Skip to content

CCNA 2 – ch 3

vlan layer 2 uygulamasıdır

vlan uygulamasında frame in içerisine 4 byte lık etiket (tag) bilgisi koyulur. Bu tag bilgisi IEEE 802.1q formatında tanımlanmıştır.

802.1q = dot1q = .1q

Cisco ISL

vlan tag inin içerisindeki 12 bitlik kısım vlan id olarak kullanılır.

Normal Range VLANs

> Used in small- and medium-sized business and enterprise networks.

>Identified by a VLAN ID between 1 and 1005.

> IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs. IDs 1 and 1002 to 1005 are automatically created and cannot be removed.

> cisco switch lerde default ta bütün interface ler vlan 1 dedir.

> Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is located in the flash memory of the switch.

Extended Range VLANs

> Enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need extended range VLAN IDs.

> Are identified by a VLAN ID between 1006 and 4094.

> Configurations are not written to the vlan.dat file. Are, by default, saved in the running configuration file.

Switch#show flash:
Directory of flash:/

1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin

64016384 bytes total (59601463 bytes free)

vlan leri oluşturmak için :

Switch(config)#vlan ?
<1-1005> ISL VLAN IDs 1-1005
Switch(config)#vlan 10
Switch(config-vlan)#name akademik
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name ogrenci

Switch#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 akademik active
20 VLAN0020 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#show flash:
Directory of flash:/

1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
2 -rw- 676 <no date> vlan.dat

64016384 bytes total (59600787 bytes free)

switch te vlan oluşturulduğunda bu vlan ler hiç bir interface ile ilişkili olmazlar. Interface i vlan e dahil etmek için ya da bir deyişle bir vlan interface e atamak (assign) için aşağıdaki komutlar girilmelidir :

Switch(config)#interface fa 0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10

Switch(config)#interface fa 0/20
Switch(config-if)#switchport access vlan 20
Switch(config-if)#switchport mode access

Switch#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 akademik active Fa0/10
20 ogrenci active Fa0/20
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

switch üzerindeki farklı vlan lerdeki host lar birbirleriyle ancak Layer 3 cihazlar üzerinden haberleşebilirler. (intervlan routing)

Switch(config)#no vlan 1
Default VLAN 1 may not be deleted.

Switch(config)#interface range fa 0/1-7
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 100
% Access VLAN does not exist. Creating vlan 100

switch teki mevcut bir vlan i kaldırmak için :
Switch(config)#no vlan 10

Switch#show interfaces fa 0/20 switchport
Name: Fa0/20
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Access Mode VLAN: 20 (ogrenci)

Switch#show interfaces fa 0/10 switchport
Name: Fa0/10
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Access Mode VLAN: 10 (Inactive)

switch teki bir vlan kaldırıldığında o vlan in atandığı interface ler inactive olur (hiçbir suretle traffic gönderilmez, alınmaz). Bu nedenle switch ten vlan kaldırılığında o vlan in atanmış olduğu tüm interface lerde yeni bir vlan atama konfigürasyonu yapılmalıdır.

switch teki normal range vlan ler flash ta vlan.dat dosyası altında tutulduğu için switch in configuration silinip reload edilse bile vlan.dat kalacaktır. Tamamiyle vlan leri silmek için :
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]

Switch#reload

Management vlan
network cihazlarına ip ataması yapılırken ip nin karşılığı olan vlan management vlan olarak adlandırılır. Genelde bu vlan de sadece network cihazları bulunur, host bulunmaz.

Switch(config)#interface vlan 30
Switch(config-if)#ip address 192.168.30.30 255.255.255.0
Switch(config-if)#no shutdown
Switch#sh ip inter brief
Interface IP-Address OK? Method Status Protocol
Vlan30 192.168.30.30 YES manual down down

Switch# show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 akademik active Fa0/10
20 ogrenci active Fa0/20
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#conf t
Switch(config)#vlan 30
Switch(config-vlan)#name yonetim

Switch#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 akademik active Fa0/10
20 ogrenci active Fa0/20
30 yonetim active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#show ip inter brief
Vlan30 192.168.30.30 YES manual up down
switch in management interface inin up up olabilmesi için ya o management vlan en azından bir fiziksel interface e atanmış olmalı, ya da switch en azından bir interface i trunk olarak configure edilmiş olmalıdır.

trunk interface ler : birden fazla vlan bilgisini taşıyan interface lerdir.

SW2(config)#interface gi 0/1
SW2(config-if)#switchport mode trunk

SW2#sh inter gi 0/1 switchport
Name: Gig0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q

*** host lardan switch e gelen frame lerde vlan tag bilgisi olmaz. Switch gelen frame in interface ine bakarak tag bilgisini ekler ve trunk hattan gönderir. Burdan bir hosta iletilecek olan frame den tag bilgisi çıkarılıp gönderilir.

Allowed vlans
trunk hatlar üzerinde normalde tüm vlan lerden trafik akacaktır. eğer ki trunk lardan vlan lerin tümü switch üzerinde assign edilmediyse o zaman allowed vlan komutu ile gereksiz olan vlan trafiği kesilebilir.

SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gig0/1 1-1005

Port Vlans allowed and active in management domain
Gig0/1 1,10,20,30,100

Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 1,10,20,30,100

SW1(config)#interface gi 0/1
SW1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
SW1(config-if)#switchport trunk allowed vlan 1,10,30,100

SW1#show inter trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gig0/1 1,10,30,100

Port Vlans allowed and active in management domain
Gig0/1 1,10,30,100

Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 1,10,30,100

SW1(config)#vlan 50
SW1(config)#inter gi 0/1
SW1(config-if)#switchport trunk allowed vlan add 50

SW1#show inter trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gig0/1 1,10,30,50,100

Port Vlans allowed and active in management domain
Gig0/1 1,10,30,50,100

Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 1,10,30,50,100
* native vlan *

trunk hatlarda etiketsiz gelen (untagged) traffic native vlan tag iyle etiketlenir. native vlan default ta vlan 1 dir.

SW1(config)#interface gi 0/1
SW1(config-if)#switchport trunk native vlan 10

 

Voice vlan

SW1(config)#inter fa 0/11
SW1(config-if)#switchport voice vlan 33

SW1#sh run inter fa 0/11
switchport access vlan 11
switchport mode access
switchport voice vlan 33

 

DTP (Dynamic Trunking Protocol)

DTP is a Cisco proprietary protocol that is automatically enabled on Catalyst 2960 and Catalyst 3560 Series switches.

Switches from other vendors do not support DTP.

DTP manages trunk negotiation only if the port on the neighbor switch is configured in a trunk mode that supports DTP.

access
trunk
dynamic auto
dynamic desirable

> cisco switch lerde default olarak DTP mode u dynamic auto dur

dynamic auto - dynamic auto : ACCESS
dynamic auto - dynamic desirable : TRUNK
dynamic desirable - dynamic desirable : TRUNK

dynamic auto - access : ACCESS
dynamic desirable - access : ACCESS

dynamic auto - TRUNK : TRUNK
dynamic desirable - TRUNK : TRUNK

access - access : ACCESS

trunk - trunk : TRUNK

access - trunk : X
SW2#sh inter gi 0/1 switchport
Name: Gig0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On !!! dtp devrede

SW2(config)#interface gi 0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport nonegotiate

SW2#sh inter gi 0/1 switchport
Name: Gig0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off !!! dtp devre dışı

SW2#show dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
0 interfaces using DTP