Jump to content


VLANS explanation


  • Please log in to reply
20 replies to this topic

#1 Phybr

Phybr

    Digital Demi-God

  • Veterans
  • PipPipPipPip
  • 602 posts
  • Gender:Male

Posted 30 November 2005 - 04:33 AM

could someone explain vlans, from starting to finishing

how to set-up a VLAN what commands to enter, what each command does... I have an old CCNA (607) book and I can't find it...

I don't know how to set-up a VLAN and what the commands do and what they mean.... I don't feel right about doing the VTP sim by just knowning what to put in..


Thanks,

-- Phybr
  • 0

#2 spacyfreak

spacyfreak

    V.I.P. Member

  • Members
  • PipPipPipPipPip
  • 1995 posts
  • Gender:Male
  • Location:Germania
  • Interests:Putting Food on Family

Posted 30 November 2005 - 04:53 AM

Though VTP has to do something with VLANs, these are two different terms.

VTP is used, to make administration and creation of vlans easier.
In a big network with hundreds of switches, it would be lots of adm. overhead to create and delete vlans manually on each device.
VTP is just an mechanism to create or delete vlans on ONE switch (vtp server),
and this information is advertised to all the other switches in the network (vtp clients).


VLANs are used, to break down the limits from a "normal" network.
Normally, you have in the middle a router, and on the routerinterfaces there are connected some switches.
Each of these switches is ONE Broadcast Domain.
With VLAN Technic, you can assign each of the switchports to be in another Broadcastdomain, or Subnet.
So you can logically put ports in one Broadcastdomain, and this by logical reasons, and not because of physical reasons.
So people in different buildings can be in ONE Broadcastdomain or Subnet,
no matter about the physical layout of the network.
To be able to send pakets from one vlan to another, there MUST be routing between them.

On Cisco Routers, you do this by creating subinterfaces and bind different vlans to each subinterface.
Another way to do it is to give the vlans ip addresses and to route between them, if the router supports SVI.
The logical IP Address of the subinterface ior the vlan is the default gateway for the clients, whos pc is connected to a switchport, which is configured as access port and binded to one of these vlans or subnet.

----------------------------------------------------------------------------------------------------------------------------

Creating VLANs and bringing Layer 3 into the game....

----------------------------------------------------------------------------------------------------------------------------


Create some VLANs (with "vlan database" command or on newer switches with "vlan xy" command)

vlan database
vlan 2 name FrenchKiss


or if there is no "vlan database"

vlan 2
name FrenchKiss

vlan 3
name PresidentOfTheUnitedApes

vlan 4
name FoodIsGood


To create a subinterface on a router interface use the command

interface FastEthernet0/1.1
ip address 154.55.1.1 255.255.255.0
no shutdown

interface FastEthernet0/1.2
ip address 154.55.2.1 255.255.255.0
no shutdown

interface FastEthernet0/1.3
ip address 154.55.3.1 255.255.255.0
no shutdown


This is also called "Router on a Stick" - all the created vlans hang on a stick on ONE Routerinterface.
The disadvantage of this method is, that you have no chance to bind also OTHER Routerports to the same VLAN.
If you have a router that supports Switching (SVI Interfaces) you can also give IPs to the VLANs.
The IP of the VLAN will be the Default Gateway IP-Address for all the Host-PCs which are attached to that VLAN - no matter over which Uplink on any Routerinterface they are connected. Cool Feature, isnt it?

interface vlan 2
ip address 154.55.1.1 255.255.255.0
no shutdown


The advantage is, that you can span VLANs over multiple routerinterfaces.
But dont cry if you dont understand this - its not CCNA stuff.
For CCNA its enough if you know what is a subinterface and how to bind a vlan to it.

To bind a special vlan to a special subinterface, use the command

interface FastEthernet0/1.1
encapsulation dot1q 1

interface FastEthernet0/1.2
encapsulation dot1q 2

interface FastEthernet0/1.3
encapsulation dot1q 3



The command "encapsulation dot1q" means that 802.1q tagging will be used.
Instead of 802.1q you could also use ISL, if you only use Cisco devices.
ISL is a Cisco-proprietary Protocol and can not be used on most other vendors network devices.
802.1q is a Standart which is supported by most other vendor network devices.
Some older Cisco devices only support ISL.
They are not useable in a multi vendor network if use of network-wide VLANs is needed.

