diff --git a/00. Jeremy's IT LAB CCNA course.md b/00. Jeremy's IT LAB CCNA course.md index 587f4fd..8143d80 100644 --- a/00. Jeremy's IT LAB CCNA course.md +++ b/00. Jeremy's IT LAB CCNA course.md @@ -25,3 +25,7 @@ tags: [[Subnetting (Part 1)]] [[Subnetting (Part 2)]] [[Subnetting (Part 3 - VLSM)]] +[[VLAN (Part 1)]] +[[VLAN (Part 2)]] +[[VLAN (Part 3)]] +[[DTP - VTP]] diff --git a/17. VLAN (Part 2).md b/17. VLAN (Part 2).md new file mode 100644 index 0000000..0b64b1c --- /dev/null +++ b/17. VLAN (Part 2).md @@ -0,0 +1,199 @@ +--- +id: 17. VLAN (Part 2) +aliases: [] +tags: [] +--- + +# VLAN (Part 2) + +## Trunk ports + +In a small network with few [[VLAN]]s it is possible to use separate interface for each VLAN +when connecting switches to switches, and switches to routers. + +However, when the number of VLANs increases, this is not viable. it will result in wasted interfaces, +and often routers won't have enough interfaces for each VLAN. + +You can use trunk ports to carry traffic from multiple VLANs over a single interface. + +Switches wil 'tag' all frames that they send over a trunk link. +This allows the receiving switch to know which VLAN the frame belong to. + + Trunk ports = 'tagged' ports + Access ports = 'untagged' ports + +### VLAN Tagging + +- There are two main trunking protocols: [[ISL]] (Inter-Switch Link) and [[IEEE 802.1Q]] (dot1q) +- ISL is an old Cisco proprietary protocol created before the industry standard IEEE 802.1Q +- IEEE 802.1Q is an industry standard protocol created by the [[IEEE]] (Institure of Electrical and +Electronics Engineers) +- You will probably NEVER use ISL in the real world. Even modern Cisco equipment doesn't support it +For the CCNA you only need to learn 802.1Q + +#### inside Ethernet Header + +Preamble | SFF | Destination | Source | 802.1Q | Type + +The 802.1Q tag is inserted between the Source and Type/Length fields of the Ethernet frame. +The tag is 4 bytes (32 bits) in length. +The tag consists of two main fields: + - Tag Protocol Identifier [[TPID]] + - Tag Control Information [[TCI]] + +The TCI consists of three sub-fields. + +802.1Q tag Format ++-----------------------------------+ +|16 bits | 3 | 1 |12 bits | +| | bits | bit | | +| TPID | TCI | +| | PCP | DEI | VID | ++-----------------------------------+ + +##### TPID ( Tag Protocol Identifier) + +- 16 bits (2bytes) in length +- Always set to a alue of 0x8100. This indicate that the frame is 802.1Q-tagged. + +##### PCP (Priority code point) + +- 3 bits in length +- Used for Class of Service (CoS), which prioritizes iimportant traffic in congested network + +##### DEI ( Drop Eligible Indicator) + +- 1 bit in length +- Used to indicate frames that can be dropped if the network is congested. + +##### VID (VLAN ID) + +- 12 bits in lenght +- Indentifies the VLAN the frame elongs to. +- 12 bits in length = 4096 total VLANs (2^12), range of 0 - 4095 +- VLANs 0 and 4095 are reserved and can't be used +- Therefore the actula range of VLANs is 1-4094 +- Cisco's proprietary ISL also has a VLAN range of 1 - 4094 + + more info https://en.wikipedia.org/wiki/IEEE_802.1Q + +## VLAN Ranges + +- The range of VLANs (1-4094) is divided into two sections: +Normal VLANs: 1-1005 +Extended VLANs : 1006-4094 + +- Some older devices cannot use the extended VLAN range, however it's safe to expect that modern +switches will support the extended VLAN range. + +## Native VLAN + +- 802.1Q has a feature called the **native VLAN**. +ISL does not have this feature +- The native VLAN is VLAN 1 by default on all trunk ports, however this can be manually configured +on each trunk port. +- The switch does not ad an 802.1Q tag to frames in the native VLAN. +- When a switch receives an untagged frame on a trunk port, it assumes the frame belongs to +the native VLAN. +**It's very important that the native VLAN matches!