Skip to main content

VLAN, TRUNKING, VTP

VLAN, TRUNKING, VTP

Vlan trunking

-Vlan divides the broadcast domain
-In New switch, Default Vlan = Native Vlan = Vlan 1
-Native Vlan can be changed from Vlan 1 to Vlan10, 20 etc.
-Vlan 1 cannot be deleted even after entering command
-Vlan 1 carries critical traffic like CDP, VTP etc.
-Access port carries traffic of only one vlan
-Trunk port carries traffic of more than one vlan
-Voice vlan can carry traffic of two vlan’s
-Layer 3 vlan required for Inter-Vlan communication
-On Router, For Inter-Vlan comunication, “Router on Stick” is implemented
-On Switches, For Inter-Vlan comunication,”Layer 3 vlan or SVI” is implemented
-To allow end to end communication, we need to allow Vlan on all the trunk ports in between
-Vlan can be created on Router, Switch, Firewall etc.
-Trunking is the process to enable multiple vlan’s traffic between different switches
-Conditions -Connected Port should be trunk, Encapsulation should match, Allowed Vlans on trunk port should be same

VTP key points

-VTP is Virtual Trunking Protocol, configured to manage Vlan’s
-VTP different versions -V1, V2, V3
-In VTP, different switch roles are Server, Client, Transparent, Off Mode
-Default mode of switch is Server mode
-Recommended to add new switch in Client Mode with Revision number=0
-Revision number can be made zero, if VTP domain name is changes to some bogus name
-Revision number can be made zero, if VTP mode is changes to Transparent mode
-Latest Revision number means Latest Vlan configuration
-Server Mode, we can create, modify & delete vlans
-Client Mode, When client gets update, switch will update itself & passes update further
-Client Mode, We cannot do vlan related changes on client mode, switch will give error message
-Transparent Mode, When Transparent gets update, switch will not update itself & passes update further
-Transparent Mode, Changes performed on the Transparent will not be replicated to other switches
-Off Mode, When switch in Off mode gets update, switch will not update itself and do not pass further

VTP -Different versions

V1,V2 : Support upto Vlan number 1001, V3: Support upto Vlan number 4095
V1,V2 : Cannot transfer details of Private Vlans, V3 : Can transfer details of Private vlan as well
V1,V2 : Cannot carry MSTP region information, V3 : Can carry MSTP region information
V1,V2 : There is no option to make multiple Servers as Primary & secondary,
V3 : We can make Primary server out of multiple Server modes available
Labels:

Comments

Post a Comment

Popular posts from this blog

How to modify SSH/HTTP/Telnet time out in Cisco ASA firewall?

How to modify SSH/HTTP/Telnet time out in Cisco ASA firewall? By default tcp idle timeout is 1:0:0 hh:mm:ss. If in case you need to modify it you can do it by MPF (Modular Policy Framework). Let us setup a custom timeout when traffic is coming from particular host 10.77.241.129. !— Match the traffic using the access-list —! object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq ssh port-object eq telnet access-list outside_mpc extended permit tcp host 10.77.241.129 <source ip> any object-group DM_INLINE_TCP_1 !— Define the class map Cisco-class –! class-map Cisco-class match access-list outside_mpc !— Call this class-map into policy map and set the connection reset after 10 min when traffic is coming from particular host —! policy-map Cisco-policy class Cisco-class set connection timeout idle 0:10:00 reset !— Apply the policy-map Cisco-policy on the interface. —! service-policy Cisco-p...
Post a Comment
Read more

Checkpoint firewall common commands part 2

Checkpoint firewall common commands part 2 For basic firewall informaton gathering: fgate stat -Status and statistics of Flood-Gate-1. fwaccel <stat|stats|conns>  – View status, statistics or connection table of SecureXL. fw getifs -Show list of configured interfaces with IP and netmask. cpstat <app_flag> [-f flavour] -View OS, HW and CP application status. Issue cpstat without any options to see all possible application flags <app_flag> and corresponding flavours. Examples: cpstat fw -f policy – verbose policy info cpstat os -f cpu – CPU utilization statistics cpinfo -y all   -List all installed patches and hotfixes. cpd_sched_config print -Show task scheduled with CPD scheduler. enabled_blades -View enabled software blades avsu_client [-app <app>]   , get_version <app>  -Get signature version and status of content security .Without the -app option “Anti Virus” is used. show co...
Post a Comment
Read more

CLI Commands for Troubleshooting FortiGate Firewalls

CLI Commands for Troubleshooting FortiGate Firewalls 2015-12-21 Fortinet , Memorandum , Network Cheat Sheet , CLI , FortiGate , Fortinet , Quick Reference , SCP , Troubleshooting Johannes Weber This blog post is a list of common troubleshooting commands I am using on the FortiGate CLI . It is not complete nor very detailled, but provides the basic commands for troubleshooting network related issues that are not resolvable via the GUI. I am not focused on too many memory, process, kernel, etc. details. These must only be used if there are really specific problems. I am more focused on the general troubleshooting stuff. I am using it personally as a cheat sheet / quick reference and will update it from time to time. Coming from Cisco, everything is “show”. With Fortinet you have the choice confusion between show | get | diagnose | execute . Not that easy to remember. It is “ get router info6 routing-table” to show the routing table but “ diagn...
Post a Comment
Read more