To make it possible that pakets from a vlan can come to another vlan, routes are needed:
A Router is a router.
Directed connected devices automatically generate a route in the routing table, if ip routing is enabled.
You can verify the routes with the command

sh ip route

To enable ip routing use the command

ip routing

in global config mode on the router.

To configure a switchport to be in a special vlan, use the command

interface fa0/24
switchport mode access
switchport access vlan 3


So, each PC which will be connected to Switchport 24, will automatically be in VLAN 3.
In our example, the PC which is connected to that port, must have an IP of the Subnet
154.55.3.0 /24 and the gateway of the PC will be 154.55.3.1.
Though a normal PC can not understand VLANs, it can communicate over that port.
The reason is simple - on an access port, the "VLAN ID"-tag is removed from each paket which
will pass the Interface.


Here an example of configuring RIP as Routing Protocol, and useage of SVI Interfaces.
You can give a vlan an ip-address and use a routing protocol, in the example its RIP, to route
between the different vlans.


Router#configure terminal

Router(config)#ip routing

Router(config)#router rip
Router(config-router)#network 10.0.0.0
Router(config-router)#network 20.0.0.0

Router(config-router)#interface vlan 10
Router(config-if)#ip address 10.1.1.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config-router)#interface vlan 20
Router(config-if)#ip address 20.1.1.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#exit


So - for VLAN 10, the Default Gateway for the clients in this vlan will be 10.1.1.1.
For VLAN 20, the D.Gateway is 20.1.1.1.
With RIP Routing in the example, Pakets from vlan 10 will be able to get to VLAN 20, and back.


------------------------------------------------------------------------------------------------------------------

"Dont enjoy the snack, before you understood the tag..." - George W. Bush

------------------------------------------------------------------------------------------------------------------


To make a network device able to differ the pakets which belong to different vlans,
there must be "tagging".
If you use only ONE Vlan, you dont need tagging, because there is nothing you have to differ.
When you start to create and use more than one vlan, you have to decide,
which of the vlans pakets should be tagged.
Tagging is nothing else, but putting an extra tag into each of the pakets.
This tag contains the "vlan id". Its like "marking" the pakets with colours.
VLAN2 could be green, VLAN3 could be red and so on.

-----------------------------------------------------------------------------------------------------------------

"Dont be drunk, if you configure a trunk" - Bill Gates

-----------------------------------------------------------------------------------------------------------------


To make it possible for network devices, to bring vlan pakets from one device to another,
the uplink ports between the devices must be configured as "trunk ports".
Between the devices must be established a "trunk".

Use this commands, to configure a trunkport and define what is the native VLAN on that port:

interface fa0/1
switchport mode trunk
switchport trunk encapsulation dot1q (or isl)
switchport trunk native vlan 1


You can imagine a trunk as a "bridge" which can carry multiple vlan pakets to another device.
Its important, that on each end of the trunk the same vlan must be configured as native vlan.
The native vlan (or default vlan) is the vlan which pakets are NOT tagged.
All other vlans MUST be tagged, or the devices will not be able to differ between them.
You dont have to put a special command to select which vlan has to be tagged.
You only can select, which vlans pakets will NOT be tagged.
You do this by using command

switchport trunk native vlan 1

That means, the pakets from vlan 1, which will pass this interface, will NOT contain a vlan id.
All other VLAN pakets from the other vlans used on that device will be tagged automatically.

On the path over multiple switches and routers, the pakets can on each uplink be encapsulated (tagged) or decapsulated.
But on each side of a uplink it must be configured to have the same native vlan.

In addition, you can give some options at trunk configuration, for example some negotiation,
so that the port automatically becomes trunkport, depending on the uplink device ports settings.

-----------------------------------------------------------------------------------------------------------

How can we put food on our familys with vtp, vlans and trunks?

-----------------------------------------------------------------------------------------------------------


So -
VTP is used, to create or delete automatically VLANS on network devices.
VLANs are used, to increase the number of broadcast domains, independent of the physical layout.
Trunks are used, to transport Pakets with different VLAN IDs over uplinks between network devices.


This stuff is abstract, and you need good imagination to understand it.
Its sometimes hard to do troubleshooting, when problems occure.
So its important to have a good network documentation and a straight network design.

