D-H,appy

vlan
=================
1. conf)#vlan 10

2. #vlan database
  -vlan)#vlan 10
=================
interface fa0/1
 switchport mode access
 swtichport access vlan 10
=================
확인
 show vlan
 show vlan-switch
=================

trunk
=================
 1. 802.1Q (TAG) IEEE
 2. ISL (Encapsulation) CISCO
=================
interface fa0/1
 switchport trunk encapsulation [dot1q, isl]
 switchport mode trunk
=================
확인
 show interface trunk
=================
(DTP,Native vlan(802.1Q), allowed vlan)

switchport mode access
switchport mode trunk (DTP)
switchport mode dynamic desirable (DTP)
switchport mode dynamic auto (Default)

-------------------------------------------
2일차

VTP (VLAN TRUNK PROTOCOL) CISCO
1. trunk
2. VTP domain name
3. (option)vtp password
==================
1. config)#vtp domain BCMSN
   config)#vtp mode [server, client, transparent]
   config)#vtp pruning ===> no vtp pruning
   cnofig)#vtp password cisco ===> no vtp password

2. #vlan database
   -vlan)#vtp domain BCMSN
   -vlan)#vtp [server, client, transparent]
   -vlan)#vtp pruning
   -vlan)#vtp password cisco
==================
확인
show vtp status
show vtp counters
==================

------------------------------------------
실습2

sw1(config)#interface fa1/1
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#interface fa1/3
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut
sw1(config-if)#exit

sw2(config)#interface fa1/1
sw2(config-if)#switchport mode trunk
sw2(config-if)#no shut
sw2(config-if)#exit
sw2(config)#interface fa1/5
sw2(config-if)#switchport mode trunk
sw2(config-if)#no shut
sw2(config-if)#exit

sw3(config)#interface fa1/5
sw3(config-if)#switchport mode trunk
sw3(config-if)#no shut
sw3(config-if)#exit
sw3(config)#interface fa1/3
sw3(config-if)#switchport mode trunk
sw3(config-if)#no shut
sw3(config-if)#exit
---------
확인
show interface trunk

sw1(config)#interface vlan 1
sw1(config-if)#ip address 192.168.1.1 255.255.255.0
sw1(config-if)#no shut

sw2(config)#interface vlan 1
sw2(config-if)#ip address 192.168.1.2 255.255.255.0
sw2(config-if)#no shut

sw3(config)#interface vlan 1
sw3(config-if)#ip address 192.168.1.3 255.255.255.0
sw3(config-if)#no shut
--------

sw1#vlan database
sw1(vlan)#vtp domain BCMSN
Domain name already set to BCMSN .
sw1(vlan)#vtp server
Device mode already VTP SERVER.
sw1(vlan)#

sw2#vlan database
sw2(vlan)#vtp domain BCMSN
Domain name already set to BCMSN .
sw2(vlan)#vtp client
Setting device to VTP CLIENT mode.
% not enough space on flash to store vlan database. trying squeeze...First create squeeze log by erasing the entire device

% error squeezing flash - (Missing or corrupted log)
sw2(vlan)#

sw3#vlan database
sw3(vlan)#vtp domain BCMSN
Domain name already set to BCMSN .
sw3(vlan)#vtp client
Setting device to VTP CLIENT mode.
% not enough space on flash to store vlan database. trying squeeze...First create squeeze log by erasing the entire device

% error squeezing flash - (Missing or corrupted log)
sw3(vlan)#

-------
vlan 생성

sw1#vlan database
sw1(vlan)#vlan 10
VLAN 10 modified:
sw1(vlan)#vlan 20
VLAN 20 modified:
sw1(vlan)#vlan 30
VLAN 30 modified:
sw1(vlan)#vlan 40
VLAN 40 modified:
sw1(vlan)#vlan 50
VLAN 50 modified:
sw1(vlan)#vlan 60
VLAN 60 modified:
--------
2,3번에서 vlan 생성 확인
show vlan-switch
show vtp status

--------
sw2, sw3에서는 vlan 생성 안됨

--------

sw1#vlan database
sw1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
sw1(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#

암호때문에 sw2,sw3 vlan 10 생성 X

sw2#vlan database
sw2(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
sw2(vlan)#exit
In CLIENT state, no apply attempted.
Exiting....
sw2#

sw3#vlan database
sw3(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
sw3(vlan)#exit
In CLIENT state, no apply attempted.
Exiting....