** + +## Trunk Configuration + +```Cisco +SW1(config)#interface g0/0 +SW1(config-if)#switchport mode trunk + command rejected +``` + +Many modern switches do not support Cisco;s ISL at all. They only support 802.1Q (dot1q) +However, switches that do support both (like the one I'm using in this example) have a trunk +encapsulation of Auto by default +To manually configure the interface as a trunk port, you must first set the encapsulation to +802.1Q or ISL. On switches that only support 802.1Q this is not necessary + +```Cisco +SW1(config)#interface g0/0 +SW1(config-if)#switchport trunk encapsulation dot1q +SW1(config-if)#switchport mode trunk +``` + +To see the configurations about the trunk + +```Cisco +SW1#show interfaces trunk + +Port Mode encapsulation Status Native vlan +Gi0/0 on 802.1q trunking 1 +``` + + +```Cisco +## for security reason you must not allow every vlan on the trunk +SW1(config-if)#switchport trunk allowed vlan 10,30 + +### for adding VLAN +SW1(config-if)#switchport trunk allowed vlan add 20 + +## For removing Vlan in the trunk use this command +SW1(config-if)#switchport trunk allowed vlan remove 20 + +### The all option is to allowed all vlan +SW1(config-if)#switchport trunk allowed vlan all + +## The except command if for all vlan except a range or a specific vlan +SW1(config-if)#switchport trunk allowed except 1-5,10 + +## The none disable every VLAN +SW1(config-if)#switchport trunk allowed none +``` + +For security purposes, it is best to change the native VLAN to an unused VLAN. +(network security will be explained more-in depth later in the course) +**Make sure the native VLAN matches on between switches** + +The command to change the native VLAN is : + +```Cisco +SW1(config-if)#switchport trunk native vlan 1001 +``` + + note : the show vlan brief command shows the access prots assigned to each VLAN, not + the trunk ports that allow each VLAN. + Use the **show interfaces trunk** command instead to confirm trunk ports. + + +## ROAS (Router on a stick) + +For three VLAN in the same interface + +```Cisco +R1(config)#interface g0/0 +R1(config-if)#no shutdown +R1(config-if)#interface g0/0.10 +R1(config-if)#encapsulation dot1q 10 +R1(config-subif)#ip address 192.168.1.62 255.255.255.192 +R1(config-if)#encapsulation dot1q 20 +R1(config-subif)#ip address 192.168.1.62 255.255.255.192 +R1(config-if)#encapsulation dot1q 30 +R1(config-subif)#ip address 192.168.1.62 255.255.255.192 +``` + +The subinterface number does not have to match the VLAN number. +Howerver it is highly recommended that they do match, to make it easier to understand + +- ROAS is used to route beween multiple VLANs using a single interface on the router and switch. +- The switch interface is configured as a regular trunk. +- The router interface is configured using subinterfaces. +- You configure the VLAN tag and IP address on each subinterface. +- The router will behave as if frames arriving with a certain VLAN tag have arrived on the +subinterface configured with that VLAN tag. +- The router will tag frames sent out of each subinterface with the VLAN tag configured on the +subinterface. + +## Review + +- What is a trunk port ? +- What is the purpose of trunk ports? +- 802.1Q Encapsulation +- How to configure trunk ports +- 'Router on a Stick'(ROAS) diff --git a/18. VLAN (Part 3).md b/18. VLAN (Part 3).md new file mode 100644 index 0000000..890db62 --- /dev/null +++ b/18. VLAN (Part 3).md @@ -0,0 +1,90 @@ +--- +id: 1778493954-IJHJ +aliases: + - VLAN (Part 3) +tags: [] +--- + +# VLAN (Part 3) + +## Native VLAN on a router (ROAS) + +There 2 methods for configuring the native VLAN on a router: + +1. +```Cisco +R1(config)# int g0/0.10 +R1(config-subif)#encapsulaton dot1q *vlan-id* native +``` + +2. +Configure the [[IP address]] for the native VLAN on the router's physical interface +(the command is not necessary) +```Cisco +R1(config)# int g0/0.10 +R1(config-subif)#ip address 192.168.1.62 255.255.255.192 +``` + +## Layer 3 (Multilayer) switches + +- A multilayer switch is capable of both switching and routing. +- It is 'Layer 3 aware' +- You can assign IP addresses to its interfaces, like a router. +- You can create virtual interfaces for each VLAN, and assign IP addresses to those interfaces. +- You can configure routes on it, just like a router. +- it can be used for inter-VLAN routing + +### Inter-VLAN routing via SVI + +- SVIs (Switch Virtual Interfaces) are the virtual interfaces you can assign IP addresses to +in a multilayer switch. +- Configure each PC to use the SVI (Not the router) as their gateway address. +- To send traffic to different subnets/VLANs, the PCs will send traffic to the switch, +and the switch will route the traffic + +the command to enable Layer 3 routing on the switch is + +```Cisco +SW2(config)#ip routing + +## this configure the interface as a 'routed port' +## (Layer 3 port, not Layer 2 /switchport) +SW2(config)#interface g0/1 +SW2(config-if)#no switchport + +## then you can configure an IP address on the interface like a regular router interface +SW2(config-if)#ip address 192.168.1.193 255.255.255.252 + +## then you can configure the default route +SW2(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.1.194 +``` + +To configure SVI you can assign ip address to each vlan +```Cisco +SW2(config)#interface vlan10 +SW2(config-if)#ip address 192.168.1.62 255.255.255.192 +SW2(config-if)#no shutdown +SW2(config)#interface vlan20 +SW2(config-if)#ip address 192.168.1.126 255.255.255.192 +SW2(config-if)#no shutdown +SW2(config)#interface vlan30 +SW2(config-if)#ip address 192.168.1.190 255.255.255.192 +SW2(config-if)#no shutdown +``` + +1. The Vlan must exist on the switch +2. The swithc must have at least one access port in the VLAN in an up/up state, AND/OR +one trunk port that allows the VLAN that is in an up/up state +3. The VLAN must not be shutdown (you can use the shutdown command to disable a VLAN) +4. The SVI must not be shutdown (SVIs are disabled by default) + +## Review + +- Native VLAN on a router +- Wireshark analysis +- Layer 3 Switching/multilayer Switching + +**next lesson** +- DTP (Dynamic Trunking Protocol) +- VTP (VLAN trunking Protocol) + diff --git a/19. DTP - VTP.md b/19. DTP - VTP.md new file mode 100644 index 0000000..96dbe3e --- /dev/null +++ b/19. DTP - VTP.md @@ -0,0 +1,200 @@ +--- +id: 19. DTP - VTP +aliases: [] +tags: [] +--- + +# DTP - VTP + +Note: DTP and VTP were removed from the CCNA exam topics list for the new exam (200-301). +However, it's important to know their function, and you may still get questions about them +on the exam even though they are not on the topics list + +## DTP Dynamic Trunking Protocol + +DTP is a [[Cisco]] proprietary protocol that allows Cisco switches to dynamically determine +their interface status (access or trunk) without manual configuration + +DTP is enabled by default on all Cisco switch interfaces. + +So far, we have been manually configuring switchports using these command : +- switchport mode access +- switchport mode trunk + +For security purposes, manual configuration is recommended. DTP should be disabled on all switchports + +### CLI + +```Cisco +SW2(config-if)#switchport mode ? +## we will focus on the dynamic option + +SW2(config-if)#switchport mode dynamic ? +## we have to mode auto or desirable +``` + +A switchport in dynamic desirable mode will actively try to form a trunk with other Cisco switches, +it will form a trunk if connected to another switchport in the following modes: + +1. switchport mode trunk +1. switchport mode dynamic desirable +1. switchport mode dynamic auto + +to verify you can + +```Cisco +SW1# show interfaces g0/0 switchport +Name: Gi0/0 +Switchport: Enabled +Administrative Mode: Dynamic desirable +Operational Mode: trunk +``` + +### Static access + +Static access means an access port that belongs to a single VLAN that doesnt change (unless +you configure a different VLAN). + +There are also 'dynamic access' ports, in which a server automatically assings the VLAN depending +on the [[MAC]] address on the connected device. +(This is out of the scope of the CCNA) + + +| Administrative mode | Trunk | Dynamic desirable | Access | Dynamic Auto | +| ------------- | -------------- | -------------- |------------ |------------ | +| Trunk | Trunk | Trunk | x | Trunk| +| Dynamic Desirable | Trunk | Trunk | Access | Trunk| +| Access | x | Access | Access | Access | +| Dynamic Auto | Trunk | Trunk | Access | Access | + + +DTP will not form a trunk with a router, PC, etc. +The switchport will be in access mode + +On *older* switches, **swithport mode dynamic desirable** is the default administrative mode. +On *newer* switches, **swithport mode dynamic auto** is the default administrative mode. +You can disable DTP