Private VLANs

Commonly used in SP networks to put users in common subnet but no direct forwarding of packets between customers in same VLAN. Enforce security by forcing traffic to go through router instead of switched locally. There are three different types of VLANS that can be used, primary VLAN, community VLAN and isolated vLAN. The primary VLAN can talk to all the other VLANS, community VLANS can talk to the primary VLAN and others in the same community VLAN. The isolated VLAN can only talk to the primary VLAN.

Virtual Trunking Protocol

VTP is used for provisiong VLANs to switches in the same VTP domain. Switches can either be
servers, clients or transparent. Servers are responsible for sending the VLANs to the clients, VLANs can be created on the servers but not on the clients. The clients receive VLANs from the servers. Switches that are in transparent mode only forward VTP messages, they do not use the information contained within. Transparent switches can create VLANs locally.

VTP uses a revision number to keep track of changes in the database. When a VLAN is added, modified or deleted the revision number increases by one. A higher revision number indicates a newer database. Under the right circumstances it is possible that a client can originate an update and if it has a higher revision number than the servers all the VLAN information will be replaced. This is the major flaw with VTP and the reason why most engineers stay away from it.

VLANs on trunk

Active – VLAN is allowed, can be added or removed with switchport trunk allowed vlan add/remove
Allowed and active – Allowed on trunk and VLAN exists in configuration, if PVST+ is used STP is active for VLAN
Active and not pruned – Same as “allowed and active” but removes VTP pruned VLANs

Trunks

Switchport mode trunk sets interface to always trunk but DTP is still active
Switchport nonegotiate – Disable sending of DTP frames
Switchport mode dynamic desirable – Trunk if other end is set to trunk, desirable or auto
Switchport mode dynamic auto – Trunk if other end is set to trunk or desirable

PPPoE

Uses an eight byte header. Common method for DSL access earlier but not widely spread any longer (at least not in Sweden). Assign the outside interface to a dial pool with pppoe-client dial-pool-number 1 and use the command pppoe enable. Create the interface dialer 1 and set IP address negotiated to receive IPĀ  from ISP. Set the encapsulation to PPP and configure authentication if needed. Create the dialer pool 1 and assign dialer-group 1 to it. Use a dialer-list to specify what traffic gets to activate the dialer interface. The static default route should point to the dialer interface.

VLAN – Notes
Tagged on:         

One thought on “VLAN – Notes

  • November 21, 2014 at 11:13 am
    Permalink

    You have very usefull block. I’m still at the beginning of cisco journey as i am currently studying for CCNA. This blog I think will be more useful after i obtain my CCNA probably beginning of 2015. Great work boss

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: