Anúncio
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final
KPUCC-Rs instructor ppt_chapter3_final

Check these out next

Chapter 14 : vlan
Chapter 14 : vlan
teknetir
Inter-VLAN Routing
Inter-VLAN Routing
rmosate
Cap6 intervlan routing
Cap6 intervlan routing
Hector Camba Lainez
Inter VLAN Routing
Inter VLAN Routing
Netwax Lab
Chapter 3 vlans
Chapter 3 vlans
kratos2424
CCNA- part 9 vlan
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
CCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN Routing
Amir Jafari
Packet Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 Routing
Johnson Liu
1 de 49

KPUCC-Rs instructor ppt_chapter3_final

15 de Nov de 2017
Baixar para ler offline
Educação

kpucc

Fisal Anwari
Anúncio
Anúncio
Anúncio

Recomendados

Day 14.2 configuringvla nsDay 14.2 configuringvla ns
Day 14.2 configuringvla nsCYBERINTELLIGENTS978 visualizações29 slides
Packet Tracer Simulation Lab Layer 2 SwitchingPacket Tracer Simulation Lab Layer 2 Switching
Packet Tracer Simulation Lab Layer 2 SwitchingJohnson Liu14.1K visualizações29 slides
Olive Introduction for TOIOlive Introduction for TOI
Olive Introduction for TOIJohnson Liu3K visualizações19 slides
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7Nil Menon13.6K visualizações77 slides
vlanvlan
vlanSunrise Dawn600 visualizações20 slides
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingMuhd Mu'izuddin1.9K visualizações14 slides

Mais conteúdo relacionado

Apresentações para você(20)

Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
teknetir1.1K visualizações
Inter-VLAN RoutingInter-VLAN Routing
Inter-VLAN Routing
rmosate3.6K visualizações
Cap6 intervlan routingCap6 intervlan routing
Cap6 intervlan routing
Hector Camba Lainez1.2K visualizações
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
Netwax Lab7.2K visualizações
Chapter 3 vlansChapter 3 vlans
Chapter 3 vlans
kratos24244K visualizações
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW3K visualizações
CCNA Lab 5-Configuring Inter-VLAN RoutingCCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN Routing
Amir Jafari3.3K visualizações
Packet Tracer Simulation Lab Layer3 RoutingPacket Tracer Simulation Lab Layer3 Routing
Packet Tracer Simulation Lab Layer3 Routing
Johnson Liu32.6K visualizações
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
Milton Bengui1.6K visualizações
Expl sw chapter_06_inter_vlanExpl sw chapter_06_inter_vlan
Expl sw chapter_06_inter_vlan
aghacrom725 visualizações
VlansVlans
Vlans
1 2d1.4K visualizações
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
irbas1.8K visualizações
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Netgear Italia595 visualizações
CCNA R&S-12-Spanning Tree Protocol ConceptsCCNA R&S-12-Spanning Tree Protocol Concepts
CCNA R&S-12-Spanning Tree Protocol Concepts
Amir Jafari2.6K visualizações
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part I
Amir Jafari1.7K visualizações
2.3.1.5 packet tracer configuring rapid pvst+ answer2.3.1.5 packet tracer configuring rapid pvst+ answer
2.3.1.5 packet tracer configuring rapid pvst+ answer
Narayana Samy23K visualizações
VTPVTP
VTP
Alberto Jimenez2.1K visualizações
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLAN
Jelmer de Reus899 visualizações
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
CYBERINTELLIGENTS1.3K visualizações
Лекц 9Лекц 9
Лекц 9
Muuluu2.4K visualizações

Similar a KPUCC-Rs instructor ppt_chapter3_final(20)

CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
Nil Menon15K visualizações
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
Waqas Ahmed Nawaz95 visualizações
CCNA2 Verson6 Chapter6CCNA2 Verson6 Chapter6
CCNA2 Verson6 Chapter6
Chaing Ravuth3.1K visualizações
Chapter 05 - Inter-VLAN RoutingChapter 05 - Inter-VLAN Routing
Chapter 05 - Inter-VLAN Routing
Yaser Rahmati2.5K visualizações
KPUCC-Rs instructor ppt_chapter5_finalKPUCC-Rs instructor ppt_chapter5_final
KPUCC-Rs instructor ppt_chapter5_final
Fisal Anwari693 visualizações
CCNAv5 - S2: Chapter5 Inter Vlan RoutingCCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi6.6K visualizações
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
teknetir1.7K visualizações
VLANs_Module_3.pptxVLANs_Module_3.pptx
VLANs_Module_3.pptx
BOURY122 visualizações
CCNA3 Verson6 Chapter2CCNA3 Verson6 Chapter2
CCNA3 Verson6 Chapter2
Chaing Ravuth2K visualizações
CCNA_RSE_Chp6.pptxCCNA_RSE_Chp6.pptx
CCNA_RSE_Chp6.pptx
santosh Kumar5 visualizações
Day 14.1 vlanDay 14.1 vlan
Day 14.1 vlan
CYBERINTELLIGENTS656 visualizações
CCNA Discovery 3 - Chapter 3CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3
Irsandi Hasan4.3K visualizações
CCNP Switching Chapter 5CCNP Switching Chapter 5
CCNP Switching Chapter 5
Chaing Ravuth618 visualizações
CCNA R&S-13-Spanning Tree Protocol ImplementationCCNA R&S-13-Spanning Tree Protocol Implementation
CCNA R&S-13-Spanning Tree Protocol Implementation
Amir Jafari2.7K visualizações
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area Network
Atakan ATAK591 visualizações
Week4(1)(1)Week4(1)(1)
Week4(1)(1)
trayyoo38 visualizações
CCNP Switching Chapter 3CCNP Switching Chapter 3
CCNP Switching Chapter 3
Chaing Ravuth1.9K visualizações
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
Netwax Lab3.3K visualizações
Vlan Vlan
Vlan
sanss4049.2K visualizações
CCNAv5 - S4: Chapter 4 Frame RelayCCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
Vuz Dở Hơi8.9K visualizações
Anúncio

Último(20)

biostatistics normal.pptbiostatistics normal.ppt
biostatistics normal.ppt
swetachaudhari70 visão
ordering_adjectives.pptxordering_adjectives.pptx
ordering_adjectives.pptx
ssuserc6130c0 visão
ABT Report 2022-2023.pdfABT Report 2022-2023.pdf
ABT Report 2022-2023.pdf
ssuser7520d20 visão
WELCOME.pdfWELCOME.pdf
WELCOME.pdf
Pradeep5923870 visão
DEMONSTRATION TEACHING IN HEALTH 10.pptxDEMONSTRATION TEACHING IN HEALTH 10.pptx
DEMONSTRATION TEACHING IN HEALTH 10.pptx
RonaPacibe0 visão
Tugi Tugi Maragle part 1.pptxTugi Tugi Maragle part 1.pptx
Tugi Tugi Maragle part 1.pptx
MVHerwadkarschool0 visão
worksheet 19 a.docxworksheet 19 a.docx
worksheet 19 a.docx
UgyenTshering510 visão
Quality by DesignQuality by Design
Quality by Design
PratikshaBhosale90 visão
LEPRECHAUN3B.pptLEPRECHAUN3B.ppt
LEPRECHAUN3B.ppt
MSoledadBarrosoLozan0 visão
Parivartane 8th class.pptxParivartane 8th class.pptx
Parivartane 8th class.pptx
MVHerwadkarschool0 visão
lezione_3.pptlezione_3.ppt
lezione_3.ppt
ZainalRuslin0 visão
Tr.Reference 18.pptTr.Reference 18.ppt
Tr.Reference 18.ppt
UgyenTshering510 visão
PPT Phoenix HHMD2.pptxPPT Phoenix HHMD2.pptx
PPT Phoenix HHMD2.pptx
Neha Kajulkar0 visão
Tools and Equipment.pptxTools and Equipment.pptx
Tools and Equipment.pptx
JoelADumapias0 visão
Bony Tissue.pptxBony Tissue.pptx
Bony Tissue.pptx
IMRANKHAN7066390 visão
Worksheet 24.pdfWorksheet 24.pdf
Worksheet 24.pdf
UgyenTshering510 visão
Presentation Title.pptxPresentation Title.pptx
Presentation Title.pptx
MUHAMMADSAMIULLAH560 visão
Soniya Antony and febiya Francis- environmental seminar.pdfSoniya Antony and febiya Francis- environmental seminar.pdf
Soniya Antony and febiya Francis- environmental seminar.pdf
SoniyaChindu0 visão
PROPOSAL (PHENOMENOLOGICAL).pptxPROPOSAL (PHENOMENOLOGICAL).pptx
PROPOSAL (PHENOMENOLOGICAL).pptx
HoneyGrace370 visão
Positive Psychology (Yusrah).pptxPositive Psychology (Yusrah).pptx
Positive Psychology (Yusrah).pptx
YusrahVN0 visão

