CCNA Training Course (3) -- Vlan VTP relay single-arm route generation Tree Protocol

CCNA Training Course (3) -- Vlan VTP relay single-arm route generation Tree Protocol

This is the third day of the CCNA training course. There are many knowledge points on this day, and the experiment content is gradually becoming more complicated.

VLAN

A vswitch separates the conflict domains and the broadcast domains. A vro separates the conflict domains and the broadcast domains. In a pure exchange network, how do I divide broadcast domains? The answer is to create a virtual LAN (VLAN ).

A virtual local area network (VLAN) is a set of logical ports independent of locations. VLAN is equivalent to an independent layer-3 network. VLAN members do not need to be confined to the same switch's sequential or even ports.

Access-link: the Access port. A common switch port is used to connect to a terminal device. The device connected to this port does not know that a VLAN exists and does not need to know VLAN information, it thinks that only one VLAN exists!

In global configuration mode
Vlan 10 -- create Vlan 10
Name test -- set vlan name
Exit
Inter ran f0/1-15-assign f0/1 to f0/15 to vlan 10
Swicthport access vlan 10-set access mode to access
End
Show vlan brief-view vlan status

Privileged Mode
Vlan database
Vlan 20 name test1
Exit
Conf t
Inter ran f0/1-5
Switchport access vlan 20
End
Show vlan brief

Relay

Trunk-link: A Trunk link. Only a Fast Ethernet port (or higher) can be configured as a Trunk link. It carries information between multiple VLANs, that is, if one vlan of a vswitch wants to communicate with the same VLAN of another vswitch, it must go through the Trunk-link. each VLAN is the same. A switch has three VLANs, so these three VLANs can communicate with the same VLAN in the other switch through the trunk-link. In this way, no matter how many VLANs there are, there is only one trunk link in the two switches for communication. Someone must have asked, how does the other party know that the red VLAN in my vswitch transmits data to the other party and communicates with the other party's red VLAN. Here, the trunk uses a special encapsulation mode to encapsulate different VLANs, that is, marking different VLANs.
　　
Note: any port of a vswitch must belong to only one VLAN. However, if a port is configured as a TRUNK, the port will lose its original vlan id, it does not belong to any VLAN, but serves to transmit data for all VLANs.

Inte f0/1
Switchport mode trunk-set the port to relay

VTP

VTP (VLAN Trunking Protocol) is a VLAN trunk Protocol, also known as the VLAN trunk Protocol. It is a Cisco private protocol. More than a dozen switches are deployed in the enterprise network, and VLAN configuration is heavy. You can use the VTP protocol to configure a switch as a VTP Server, and other switches as VTP clients, in this way, they can automatically learn the VLAN information on the server.

Server (Server mode): the VLAN can be created, modified, and deleted on the VTP Server, and the information will be advertised to other switches in the domain on the Trunk link; the vtp server will change its VLAN information and forward it after receiving the VTP announcement from other vswitches. The vtp server stores VLAN information in NVRAM (flash: vlan. dat file), that is, the VLAN existence after the vswitch is restarted. By default, vswitches are in server mode. Each VTP domain must have at least one server, or multiple servers.

Client (Client mode): you cannot create, modify, or delete VLANs on a VTP Client. However, it listens to VTP announcements from other switches and changes its VLAN information, the received VTP information is also forwarded to other switches on the Trunk link. Therefore, this switch can also act as a VTP relay. The VTP Client saves the VLAN information in RAM, after the vswitch is restarted, the information is lost.

Transparent (Transparent mode): vswitches do not fully participate in VTP. You can create, modify, and delete VLANs on switches in this mode. However, these VLAN information is not advertised to other switches, it also updates its VLAN information without accepting VTP announcements from other switches. However, it will forward the received VTP announcement through the Trunk link to act as the unique color of The VTP relay. Therefore, the vswitch can be viewed as transparent. VTP Transparent only stores vlan information on the vswitch in NVRAM.

Lab:
Sw1 # delete flah: vlan. dat
Sw1 # erase startup-config
Sw1 # reload
Sw1 (config) # int f0/15
Sw1 (config-if) # switchport trunk encapsulation dot1q
Sw1 (config-if) # switchport mode trunk
Sw1 (config) # vtp mode server -- server mode
Sw1 (config) # vtp domain VTP-Test
Sw1 (config) # vtp password cisco
Sw1 (config) # vlan 2
Sw1 (config-vlan) # name two
Sw2 # delete flah: vlan. dat
Sw2 # erase startup-config
Sw2 # reload

Sw2 (config) # int range f0/1-2
Sw2 (config-if-range) # switchport trunk encapsulation dot1q
Sw2 (config-if-range) # switchport mode trunk
Sw2 (config) # vtp mode transparent -- transparent mode
Sw2 (config) # vtp domain VTP-Test
Sw2 (config) # vtp password cisco

Sw3 # delete flah: vlan. dat
Sw3 # erase startup-config
Sw3 # reload
Sw3 (config) # int f0/15
Sw3 (config-if) # switchport trunk encapsulation dot1q
Sw3 (config-if) # switchport mode trunk
Sw3 (config) # vtp mode client -- customer mode
Sw3 (config) # vtp domain VTP-Test
Sw3 (config) # vtp password cisco
Sw1 # show vtp status // view the status of The VTP domain

Single-arm Routing

Single-arm routing: multiple logical sub-interfaces are configured on the vro. Each sub-interface corresponds to a vlan. Data of each sub-interface must be tagged and encapsulated when transmitted on the physical link. Cisco devices support ISL and 802.1q (dot1Q) protocols. Huawei only supports 802.1q.

R1
Inter f0/0-Open Port f0/0
No shutdown
Exit

Interface f0/0.10-set port f0/0 to Vlan 10 corresponding to logical port f0/0.10
Encapsulation dot1Q 10-set the encapsulation protocol
Ip add 192.168.1.1 255.255.255.0-set Vlan IP
Exit
Interface f0/0.20-set port f0/0 to Vlan 20 corresponding to logical port f0/0.20
Encapsulation dot1Q 20
Ip add 192.168.2.1 255.255.255.0
Exit

Spanning Tree Protocol

How the Spanning Tree works:
The international standard for Spanning Tree Protocol is 802.1d. during the specified interval, the bridge/switch that runs the Spanning Tree Algorithm exchanges configuration information with other switches through the multicast frames of the Bridge Protocol Data Unit (BPDU). The procedure is as follows:
1. Select the root bridge/switch by comparing the priority of the bridge/switch (there is only one root bridge/switch in the given broadcast domain );
2. The remaining non-root bridges/switches have only one port leading to the root bridge/switch, which is called the root port;
3. Each CIDR block has only one forwarding port;
4. All connection ports of the root bridge/switch are forwarding ports.

The algorithm process of the Spanning Tree Protocol can be summarized into three steps:
Select the root bridge, the root port, and the specified port.
(1) Select the root bridge:
Select a root bridge in the whole network and compare the BID value of the bridge. The smaller the value, the higher the priority. The ID value is composed of two parts: the switch priority and MAC address. If the switch priority is the same, the MAC address is compared. The smaller the address value, it is elected as the root bridge.
(2) Select root port: Select root port on each non-root Switch
First, compare the root path cost. The root path cost depends on the link bandwidth. The larger the bandwidth, the lower the path cost, the port is selected as the root port. Second, if the root path cost is the same, compare the BID value of the Peer switch. The smaller the value, the higher the priority. Finally, compare the port ID value. The value is divided into two parts: port priority and port number. If the value is small, it is selected as the root port.
(3) Select a specified port: select a specified port on each link. All ports on the root bridge are specified ports.
First, compare the root path cost. Second, compare the ID value of the bridge where the port is located. Finally, compare the port ID value.

Comprehensive Experiment:

Requirements:
1.
PC5 and PC7 are located at VLAN 10 172.16.1.80/28
PC6 PC8 is located at VLAN 20 10.0.0.80/29
SW5, SW6, and SW7 manage VLAN 30 192.168.100.72/29
2.
PC1 PC3 is located at Vlan 10 172.16.2.80/28
PC2 PC4 in Vlan 20 10.0.1.80/29
SW1, SW2, SW3, and SW4 manage Vlan 30 192.168.99.72/29
3.
SW5, SW6, and SW7 are VTP transparent
SW1 is VTPserver, SW2, SW3, and SW4 is Client
4.
All devices can log on remotely.
The timeout value is 20 S.
5.
Enable port security and fast forwarding for all interfaces on the PC,
Disable CDP between SW5 and R1

Based on the above information, we can conclude that:

First configure ---- R1
Configure two single-arm routes on R1,
(1) Open two interfaces

(2) Port F0/0, divided into three logical sub-interfaces
The IP addresses are:
F0/0.10 172.16.1.81 255.255.255.255.240
F0/0.20 10.0.0.81 255.255.255.248
F0/0.30 192.168.100.73 255.255.255.248

Port F0/1, divided into two logical sub-interfaces
The IP addresses are:
F0/1.10 172.16.2.81 255.255.255.255.240
F0/1.20 10.0.1.81 255.255.255.248
F0/1.30 192.168.99.73 255.255.255.255.248

(3) --- set this item for all devices
Remote Login
The timeout value is 20 S.

