VLAN virtual local area network technology
Vlan technology can be used to divide a physical LAN into multiple virtual logical LANs. Each virtual LAN is isolated, and each virtual LAN is a separate broadcast domain.
VLAN can isolate Layer 2 broadcast domain
One vlan = one broadcast domain = one logical subnet
Benefits of using vlan:
1. Effective broadband utilization
2. Improved security
3. Isolate the fault domain
Two types of VLAN:
End-to-end VLAN
Can be extended to the entire network vlan
2. Local vlan
Vlan limited to a specific domain, only works between the access layer Switch or a small distribution layer
Instead of configuring multiple departments' vlans on a single Switch, configure a minimum number of VLANs on a single access switch within a single wiring driver.
VLAN member mode (two types):
Static VLAN (also known as port-based vlan)
S#show cdp neighbors detail
Dynamic vlan (based on mac)
Do not assign vlan in advance, all the macs are included in vmps, according to the source mac allocation in the existing vmps
S(config)#vmps server 192.168.1.1
The scope of the VLAN:
Depending on the platform and software version, Cisco switches support up to 4096 vlans.
A total of 4096 Vlan numbers, 0 – 4095
0,4095: These two reservations are for system use only, users cannot view
1 : CISCO default vlan, can not be deleted
2-1001: vlan for Ethernet, users can create vlan according to this number.
1002-1005: Default vlan for FDDI and Token Ring cannot be deleted
1006-4094: vlan for Ethernet only, extended vlan, only 3550 or more switches can be configured, and the VIP mode must be set to transparent mode.
S(config-if)#switchport host //Configure the port to be used by the host device. After configuration, the port is enabled with Switchfast and the ehterchamel feature is disabled.
Divide multiple non-contiguous interfaces into one vlan at the same time:
S(config)#interface range f0/1 , f0/5
Real machine experiment:
S: Flash_init / / hard disk initialization
S: dir flash / / view the contents of the hard disk
S:rename flash:config.text flash:config.old //Invalid configuration mode
S:Load_helper //Help command
S: Boot // Restart (clear all configurations of the Switch)
S:rename flash:config.text config.old //Revert to the original configuration
S#copy flash:config.text running-config
S(config-if)#Switchport trunk allowed vlan 1-100 , 111 //Only the traffic of vlan1-100 and 111 is passed on this trunk.
DTP dynamic trunk protocol CISCO private
Sending such a packet on the switching link to negotiate whether the two parties can form a trunk.
Five modes of the interface:
Access, trunk, desirable (active 2950 and 3550), auto (passive 2960 and 3560), (negotiate)
S(config-if)#Switchport mode dynamic desirable (default mode)
S(config-if)#Switchport mode dynamic auto
S(config-if)#Switchport mode trunk
S(config-if)#Switchport nonegotiate (can only be used with trunk)
S(config-if)#switchport trunk encapsulation dot1q //Specify the encapsulation mode
S#show interface trunk //View the trunk port information and verify that the trunk is started.
S#show interface f0/1 switchport //View port configuration"
If you want to passed the exam successfully. you can review with ccie security 400 251 dumps from evedumps.com that will help passed exam at first attempt. I will also recommend the ccnp security 300 206 exam dumps too.
VLAN can isolate Layer 2 broadcast domain
One vlan = one broadcast domain = one logical subnet
Benefits of using vlan:
1. Effective broadband utilization
2. Improved security
3. Isolate the fault domain
Two types of VLAN:
End-to-end VLAN
Can be extended to the entire network vlan
2. Local vlan
Vlan limited to a specific domain, only works between the access layer Switch or a small distribution layer
Instead of configuring multiple departments' vlans on a single Switch, configure a minimum number of VLANs on a single access switch within a single wiring driver.
VLAN member mode (two types):
Static VLAN (also known as port-based vlan)
S#show cdp neighbors detail
Dynamic vlan (based on mac)
Do not assign vlan in advance, all the macs are included in vmps, according to the source mac allocation in the existing vmps
S(config)#vmps server 192.168.1.1
The scope of the VLAN:
Depending on the platform and software version, Cisco switches support up to 4096 vlans.
A total of 4096 Vlan numbers, 0 – 4095
0,4095: These two reservations are for system use only, users cannot view
1 : CISCO default vlan, can not be deleted
2-1001: vlan for Ethernet, users can create vlan according to this number.
1002-1005: Default vlan for FDDI and Token Ring cannot be deleted
1006-4094: vlan for Ethernet only, extended vlan, only 3550 or more switches can be configured, and the VIP mode must be set to transparent mode.
S(config-if)#switchport host //Configure the port to be used by the host device. After configuration, the port is enabled with Switchfast and the ehterchamel feature is disabled.
Divide multiple non-contiguous interfaces into one vlan at the same time:
S(config)#interface range f0/1 , f0/5
Real machine experiment:
S: Flash_init / / hard disk initialization
S: dir flash / / view the contents of the hard disk
S:rename flash:config.text flash:config.old //Invalid configuration mode
S:Load_helper //Help command
S: Boot // Restart (clear all configurations of the Switch)
S:rename flash:config.text config.old //Revert to the original configuration
S#copy flash:config.text running-config
S(config-if)#Switchport trunk allowed vlan 1-100 , 111 //Only the traffic of vlan1-100 and 111 is passed on this trunk.
DTP dynamic trunk protocol CISCO private
Sending such a packet on the switching link to negotiate whether the two parties can form a trunk.
Five modes of the interface:
Access, trunk, desirable (active 2950 and 3550), auto (passive 2960 and 3560), (negotiate)
S(config-if)#Switchport mode dynamic desirable (default mode)
S(config-if)#Switchport mode dynamic auto
S(config-if)#Switchport mode trunk
S(config-if)#Switchport nonegotiate (can only be used with trunk)
S(config-if)#switchport trunk encapsulation dot1q //Specify the encapsulation mode
S#show interface trunk //View the trunk port information and verify that the trunk is started.
S#show interface f0/1 switchport //View port configuration"
If you want to passed the exam successfully. you can review with ccie security 400 251 dumps from evedumps.com that will help passed exam at first attempt. I will also recommend the ccnp security 300 206 exam dumps too.
评论
发表评论