sw1#vlan database
sw1(vlan)#vlan 70
VLAN 70 added:
    Name: VLAN0070
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#

확인하면 이제 생성 O

----------------
transparent mode

sw2#  vlan database
sw2(vlan)#vtp transparent   ==>> revision num 0
Setting device to VTP TRANSPARENT mode.
sw2(vlan)#exit
APPLY completed.
Exiting....

sw2#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 256
Number of existing VLANs        : 12
VTP Operating Mode              : Transparent
VTP Domain Name                 : BCMSN
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB9 0x0D 0xD8 0x07 0x70 0x8D 0xF7 0x88
Configuration last modified by 192.168.1.1 at 3-1-93 00:11:15

sw1(vlan)#vlan 80
VLAN 80 added:
    Name: VLAN0080

--> sw3에만 80 생성

--------------
pruning

sw1#vlan database
sw1(vlan)#vtp pruning
Pruning switched ON
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#

VTP Pruning Mode                : Enabled

----------------------------------------------
교재 5장.

native vlan (untag traffic) ===> vlan 1 (default) ===> vlan X
VLAN 1 ===> management traffic

----------------------------------------------
교재 6장.

STP(Spanning-tree protocol) 802.1D PVST
 IEEE표준
 1. 시간 - 해결 : RSTP(Rapid Spannnig-tree protocol) 802.1W
 2. CPU  - 해결 : MSTP(Multiple Spanning-tree protool) 802.1S
 
 CISCO표준
 1. 시간 - portfast, unlinkfast, backbonfast

----------------
실습2-5번문제

show spanning-tree vlan 1 brief

sw3#show spanning-tree vlan 1 brief

VLAN1
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     c800.0c58.0000
             Cost        19
             Port        44 (FastEthernet1/3)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     c802.0c58.0000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 0 

Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/3      128.44   128    19 FWD     0 32768 c800.0c58.0000 128.44
FastEthernet1/5      128.46   128    19 BLK    19 32768 c801.0c58.0000 128.46

--------------------------
port status

1. listen (STP) ==> loop방지 (15sec)
2. learn (MAC 학습) ==> broadcast 감소 (15sec)
3. forwarding

------------------

==STP 계산법==
1. Root bridge 선출 (VLAN 마다)
   (Priority(32768) ==> MAC) 낮은값 우선

2. Root port 선출 (non-root bridge마다)
   (cost ==> port-id(sender port-id, 자신의 포트 아이디가 아니라 상대방의 포트 아이디)) 낮은값 우선
   (100M ==> 19, 10M ==> 100)
  
3. Designated port선출 (segment 마다)
   (cost

sw3#show spanning-tree vlan 1 brief
로 확인

-----------------

port role
1. designated port (BPDU 송신)
2. root port       (BPDU 수신)
3. blocking port   (BPDU 수신) traffic 차단

Root bridge 조정 (SW1 ROOT Bridge ===> SW3)
 sw3
  config)#spanning-tree vlan 1 priority 32767
 
  config)#spanning-tree vlan 1 root primary
  config)#spanning-tree vlan 1 root secondary

결과
sw2#show spanning-tree vlan 1 brief
FastEthernet1/1      128.42   128    19 BLK    19 32768 c800.0c58.0000 128.42
blocking 되어있음

------------------

 sw2
  spanning-tree vlan 1 root primary

결과
sw1 > FastEthernet1/3      128.44   128    19 BLK    19 32767 c802.0c58.0000 128.44

------------------

BPDU 의 타입 두가지
 1. configuration BPDU
 2. TCN BPDU
 

L2 (frame) MAC
show mac-address-table
learning
broadcast
300

L3 (packet) IP
show ip route
protocol dynamic (OSPF, EIGRP)
drop
유지

-------------------------------

VLAN = Broadcast domain = 1 network = router interface
  ==> ip address network 부분 동일하게 사용

