FDDI Trunks and 802.10 Encapsulation
ISL trunk encapsulation is designed for trunking over a point-to-point connection between two Catalysts using Ethernet. Only two Catalysts connect to the link. This contrasts with connectivity over an FDDI system. FDDI operates as a shared network media (half duplex) and can have more than two participants on the network. A different encapsulation scheme, therefore, is used when trunking over an FDDI network. Cisco adapted an IEEE standard for secure bridging over an 802-based network and applied it to FDDI trunking between Catalysts. IEEE 802.10 devised the standard to facilitate the transport of multiple traffic sources over shared local and metropolitan networks and yet retain logical isolation between the source networks at the receiver.
You can create interconnections between Catalysts where all Catalyst FDDI interfaces belong to the same VLAN. Only one VLAN transports over the FDDI, however. You can do this if you have a simple VLAN design and have an existing FDDI segment that you need to continue to use. The legacy network components might not support 802.10, forcing you to configure your Catalysts so they can share the FDDI network. A more typical use, however, might allow for multiple VLANs to share the backbone, as in Figure 8-10.
Figure 8-10. An FDDI Trunk Example with 802.10 Encapsulation
By enabling 802.10 encapsulation on the FDDI interfaces in the network, the FDDI backbone becomes a Catalyst trunk. The network in Figure 8-10 attaches many Catalysts allowing them to transport data from distributed VLANs over the FDDI trunk. Member stations of VLAN 10 on Cat-A can communicate with stations belonging to VLAN 10 on Cat-B. Likewise, members of VLAN 20 can communicate with each other regardless of their location in the network.
As with any multiple VLAN network, routers interconnect VLANs. The Cisco router in Figure 8-10 attached to the FDDI network understands 802.10 encapsulation and can therefore route traffic between VLANs.
The configuration in Example 8-9 demonstrates how to enable 801.10 encapsulation on a Cisco router so that VLAN 100 can communicate with VLAN 200.
Example 8-9 Router Configuration for 802.10 Trunk
int fddi 2/0.1 ip address 172.16.1.1 255.255.255.0 encapsulation sde 100 int fddi 2/0.2 ip address 172.16.2.1 255.255.255.0 encapsulation sde 200
The configuration applies to FDDI subinterfaces. Each VLAN must be configured on a subinterface and should support a single subnetwork. The encapsulation sde 100 statement under subinterface 2/0.1 enables 802.10 encapsulation and associates VLAN 100 with the interface, whereas the statement encapsulation sde 200 associates VLAN 200 with subinterface 2/0.2.
Figure 8-11 illustrates 802.10 encapsulation. The 802.10 header contains the MAC header, a Clear header, and a Protected header. The MAC header contains the usual 48-bit destination and source MAC addresses found in FDDI, Ethernet, and Token Ring networks. The Clear and Protected headers, however, are additions from the 802.10 standard. The Protected header duplicates the source MAC address to ensure that a station is not spoofing the real source. If the source address in the MAC and Protected headers differ, another station took over the session.
Figure 8-11. 802.10 Encapsulation
Figure 8-11 shows three fields in the Clear header portion. Only the Security Association Identifier (SAID) field is relevant to VLANs. Therefore, the other two fields (802.10 LSAP and MDF) are ignored in this discussion.
The SAID field as used by Cisco identifies the source VLAN. The four-byte SAID allows for many VLAN identifiers on the FDDI network. When you create an FDDI VLAN, you provide the VLAN number. By default, the Catalyst adds 100,000 to the VLAN number to create a SAID value. The receiving Catalyst subtracts 100,000 to recover the original FDDI VLAN value. Optionally, you can specify a SAID value. But this is not usually necessary. The Catalyst commands in Example 8-10 enable 802.10 encapsulation for VLANs 500 and 600 and modify the VLAN 600 SAID value to 1600.
Example 8-10 802.10 VLAN Configuration
Console> (enable) set vlan 500 type fddi Vlan 500 configuration successful Console> (enable) set vlan 600 type fddi said 1600 Vlan 600 configuration successful
After establishing the VLANs, the show vlan command displays the addition of the VLANs with the specified SAID value as in Example 8-11. Note that VLAN 500 has a SAID value of 100,500 because a SAID value was not specified and the Catalyst by default added 100,000 to the VLAN number.
Example 8-11 show vlan Command Output
Console> (enable) show vlan VLAN Name Status Mod/Ports, Vlans ---- -------------------------------- --------- ------------------------ 1 default active 1/1-2 2/1-24 100 VLAN0100 active 110, 120 110 VLAN0110 active 120 VLAN0120 active 500 VLAN0500 active 600 VLAN0600 active 1002 fddi-default active 1003 trcrf-default active 1004 fddinet-default active 1005 trbrf-default active 1003 VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 100 trbrf 100100 4472 - - 0x5 ibm - 0 0 110 trcrf 100110 4472 100 0x10 - - srb 0 0 120 trcrf 100120 4472 100 0x20 - - srb 0 0 500 fddi 100500 1500 - 0x0 - - - 0 0 600 fddi 1600 1500 - 0x0 - - - 0 0 1002 fddi 101002 1500 - 0x0 - - - 0 0 1003 trcrf 101003 4472 1005 0xccc - - srb 0 0 1004 fdnet 101004 1500 - - 0x0 ieee - 0 0 1005 trbrf 101005 4472 - - 0xf ibm - 0 0 VLAN AREHops STEHops Backup CRF ---- ------- ------- ---- 110 7 7 off 120 7 7 off 1003 7 7 off Console> (enable)
Although the FDDI VLANS were successfully created, all that was accomplished was the creation of yet another broadcast domain. The Catalysts treat the FDDI VLAN as distinct from any of the Ethernet VLANs unless you associate the broadcast domains as a single domain. Use the set vlan command to merge the FDDI and the Ethernet broadcast domains. Until you do this, the Catalyst cannot transport the Ethernet VLAN over the FDDI trunk. To make an Ethernet VLAN 10 and an FDDI VLAN 100 part of the same broadcast domain, you enter the following command:
Console> (enable) set vlan 10 translation 100
Conversely, the following command is equally effective, where you specify the FDDI VLAN first, and then translate it into the Ethernet VLAN:
Console> (enable) set vlan 100 translation 10
These are bidirectional commands. You do not need to enter both commands, only one or the other.