00:00:00 - VLANs, configuration and verification.
00:00:04 - Well, we've walked into the first of the major topics of the
00:00:08 - BCMSN video series and that is VLANs. These things define the
00:00:13 - fabric of just about every enterprise network that you can find
00:00:17 - in the world today. They are the separator that divides a network
00:00:22 - into multiple broadcast domains Before we get too deep into VLANs
00:00:26 - and trunking and all the different technologies I thought I'd
00:00:29 - start off with a simple video explaining the foundations of VLANs,
00:00:33 - what they are, why you would use them, and some design and focusing
00:00:37 - on Cisco's recommendation of using local VLANs. The last thing
00:00:41 - we'll talk about in here is VLAN configuration. We'll jump into
00:00:45 - a live interface, talk about set up on Cisco switches and assign
00:00:50 - ports to them.
00:00:53 - Just to make sure we're all on the same sheet of music, I'd like
00:00:56 - to do a little review of the VLAN foundations. What are VLANs?
00:01:02 - By default, a Cisco switch sends a broadcast everywhere, right?
00:01:06 - Every switch does. That's what switches do. But when we set up
00:01:10 - VLANs, the broadcast traffic is restrained to the VLAN that it
00:01:16 - was received in. So, for example, you can see on the screen I've
00:01:19 - got the blue VLAN and the red VLAN. If the computer sends a broadcast,
00:01:23 - it only comes out the blue ports. Computer sends a broadcast.
00:01:27 - It comes out the red ports. That's known as separate broadcast
00:01:30 - domains. We've completely divided those switches up. Now, with
00:01:35 - that being said, as a side note, we've got these blue computers
00:01:39 - and red computers sending broadcasts. If that's the case, then
00:01:41 - what VLAN port does that belong to? You probably guessed it.
00:01:47 - All VLANs. If the broadcast is going to go out all these ports
00:01:51 - then these ports, this white port, and this is a magic port that
00:01:55 - has two things connected to it, but you get the point. Those
00:01:59 - ports send all VLAN traffic and Cisco calls those a trunk port.
00:02:05 - Now, I will mention if you jump out of the Cisco world into any
00:02:09 - other vendor, whether it's 3Com or HP, they actually define those
00:02:13 - ports as tagged ports. So when you're thinking about tagged ports
00:02:18 - and trunk ports, they're kind of equivalent in those two words.
00:02:21 - So with that in mind, setting up VLAN helps you manage your network
00:02:27 - to really divide it into logical groups. We talked a little bit
00:02:31 - about this in the first video that opened this whole series.
00:02:34 - Now, these VLANs are correlated directly to a subnet. It is a
00:02:38 - one to one correlation. So every VLAN that you create needs its
00:02:43 - own subnet assigned to it. These VLANs can be used for access
00:02:48 - control to prevent the blue users from reaching the red users.
00:02:51 - They can be used for quality of service to say, well, the blue
00:02:55 - VLAN gets better treatment than the red VLAN and they get more
00:02:58 - priority of the bandwidth. And they can be just used for a great
00:03:02 - network design. You won't walk into any modern network that has
00:03:07 - a large campus environment that is not using VLANs. They are,
00:03:10 - how do you like that? You won't walk into any network with technology
00:03:15 - from this year and beyond and the routers and just about everybody.
00:03:19 - Let me put it that way uses VLANs. They are a great network design
00:03:24 - and make it very easy to manage large campus environments.
00:03:28 - When you are setting up VLANs in your network, Cisco recommends
00:03:33 - that you design them through a concept called local VLANs. All
00:03:37 - that means is that the VLANs are constrained to a specific switch
00:03:41 - block. Now, in the opening video to this whole series we talked
00:03:44 - about the enterprise composite network model, remember. And one
00:03:48 - of the things we talked about there was how we're supposed to
00:03:50 - design our network in these groups, this access layer, distribution
00:03:54 - layer, and up here is our core layer devices that really separate
00:03:59 - the major sections of our network. It could be done by buildings.
00:04:02 - It could be done by major departments. It could be done by technology.
00:04:05 - For example, over here I have the server block and the user blocks.
00:04:09 - Inside of the server block I have VLAN 10, 11 and 12 that maybe
00:04:14 - divide up my servers, and I've got the e mail servers in one
00:04:17 - VLAN, Web servers and so on. And then over on the right I've
00:04:20 - got user blocks, maybe the counting and sales department are
00:04:24 - VLAN 14 and 15. By keeping those VLANs constrained to the switch
00:04:31 - network, meaning their switch block, I've created local VLANs.