59.5.100.205

itbank, itbank
sw15
clear line 15

초기화(flash(IOS) ==> nvram(startup-config) ==> 초기화 )
#erase startup (nvram startup configuration 삭제)
#delete vlan.dat
#reload

switch 초기화
#erase startup-config(nvram삭제)
#delete vlan.dat (vlan정보 삭제)
#reload

running-configuration RAM
startup-configuration NVRAM

copy running startup = wr

show interface status
show version
show flash (IOS)
show logging
show run interface f0/23

show vlan
show interface trunk
show vtp status

vlan생성
config)#vlan 10
config-vlan)#name 10F
config-vlan)#end
#show vlan

vlan삭제
config)#no vlan 10
config)#default interface fa0/1

----------------------------
sw15(config)#vlan 10
sw15(config-vlan)#name 10F
sw15(config-vlan)#exit
sw15(config)#vlan 20
sw15(config-vlan)#name 20F
sw15(config-vlan)#exit

sw15(config)#interface fa0/1
sw15(config-if)#switchport mode access
sw15(config-if)#switchport access vlan 10
sw15(config-if)#exit

sw15(config)#interface fa0/2
sw15(config-if)#switchport mode access
sw15(config-if)#switchport access vlan 10
sw15(config-if)#exit

sw15(config)#interface range fa0/3-4
sw15(config-if-range)#switchport mode access
sw15(config-if-range)#switchport access vlan 20
sw15(config-if-range)#exit

sw15#show vlan
sw15#show interface status
sw15#show run interface fa0/1

이렇게 해도 됨
sw15(config)#interface fa0/10
sw15(config-if)#switchport access vlan 100
sw15#show vlan

vlan생성
sw15#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.

sw15(vlan)#vlan 120 name 120F
VLAN 120 added:
    Name: 120F
sw15(vlan)#exit
APPLY completed.
Exiting....
sw15#

IOS   ==> config t
CatOS ==> set

------------------------------

====Trunk====
1. 802.1Q (IEEE) ==> tagging (vlan정보를 중간에 붙임)
2. ISL (CISCO)   ==> encapsulation (정보를 앞에 붙임)

interface fa0/1
 switchport trunk encapsulation [isl, dot1q]
 switchport mode trunk

확인
 show interface trunk

--------------------------

sw15(config)#interface fa0/23
sw15(config-if)#switchport trunk encapsulation dot1q
sw15(config-if)#switchport mode trunk
sw15(config-if)#switchport nonegotiate (DTP off)
sw15(config-if)#switchport trunk allowed vlan 1,2
sw15(config-if)#switchport trunk native 1
sw15#show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Fa0/23      on               802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/23      1-4094

Port        Vlans allowed and active in management domain
Fa0/23      1,10,20,100,120

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/23      none
sw15#

------------------------

sw15(config)#interface fa0/23
sw15(config-if)#switchport trunk encapsulation isl
sw15(config-if)#switchport mode trunk

확인
sw15#show interface trunk
sw15#show interface status

(DTP) dynamic trunk protocol
sw15(config)#interface fa0/23
sw15(config-if)#switchport trunk encapsulation isl
sw15(config-if)#switchport mode trunk
sw15(config-if)#switchport nonegotiate (DTP off)

-----------------------

switchport mode access 특정한 하나의 VLAN만 돌아다닐수있음
switchport mode trunk 제한없음
switchport mode dynamic (DTP)
 switchport mode dynamic desirable (DTP)
 switchport mode dynamic auto ==> default

desirable = auto ==> trunk
desirable = desirable ==> trunk
desirable = trunk ==> trunk
desirable = access ==> access

auto = auto ==> access

======================================
IOS

config)#vlan 10
#show vlan

switchport trunk encap dot1q isl
switchport mode trunk

----------------
CatOS

#vlan database
-vlan)#vlan 10
#show vlan-switch

switchport mode trunk

no shut

-------------------
실습 2번

turnk설정
sw~3까지 다.

sw1(config)#interface fa1/1
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut
sw1(config-if)#

sw1(config)#interface fa1/3
sw1(config-if)#switchport mode trunk
sw1(config-if)#no shut

ip설정
sw~3까지 다.

sw1(config)#interface vlan 1
sw1(config-if)#ip add 192.168.1.1 255.255.255.0
sw1(config-if)#no shut

VTP
1. trunk
2. vtp domain name

sw~3까지 다

sw1#vlan database
sw1(vlan)#vtp domain BCMSN
Changing VTP domain name from NULL to BCMSN

vlan 추가 및 확인

sw1#vlan database
sw1(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
sw1(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
sw1(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
sw1(vlan)#vlan 40
VLAN 40 added:
    Name: VLAN0040
sw1(vlan)#vlan 50
VLAN 50 added:
    Name: VLAN0050
sw1(vlan)#vlan 60
VLAN 60 added:
    Name: VLAN0060
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#

확인
sw1#show vlan-switch 
sw2#show vlan-switch  ==> vlan 자동생성 확인
sw3#show vlan-switch

# VLAN

  - 사용자가 증가(이더넷 장치)되면 브로드케스트 플러딩양이 증가되기 때문에 LAN 구간
     전송 장비 및 시스템 장비 성능을 저하시키는 문제가 있다.