Configure SW1:
1. Create vlan 10/vlan 20/vlan 30
2. The SW1 management IP address is 192.168.99.74 255.255.255.255.248 and belongs to VLAN30.
3. Set VTP mode to server mode
4. Set the interface connecting r1 to the trunk-single-arm routing requirements
The interfaces connecting sw2 and sw3 are also in trunk mode-the same vlan, and the interconnection between switches is not required.
5. Set the default gateway to 192.168.99.73 255.255.255.255.248.
6. Remote login:
Enable password cisco
Username ciscp password cisco
The timeout value is 20 S:
Line vty 0 15
Login local
Exe 0 20

Configure SW2/SW3/SW4:
1. Create vlan 10/vlan 20/vlan 30
2. The SW2 management IP address is 192.168.99.75 255.255.255.255.248 and belongs to VLAN30.
The SW3 management IP address is 192.168.99.76 255.255.255.255.248 and belongs to VLAN30.
The SW4 management IP address is 192.168.99.77 255.255.255.255.248 and belongs to VLAN30.
3. Set VTP mode to client Mode
4. Set the default gateway to 192.168.99.73 255.255.255.255.248.
5. Remote login:
Enable password cisco
Username ciscp password cisco
The timeout value is 20 S:
Line vty 0 15
Login local
Exe 0 20
6. Interfaces connecting PC1 and PC3 are allocated to VLAN 10.
Interfaces connected to PC2 and PC4 are assigned to VLAN 20 to set the default gateway for the corresponding network segment.
The interface connecting to the PC sets port security and fast forwarding:
Switchport mode access
Switchport port-security
Switchport port-security max 1
Switchport port-security mac-address sticky
Spanning-tree portfast

Configure SW5:
1. Create vlan 10/vlan 20/vlan 30
2. The SW5 management IP address is 192.168.100.74 255.255.255.255.248 and belongs to VLAN30.
3. Set VTP mode to transparent mode
4. Set the interface connecting r1 to the trunk-single-arm routing requirements
The interface connecting to r1 is set to cdp invisible -- no cdp enable
The interfaces connecting sw6 and sw7 are also in trunk mode-the same vlan is not required for interconnection between switches
Set the default gateway to 192.168.100.73 255.255.255.255.248.
5. Remote Login
The timeout value is 20 S.

Configure SW6 and SW7:
1. Create vlan 10/vlan 20/vlan 30
2. The management IP address of SW6 is:
192.168.100.75 255.255.255.255.248 belongs to VLAN30.
The management IP address of SW7 is:
192.168.100.76 255.255.255.255.248 belongs to VLAN30.
3. Set VTP mode to transparent mode
4. Set the default gateway to 192.168.100.73 255.255.255.248.
5. Remote Login
The timeout value is 20 S.
6. Interfaces connecting PC5 and PC7 are allocated to VLAN 10.
Interfaces connected to PC6 and PC8 are assigned to VLAN 20 to set the default gateway for the corresponding network segment.
7. Set port security and fast forwarding through the interface connecting to the PC:
Switchport mode access
Switchport port-security
Switchport port-security max 1
Switchport port-security mac-address sticky
Spanning-tree portfast

Note:
Fast Forwarding and port security are targeted at PCs. If you do not configure fast forwarding between vswitches, because fast forwarding bypasses the two-layer Spanning Tree Protocol, which is detrimental to loop monitoring. If no loop is detected, a broadcast storm may easily occur, making the entire network in a state of poor communication or paralysis.

Do not forget to configure the default gateway for a vswitch.
Sw6 (config) # ip default-gateway 192.168.100.73

Different network segments can also be pinged for vrouters, but vswitches cannot be connected between different VLANs because they are in different broadcast domains.