VLANs can make things possible, which can solve many problems and needs of a company.
For example, if you need a Subnet, which is totally seperated from the Companys Intranet,
and which is only for Guests, who are not allowed to be in the Intranet,
but who should be able to reach the Internet.
With VLAN you can create a Subnet for these Guests, and let this Subnet terminate on the Internet Router without touching the traffic from Intranet Hosts.
And you can put Switchports from all buildings of your company into this Subnet,
because the guests are not only in one building.

On the other side - VLAN is NOT an encryption method!
With a sniffer in promiscuous mode, the pakets CAN be sniffed, and the data is not encrypted,
even if they have a vlan tag.


---------------------------------------------------------------------------------------------------------------------

"Dont drink your tea, before you understood VTP" - Winston Churchill

---------------------------------------------------------------------------------------------------------------------


VTP

Now that we know, how to create VLANs, lets see what can VTP do for us.

We have 4 switches.
They are connected over uplink ports. The uplinks are all configured as trunk ports.

Switch 1

vtp mode server
vtp domain goodfood
vtp pruning

Switch 2

vtp mode transparent
vtp domain goodfood

Switch 3

vtp mode client
vtp domain goodfood

Switch 4

vtp mode client
vtp domain betterfood

We create VLANs on Switch 1, which is in vtp server mode.

The VLAN Informations are advertised to switch 2, which is in vtp transparent mode.
The switch 2 does not learn the vlans which were created on switch 1.
But switch 2 sends the vlan informations to switch 3, which is in vtp client mode.

Switch 3 now has the same vlans like switch 1, though we did not create them on it.
But the VLANs will not be learned by switch 4 - because it has another vtp domain name.

Still not enough? See here for more informations.


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/routing.htm

---------------------------------------------------------------------------------------------------------

"Food = dot1q + 100$/hour" - Albert Einstein

---------------------------------------------------------------------------------------------------------

Edited by spacyfreak, 04 September 2006 - 10:07 AM.

  • 0

#3 notgoing2fail

notgoing2fail

    Cisco Routing/Switching Expert

  • Members
  • PipPipPipPip
  • 958 posts
  • Gender:Male
  • Location:New York
  • Interests:Life is short. Play with Cisco.

Posted 30 November 2005 - 05:18 AM

Though VTP has to do something with VLANs, these are two different terms.

VTP is used, to make administration and creation of vlans easier.
In a big network with hundreds of switches, it would be lots of adm. overhead to create and delete vlans manually on each device.
VTP is just an mechanism to create or delete vlans on ONE switch (vtp server), and this information is advertised to all the other switches in the network (vtp clients).

VLANs are used, to create break down the limits from an "normal" network.
Normally, you have in the middle a router, and on the routerinterfaces there are connected some switches.
Each of these switches is ONE Broadcast Domain.
With VLAN Technic, you can assign each of the switchports to be in another Broadcastdomain, or Subnet.
So you can logically put ports in one Broadcastdomain, and this by logical reasons, and not because of physical reasons. So people in different buildings can be in ONE Broadcastdomain or Subnet, no matter about the physical layout of the network.
To be able to send pakets from one vlan to another, there MUST be routing between them. On Cisco Routers, you do this by creating subinterfaces and bind different vlans to each subinterface. The logical IP Address of the subinterface is the default gateway for the clients, whos pc is connected to a switchport, which is configured as access port and binded to one of these vlans or subnet.

To create a subinterface on a router interface use the command

interface FastEthernet0/1.1
ip address 154.55.1.1 255.255.255.0
no shutdown

interface FastEthernet0/1.2
ip address 154.55.2.1 255.255.255.0
no shutdown

interface FastEthernet0/1.3
ip address 154.55.3.1 255.255.255.0
no shutdown


To configure a switchport to be in a special vlan, use the command

interface fa0/24
switchport mode access
switchport access vlan 33


So, each PC which will be connected to Switchport 24, will automatically be in VLAN 33.
But ONLY, if on this switch VLAN 33 was CREATED, or LEARNED via VTP! You understand?

To make a network device able to differ the pakets which belong to different vlans, there must be "tagging".
If you use only ONE Vlan, you dont need tagging, because there is nothing you have to differ.
When you start to create and use more than one vlan, you have to decide, which of the vlans pakets should be tagged. Tagging is nothing else, but putting an extra tag into each of the pakets. This tag contains the "vlan id". Its like "marking" the pakets with colours. VLAN2 could be green, VLAN3 could be red and so on.

