to assist in the dynamic port assignment. A database on the TFTP server maps source MAC addresses to VLANs, the downloading occurs every time you power cycle the VMPS server. VMPS uses UDP.
Portfast is enabled automatically on any VMPS port. Interesting default! Further reading required, potentially for the IE.
- VMPS Server has to be configured BEFORE the ports.
- Portfast enabled by default.
- You must disable port security before a port can be made dynamic.
- Trunking ports cannot be made dynamic. As the ports has to belong to multiple VLANs.
Default VLAN range 1-4094
Transmitting switch tags frame with a VLAN ID, when remote switch receives frame, the switch will examine this ID and forward the frame appropriately.
Trunk negotiation – speed/duplex/encapsulation must match
ISL and dot1q are P2p trunking protocols
- ISL = Cisco proprietary
- ISL will encapsulate the frame and add a header and trailer.
- Has to be de-encapsulated at the other end (Double tagging)
- ISL does not support the concept of the Native VLAN