Cisco ICND2 – Describe how VLANs create logically separate networks and the need for routing between them

VLANs

A VLAN is a virtual logical area network. VLANs allow you to logically group ports on a switch. You may want to do this to ensure the IT department cannot see traffic from the Finance department for example. VLANs can be spanned across multiple switches, meaning all you have to do is change the VLAN number on a port and bingo you’re in that VLAN (assuming VTP is enabled across the switched network). VLANs break up broadcast domains by broadcasting frames only to the same VLAN.

We have the ability with VLANs to improve our security by controlling what VLANs have access to which other VLANs on the network. We can also isolated a VLAN so it cannot communicate with any devices but just have access to the internet (handy for open areas).

By default VLANs cannot communicate with other VLANs. However this can be achieved with either a layer 3 switch (not covered in the CCNA but is in the CCNP) or by you guessed it a router, as a routers job is to route frames. This method is known as a router on a stick.

Key Info

  • VLANs 0 and 4095 For system use only
  • VLAN 1 is Cisco default VLAN, all ports are by default a member of this VLAN
  • VLANs 2-1001 You can use, create and delete VLANS within this range
  • VLANs 1002-1005 are used with FDDI and TokenRing. You cannot delete these
  • VLANs 1006-4094 These VLANs are the extended range for Ethernet, can not be propagated by VTP
  • VLAN information can be found in VLAN.DAT which is stored in Flash memory. This can be viewed using “show flash”
  • VLANs cannot send between VLANs, a Layer 3 device is needed

Taken from Cisco Configuring VLANs

Router on a stick

The way router on a stick works is, say a device on VLAN 20 wanted to communicate with a device VLAN 30 both VLAN frames would need to be sent to a router via a trunk link from the Layer 2 switch. The router will look at its sub-interfaces and see if it has a match for the VLANs, if it does it will route the frame to the correct destination. Remembering that without this method VLAN 20 will not be able to communicate with VLAN 30.

Key Info

  • Layer 3 device such as a router or switch required
  • Links between the switch and router must be in trunk mode
  • Encapsulation between the switch and router must match either 802.1Q or ISL
  • Encapsulation can only be configured on a Fast Ethernet/Gigabit interface
  • Encapsulation must be configured on the subinterface to match the VLAN
  • Subinterfaces must be configured with an IP address that is on the same subnet of the VLAN, this will also be the default gateway for that VLAN
  • the parent interface of the subinterface must be up (no shutdown) for the subinterfaces to work

Cisco ICND2 – Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)

VTP – VLAN Trunking Protocol:

VLAN Trunking Protocol allows you to create/delete and modify existing VLANs. This information can then be propagated to other switches that use the same VTP domain. When VTP is first configured it defaults to server mode. VTP information is sent via a trunk port. Uses revision numbers to determine whether the switch needs to update its VTP information.

A few requirements:

  1. Cannot be used on non-Cisco switches
  2. VTP domain must be the same
  3. One switch must be configured in server mode
  4. If a VTP password is used, must be configured on all switches

Three VTP modes:

  • Server

Can create, add and modify VTP information to other switches.

  • Transparent

Can create, add and modify VLANs but this isn’t advertised to other switches in the VTP domain, instead these are only local to that switch but a transparent switch will forward VTP advertisements out of trunk ports.

  • Client

Client mode only receives and forwards VTP updates. Can not create, delete or modify existing VLANs

VTP Pruning:

Do not use on transparent switches.

VTP Pruning stops broadcasts of VLANs to other switches that isn’t necessarily.

For example, Switch A forwards a broadcast for VLAN20, Switch B and switch C do not have any access ports for VLAN 20, Switch B and Switch C have let switch A know this information, if VTP pruning is enabled Switch A will not forward the broadcast as it has been informed that switch B and Switch C do not have any hosts on VLAN 20. This helps to preserve bandwidth.

Saving bandwidth with VTP Pruning by Keith Barker explains this perfectly.

STP – Spanning Tree Protocol 802.1d

Spanning Tree Protocol prevents switching loops at layer 2. It elects a root bridge and a root port and does this by sending out BPDUs (bridge protocol data units), a blocked port will still receive BPDUs and needs to receive them in case it needs to come out of the blocked state (link failure, bandwidth changes).

