- Posts: 2
- Thank you received: 0
In need of VLAN information
15 years 8 months ago #29940
by booby
In need of VLAN information was created by booby
I am a student so please forgive my ignorance. I think I have the basic idea of a VLAN. According to my text a VLAN can be used to "group" certain hosts in the same broadcast domain. The book states over and over again that routers do not forward broadcasts. How does this work if a person is a member of a VLAN but is located in another building or possibly another city. Does the VTP allow a broadcast to be passed over a router? I appreciate any help I can get on this.
15 years 8 months ago #29942
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: In need of VLAN information
remember the word by "default" they dont forward broadcast but routers could be configured for inter vlan
communication. if you create and implement VLANs, you’re essentially creating smaller
broadcast domains at layer 2. and also remeber we are taking of a switched network.
so you can configure VTP
but before you can get VTP to manage your VLANs across the network, you
have to create a VTP server. All servers that need to share VLAN information must use the same
domain name, and a switch can be in only one domain at a time. So this means that a switch
can only share VTP domain information with other switches if they’re configured into the same
VTP domain. You can use a VTP domain if you have more than one switch connected in a network,
but if you’ve got all your switches in only one VLAN, you don’t need to use VTP. VTP
information is sent between switches via a trunk port.
Switches advertise VTP-management domain information, as well as a configuration revision
number and all known VLANs with any specific parameters. And there’s also something called
VTP transparent mode
. In it, you can configure switches to forward VTP information through
trunk ports, but not to accept information updates or update their VTP databases.
If you find yourself having problems with users adding switches to your VTP domain, you
can include passwords, but don’t forget—every switch must be set up with the same password,
and this can be difficult.
Switches detect the additional VLANs within a VTP advertisement and then prepare to
receive information on their trunk ports with the newly defined VLAN in tow. Updates are sent
out as revision numbers that are the notification plus 1. Any time a switch sees a higher revision
number, it knows the information that it’s receiving is more current, and it will overwrite the
current database with that new information.
also, Hosts in a VLAN live in their own broadcast domain and can communicate freely. VLANs create
network partitioning and traffic separation at layer 2 of the OSI, and as I said when I told you why
we still need routers, if you want hosts or any other IP-addressable device to communicate
between VLANs, a layer 3 device is absolutely necessary.
For this, you can use a router that has an interface for each VLAN or a router that supports
ISL routing. The least expensive router that supports ISL routing is the 2600 series router. The
1600, 1700, and 2500 series don’t support ISL routing.
if you had only a few VLANs (two or three), you could get a router
with two or three 10BaseT or Fast Ethernet connections. And 10BaseT is okay, but I’d recommend
Fast Ethernet—that will work really well.
If you have more VLANs available than router interfaces, you can either run ISL trunking on
one Fast Ethernet interface or buy a layer 3 switch such as the Cisco 3550.
Instead of using a router interface for each VLAN, you use one Fast Ethernet interface and
run ISL or 802.1Q trunking
communication. if you create and implement VLANs, you’re essentially creating smaller
broadcast domains at layer 2. and also remeber we are taking of a switched network.
so you can configure VTP
but before you can get VTP to manage your VLANs across the network, you
have to create a VTP server. All servers that need to share VLAN information must use the same
domain name, and a switch can be in only one domain at a time. So this means that a switch
can only share VTP domain information with other switches if they’re configured into the same
VTP domain. You can use a VTP domain if you have more than one switch connected in a network,
but if you’ve got all your switches in only one VLAN, you don’t need to use VTP. VTP
information is sent between switches via a trunk port.
Switches advertise VTP-management domain information, as well as a configuration revision
number and all known VLANs with any specific parameters. And there’s also something called
VTP transparent mode
. In it, you can configure switches to forward VTP information through
trunk ports, but not to accept information updates or update their VTP databases.
If you find yourself having problems with users adding switches to your VTP domain, you
can include passwords, but don’t forget—every switch must be set up with the same password,
and this can be difficult.
Switches detect the additional VLANs within a VTP advertisement and then prepare to
receive information on their trunk ports with the newly defined VLAN in tow. Updates are sent
out as revision numbers that are the notification plus 1. Any time a switch sees a higher revision
number, it knows the information that it’s receiving is more current, and it will overwrite the
current database with that new information.
also, Hosts in a VLAN live in their own broadcast domain and can communicate freely. VLANs create
network partitioning and traffic separation at layer 2 of the OSI, and as I said when I told you why
we still need routers, if you want hosts or any other IP-addressable device to communicate
between VLANs, a layer 3 device is absolutely necessary.
For this, you can use a router that has an interface for each VLAN or a router that supports
ISL routing. The least expensive router that supports ISL routing is the 2600 series router. The
1600, 1700, and 2500 series don’t support ISL routing.
if you had only a few VLANs (two or three), you could get a router
with two or three 10BaseT or Fast Ethernet connections. And 10BaseT is okay, but I’d recommend
Fast Ethernet—that will work really well.
If you have more VLANs available than router interfaces, you can either run ISL trunking on
one Fast Ethernet interface or buy a layer 3 switch such as the Cisco 3550.
Instead of using a router interface for each VLAN, you use one Fast Ethernet interface and
run ISL or 802.1Q trunking
sose
Network Engineer
analysethis.co/index.php/forum/index
15 years 8 months ago #30091
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: In need of VLAN information
Fantastic Post there sose, very detailed.
Just wanted to add that these days most people use InterVLAN Routing on Layer 3 switches as its much simpler. Alternatively the router method that sose has done a very good job of explaining would need to be used. Cisco refer to this as "Router on a stick"
Cheers
Just wanted to add that these days most people use InterVLAN Routing on Layer 3 switches as its much simpler. Alternatively the router method that sose has done a very good job of explaining would need to be used. Cisco refer to this as "Router on a stick"
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.129 seconds