  - 스위치 모든 포트는 기본적으로 VLAN 1 브로드케스트 도메인에 소속되어 동작하기
    때문에 브로드케스트 프레임을 수신한 스위치는 VLAN 1 도메인 지역으로 전체
    플러딩을 실시한다.

 - 이러한 문제는 스위치에서 VLAN을 구성하면 해결이 가능하다.

 - VLAN 구성 장점

 1) 증가되는 브로드케스트 플러딩 범위를 최소화하여 브로드케스트양을 줄인다.
 2) 서로 다른 VLAN은 서로 다른 브로드케스트 도메인이기 때문에 접근이 불가능하다.
     그래서 보안적인 요소로 사용할 수 있다.
 3) Spanning-Tree Protocol과 함께 사용하여 VLAN 로드 분산이 가능하다.
 4) 관리상 효율적이며, 이동성이 강하다.

 - VLAN 데이터 베이스 정보 확인 (VLAN 1, 1002~1005는 기본적으로 구성되어 있음)

SW1#show vlan-switch brief (실제 스위치에서는 show vlan brief)

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                             active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                      Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                      Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                     Fa1/12, Fa1/13, Fa1/14, Fa1/15
1002 fddi-default                     active   
1003 token-ring-default              active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

 - VLAN 데이테베이스 정보는 스위치 Flash 메모리에 별도로 저장되어 관리한다.

# VLAN 구성 단계

 1. VLAN 생성
 2. 생성한 VLAN에 해당 포트를 소속시킨다.

# VLAN 생성 및 삭제

1. Cisco IOS 설정 방법

 Switch(config)# vlan 11
 Switch(config-vlan)# name VLAN_A
 Switch(config-vlan)# vlan 12
 Switch(config-vlan)# name VLAN_B

 Switch(config)# no vlan 11
 Switch(config)# no vlan 12

 - 기본이름을 이용하여 한번에 VLAN 11~15까지 생성 및 삭제

 Switch(config)# vlan 11-15

 Switch(config)# no vlan 11-15

 - 기본이름을 이용하여 한번에 VLAN 11,13,15까지 생성 및 삭제

 Switch(config)# vlan 11,13,15

 Switch(config)# no vlan 11,13,15

2. Cat OS 설정 방법

Switch# vlan database
Switch(vlan)# vlan 11 name VLAN_A
Switch(vlan)# vlan 12 name VLAN_B
Switch(vlan)# exit

Switch# vlan database
Switch(vlan)# no vlan 11
Switch(vlan)# no vlan 12
Switch(vlan)# exit

SW1#vlan database
SW1(vlan)#vlan 11 name VLAN_A
VLAN 11 added:
    Name: VLAN_A
SW1(vlan)#vlan 12 name VLAN_B
VLAN 12 added:
    Name: VLAN_B
SW1(vlan)#vlan 13 name VLAN_C
VLAN 13 added:
    Name: VLAN_C
SW1(vlan)#exit
APPLY completed.
Exiting....

SW1#show vlan-switch brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
11   VLAN_A                           active   
12   VLAN_B                           active   
13   VLAN_C                           active   
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

2. VLAN으로 해당 포트 소속 설정 (Access 설정)

VLAN 11 : Fa1/1, Fa1/3 ~ 5
VLAN 12 : Fa1/12 ~ 13

SW1(config)# int range fa1/1 , fa1/3 - 5
SW1(config-if-range)# switchport mode access <- 해당 포트를 싱글 호스트로 변경 설정
SW1(config-if-range)# switchport access vlan 11
SW1(config-if-range)# int range fa1/12 - 13
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 12

SW1#show vlan-switch brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                              active    Fa1/1, Fa1/2, Fa1/6, Fa1/7
                                                       Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                      Fa1/14, Fa1/15
11   VLAN_A                           active    Fa1/1, Fa1/3, Fa1/4, Fa1/5
12   VLAN_B                           active    Fa1/12, Fa1/13
13   VLAN_C                           active   
1002 fddi-default                     active   
1003 token-ring-default              active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

3. 트렁크 구성

 - 스위치와 스위치를 VLAN 개수만큼 Access을 실시하면 확장성 문제가 발생되므로
    트렁크를 구성하여 확장성을 보장시킨다.