KPUCC-Rs instructor ppt_chapter3_final

  1. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching
  2. Presentation_ID 2© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 3 3.1 VLAN Segmentation 3.2 VLAN Implementation 3.3 VLAN Security and Design 3.4 Summary
  3. Presentation_ID 3© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 3: Objectives  Explain the purpose of VLANs in a switched network.  Analyze how a switch forwards frames based on VLAN configuration in a multi-switched environment.  Configure a switch port to be assigned to a VLAN based on requirements.  Configure a trunk port on a LAN switch.  Configure Dynamic Trunk Protocol (DTP).  Troubleshoot VLAN and trunk configurations in a switched network.  Configure security features to mitigate attacks in a VLAN-segmented environment.  Explain security best practices for a VLAN-segmented environment.
  4. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4 3.1 VLAN Segmentation
  5. Presentation_ID 5© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs VLAN Definitions  A VLAN is a logical partition of a Layer 2 network.  Multiple partitions can be created, allowing for multiple VLANs to co-exist.  Each VLAN is a broadcast domain, usually with its own IP network.  VLANs are mutually isolated and packets can only pass between them via a router.  The partitioning of the Layer 2 network takes place inside a Layer 2 device, usually via a switch.  The hosts grouped within a VLAN are unaware of the VLAN’s existence.
  6. Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs VLAN Definitions (cont.)
  7. Presentation_ID 7© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Benefits of VLANs  Security  Cost reduction  Better performance  Shrink broadcast domains  Improved IT staff efficiency  Simpler project and application management
  8. Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Types of VLANs  Data VLAN  Default VLAN  Native VLAN  Management VLAN
  9. Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Types of VLANs (cont.)
  10. Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Voice VLANs  VoIP traffic is time-sensitive and requires: • Assured bandwidth to ensure voice quality. • Transmission priority over other types of network traffic. • Ability to be routed around congested areas on the network. • Delay of less than 150 ms across the network.  The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone.  The switch can connect to a Cisco 7960 IP phone and carry IP voice traffic.  The sound quality of an IP phone call can deteriorate if the data is unevenly sent; the switch supports quality of service (QoS).
  11. Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Voice VLANs (cont.)  The Cisco 7960 IP phone has two RJ-45 ports that each support connections to external devices. • Network Port (10/100 SW) - Use this port to connect the phone to the network. The phone can also obtain inline power from the Cisco Catalyst switch over this connection. • Access Port (10/100 PC) - Use this port to connect a network device, such as a computer, to the phone.
  12. Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Overview of VLANs Voice VLANs (cont.)
  13. Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment VLAN Trunks  A VLAN trunk carries more than one VLAN.  A VLAN trunk is usually established between switches so same- VLAN devices can communicate, even if physically connected to different switches.  A VLAN trunk is not associated to any VLANs; neither is the trunk ports used to establish the trunk link.  Cisco IOS supports IEEE802.1q, a popular VLAN trunk protocol.
  14. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment VLAN Trunks (cont.)
  15. Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment Controlling Broadcast Domains with VLANs  VLANs can be used to limit the reach of broadcast frames.  A VLAN is a broadcast domain of its own.  A broadcast frame sent by a device in a specific VLAN is forwarded within that VLAN only.  VLANs help control the reach of broadcast frames and their impact in the network.  Unicast and multicast frames are forwarded within the originating VLAN.
