VLAN Implementation

VLANs are used to break large campus networks into smaller pieces. The benefit of this is to minimize the amount of broadcast traffic on a logical segment.

What Is a VLAN?

A virtual LAN (VLAN) is a logical LAN, or a logical subnet. It defines a broadcast domain. A physical subnet is a group of devices that shares the same physical wire. A logical subnet is a group of switch ports assigned to the same VLAN, regardless of their physical location in a switched network.

Two types of VLANs are:

• End-to-end VLAN—VLAN members are assigned by function and can reside on different switches. They are used when hosts are assigned to VLANs based on functions or workgroups, rather than physical location. VLANs should not extend past the Building Distribution submodule. Figure 2-1 shows end-to-end VLANs.
  

• Local VLAN—Hosts are assigned to VLANs based on their location, such as a floor in a building. A router accomplishes sharing of resources between VLANs. This type is typically found in the Building Access submodule. Figure 2-2 shows an example of local VLANs.

End-To-End VlanS


Local VLANS


VLAN membership can be assigned either statically by port or dynamically by MAC address using a VLAN Membership Policy Server (VMPS).

Creating a VLAN in Global Config Mode:

VLANs must be created before they may be used. VLANs may be created in global configuration mode or in VLAN database mode. Creating VLANs in global configuration is easy—just identify the VLAN number and name it!

(config)#vlan 12
(config-vlan)#name MYVLAN


Creating a VLAN in Database Mode

Creating a VLAN in VLAN database mode is very similar to global configuration. There are no advantages to either method. Either method creates an entry in a VLAN.DAT file. Remember that copying the configuration, by itself, does not move the VLAN information! To do that you must move the VLAN.DAT file.

#vlan database
(vlan)#vlan 12 name MYVLAN

Delete a VLAN by using the same command with no in front of it. There is no need to include the name when deleting.


Assigning Ports to VLANs

When statically assigning ports to VLANs, first make it an access port, and then assign the port to a VLAN. At the interface configuration prompt:

(config-if)#switchport mode access
(config-if)#switchport access vlan 12
The commands are similar when using dynamic VLAN assignment. At interface configuration mode:

(config-if)#switchport mode access
(config-if)#switchport access vlan dynamic

If you use dynamic, you must also enter the IP address of the VMPS server at global configuration mode:

(config-if)#vmps server ip address


Verifying VLAN Configuration

To see a list of all the VLANs and the ports assigned to them, use the command show vlan. To narrow down the information displayed, you can use these keywords after the command: brief, id, vlan-number, or name vlan-name:

Other verification commands include:

show running-config interface interface no.—Use the following to verify the VLAN membership of the port:


show mac address-table interface interface no. vlan vlan no.— Use the following to view MAC addresses learned through that port for the specified VLAN:


show interfaces interface no. switchport—Use the following to see detailed information about the port configuration, such as entries in the Administrative Mode and Access Mode VLAN fields:



Troubleshooting VLAN Issues

The following are three steps in troubleshooting VLAN problems:

• Check the physical connectivity—Make sure the cable, the network adapter, and switch port are good. Check the port’s link LED.
  

• Check the switch configuration—If you see FCS errors or late collisions, suspect a duplex mismatch. Also check configured speed on both ends of the link. Increasing collisions can mean an overloaded link, such as with a broadcast storm.
  

• Check the VLAN configuration—If two hosts cannot communicate, make sure they are both in the same VLAN. If a host cannot connect to a switch, make sure the host and the switch are in the same VLAN.

IPv6 Routing

MP-BGP for IPv6

Multiprotocol BGP (RFC 2858) involves two new extensions to BGP4 that allow BGP to carry reachability information for other protocols, such as IPv6, multicast IPv4, and MPLS. The extensions allow NEXT_HOP to carry IPv6 addresses and NLRI (network layer reachability
information) to an IPv6 prefix.

Example 8-5 shows the BGP commands as they might be applied.


OSPFv3

OSPFv3 is one of the first routing protocols available for IPv6 and. Due to its open-standard heritage, it is widely supported in IPv6. OSPFv3 is the only routing protocol discussed on the BSCI test, so it is covered in more depth here.

OSPFv3, which supports IPv6, is documented in RFC 2740. Like OSPFv2, it is a link-state routing protocol that uses the Dijkstra algorithm to select paths. Routers are organized into areas, with all areas touching area 0.

OSPF speakers meet and greet their neighbors using Hellos, exchange LSAs (link-state advertisements) and DBDs (database descriptors), and run SPF against the accumulated link-state database.

OSPFv3 participants use the same packet types as OSPFv2, form neighbors in the same way, flood and age LSAs identically, and support the same NBMA topologies and rare techniques such as NSSA and ondemand circuits.

OSPFv3 differs from its predecessors principally in its new address format. OSPFv3 advertises using multicast addresses FF02::5 and FF02::6, but uses its link-local address as the source address of its advertisements. Authentication is no longer built in, but relies on the underlying capabilities of IPv6.


OSPFv3 LSAs

OSPFv3 and OSPFv2 use a similar set of LSAs, but version 3 has a few changes from OSPFv2. Types 3 and 4 have been slightly renamed, but still fulfill the same functionality as they did with OSPFv2. Type 8 is new and assists in discovering neighbors. Types 1 and 2 no longer
pass routes. Instead they pass router IDs. Prefixes are associated as leaf objects that hang off those nodes and are advertised using Type 9, which is also new.

LSAs are sourced from the link-local address of an interface and destined for a multicast address. FF02::5 is the “all OSPF routers” address and FF02::6 is the “all OSPF DRs” address.