 - 트렁크 : 스위치간에 VLAN 프레임을 전송할 때 VLAN-ID를 태킹할때 사용하는 프로로콜

 - Cisco ISL : Cisco Catalyst 스위치에서만 동작 가능하며, 2950 씨리즈에는 지원 안됨
 - IEEE 802.1q : IEEE에서 개발한 표준 트렁크 프로토콜 (dot1q)

SW1(config)# int fa1/10
SW1(config-if)# switchport trunk encapsulation dot1q <- IEEE 802.1q로 태깅 실시
SW1(config-if)# switchport mode trunk <- 트렁크 포트로 변경

SW2(config)# int fa1/11
SW2(config-if)# switchport trunk encapsulation dot1q <- IEEE 802.1q로 태깅 실시
SW2(config-if)# switchport mode trunk <- 트렁크 포트로 변경

SW1,SW2# show interface trunk

SW1#show interfaces trunk (Trunk 모드 : on(수동 모드), auto(대기 모드), desirable(동적 모드))

Port      Mode         Encapsulation  Status        Native vlan
Fa1/10    on           802.1q          trunking       1

Port      Vlans allowed on trunk
Fa1/10    1-1005 <- VLAN 1~1005까지 태깅이 가능하다.

Port      Vlans allowed and active in management domain
Fa1/10    1,11-13 <- 현재 VLAN 데이터베이스에 있는 VLAN 1, 11~13까지 태깅한다.

Port      Vlans in spanning tree forwarding state and not pruned
Fa1/10    1,11-13

4. 각각의 VLAN에 서브넷 할당

 - VLAN 11 : x.x.11.0/24
 - VLAN 12 : x.x.12.0/24
 - VLAN 13 : x.x.13.0/24

5. Inter-VLAN 구성

 - Inter-VLAN을 구성할때 라우터와 스위치간에 VLAN 개수만큼 Access를 하면, 확장성 문제
   가 발생되므로 트렁크로 구성한다.

SW1(config)# int fa1/9
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk

R3(config)# int fa0/0
R3(config-if)# no shutdown
R3(config-if)# int fa0/0.1 <- VLAN 11 게이트웨이
R3(config-subif)# encapsulation dot1q 11 <- VLAN 11 태깅 실시
R3(config-subif)# ip add x.x.11.254 255.255.255.0 <- VLAN 11 게이트웨이 주소
R3(config-subif)# int fa0/0.2
R3(config-subif)# encapsulation dot1q 12
R3(config-subif)# ip add x.x.12.254 255.255.255.0
R3(config-subif)# int fa0/0.3
R3(config-subif)# encapsulation dot1q 13
R3(config-subif)# ip add x.x.13.254 255.255.255.0

R3#show ip route connected
     13.0.0.0/24 is subnetted, 3 subnets
C       13.13.11.0 is directly connected, FastEthernet0/0.1
C       13.13.12.0 is directly connected, FastEthernet0/0.2
C       13.13.13.0 is directly connected, FastEthernet0/0.3

[참고] Dulpex MisMatch 해결

R3#
*Mar  1 01:49:43.307: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with SW1 FastEthernet1/9 (full duplex).

R3(config)# int fa0/0
R3(config-if)# speed 100
R3(config-if)# duplex full

SW1(config)# int fa1/9
SW1(config-if)# speed 100
SW1(config-if)# duplex full

# Native VLAN

 - 스위치는 VLAN-ID가 태깅 되지 않은 Untag 프레임을 수신하면 Native VLAN으로
   소속시켜 처리한다. 이때, 기본적으로 Native VLAN은 VLAN 1이 수행한다.
   (Ex: 트렁크 포트로 일반 프레임을 수신한 경우)

 - Native VLAN 변경 : Switch(config-if)# switchport trunk native vlan 11

 - IEEE 802.1q : Untag 프레임을 수신하면 Native VLAN으로 처리한다.
 - Cisco ISL : Untag 프레임을 수신하면 드랍시킨다.