|
|
Before using the VlanDirector application you need to make some important decisions about your network design. These sections assist you in determining how best to configure your network to meet the bandwidth needs of your users, and determining the administrative control you need.
Keep in mind that this information is not meant to provide detailed network design information. The goal is to provide you with an overview of the network design considerations that may affect how you can use the VlanDirector application.
These sections provide guidelines to help you prepare to use the VlanDirector application:
Before using the VlanDirector application to configure the VLANs in your network, you should consider the design of your VTP domain. This is an essential step because CWSI Campus was designed for running on networks using VTP services.
A VTP domain is made up of one or more interconnected devices that share the same VTP domain name. A switch can be configured to be in only one VTP, and each VLAN has a name that is unique within a management domain.
Typically, you use a VTP domain to ease administrative control of your network or to account for physical boundaries within your network. However, you can choose to set up as many or as few VTP domains as are appropriate for your administrative needs.
In the VlanDirector application, to create a VLAN, you must select the VTP domain of which the VLAN will be a member. You also establish characteristics such as the VLAN name, VLAN index, SAID value, and so on. This information is used to identify the VLAN throughout the VTP domain. The VlanDirector application is a real-time application, so additions, changes, or deletions are immediately applied to devices in the network and are reflected in network operation.
Use the information in these sections as a guideline for setting up the VTP domain in your network:
Using VLAN Trunk Protocol (VTP), each switch in server mode advertises its management domain on its trunk ports, its configuration revision number, and its known VLANs and their specific parameters. Therefore, a new VLAN needs to be configured on only one device in the management domain, and the information is automatically learned by all the other devices (not in VTP transparent mode) in the same management domain. Once a device learns about a VLAN, it receives all frames on that VLAN from any trunk port and, if appropriate, forwards them to each of its other trunk ports.
Within a VTP domain, you must configure the VTP mode for the devices. You can set the VTP mode to VTP server, client, or transparent.
The VlanDirector application requires at least one VTP server for each VTP domain. Cisco recommends that you configure the other devices as VTP clients, especially if you have a large network. Having only one VTP server maintains VLAN consistency across the network.
If you choose to have multiple VTP servers, keep in mind that the device with the most recent configuration revision number controls the VTP advertisements. The configuration revision number is a number associated with a device's known set of VLANs (in one management domain), which can be compared to another device's configuration revision number (for the same management domain) in order to determine which is more recent. This number is incremented whenever a device is reconfigured to define a new VLAN, delete an existing VLAN, suspend or resume an existing VLAN, or modify the parameters of an existing VLAN.
If you do not want your devices to participate in VTP, you can configure them as VTP transparent. When you create a VLAN on a VTP transparent switch, the VLAN is local to that switch. It is not known to any other device in the network.
Step 1 Locate the ani.properties file in the main CWSI Campus directory.
Step 2 Find the following line:
VTP.onTransparent=off
Step 3 Change off to on so that the line now reads:
VTP.onTransparent=on
You can now create local VLANs on transparent switches.
When you configure a VLAN with this command enabled, the VlanDirector application configures the VLAN on both the VTP server and the transparent switch. However, the VlanDirector application only reads VLAN information from the VTP servers. The VlanDirector application does not read any VLAN information from switches in transparent mode.
Therefore, provided that you have at least one VTP server in your network, you can create local VLANs on transparent switches. However, you lose a verifiable consolidated view of the VLAN states of your switches. A switch in transparent mode does not communicate its VLAN state to a server nor does it accept changes to its VLAN state from the server.
If you attempt to use the VlanDirector application in a VTP domain that contains VTP transparent switches and no VTP servers, the VlanDirector application will not discover the created VLANs. For example, using the VlanDirector application, you create a VLAN on the transparent switch, and it appears in the application.
Because the VlanDirector application does not read VLAN information from transparent switches, it is only aware of these VLANs until you exit the VlanDirector application. When you exit, the database is purged and knowledge of VLANs existing only on transparent switches may be lost.
You can pass VLAN information between devices by configuring links between the switches. If you want a link to carry more than one VLAN, you need to use ISL. ISL is a Cisco-proprietary tagging protocol that allows VLAN trunking by maintaining VLAN information as traffic flows between switches and routers. To use ISL, you need to configure the ports on both sides of the link as trunk ports.
The VlanDirector application reports discrepancies that it discovers in your VTP domain and VLAN configuration. Table 2-1 lists some of these discrepancies and includes tips for preventing them from occurring. The entire set of discrepancies is described in Chapter 6, "Planning to Use the VlanDirector Application".
| Discrepancy | Meaning | How to Prevent |
|---|---|---|
VLAN Name Conflict | VLANs with different ISL numbers have the same name in different domains. | If you are using ISL trunks between VTP domains, VLANs must be identical to pass information across the trunk. Or, they must be completely different. You cannot mix and match VLAN characteristics. |
VLAN Index Conflict | VLANs with different names have the same ISL number in different domains. | |
VLAN SAID Conflict | Different SAID numbers on the same VLAN in different domains. | |
VTP Disconnected Domain | A link in a VTP domain is not set to trunk. There are devices in this domain that do not communicate through any trunk. | To connect VTP domains and share VLAN information between them, you must configure an ISL trunk. |
No VTP Server in Domain | There is no VTP server in the domain. | To function properly, the VlanDirector application requires at least one VTP server in the VTP domain. |
By enabling VTP on your devices and configuring VLANs on your VTP server, you allow all the devices in your VTP domain to be aware of the entire set of VLANs on the network. The VLANs active on specific devices can be statically defined, in which the port and device connecting to that port has the same VLAN assignment. Or, the ports can be dynamically assigned to a VLAN. For example, when a port in dynamic mode and unassigned receives a packet a MAC address that has been associated with a VLAN. At that time, the previously unassigned port is assigned to the VLAN associated with the MAC address.
With CWSI Campus, you use the VlanDirector application to create VLANs, and you use the UserTracking application to dynamically assign end-user stations to VLANs by associating an end-user's MAC address with a specific VTP domain and VLAN. Use the information in this section to determine if you want to dynamically assign end-user stations to VLANs:
You can configure the state of ports as static or dynamic.
In contrast, if you use dynamic port states, the VLAN to which the port is assigned is determined dynamically based on the MAC address in the Network Interface Card (NIC) in the workstation connected to the port. This dynamic assignment configuration information (based on MAC-to-VLAN address mappings) is held by a centralized server function, which is called the VLAN Membership and Policy Server (VMPS).
VMPS allows users to physically move their workstations from one office to another (one port to another---the new port must be dynamic) and be assigned to the same VLAN as before, regardless of the VLAN that was used by the workstation previously connected to the dynamic port in the new office. When a user connects a workstation or other host into a dynamic port, VMPS assigns the port into which the workstation has been plugged to a particular VLAN based on the MAC address on the interface card in the workstation.
Setting your port states as dynamic is most useful if the users in your network move physical locations often or if you have many users with portable computers. The users simply connect their computer to any dynamic port in your network, and their VLAN is assigned based on the MAC address of their computer. Therefore, you do not need to constantly reassign VLAN membership on the switch ports.
However, keep in mind that to allow a user with a portable computer to connect anywhere in your global organization, you may need to bridge these VLANs across routers. This configuration opens up the broadcast domain so much that it is unlikely to be an effective collision domain.
You need to balance the needs of your mobile users, the bandwidth requirements of your network, and the administrative control you require to maintain and support your network. If you decide to use dynamic port states, see the Using the Campus UserTracking Application publication, which is included with CWSI Campus.
Posted: Thu Sep 30 12:10:01 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.