Terms

  • BPDU – Bridge Protocol Data Unit  – Ethernet frame sent across the switch network to select the root switch. Each switch compares the BPDUs that it receives from other switches to determine if it should be the root bridge.
  • Root – Switch with the lowest BID
  • BID/Bridge ID – Bridge priority (32768 by default) + MAC address

STP Election

  • Root bridge determined by lowest BID (priority + MAC)
  • All root bridge ports that are connected are placed into designated forwarding state
  • Switches will elect one root port to the root bridge. This is calculated by speed cost, if a tie break then the port with the lowest port ID will be the root port.
  • Root ports can not be designated ports
  • If more than one switch connected to the root bridge, one will be elected the designated bridge based on cost to the root or lowest BID
  • The ports on the designated bridge will forward whilst the port on the non designated bridge will block

STP Port Stats

  • Blocking – Does not forward frames, receives BPDUs. When a switch is first powered on, all ports are in the blocking state.
  • Listening – Receives BPDUs and checks to ensure no loops occur. Prepares to forward frames. Mac address table not built yet.
  • Learning – Receives BPDUs and learns all the paths of the network. Builds the MAC address table but doesn’t forward any frames.
  • Forwarding – Starts forwarding frames if it is the designated port or root port.
  • Disabled – Not really a state, but if the switch is in administratively down (shutdown) then it will not forward frames or receive BPDUs updates.

Port Speeds cost

  • 10Mbps = 100
  • 100Mbps = 19
  • 1Gbps = 4
  • 10Gbps = 2

Timers

  • Hello Timer: 2 seconds
  • Max Age: 20 seconds by default
  • Forward Delay: 15 seconds

STP Selects a root bridge with the lowest bridge ID, this calculation is based on bridge priority + MAC address, by default the bridge priority is 32768 unless changed. So if Switch A has a bridge priority of 32768 and mac address 01111.1111.1111 and Switch B has a bridge priority of 32768 and mac address 0000.0000.0000. Switch B would be elected the root bridge as it has the lowest value. It may be good practice to manually change the bridge priority on a switch to a much lower value to ensure that is always the root bridge. The bridge priority can only be set in increments of 4096.

Next STP will elect root ports and designated ports. All connected ports on the root bridge are designated ports. One root port is elected on each switch except for the root bridge. The root port is the port that has the best path to the root bridge, this is calculated by speed cost, if a tie break then the port with the lower port numbers wins.

A designated bridge is elected if there are two or more switches connected to the root bridge, this is based on the lower BID or lower port number. All ports on the designated bridge are put into designated mode. The ports on the non-designated bridge except the root port are put into non-designated mode (blocking) this is to prevent switching loops.

STP detects a link failure between 30-60 seconds this is based on the STP port states.

RSTP – Rapid Spanning Tree 802.1w:

Rapid spanning-tree protocol 802.1w. Faster convergence than spanning-tree protocol hence the ‘rapid’.

RSTP can detect a link failure in 6 seconds (3 hello timers, 2 seconds each)

Port States:

  • Discarding – Compared to disabled/blocking/listening state of STP
  • Listening – Same as STP
  • Forwarding –  Same as STP

PVSTP – Per VLAN Spanning Tree:

Default for catalyst switches. Cisco proprietary protocol, allows for creation of per VLAN spanning tree.

802.1q:

802.1q enables tagging of VLANs over a trunk link.

802.1q and trunking 101 by Keith Barker explains this.

EtherChannel

Two types. Cisco version: Port Aggregation Protocol (PAgP) and IEEE 802.3ad Line Aggregation Control Protocol (LCAP).

  • Allows grouping of 2-8 server physical Ethernet links to create one logical Ethernet link. This is to allow fault tolerance and high speed links.
  • EtherChannel seen as one link to STP

Port Fast

Enabls the port to come up much quicker by bypassing the STP process. This can only be used on end user devices (access ports), not for trunk links.

* If there is anything you’d like to add or feel there’s a mistake, please feel free to comment and contribute.

Passed – Cisco CCENT (ICND 1)

On Tuesday 12th June this week I took the Cisco ICND 1 and managed to pass luckily. I was studying this on and off for a year! One thing I was mostly worried about was hearing other people’s stores about running out of time. I found I had 50 minutes left (this may be because of the intense studying I did) – I also have some Cisco experience.

I used the following materials:

Books:
Videos:
  • Trainsignal – There is additional content which allows you to copy the material to an Apple/Android device – The videos are reduced in quality – but makes studying on the go, listening in the car etc much easier. Every bit of studying helps!
  • CBT Nuggets
Labs:
Cisco Material:
Forums:
Extras:
There are some apps on the Android play store that can also help:

Now for the ICND 2 (CCNA), I ‘plan’ on doing this in the next couple of months.