To create vlans is dead simple. On older IOS versions, you had to use the "vlan database" command.
The vlan database was a file on the switch, which contained all the information about created vlans and vtp.

On newer switches, you simple give the "vlan ..." command to create new vlans in global config mode

vlan 2
vlan name bigbaloons


To make it possible for network devices, to bring vlan pakets from one device to another, the uplink ports between the devices must be configured as "trunk ports". Between the devices must be established a "trunk". You can imagine a trunk as a "bridge" which can carry multiple vlan pakets to another device.
Its important, that on each end of the trunk the same vlan must be configured as native vlan. The native vlan (or default vlan) is the vlan which pakets are NOT tagged.
All other vlans MUST be tagged, or the devices will not be able to differ between them. On the path over multiple switches and routers, the pakets can on each uplink be encapsulated (tagged) or decapsulated. But on each side of a uplink it must be configured to have the same native vlan.


interface fa0/1
switchport mode trunk
switchport trunk encapsulation dot1q (or isl)
switchport trunk native vlan 1


In addition, you can give some options at trunk configuration, for example some negotiation, so that the port automatically becomes trunkport, depending on the uplink device ports settings.

This stuff is abstract, and you need good imagination to understand it.
Its sometimes hard to do troubleshooting, when problems occure.
So its important to have a good network documentation and a straight network design.

What makes it so complicated - there is a mixture between multiple OSI Layers, which work together in this game.

But VLANs can make things possible, which can solve many problems and needs of a company. For example, if you need a Subnet, which is totally seperated from
the Companys Intranet, and which is only for Guests, who are not allowed to be in the Intranet, but who should be able to reach the Internet. With VLAN you can create a
Subnet for these Guests, and let this Subnet terminate on the Internet Router without touching the traffic from Intranet Hosts. And you can put Switchports from all buildings of your company into this Subnet, because the guests are not only in one building.

On the other side - VLAN is NOT an encryption method! With a sniffer in promiscuous mode, the pakets CAN be sniffed, and the data is not encrypted, even if they have a vlan tag.



You have WAY TOO much time on your hands!! Your job isn't making you work hard enough!!

:lol:
  • 0

#4 TAVId

TAVId

    Member

  • Members
  • PipPip
  • 118 posts

Posted 30 November 2005 - 05:43 AM

Though VTP has to do something with VLANs, these are two different terms.

VTP is used, to make administration and creation of vlans easier.
In a big network with hundreds of switches, it would be lots of adm. overhead to create and delete vlans manually on each device.
VTP is just an mechanism to create or delete vlans on ONE switch (vtp server), and this information is advertised to all the other switches in the network (vtp clients).

VLANs are used, to create break down the limits from an "normal" network.
Normally, you have in the middle a router, and on the routerinterfaces there are connected some switches.
Each of these switches is ONE Broadcast Domain.
With VLAN Technic, you can assign each of the switchports to be in another Broadcastdomain, or Subnet.
So you can logically put ports in one Broadcastdomain, and this by logical reasons, and not because of physical reasons. So people in different buildings can be in ONE Broadcastdomain or Subnet, no matter about the physical layout of the network.
To be able to send pakets from one vlan to another, there MUST be routing between them. On Cisco Routers, you do this by creating subinterfaces and bind different vlans to each subinterface. The logical IP Address of the subinterface is the default gateway for the clients, whos pc is connected to a switchport, which is configured as access port and binded to one of these vlans or subnet.

To create a subinterface on a router interface use the command

interface FastEthernet0/1.1
ip address 154.55.1.1 255.255.255.0
no shutdown

interface FastEthernet0/1.2
ip address 154.55.2.1 255.255.255.0
no shutdown

interface FastEthernet0/1.3
ip address 154.55.3.1 255.255.255.0
no shutdown


To configure a switchport to be in a special vlan, use the command

interface fa0/24
switchport mode access
switchport access vlan 33


So, each PC which will be connected to Switchport 24, will automatically be in VLAN 33.
But ONLY, if on this switch VLAN 33 was CREATED, or LEARNED via VTP! You understand?

To make a network device able to differ the pakets which belong to different vlans, there must be "tagging".
If you use only ONE Vlan, you dont need tagging, because there is nothing you have to differ.
When you start to create and use more than one vlan, you have to decide, which of the vlans pakets should be tagged. Tagging is nothing else, but putting an extra tag into each of the pakets. This tag contains the "vlan id". Its like "marking" the pakets with colours. VLAN2 could be green, VLAN3 could be red and so on.

