VLANs y Access Port

VLANs y Access Port

- in Enterprise Infrastructure
4517
0
The video is in Spanish only
Virtual LAN – VLAN
A VLAN defines a broadcast domain; they help us to create logical networks within the same switch with smaller broadcast domains, i.e.

VLAN = Subnet = Broadcast Domain

A layer2 switch allows communication between devices of the same vlan; to have communication between different vlans, we need a layer3 device (router, multilayer switch, etc.) to intercommunicate the vlans. Layer 3 devices do not forward broadcast.

Vlans allow us to segment our network according to traffic patterns, application types, user grouping, improving management, and t-shoot to name a few.
 
VLAN types:
  • Normal range (id 1-1005, including special use ones, stored in vlan.dat).
  • Extended range (id 1006-4094) – VTP v1 and v2 do not propagate them, and these are stored in the running-config. Only VTP v3 can propagate them and must be in transparent mode).
  • Special use (1,1002-1005). These are automatically created and reserved for special uses.
The vlan 1 is the default vlan for all switch ports; the range 1002 to 1005 are reserved for legacy Token Ring and FDDI related functions; these vlans cannot be deleted.
 
To create a vlan we use the following commands from the global configuration mode:
jmcristobal# configure terminal
jmcristobal(config)# vlan vlan-id
jmcristobal(config-vlan)# name nombre-de-vlan

! ### Example: configuration of vlan 10 and 20 ###

jmcristobal(config)#vlan 10
jmcristobal(config-vlan)#name Empleados
jmcristobal(config-vlan)#vlan 20
jmcristobal(config-vlan)#name Visitantes
jmcristobal(config-vlan)#end
jmcristobal(config)#

The vlan name is optional; if we do not assign any name to the vlan, the vlan name will be filled with zeros; for example, for VLAN 20 it would be VLAN0020. The vlan name can be up to 32 characters.

Validate that the vlans have been created on the switch:

jmcristobal#sh vlan brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0, Gi0/1, Gi0/2, Gi0/3
                                                Gi1/3
10   Empleados                        active    Gi1/0, Gi1/1
20   Visitantes                       active    Gi1/2
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
jmcristobal#

When creating a vlan by default, its operational state is active; vlans can be disabled locally on a switch or globally across the VTP domain; let’s see what those commands are.

Disable/Enable a vlan in the whole VTP domain:

jmcristobal(config)#  vlan 50  
jmcristobal(config-vlan)#  state suspend | active

Disable/Enable vlan locally on a switch:

jmcristobal(config)#  vlan 50  
jmcristobal(config-vlan)# [no] shutdown

Once we have created our vlans to use, we continue with their assignment to each of the switch ports.

Access Port
The access ports are only assigned to one vlan and are commonly oriented to the connection of end users or servers. The assignment of access ports can be done in two ways:
  •  Static
  • Dynamic
 
Our case study will focus on the static allocation of access ports, and we will talk a little about dynamic allocation at the end.
 
Static access port assignment
 
Static access port assignment is as follows:
jmcristobal# configure terminal
jmcristobal(config)# interface interface-id
jmcristobal(config-vlan)# switchport mode access
jmcristobal(config-vlan)# switchport access vlan vlan-id

! Example: Assigning port g1/2 to vlan 20

jmcristobal(config)#inter gig1/2
jmcristobal(config-if)#switchport mode access 
jmcristobal(config-if)#switchport access vlan 20

It is necessary to specify that the port will work in layer two before assigning it as an access mode port in multilayer switches. Otherwise, we will receive a message like the following:

jmcristobal(config-if)#switchport mode acces
Command rejected: Et1/5 not a switching port.

To tell the switch that the port will work in layer2, it is only a matter of entering the switchport command before putting it in access mode, for example:

jmcristobal(config)#interface gig1/5
jmcristobal(config-if)#switchport
jmcristobal(config-if)#switchport mode access 
jmcristobal(config-if)#switchport access vlan 20

Note: when an access port is assigned to a VLAN, if the VLAN does not exist, it is created in the vlan.dat file with its default name VLANxxxx. This case does not apply when a vlan tag is allowed on a trunk; in this scenario, the vlan is not created.

 
Dynamic access port assignment
  • Dynamic VLANs provide membership based on the MAC address of the end-user device.
  • They use a VLAN Membership Policy Server (VMPS) database.
  • In the database the user’s MAC address must be associated with a vlan.
  • It allows great flexibility and mobility to end-users.
  • Requires more administrative work – adding new computers, modifying end-user macs, etc.
  • Requires trunking and 802.1x to be turned off.

For more information:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_4_e/configurationguide/b_1524e_consolidated_3750x_3560x_cg/b_1524e_consolidated_3750x_3560x_cg_chapter_010100.html

 

Facebook Comments

You may also like

How-to Install SSH Server on Linux 

1.- Install with apt-get command on Ubuntu: sudo