WT2054 LAN Switching and Wireless

Eero Väisänen 20.1.2010

Exercise 3

Material: CCNA Exploration 4.0 (3 LAN Switching and Wireless)

https://wartsila.pkamk.fi/cisco/exploration

Chapter 3: VLANs

Here are the questions and tasks from chapter 1, LAN Design. Submit the
answers in one document to return folder in moodle.

1) How are the benefits that VLANs provide for managing and securing LAN
communication?

VLAN networks have got a lot of benefits against normal networks, like
Security, Cost reduction, High performance, Broadcast storm mitigation,
and better management. This VLAN is a Virtual LAN what creates
individual networks in the same system. For example, if we had several
departments of our company, the best way of the management if we
create VLANs for all department. This means we have got one network
infrastructure, but the other VLANs can’t see the other VLANs’s computers.
This is good for the security, because this method decreasing the chances
of confidential information breaches. The groups that have sensitive data
are separated from the rest of the network, and this also prevents the
broadcast storms.

The IT Staff has got many good opportunities whose managing the system,
because they can use names for the VLANs and this way is very
comfortable to recognize witch VLAN is witch. When we need for a new
device like a switch, all the policies and procedures already configured for
the particular VLAN are implemented when the ports are assigned. These
networks are also good and effective for team works, and project works.

2) What is the purpose of VLANIDs? What is the VLANID range for normal user
VLANs.

A unique number called the VLAN ID identifies each VLAN. Each VLAN’s
has got an own VLAN ID and this number indentify the VLAN group. This
number is a 12-bit field in the tag.

VLAN IDs can take numbers between 1 and 1005, but IDs 1002 through
1005 are reserved for Token Ring and FDDI VLANs.

3) What is the purpose of

 - data VLAN: This traffic is the data traffic between all the PCs on the
switch and the switch. It contains not just one VLAN data communication
all VLANs what is connected to the switch. A VLAN could carry voice-based
traffic or traffic used to manage the switch, but this traffic would not be
part of a data VLAN. It is common practice to separate voice and
management traffic from data traffic.

- default VLAN: Every switch ports become a member of the default

VLAN, because this is the default setting after the initial boot up. This
actions allows to every switch port to they can communicate with each
other, because they are in a same VLAN called VLAN 1. The default VLAN
for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN,
except that you cannot rename it and you can not delete it.

- native VLAN: This is a trunk connection between switches what handle

many signals simultaneously. The default name is the native VLAN is VLAN
99. Untagged traffic is generated by a computer attached to a switch port
that is configured with the native VLAN. Native VLANs are set out in the
IEEE 802.1Q specification to maintain backward compatibility with
untagged traffic common to legacy LAN scenarios.

- management VLAN: Management VLAN is a special VLAN, because we

can manage all VLANs, on the network, but if we use VLAN 1 the default
VLAN we have got this option too, but is not a good way to manage a
network. We assign the management VLAN an IP address and subnet
mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP.

- voice VLAN: When we want to use a voice VLAN our whole network has
to be support the VOIP communication. The first thing we can guaranty the
quality of the voice, we must separate from the data VLAN. It is important
because we need enough bandwidth for the communication, we must
reach a low latency this delay need to be under 150ms. Tags are very
important in this communication method, because the switch must to
know this is a voice communication not a data, and it must to provide the
bandwidth and the quality.

4) How are VLANs and broadcast domains related?

A network without VLAN is almost like one broadcast domain. If a

computer send a message to another computer and that was a broadcast
frame the switch send that message to all ports and the next switch in
that network act like same. This is not a good for transmitting message. A
better way if we use VLAN and the message just spread the same VLAN
domain. Of course if we have a network with more than one switches we
must configure the VLAN system on that devices, and when the switch get
 a broadcasted message it just forwarded the correct port. Breaking up a
big broadcast domain into several smaller ones reduces broadcast traffic
and improves network performance. Breaking up domains into VLANs also
allows for better information confidentiality within an organization.
Breaking up broadcast domains can be performed either with VLANs (on
switches) or with routers.

5) What is the task of trunks? What VLAN does a trunk belong to?

The main tasks of the trunks of these are connections between switches or
routers, and these trunks must be handling the data flow between these
devices. And also these connections can provide communication of
between different VLAN networks. With these trunks we have chance to
manage our network simpler and cheaper, because we have got limited
port of switches, and if we want to make a link between switches we
handles many VLANs in a normal way we need ports for each sub-network.
When we use trunks the switch can handle this situation with one
connection, because it can handle these each sub-network in the same
time.

6) What is the content of a 801.1Q tag?

This is plus information for network frames. When a frame goes from a
switch to another, the trunk link must know that information was witch
VLAN. For this case when two network devices are trunked the link is
added extra information for the frame, this method called Frame Tagging.
In networks we often use this tags for make something unique or
recognizable, like VLAN IDs. In this case this extra tag name is 801.1Q tag.
The plus new information what is given by the switch is two things. These
are Ether type filed and the Tag Control field. The Ether type field is set a
hexadecimal value this called protocol ID. This is important because the
witch will be known it must search for information in the tag control field.
The tag control field is a bit complex, it contains a lot of information. These
are the 3 bit user priority, 1 bit of Canonical Format Identifier the CFI and
the 12 bits of VLAN ID, what it can be up to 4096. The end of this
procedure the switch must recalculate the FCS the frame check sequence,
because the frame contents are changed.

7) You want to delete the VLANs that you have created. What command and
state is used?

If we want to change a VLAN connection to a port or we want delete it, we

must in the EXEC mode. A static access port can only have one VLAN, so if
we want to change that port VLAN access in a normal case like the Cisco
IOS software we must delete it first than assign a new one. To delete
 ability of a port the most common command is no like no switchport
access vlan ID, or we can delete VLANs with no vlan ID. These VLANs are
in a file what called vlan.dat. Of course we have the option we delete this
file with the delete flash:vlan.dat command, and after a reboot we have no
VLANs on the switch.

8) In the scenario below neither staff nor student connection works. Find the
faults and correct them.

We have more problems. The first problem is with the VLANs. The student
VLAN is 20, and the staff VLAN is 10. We have one problem with PC4
because it has got a wrong IP, because I think it is belong to VLAN 10. We
must change the IP to 172.17.10.30, but then we find another problem. IP
collision on our network because the Staff Intranet has got a same IP like
PC4, so we must change one of them IP addresses. I would change the PC4
IP address to 172.17.10.31.

The another big problem on the VLAN Trunk I can’t find VLAN 20, we
should add VLAN 20 to the trunk line, then the Student fileserver can
communicate with PC5, if any other configuration is good. I think now we
are good.