To create vlans is dead simple. On older IOS versions, you had to use the "vlan database" command.
The vlan database was a file on the switch, which contained all the information about created vlans and vtp.

On newer switches, you simple give the "vlan ..." command to create new vlans in global config mode

vlan 2
vlan name bigbaloons


To make it possible for network devices, to bring vlan pakets from one device to another, the uplink ports between the devices must be configured as "trunk ports". Between the devices must be established a "trunk". You can imagine a trunk as a "bridge" which can carry multiple vlan pakets to another device.
Its important, that on each end of the trunk the same vlan must be configured as native vlan. The native vlan (or default vlan) is the vlan which pakets are NOT tagged.
All other vlans MUST be tagged, or the devices will not be able to differ between them. On the path over multiple switches and routers, the pakets can on each uplink be encapsulated (tagged) or decapsulated. But on each side of a uplink it must be configured to have the same native vlan.


interface fa0/1
switchport mode trunk
switchport trunk encapsulation dot1q (or isl)
switchport trunk native vlan 1


In addition, you can give some options at trunk configuration, for example some negotiation, so that the port automatically becomes trunkport, depending on the uplink device ports settings.

This stuff is abstract, and you need good imagination to understand it.
Its sometimes hard to do troubleshooting, when problems occure.
So its important to have a good network documentation and a straight network design.

What makes it so complicated - there is a mixture between multiple OSI Layers, which work together in this game.

But VLANs can make things possible, which can solve many problems and needs of a company. For example, if you need a Subnet, which is totally seperated from
the Companys Intranet, and which is only for Guests, who are not allowed to be in the Intranet, but who should be able to reach the Internet. With VLAN you can create a
Subnet for these Guests, and let this Subnet terminate on the Internet Router without touching the traffic from Intranet Hosts. And you can put Switchports from all buildings of your company into this Subnet, because the guests are not only in one building.

On the other side - VLAN is NOT an encryption method! With a sniffer in promiscuous mode, the pakets CAN be sniffed, and the data is not encrypted, even if they have a vlan tag.


:) ) I didn't even have the time to read it all.
Nice explanation. Write it entirelly did ya?!
Waaay too much time.


TAVI.
  • 0

#5 Brida

Brida

    Newbie

  • Members
  • Pip
  • 14 posts
  • Location:Portugal

Posted 30 November 2005 - 06:02 AM

Well i dont write this only for other people, but also for myself.

Everything what you write down, you will be able to remember longer and it will be burned deeper in your mind.
Also for exam preparation, i write everything down again and again, this helps me to understand and memorize this damn stuff better, deeper and longer and to put just bigger melones on my family!


what is killing me with this simulation is that i can't figure out why you have to determine the subnet. Since the second switch is going to be on vlan 1 (the same vlan as switch 1) why do we have to determine the subnet. it is going to belong in the same subnet as switch 1 and the same default gateway of switch 1 (which is the interface of the router, right?).

thanks for your help.
  • 0

#6 spacyfreak

spacyfreak

    V.I.P. Member

  • Members
  • PipPipPipPipPip
  • 1995 posts
  • Gender:Male
  • Location:Germania
  • Interests:Putting Food on Family

Posted 30 November 2005 - 06:10 AM

Why is subnet so important in vtp sim?

Well, if they ask you to give switch 2 the LAST IP of the Subnet, you must know, WHAT IS THE LAST IP.

And you will have another LAST IP, if the Subnetmask is 255.255.255.0 then when SNMASk is 255.255.255.240.
  • 0

#7 notgoing2fail

notgoing2fail

    Cisco Routing/Switching Expert

  • Members
  • PipPipPipPip
  • 958 posts
  • Gender:Male
  • Location:New York
  • Interests:Life is short. Play with Cisco.

Posted 30 November 2005 - 06:20 AM

Well i dont write this only for other people, but also for myself.

Everything what you write down, you will be able to remember longer and it will be burned deeper in your mind.
Also for exam preparation, i write everything down again and again, this helps me to understand and memorize this damn stuff better, deeper and longer and to put just bigger melones on my family!


what is killing me with this simulation is that i can't figure out why you have to determine the subnet. Since the second switch is going to be on vlan 1 (the same vlan as switch 1) why do we have to determine the subnet. it is going to belong in the same subnet as switch 1 and the same default gateway of switch 1 (which is the interface of the router, right?).

thanks for your help.



