Skip to main content

VLAN, TRUNKING, VTP

VLAN, TRUNKING, VTP

Vlan trunking

-Vlan divides the broadcast domain
-In New switch, Default Vlan = Native Vlan = Vlan 1
-Native Vlan can be changed from Vlan 1 to Vlan10, 20 etc.
-Vlan 1 cannot be deleted even after entering command
-Vlan 1 carries critical traffic like CDP, VTP etc.
-Access port carries traffic of only one vlan
-Trunk port carries traffic of more than one vlan
-Voice vlan can carry traffic of two vlan’s
-Layer 3 vlan required for Inter-Vlan communication
-On Router, For Inter-Vlan comunication, “Router on Stick” is implemented
-On Switches, For Inter-Vlan comunication,”Layer 3 vlan or SVI” is implemented
-To allow end to end communication, we need to allow Vlan on all the trunk ports in between
-Vlan can be created on Router, Switch, Firewall etc.
-Trunking is the process to enable multiple vlan’s traffic between different switches
-Conditions -Connected Port should be trunk, Encapsulation should match, Allowed Vlans on trunk port should be same

VTP key points

-VTP is Virtual Trunking Protocol, configured to manage Vlan’s
-VTP different versions -V1, V2, V3
-In VTP, different switch roles are Server, Client, Transparent, Off Mode
-Default mode of switch is Server mode
-Recommended to add new switch in Client Mode with Revision number=0
-Revision number can be made zero, if VTP domain name is changes to some bogus name
-Revision number can be made zero, if VTP mode is changes to Transparent mode
-Latest Revision number means Latest Vlan configuration
-Server Mode, we can create, modify & delete vlans
-Client Mode, When client gets update, switch will update itself & passes update further
-Client Mode, We cannot do vlan related changes on client mode, switch will give error message
-Transparent Mode, When Transparent gets update, switch will not update itself & passes update further
-Transparent Mode, Changes performed on the Transparent will not be replicated to other switches
-Off Mode, When switch in Off mode gets update, switch will not update itself and do not pass further

VTP -Different versions

V1,V2 : Support upto Vlan number 1001, V3: Support upto Vlan number 4095
V1,V2 : Cannot transfer details of Private Vlans, V3 : Can transfer details of Private vlan as well
V1,V2 : Cannot carry MSTP region information, V3 : Can carry MSTP region information
V1,V2 : There is no option to make multiple Servers as Primary & secondary,
V3 : We can make Primary server out of multiple Server modes available
Labels:

Comments

Post a Comment

Popular posts from this blog

Checkpoint firewall common commands part 2

Checkpoint firewall common commands part 2 For basic firewall informaton gathering: fgate stat -Status and statistics of Flood-Gate-1. fwaccel <stat|stats|conns>  – View status, statistics or connection table of SecureXL. fw getifs -Show list of configured interfaces with IP and netmask. cpstat <app_flag> [-f flavour] -View OS, HW and CP application status. Issue cpstat without any options to see all possible application flags <app_flag> and corresponding flavours. Examples: cpstat fw -f policy – verbose policy info cpstat os -f cpu – CPU utilization statistics cpinfo -y all   -List all installed patches and hotfixes. cpd_sched_config print -Show task scheduled with CPD scheduler. enabled_blades -View enabled software blades avsu_client [-app <app>]   , get_version <app>  -Get signature version and status of content security .Without the -app option “Anti Virus” is used. show co...
Post a Comment
Read more

Unable to Connect to Server Checkpoint R80

Unable to Connect to Server Checkpoint R80 Unable to Connect to Server A connection to the management server will fail if: A firewall between SmartConsole and the management server blocks Port 19009 -  port 19009 is used for a new R80 service. Allow traffic on this port for all clients and management servers. No GUI clients are assigned -  Open the Gaia Portal. If the First Time Configuration Wizard opens, complete it. If the First Time Configuration Wizard has already run, open  User Management > GUI Clients  and add a client. When using Multi-Domain Security Management, connect SmartConsole to the Multi-Domain Server and make sure the domains have GUI clients assigned to them. The required processes are not reachable -  Make sure the computer with SmartConsole installed can reach the IP address of the management server, and that these server processes are up and running: cpm fwm Operation time out  – Your connection ...
Post a Comment
Read more

Checkpoint firewall common commands part1

Checkpoint firewall common commands part1 For starting or stopping firewall services cpstop -Stop all Check Point services except cprid . You can also stop specific services by issuing an option with cpstop. For instance cpstop FW1 stops FW-1/VPN-1 or use cpstop WebAccess to stop WebAccess. cpstart -Start all Check Point services except cprid . cpstart works with the same options as cpstop . cprestart -Combined cpstop and cpstart . Complete restart. cpridstop, cpridstart, cpridrestart -Stop, start or restart cprid , the Check Point Remote Installation Daemon. fw kill [-t sig] proc -Kill a Firewall process. PID file in $FWDIR/tmp/ must be present. Per default sends signal 15 (SIGTERM).Example: fw kill -t 9 fwm fw unloadlocal – Uninstalls local security policy and disables IP forwarding. For getting basic firewall information : fw ver [-k] , fwm [mds] ver, vpn ver [-k], fgate ver -Show major and minor version as well as build numb...
Post a Comment
Read more