Virtual Local Area Network


The scenario describes us with two distribution switches and two access switches at the International Travel Agency (ITA). Assignment tasks are to implement high availability in the ITA domain with voice service running in one of the distribution switches provided with MAC security in the access layer switches. Furthermore, the access layer switches must be designed so that it trusts the IP phone COS fields with a simple and automatic QOS running on each of the switches. All IP addresses that are assigned to the various ports used in this topology are covered with the / 24 subnet using VLSM. And finally standard encapsulation technologies are used for the inter switch trunks to meet with scalability of the travel agency. The DS1 and DS2 used are Cisco Catalyst 3560?s and the AS1 and AS2 are Cisco Catalyst 2960?s. The DS?s use IOS Version 12.2(20)EX with 24 Fast Ethernet ports and the AS?s use IOS Version 12.2(35)SE5 with 24 Fast Ethernet ports. Etherchannel enabled on all trunk links with HSRP running in both the DS?s just so to make the network highly available and give maximum throughput making use of all the available bandwidth. Port aggregation i.e etherchannel is configured to achieve maximum efficiency using the trunk links. All codes are delivered in to these switches via the Command Line Interface (CLI). User authentication and remote access to these switches are also configured to provide maximum possible security to the ITA and also to remote troubleshoot the network in case of a failure, as a worst case.




This section covers all the technologies/techniques that is used to configure the network. All techniques used in this assignment are tested effective to the current topology with limited switches running redundancy protocols in them. Brief description of each of the techniques are given below.

2.1 Variable Length Subnet Masking (VLSM) / 24

Subnetting ?

Network ID First usable IPLast usable IPBroadcast IP  Subnet Mask

We use the first three subnets as there are only 3 vlans discussed. The default vlan has the maximum number of hosts and is considered as the management vlan. Vlan 10 and 200 use the subsequent subnets (i.e) mask 25 and 26 for its hosts respectively. Each subnet?s first ip address will be used for the standby mode with HSRP in action. The vast use of Ip addresses is to provide scalability to the ITA domain. Using VLSM gives maximum efficiency with scalability requirements.


DS(config-if)# ip address (Ip address) (Subnet mask)

2.2 VLAN Trunking Protocol (VTP)

VTP is a layer 2 messaging protocol that reduces administration in a switched network. It is so broadcasting that when we create a new Virtual Local Area Network (VLAN), it distributes it to all the switches available in the network. VTP transmit broadcast messages to all the switches within the domain. VTP is a Cisco-proprietary protocol. All switches have VTP mode server by default. The alternative modes are the client mode and the transparent mode. A well equipped switch is always made as the VTP server as it sometimes floods the whole VLAN with unicast and broadcast messages and only in the server mode the user can create, modify and delete VLAN?s and also configure other parameters for the whole domain, in our case the ITA domain. The client mode acts the same as the server but will not allow us to create, modify or delete a VLAN. A VTP transparent mode system will not participate in the broadcast but will receive advertisements. VTP will broadcast summary advertisements, subset advertisements and advertisement requests.


DS(config)# vtp mode (Required mode)


Ip routing must be enabled in the distribution layer switches DS1 and DS2 to handle layer 3 (Network Layer) traffic within the VLAN?s. Data must be routed between different switches to travel from its source to the destination address. This ip routing protocol command helps build a forwarding table that helps correlate final destinations with the next hop address.

DS(config)# iprouting

2.4 Port Aggregation Protocol (PAgP)

Trunking is enabled in the ports for availability reasons. If one of the cabling in the switches fails, traffic will be diverted to the other ports with in the trunking group. Now, the throughput may be reduced but the network still remains functional. The IEEE 802.3ad standard calls it Link Aggregation. With this link aggregation we can use policies like L1, L2 and l3 to control the outbound traffic speed. PAgp aids in the automatic creation of fast etherchannel links. From two to eight links can be bundled in a single port channel. This also provides load balancing mechanism within the trunks.

Switchports can be configured for the following modes of PAgP:

On- Non-negotiable bundling of ports in to an etherchannel.
Off- Ports are never bundled as an etherchannel.
Auto - PAgP packets are sent to the other end switch to negotiate for an
                          etherchannel. If the end switch is in desirable mode, etherchannel is formed.
                         (Two switches in auto mode will never conclude an etherchannel creation.)
Desirable  - PAgP packets are actively sent to negotiate an etherchannel.

Fig 2.1 PAgP Authentication Modes


DS(config)# interface range (Range of ports to be bundled)

DS(config-if-range)#switchport trunk encapsulation (Required encapsulation technique)

DS(config-if-range)#switchport mode trunk

DS(config-if-range)#channelgroup (Group Number) mode (Required mode)

2.5 Hot Standby Router Protocol (HSRP)

In order to provide high availability in switched networks a level of redundancy must be implemented. This is where HSRP plays its role. HSRP is a Cisco proprietary protocol. So if devices of different classes if used VRRP can be taken in. But Cisco enhancements cannot be used with VRRP. Here in our case we use HSRP, which can provide redundancy with a standby network that will kick in when the active route fails. The local state of the device decides the functionality. The list below shows various states and their functions.

State of local networking device; can be one of the following:

ActiveCurrent Hot Standby router.
Standby Router next in line to be the Hot Standby router.
Speak Router is sending packets to claim the active or standby role.
Listen Router is neither active nor standby, but if no messages are received from the active or standby router, it will start to "speak."
Learn  Router is neither active nor standby, nor does it have enough information to attempt to claim the active or standby roles.
Init Router is not yet ready to participate in HSRP, possibly because the associated interface is not up.

The cycle of states as observed in this assignment is that, if an interface of the active switchfails, the standby device speaks, then listens and learns the network and finally becomes active. The interface that failed turns to Init state.

2.6 Port Access Security and MAC Filtering

Port access security is enabled to minimise data flooding in the ports and also to prevent any kind of a situation that can make the network busy. It actually restricts the MAC address or addresses to gain access to the ports, and a subsequent action if any violation is liable. But the port cannot be a trunk port or in an Etherchannel.


AS(config)# interface port(desired port)

AS(config-if)# switchport mode access

AS(config-if)# switchport port-security

MAC filtering can restrict the number of users to access one given port and also we can manually provide the switch with the MAC addresses that the switch can give access to.


AS(config-if)# switchport port-security max number(Number of MAC addresses)

AS(config-if)# switchport port-security mac-address 1111.2222.3333

The next step in this security mechanism is to assign an action for any violation that the switch recognises. The violation actions that are available are Protect, Restrict and Shutdown. Shutdown is the default action that the switch will do if there is any violation. Protect and Restrict actions drop the data from unknown sources and allow data from known sources, but restrict action will increment the Security Violation counter.


AS(config-if)# switchport port-security violation action(protect, restrict or shutdown)

2.7 Spanning Tree Portfast

Portfast mode for a spanning tree is assigned to the access ports to minimise the time taken for the port to form a link with any PC?s connected to it. This is achieved by bypassing the listening and learning states. Portfast is always used to ports that are connected to a single workstation. Enabling portfast in ports that are connected to other switches will end up in creating loops. Portfast is also termed as Faststart.


AS(config-if)# spanning-tree portfast

2.8 QOS

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!