  16. Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment Tagging Ethernet Frames for VLAN Identification  Frame tagging is the process of adding a VLAN identification header to the frame.  It is used to properly transmit multiple VLAN frames through a trunk link.  Switches tag frames to identify the VLAN to that they belong. Different tagging protocols exist; IEEE 802.1Q is a vey popular example.  The protocol defines the structure of the tagging header added to the frame.  Switches add VLAN tags to the frames before placing them into trunk links and remove the tags before forwarding frames through nontrunk ports.  When properly tagged, the frames can transverse any number of switches via trunk links and still be forwarded within the correct VLAN at the destination.
  17. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment Tagging Ethernet Frames for VLAN Identification
  18. Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment Native VLANs and 802.1Q Tagging  Frames that belong to the native VLAN are not tagged.  Frames received untagged remain untagged and are placed in the native VLAN when forwarded.  If there are no ports associated to the native VLAN and no other trunk links, an untagged frame is dropped.  In Cisco switches, the native VLAN is VLAN 1, by default.
  19. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLANs in a Multi-Switched Environment Voice VLAN Tagging
  20. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20 3.2 VLAN Implementations
  21. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment VLAN Ranges on Catalyst Switches  Cisco Catalyst 2960 and 3560 Series switches support over 4,000 VLANs.  VLANs are split into two categories: • Normal range VLANs • VLAN numbers from 1 to 1,005 • Configurations stored in the vlan.dat (in the flash memory) • VTP can only learn and store normal range VLANs • Extended Range VLANs • VLAN numbers from 1,006 to 4,096 • Configurations stored in the running configuration (NVRAM) • VTP does not learn extended range VLANs
  22. Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Creating a VLAN
  23. Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Assigning Ports to VLANs
  24. Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Assigning Ports to VLANs (cont.)
  25. Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Changing VLAN Port Membership
  26. Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Changing VLAN Port Membership (cont.)
  27. Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Deleting VLANs
  28. Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Verifying VLAN Information
  29. Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Verifying VLAN Information (cont.)
  30. Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Configuring IEEE 802.1q Trunk Links
  31. Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Resetting the Trunk To Default State
  32. Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Resetting the Trunk To Default State (cont.)
  33. Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential VLAN Assignment Verifying Trunk Configuration
  34. Presentation_ID 34© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Dynamic Trunking Protocol Introduction to DTP  Switch ports can be manually configured to form trunks.  Switch ports can also be configured to negotiate and establish a trunk link with a connected peer.  The Dynamic Trunking Protocol (DTP) manages trunk negotiation.  DTP is a Cisco proprietary protocol and is enabled, by default, in Cisco Catalyst 2960 and 3560 switches.  If the port on the neighbor switch is configured in a trunk mode that supports DTP, it manages the negotiation.  The default DTP configuration for Cisco Catalyst 2960 and 3560 switches is dynamic auto.
  35. Presentation_ID 35© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Dynamic Trunking Protocol Negotiated Interface Modes  Cisco Catalyst 2960 and 3560 support the following trunk modes: • Switchport mode dynamic auto • Switchport mode dynamic desirable • Switchport mode trunk • Switchport nonegotiate
  36. Presentation_ID 36© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks IP Addressing Issues with VLAN  It is a common practice to associate a VLAN with an IP network.  Because different IP networks only communicate through a router, all devices within a VLAN must be part of the same IP network to communicate.  The figure displays that PC1 cannot communicate to the server because it has a wrong IP address configured.
  37. Presentation_ID 37© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks Missing VLANs  If all the IP addresses mismatches have been solved, but the device still cannot connect, check if the VLAN exists in the switch.
  38. Presentation_ID 38© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks Introduction to Troubleshooting Trunks