negotiation on the interface with this command: + - switchport nonegotiate + +Configuring an access port with **switchport mode access** also disables DTP negotiation on +an interface + +It is recommended that you disable DTP on all switchports and manually confugre them as access or +trunk ports. + +### Encapsulation + +[[Switches]] that support both [[802.1Q]] and ISL trunk encapsulations can use DTP to negotiate +The encasulation they will use. + +This negotiation is enabled by default, as the default trunk encapsulation mode is : +**switchport trunk encapsulation negotiate** + +*ISL is favored over 802.1Q, so if both switches support ISL, it will be selected* + +DTP frames are sent in VLAN1 when using ISL or in the [[native VLAN]] whe using 802.1Q +(the default native VLAN is VLAN1, however) + +## VTP VLAN Trunking Protocol + +VTP allows you to configure VLANs on a central VTP server switch, and other switches (VTP client) +will synchronize their VLAN database to the server. +It is designed for large networks with many VLANs, so that you don't have to configure each VLAN +on every switch +It is rarely used, and it is recommended that you do not use it. +There are three VTP versions: 1, 2, and 3. +There are three VTP modes: server, client, and transparent. +*Cisco switches operate in VTP server mode by default* + +### VTP Servers + +Can add/modify/delete VLANs +Store the VLAN database in non-volatile RAM (NVRAM) +Will increase the revision number every time a VLAN database on trunk interfaces, and +The VTP clients will synchronize their VLAN database to it +VTP servers also function as VTP client +Therefore, A VTP server will synchronize to anothre VTP server with a higher revision number + +### VTP clients + +Cannot add/modify/delete VLANs +Do not store the VLAN database in NVRAM (in VTPv3 they do) +Will synchronize their VLAN database to the server with the highest revision number in their VTP domain +Will advertise their VLAN database, and forward VTP advertisements to other client over their trunk +ports. + +### How it's work + +to see all the VTP type + +```Cisco +SW1#Show VTP status +``` + +VTPvv1/v2 do not support the extended VLAN range (1006-4094) only BTPv3 supports them + +to set a domain name + +```Cisco +SW1#vtp domain cisco +``` + +now on switch 1 can do + +```Cisco +SW1#vlan 10 +SW1#name engineering +``` + +switch 2 will have the same vtp domain and vlan configured +pass along to switch 3 and 4 + + +If a switch with no VTP domain (domain NULL) receives a VTP advertisement with a VTP domain name, +it will automatically join that VTP domain + +If a switch receives a VTP advertisement in the same VTP domain with a higher revision number +it will update its VLAN database to match + +### **ONE DANGER OF VTP** + +If you connect an old switch with a higher revision number to your network ( and the VTP domain +matches), all switches in the domain will sync their VLAN database to that switch + + +### VTP transparent mode + +Does not participate in the VTP domain (does not sync its VLAN database). + +Maintains its own VLAN database in NVRAM. it can add/modify/delete VLANs, byt they won't be +advertised to other switches. + +Will forward VTP advertisements that are in the same domain as it. + + NOTE : Changing the VTP domain to an unused domain will reset the revision number to 0 + Changing the VTP mode to transparent will also reset the revision number to 0 + +### VTP version +You can change the VTP version with this command + +```Cisco +SW1(config)#vtp version 2 +``` + +VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support +for Token RIng VLANs. if you use Token Ring VLANs, you must enable VTP V2. Otherwise there is +no reason to use VTP V2 + +For the V3 it's Beyond the scope of the CCNA + +# Review + + note: Recommended that you disable this protocol for security purposes. + +DTP (dynamic trunking Protocol) +a protocol that allows Cisco switches to form trunk connections with other cisco switch without +manual configuration + +VTP (VLAN Trunking Protocol) +Allow to configure VLAN on switches that operate as central VTP servers, which then advertise +Their VLAN database,and VTP client switches sync their database to it