00:04:35 - And that's good, because now I can implement routing to get to
00:04:38 - the other destinations. If these guys want to reach the servers,
00:04:42 - no worries, I can just route them through the core using my routing
00:04:45 - table, but these all remain routed links. Because we don't want
00:04:52 - a broadcast traffic going through the core and hitting other
00:04:55 - areas of our network.
00:04:57 - These local VLANs should be created around the physical boundaries.
00:05:02 - And usually we don't think about things in physical terms anymore,
00:05:07 - because VLANs are completely logical. But they should really
00:05:10 - be created physically speaking with switches that are directly
00:05:14 - connected. You directly connect access layers to a distribution
00:05:18 - layer. Directly connect distribution layers to core layers. Those
00:05:21 - are your boundaries that should contain your local VLANs. The
00:05:26 - point is to put it simple, we shouldn't have VLANs that go through
00:05:30 - the core. They should remain at the distribution layer and stop
00:05:34 - there. Well, I'm ready. Let's get into the VLAN configuration.
00:05:39 - Just the base setup of VLANs on our switch. And logged into a
00:05:43 - Cisco switch right now, I'm going to type in show VLAN, and just
00:05:47 - take a look at what VLANs I have on the switch by default. Now,
00:05:50 - you can see VLAN 1 right there the default VLAN has all 20 well,
00:05:55 - 23 ports assigned to it. You can see one through 23. This is
00:05:59 - a 24 port switch and I'll talk about where port 24 is in just
00:06:03 - a moment. But below that I have 1,002, three, four, and five
00:06:08 - VLANs which are not something that we created. They're on there
00:06:11 - by default. Those are in order for Cisco to be an industry compliant
00:06:17 - vendor, they had to have those VLANs, just because the industry
00:06:21 - standards said you should. Notice it says active but unsupported,
00:06:24 - because this switch doesn't have FITI interfaces or token rings.
00:06:28 - Obviously this is an older standard but they're there by default.
00:06:32 - All other VLANs we can create. Now, there's two ways to create
00:06:37 - VLANs. An old way and a new way. I'll show you the old way first.
00:06:42 - We can do that by typing from privileged mode, and that's where
00:06:45 - it's kind of funny because we don't start from global config.
00:06:48 - You can type in VLAN database. Now, a little paragraph comes
00:06:51 - up that in short says Cisco's saying this is a mode we used to
00:06:54 - like but now we don't like it so we're making it go away in future
00:06:58 - versions of the software that's being deprecated. So this mode
00:07:03 - is eventually going away but this is the only mode that many
00:07:06 - people know. You go into VLAN database and underneath here you
00:07:10 - can just type in VLAN 100. Followed by name. We'll say IT.
00:07:17 - VLAN 200.
00:07:20 - We name it sales. Jump back here. VLAN 200. And so on. Now, this
00:07:25 - mode and I think one of the reasons why Cisco's trying to make
00:07:28 - it go away, it's very quirky, in the sense that
00:07:33 - how do you usually exit from modes? Control Z, right? Some of
00:07:38 - you are thinking: Type in exit. Most people hit control Z. If
00:07:42 - you hit control Z to jump out of this mode it actually undoes
00:07:46 - everything that you did. It's funny. So when I get out, I have
00:07:51 - to type in exit. And that's where you get this message Apply
00:07:55 - Completed. Now when I type in show VLAN I can see default VLAN,
00:07:59 - IT and sales. So I've created those two VLANs. With the old way
00:08:03 - out of the way, let me show you the Cisco preferred way. I go
00:08:07 - into global config mode and type in VLAN, say a number. We'll
00:08:11 - say 300.
00:08:13 - Name. Marketing.
00:08:17 - You actually go into this VLAN sub configuration mode and name
00:08:20 - it. You exit back out and do VLAN 400. Name, management.
00:08:28 - Management. Exit out. Show VLAN and you can see that sure enough
00:08:33 - we've added more VLANs to our switch that are available. But
00:08:37 - no ports have been assigned. So to assign ports I go into global
00:08:42 - config mode, and I'll just assign the first 10 port. I'll type
00:08:44 - in interface. Actually, first 10 ports, let's do interface range.