You TOTALLY have to know what subnet!

What if they said, assign IP to the 3rd subnet? Or the 4th subnet with /26 or /27 mask?
The real world doesn't work on just the first subnet. And if you really want to understand
subnetting, you'll want them to be able to ask you whatever they want, and for you to
answer anything they ask you.
  • 0

#8 Brida

Brida

    Newbie

  • Members
  • Pip
  • 14 posts
  • Location:Portugal

Posted 30 November 2005 - 06:21 AM

Why is subnet so important in vtp sim?

Well, if they ask you to give switch 2 the LAST IP of the Subnet, you must know, WHAT IS THE LAST IP.

And you will have another LAST IP, if the Subnetmask is 255.255.255.0 then when SNMASk is 255.255.255.240.


"I was asked to configure the remaining unconfigured switch with the 1st ip in the management network. Well, the subnetmask was 255.255.255.224 which breaks it down to 32 increments and makes the network of the management subnet 128 which obviously you can't use because it is the network address." -- Mark

why why why??? why is the subnet 128 the management subnet?
  • 0

#9 dragonfly

dragonfly

    Member

  • Members
  • PipPip
  • 138 posts

Posted 30 November 2005 - 06:46 AM

that's strange..

the 2 Switches connected together should have the same subnet,
otherwise VTP information will not be shared between the two.

They should not be in a different subnet (255.255.255.224 and 255.255.255.192)
  • 0

#10 Brida

Brida

    Newbie

  • Members
  • Pip
  • 14 posts
  • Location:Portugal

Posted 30 November 2005 - 06:54 AM

that's strange..

the 2 Switches connected together should have the same subnet,
otherwise VTP information will not be shared between the two.

They should not be in a different subnet (255.255.255.224 and 255.255.255.192)


that's precisely my point!!!

what i don't get it is what is a management network? why does Mark says that with a mask 255.255.255.224 the network management is 128. :unsure:
  • 0

#11 spacyfreak

spacyfreak

    V.I.P. Member

  • Members
  • PipPipPipPipPip
  • 1995 posts
  • Gender:Male
  • Location:Germania
  • Interests:Putting Food on Family

Posted 30 November 2005 - 07:21 AM

What is the Management Network?

Switches are layer2 devices. They dont need IP Address to do their job.

But for the Admin, to be able to do his job, the switch HIMSELF must get an IP Address.
If the Switch is not reacheable via TCPIP i can only manage and configure the switch via console.
And that is not practicable in a big network with hundreds of switches.

For this reason, we can choose one vlan (no matter which one) to be the "Management Network" or "Management VLAN". This Subnet is the Subnet in witch the Switches will be reacheable via TCPIP.

To give an switch an IP Address and a default gateway, i just do this

interface VLAN 1
ip address 145.55.52.2 255.255.255.240
no shutdown
ip default-gateway 145.55.52.1


The next switch gets this configuration

interface vlan 1
ip address 145.55.52.3 255.255.255.240
no shutdown
ip default-gateway 145.55.52.1


If i have to give to switch number 3 the LAST IP of the Management Network, i must be able to do
some little subnet-calculation.

255.255.255.240

240 means 11110000

The last of the ones stands under the 16. That are our network-jumps in the example.

128/64/32/16/8/4/2/1

So, our network has the following range

145.55.52.0 - 145.55.52.15 >>>This is our Management Network!!!
145.55.52.16 - 145.55.52.31
145.55.52.32 -145.55.52.47

The network address is 145.55.52.0. The first useable IP has the Gateway 145.55.52.1.
The next useable IP has switch 1. The next useable IP has switch 2.

The last useable IP in this example would be 145.55.52.14.

We can not use 145.55.52.15 because this is the broadcast address of the management network.

Edited by spacyfreak, 30 November 2005 - 07:22 AM.

  • 0

#12 Brida

Brida

    Newbie

  • Members
  • Pip
  • 14 posts
  • Location:Portugal

Posted 30 November 2005 - 07:27 AM

What is the Management Network?

Switches are layer2 devices. They dont need IP Address to do their job.

But for the Admin, to be able to do his job, the switch HIMSELF must get an IP Address.
If the Switch is not reacheable via TCPIP i can only manage and configure the switch via console.
And that is not practicable in a big network with hundreds of switches.