The OSPFv3 LSA types are collected together in Table 8-1. Notice that types one through seven exactly match their OSPFv2 predecessor, while type 8 and type 9 are new to OSPFv3.


Configuration
OSPF configuration is similar to RIPng and EIGRP. The routing process is created and routing properties are assigned to it. Interfaces are then associated with the process under interface configuration mode. Assuming that ipv6 unicast-routing and interface IP addresses are already in place, the commands to implement OSPFv3 are shown in Example 8-6.


Cost may be overridden with the ipv6 ospf cost command as shown in Example 8-7.

The summary-range command is shown to demonstrate summarization.


Troubleshooting
Troubleshoot OSPFv3 just like OSPFv2. Start by looking at show ipv6 route to verify routes have been advertised. Assuming the route is in the routing table, test reachability using ping ipv6. You can also look at the ospf setup using show ipv6 ospf 1 interface, show ipv6
ospf, or show ipv6 ospf database.


Integrating IPv4 and IPv6

There are several strategies for migrating from IPv4 to IPv6. Each of these strategies should be considered when organizations decide to make the move to IPv6 because each has positive points to aiding a smooth migration. It should also be said that there does not have to be a global decision on strategy—your organization may choose to run dual-stack in the U.S., go completely to IPv6 in Japan, and use tunneling in Europe. The transition mechanisms include:

• Dual stack—Running IPv6 and IPv4 concurrently.
  

• IPv6 to IPv4 tunneling (6-to-4)—Routers that straddle the IPv4 and IPv6 worlds to encapsulate the IPv6 traffic inside IPv4 packets.
  

• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)—This protocol is similar to 6-to-4, but it treats the IPv4 network as an NBMA network.
  

• Teredo/Shipworm—Encapsulates IPv6 packets in IPv4/UDP segments.

NAT-PT, ALG, and BIA/BIS
Instead of replacing IPv4, there are several ways to coordinate the functioning of IPv4 and v6 concurrently. NAT-protocol translation is an example of this coexistence strategy. NAT-PT maps IPv6 addresses to IPv4 addresses. If IPv6 is used on the inside of your network, a NATPT device will receive IPv6 traffic on its inside interface and replace the IPv6 header with an IPv4 header before sending it to an outside interface. Reply traffic will be able to follow the mapping backward to enable two-way communication. NAT-PT is able to interpret application traffic and understand when IP information is included in the application data. It is also possible to connect IPv4 and IPv6 routing domains using application-level gateways (ALG), proxies, or Bump-in-the-API (BIA) and Bump-in-the-Stack (BIS), which are NAT-PT implementations within a host.

IPv6 Routing

IPv6 is not enabled by default on Cisco routers. To enable IPv6 routing, the command is Router(config)#ipv6 unicast-routing.

After IPv6 is enabled, addresses are assigned to interfaces much like version 4:

Router(config-if)#ipv6 address prefix/prefix-length

To make this less abstract, a more complete example that shows an IPv6 implementation is shown in Example 8-1.


Static Routing

Static routing with IPv6 works exactly like it does with version 4. Aside from understanding the address format, there are no differences. Static routes are not currently on the BSCI test. The syntax for the IPv6 static route command is shown below, and Example 8-2 is supplied so that the command may be viewed in context as it might be applied.

Router(config)# ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number [ipv6-address]} [administrativedistance] [administrative-multicast-distance | unicast | multicast] [tag tag]


RIPng for IPv6

RIPng is the IPv6 of RIP and is defined in RFC 2080. Like RIPv2 for IPv4, RIPng is a distance vector routing protocol that uses a hop count for its metric and has a maximum hop count of 15. RIPng also uses periodic multicast updates—every 30 seconds—to advertise routes. The multicast address is FF02::9.

RIPng is not on the BSCI exam at present, but it is presented here for completeness and to round out your appreciation for IPv6 routing and to prepare the reader for trial implementations of IPv6.

There are two important differences between the old RIP and the nextgeneration RIP. First, RIPng supports multiple concurrent processes, each identified by a process number (this is similar to OSPFv2). Second, RIPng is initialized in global configuration mode and then
enabled on specific interfaces.

Example 8-3 shows the syntax used to apply RIPng to a configuration. Notice that the syntax is very similar to traditional RIP.


Like RIP for IPv4, troubleshoot RIPng by looking at the routing table (show ipv6 route), by reviewing the routing protocols (show ipv6 protocols), and by watching routing updates propagated between routers (debug ipv6 rip).


EIGRP
EIGRP has been expanded to support IPv6, although you’ll need to verify that a specific version of IOS is capable of doing this. EIGRP for IPv6 is based on the IPv4 version. EIGRP is still an advanced distance vector routing protocol that uses a complex metric. EIGRP still has a reliable update mechanism and uses DUAL to retain fall-back paths. Like EIGRP in IPv4, it sends multicast hellos every five seconds (but the multicast address is now FF02::A). EIGRP is enabled as described in the following:

Router(config)#ipv6 router eigrp as
Router(config-rtr)#router-id ipv4-address|ipv6-address
Router(config-rtr)#interface type number
Router(config-if)#ipv6 eigrp as

Like EIGRP for IPv4, troubleshoot by looking at the routing table (show ipv6 route), by reviewing the routing protocols (show ipv6 protocols), and by monitoring neighbors (show ipv6 eigrp neighbors). Example 8-4 shows the configuration for IPv6 EIGRP. Notice that the
routing protocol must be enabled under each interface.