00:08:49 - Fast ethernet 0/1 through 10. And I'll do first command switch
00:08:54 - port mode access. Now, let me type the whole command. That command
00:09:00 - configures this to be hard coded as an access port. You don't
00:09:05 - have to do it, but it's very important that you do. Because otherwise
00:09:09 - it's in a mode known as dynamic, where it will be trying to negotiate
00:09:13 - a trunk port with the other side. That, by the way, is a horrible
00:09:17 - security vulnerability to leave your ports in dynamic mode. You
00:09:21 - want to either hard code them as access ports or trunk ports.
00:09:25 - We'll talk about that more in the upcoming video. Actually, it's
00:09:28 - coming up next where we discuss everything trunking. So we've
00:09:32 - set these to access ports, which means an end device attaches
00:09:35 - to them. Then I'll follow that up with switch port access VLAN
00:09:39 - and let's throw these guys in 100, they're the IT ports. Do interface
00:09:43 - range. Fast ethernet. We'll say 11 through 15. Switch port mode
00:09:48 - access and switch port access VLAN 200. When I jump out, I'll
00:09:52 - do a show VLAN and I can see that I have a status message splicing
00:09:57 - up my beautiful output. You can see the IT ports. Whoop.
00:10:02 - Right there. With a group of ports underneath it or the ITVLAN.
00:10:07 - Then I have the sales VLAN with a group of ports underneath it.
00:10:11 - At this point I have completely segmented my switch. The sales
00:10:15 - ports cannot reach the IT ports which cannot reach the default
00:10:19 - VLAN. They are totally separate, a broadcast in those VLAN stays
00:10:23 - in those VLANs. So that is how we create VLANs and assign ports
00:10:28 - to them. Now, the last thing I'll talk about, this is a short
00:10:32 - video, just on creating VLANs, is where these VLANs are stored.
00:10:37 - This is a little odd. But Cisco decided not to store the VLANs
00:10:42 - in the running config. I'll do a show run and do a little scrolling
00:10:46 - down. And I can see that there's my spanning tree. All my commands
00:10:51 - I typed under my interfaces.
00:10:53 - And interface VLAN one console port nothing. Nothing about VLANs
00:10:57 - is in the running config. It's all stored in a file in flash
00:11:03 - called VLAN.dat.
00:11:05 - You can see the file right there on the bottom. The VLAN database
00:11:09 - file holds all the VLANs that we created and their proper names.
00:11:13 - That is a little bit irksome I'll say. I'm trying to think of
00:11:19 - the right work. Irksome will do for now. Because you think you
00:11:23 - clear out your switch. Let's say you erase the config by doing
00:11:26 - a write erase, or erase startup config and you think you wipe
00:11:29 - out the config, but when you reboot you'll still see all those
00:11:32 - VLANs there. That can be an issue when we start getting into
00:11:38 - topics like VTP because it may accidently propagate those VLANs
00:11:42 - when you don't intend. However,
00:11:45 - when you are properly clearing a switch out, you're erasing its
00:11:49 - configuration, don't forget not only to do a write erase, which
00:11:54 - erases the start up config, but also do a delete/colon
00:11:59 - VLAN.dat. By doing that, that is the only way that you can erase
00:12:05 - your VLANs. I'll do a show VLAN.
00:12:08 - And you can see that they're still there. You might be thinking
00:12:11 - well Jeremy I thought you just deleted it. They are memory resident.
00:12:14 - They're sitting in RAM. So we have to reboot this switch. Just
00:12:18 - power it off and power it back on before those VLANs go away.
00:12:21 - So my point in telling you that, this is especially valuable
00:12:24 - when we get to VTP, when you're clearing a switch, don't forget
00:12:28 - to erase the VLANs or erase the VLAN database file.
00:12:33 - And that's about all I have to say about that. So let's wrap
00:12:36 - up VLANs. This has been the opening video on just creating VLANs.
00:12:41 - Modifying ports, assigning them to VLANs. We talked about first
00:12:45 - off VLAN foundations, what VLANs are. We then got into the VLAN
00:12:49 - design, which primarily deals with local VLANs. Cisco wants you
00:12:54 - to make sure that you keep your VLANs constrained to the switch
00:12:58 - block so they don't go through the core of your network. Last
00:13:02 - thing we got into was the VLAN configuration. Walking through
00:13:05 - first off creating the VLANs from either VLAN database or global
00:13:08 - config mode. Then assigning your access ports to them. I hope
00:13:13 - this has been informative for you and I'd like to thank you for viewing.