For this reason, we can choose one vlan (no matter which one) to be the "Management Network" or "Management VLAN". This Subnet is the Subnet in witch the Switches will be reacheable via TCPIP.

To give an switch an IP Address and a default gateway, i just do this

interface VLAN 1
ip address 145.55.52.2 255.255.255.240
no shutdown
ip default-gateway 145.55.52.1


The next switch gets this configuration

interface vlan 1
ip address 145.55.52.3 255.255.255.240
no shutdown
ip default-gateway 145.55.52.1


If i have to give to switch number 3 the LAST IP of the Management Network, i must be able to do
some little subnet-calculation.

255.255.255.240

240 means 11110000

The last of the ones stands under the 16. That are our network-jumps in the example.

128/64/32/16/8/4/2/1

So, our network has the following range

145.55.52.0 - 145.55.52.15 >>>This is our Management Network!!!
145.55.52.16 - 145.55.52.31
145.55.52.32 -145.55.52.47

The network address is 145.55.52.0. The first useable IP has the Gateway 145.55.52.1.
The next useable IP has switch 1. The next useable IP has switch 2.

The last useable IP in this example would be 145.55.52.14.

We can not use 145.55.52.15 because this is the broadcast address of the management network.


thank you!
now i got it...
so that quote from mark was wrong? ok, that makes sense...
thank you really :D
  • 0

#13 spacyfreak

spacyfreak

    V.I.P. Member

  • Members
  • PipPipPipPipPip
  • 1995 posts
  • Gender:Male
  • Location:Germania
  • Interests:Putting Food on Family

Posted 12 December 2005 - 05:35 PM

I updated the VLAN / VTP Explanations, to make them more clear.

If someone has comments, or something is wrong, feel free to post you opinion.

Cheerz, Spacyfreak
  • 0

#14 alinicon

alinicon

    Advanced Member

  • Members
  • PipPipPip
  • 265 posts

Posted 12 December 2005 - 09:34 PM

nice work on VTP
wat else one can look for
  • 0

#15 spacyfreak

spacyfreak

    V.I.P. Member

  • Members
  • PipPipPipPipPip
  • 1995 posts
  • Gender:Male
  • Location:Germania
  • Interests:Putting Food on Family

Posted 12 December 2005 - 09:45 PM

nice work on VTP
wat else one can look for


The whole process of creating vlans and subinterfaces, binding vlans to subinterface and routing between vlans is edited and explained more detailed than before.
  • 0

#16 alinicon

alinicon

    Advanced Member

  • Members
  • PipPipPip
  • 265 posts

Posted 15 December 2005 - 04:50 PM

how to set-up a VLAN what commands to enter, what each command does... I have an old CCNA (607) book and I can't find it...

-- Phybr


HAY PHYBR
its ok.. if u r chasing just knowlege its okkkkkkkkkkk.
but if ur after Certification. it whould be important to have up to date BOOK
i m saying this coz i have books for 507 & 607
unfortunately none of books possessed byme is 801
so cheers
  • 0

#17 shavin

shavin

    Newbie

  • Members
  • Pip
  • 5 posts
  • Gender:Male
  • Location:calicut, india
  • Interests:VoIP<br />Routing and Switching<br />Computer Graphics<br />writing

Posted 01 October 2009 - 10:19 AM

a very interesting account on VTP
  • 0

#18 newlife

newlife

    Newbie

  • Members
  • Pip
  • 20 posts

Posted 01 October 2009 - 02:46 PM

Please do a search on google, surely you will find somethings interesting. In short, VLANs help us manage the network more easilier when dividing a large network into smaller networks (smaller broadcast domains)
  • 0

#19 pedenski

pedenski

    Newbie

  • Members
  • Pip
  • 36 posts

Posted 04 October 2009 - 02:14 PM

this may sound off topic. but one of my favorite thing to troubleshoot.. is vlans...

vlans are great.. they subdivide large networks into smaller ones for better management.
  • 0

#20 x_y_z

x_y_z

    Newbie

  • Members
  • Pip
  • 21 posts

Posted 07 October 2009 - 05:42 PM

hii ,, my concern also about VTP,,, it is vtp can working with same model or different also can...? thanks
  • 0

#21 immectartedge

immectartedge

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 09 March 2011 - 12:30 AM

1
2
3
  • 0





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users