  39. Presentation_ID 39© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks Common Problems with Trunks  Trunking issues are usually associated with incorrect configurations.  The most common type of trunk configuration errors are: 1. Native VLAN mismatches 2. Trunk mode mismatches 3. Allowed VLANs on trunks  If a trunk problem is detected, the best practice guidelines recommend to troubleshoot in the order shown above.
  40. Presentation_ID 40© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks Trunk Mode Mismatches  If a port on a trunk link is configured with a trunk mode that is incompatible with the neighboring trunk port, a trunk link fails to form between the two switches.  Use the show interfaces trunk command to check the status of the trunk ports on the switches.  To fix the problem, configure the interfaces with proper trunk modes.
  41. Presentation_ID 41© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Troubleshooting VLANs and Trunks Incorrect VLAN List  VLANs must be allowed in the trunk before their frames can be transmitted across the link.  Use the switchport trunk allowed vlan command to specify which VLANs are allowed in a trunk link.  Use the show interfaces trunk command to ensure the correct VLANs are permitted in a trunk.
  42. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42 3.3 VLAN Security and Design
  43. Presentation_ID 43© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks on VLANs Switch Spoofing Attack  There are a number of different types of VLAN attacks in modern switched networks; VLAN hopping is one example.  The default configuration of the switch port is dynamic auto.  By configuring a host to act as a switch and form a trunk, an attacker could gain access to any VLAN in the network.  Because the attacker is now able to access other VLANs, this is called a VLAN hopping attack.  To prevent a basic switch spoofing attack, turn off trunking on all ports, except the ones that specifically require trunking.
  44. Presentation_ID 44© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks on VLANs Double-Tagging Attack  Double-tagging attack takes advantage of the way that hardware on most switches de-encapsulate 802.1Q tags.  Most switches perform only one level of 802.1Q de-encapsulation, allowing an attacker to embed a second, unauthorized attack header in the frame.  After removing the first and legit 802.1Q header, the switch forwards the frame to the VLAN specified in the unauthorized 802.1Q header.  The best approach to mitigating double-tagging attacks is to ensure that the native VLAN of the trunk ports is different from the VLAN of any user ports.
  45. Presentation_ID 45© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks on VLANs Double-Tagging Attack (cont.)
  46. Presentation_ID 46© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks on VLANs PVLAN Edge  The Private VLAN (PVLAN) Edge feature, also known as protected ports, ensures that there is no exchange of unicast, broadcast, or multicast traffic between protected ports on the switch.  Local relevancy only.  A protected port only exchanges traffic with unprotected ports.  A protected port does not exchange traffic with another protected port.
  47. Presentation_ID 47© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Design Best Practices for VLANs VLAN Design Guidelines  Move all ports from VLAN 1 and assign them to a not-in-use VLAN  Shut down all unused switch ports.  Separate management and user data traffic.  Change the management VLAN to a VLAN other than VLAN 1. (The same goes to the native VLAN.)  Ensure that only devices in the management VLAN can connect to the switches.  The switch should only accept SSH connections.  Disable autonegotiation on trunk ports.  Do not use the auto or desirable switch port modes.
  48. Presentation_ID 48© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 3: Summary This chapter:  Introduced VLANs and their types  Described the connection between VLANs and broadcast domains  Discussed IEEE 802.1Q frame tagging and how it enables differentiation between Ethernet frames associated with distinct VLANs as they traverse common trunk links.  Examined the configuration, verification, and troubleshooting of VLANs and trunks using the Cisco IOS CLI and explored basic security and design considerations.
  49. Presentation_ID 49© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Anúncio