CCNA ICND2 Study Guide. Lammle Todd
Чтение книги онлайн.
Читать онлайн книгу CCNA ICND2 Study Guide - Lammle Todd страница 8
After covering STP in detail, we'll move on to explore EtherChannel.
To find up-to-the-minute updates for this chapter, please see www.lammle.com/ccna or the book's web page at www.sybex.com/go/ccna.
VLAN Review
As you may remember from ICND1, configuring VLANs is actually pretty easy. It's just that figuring out which users you want in each VLAN is not, and doing that can eat up a lot of your time! But once you've decided on the number of VLANs you want to create and established which users you want to belong to each one, it's time to bring your first VLAN into the world.
To configure VLANs on a Cisco Catalyst switch, use the global config vlan
command. In the following example, I'm going to demonstrate how to configure VLANs on the S1 switch by creating three VLANs for three different departments – again, remember that VLAN 1 is the native and management VLAN by default:
In this output, you can see that you can create VLANs from 1 to 4094. But this is only mostly true. As I said, VLANs can really only be created up to 1001, and you can't use, change, rename, or delete VLANs 1 or 1002 through 1005 because they're reserved. The VLAN with numbers above 1005 are called extended VLANs and won't be saved in the database unless your switch is set to what is called VLAN Trunking Protocol (VTP) transparent mode. You won't see these VLAN numbers used too often in production. Here's an example of me attempting to set my S1 switch to VLAN 4000 when my switch is set to VTP server mode (the default VTP mode, which we'll talk about shortly):
After you create the VLANs that you want, you can use the show vlan
command to check them out. But notice that, by default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface and specifically tell it which VLAN to be a part of.
Remember that a created VLAN is unused until it is assigned to a switch port or ports and that all ports are always assigned in VLAN 1 unless set otherwise.
Once the VLANs are created, verify your configuration with the show vlan
command (sh vlan
for short):
If you want to see which ports are assigned to a particular VLAN (for example, VLAN 200), you can obviously use the show vlan
command as shown above, or you can use the show vlan id 200
command to get ports assigned only to VLAN 200.
This may seem repetitive, but it's important, and I want you to remember it: You can't change, delete, or rename VLAN 1 because it's the default VLAN and you just can't change that – period. It's also the native VLAN of all switches by default, and Cisco recommends that you use it as your management VLAN. If you're worried about security issues, then change the native VLAN! Basically, any ports that aren't specifically assigned to a different VLAN will be sent down to the native VLAN – VLAN 1.
In the preceding S1 output, you can see that ports Fa0/1 through Fa0/14, Fa0/19 through 23, and the Gi0/1 and Gi02 uplinks are all in VLAN 1. But where are ports 15 through 18? First, understand that the command show vlan
only displays access ports, so now that you know what you're looking at with the show vlan
command, where do you think ports Fa15–18 are? That's right! They are trunked ports. Cisco switches run a proprietary protocol called Dynamic Trunk Protocol (DTP), and if there is a compatible switch connected, they will start trunking automatically, which is precisely where my four ports are. You have to use the show interfaces trunk
command to see your trunked ports like this:
This output reveals that the VLANs from 1 to 4094 are allowed across the trunk by default. Another helpful command, which is also part of the Cisco exam objectives, is the show interfaces
interface switchport
command:
The highlighted output shows us the administrative mode of dynamic desirable
, that the port is a trunk port, and that DTP was used to negotiate the frame-tagging method of ISL. It also predictably shows that the native VLAN is the default of 1.
Now that we can see the VLANs created, we can assign switch ports to specific ones. Each port can be part of only one VLAN, with the exception of voice access ports. Using trunking, you can make a port available to traffic from all VLANs. I'll cover that next.
Assigning Switch Ports to VLANs
You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port carries plus the number of VLANs it can belong to. You can also configure each port on a switch to be in a specific VLAN (access port) by using the interface switchport
command. You can even configure multiple ports at the same time with the interface range
command.
In the next example, I'll configure interface Fa0/3 to VLAN 3. This is the connection from the S3 switch to the host device:
Well now, what do we have here? There's some new stuff showing up in our output now. We can see various commands – some that I've already covered, but no worries because I'm going to cover the access
, mode
, nonegotiate
, and trunk
commands very soon. Let's start with setting an access port on S1, which is probably the most widely used type of port you'll find on production switches that have VLANs configured:
By starting with the switchport mode access
command, you're telling the switch that this is a nontrunking layer 2 port. You can then assign a VLAN to the port with the switchport access
command. Remember, you can choose many ports to configure simultaneously with the interface range
command.
Let's take a look at our VLANs now:
Notice that port Fa0/3 is now a member of VLAN 3. But, can you tell me where ports 1 and 2 are? And why aren't they showing up in the output of show vlan
? That's right, because they are trunk ports!
We can also see this with the show interfaces interface switchport
command:
The highlighted output shows that Fa0/3 is an access port and a member of VLAN 3 (Marketing).
Before we move onto trunking and VTP, let's add a voice VLAN on our switch. When an IP phone is connected to a switch port, this port should have a voice VLAN associated with it. By creating a separate VLAN for voice traffic, which of course you would do, what happens when you have a PC or laptop that connects via Ethernet into an IP phone? The phone connects to the Ethernet port and into one port on the switch. You're now sending both voice and data to the single switch port.
All