FDDI Trunks and 802.10 Encapsulation

FDDI Trunks and 802.10 Encapsulation

ISL trunk encapsulation is designed for trunking over a point-to-point connection between two Catalysts using Ethernet. Only two Catalysts connect to the link. This contrasts with connectivity over an FDDI system. FDDI operates as a shared network media (half duplex) and can have more than two participants on the network. A different encapsulation scheme, therefore, is used when trunking over an FDDI network. Cisco adapted an IEEE standard for secure bridging over an 802-based network and applied it to FDDI trunking between Catalysts. IEEE 802.10 devised the standard to facilitate the transport of multiple traffic sources over shared local and metropolitan networks and yet retain logical isolation between the source networks at the receiver.

You can create interconnections between Catalysts where all Catalyst FDDI interfaces belong to the same VLAN. Only one VLAN transports over the FDDI, however. You can do this if you have a simple VLAN design and have an existing FDDI segment that you need to continue to use. The legacy network components might not support 802.10, forcing you to configure your Catalysts so they can share the FDDI network. A more typical use, however, might allow for multiple VLANs to share the backbone, as in Figure 8-10.

Figure 8-10. An FDDI Trunk Example with 802.10 Encapsulation

By enabling 802.10 encapsulation on the FDDI interfaces in the network, the FDDI backbone becomes a Catalyst trunk. The network in Figure 8-10 attaches many Catalysts allowing them to transport data from distributed VLANs over the FDDI trunk. Member stations of VLAN 10 on Cat-A can communicate with stations belonging to VLAN 10 on Cat-B. Likewise, members of VLAN 20 can communicate with each other regardless of their location in the network.

As with any multiple VLAN network, routers interconnect VLANs. The Cisco router in Figure 8-10 attached to the FDDI network understands 802.10 encapsulation and can therefore route traffic between VLANs.

The configuration in Example 8-9 demonstrates how to enable 801.10 encapsulation on a Cisco router so that VLAN 100 can communicate with VLAN 200.

Example 8-9 Router Configuration for 802.10 Trunk

The configuration applies to FDDI subinterfaces. Each VLAN must be configured on a subinterface and should support a single subnetwork. The encapsulation sde 100 statement under subinterface 2/0.1 enables 802.10 encapsulation and associates VLAN 100 with the interface, whereas the statement encapsulation sde 200 associates VLAN 200 with subinterface 2/0.2.

Figure 8-11 illustrates 802.10 encapsulation. The 802.10 header contains the MAC header, a Clear header, and a Protected header. The MAC header contains the usual 48-bit destination and source MAC addresses found in FDDI, Ethernet, and Token Ring networks. The Clear and Protected headers, however, are additions from the 802.10 standard. The Protected header duplicates the source MAC address to ensure that a station is not spoofing the real source. If the source address in the MAC and Protected headers differ, another station took over the session.

Figure 8-11. 802.10 Encapsulation

Figure 8-11 shows three fields in the Clear header portion. Only the Security Association Identifier (SAID) field is relevant to VLANs. Therefore, the other two fields (802.10 LSAP and MDF) are ignored in this discussion.

The SAID field as used by Cisco identifies the source VLAN. The four-byte SAID allows for many VLAN identifiers on the FDDI network. When you create an FDDI VLAN, you provide the VLAN number. By default, the Catalyst adds 100,000 to the VLAN number to create a SAID value. The receiving Catalyst subtracts 100,000 to recover the original FDDI VLAN value. Optionally, you can specify a SAID value. But this is not usually necessary. The Catalyst commands in Example 8-10 enable 802.10 encapsulation for VLANs 500 and 600 and modify the VLAN 600 SAID value to 1600.

Example 8-10 802.10 VLAN Configuration

After establishing the VLANs, the show vlan command displays the addition of the VLANs with the specified SAID value as in Example 8-11. Note that VLAN 500 has a SAID value of 100,500 because a SAID value was not specified and the Catalyst by default added 100,000 to the VLAN number.

Example 8-11 show vlan Command Output

Although the FDDI VLANS were successfully created, all that was accomplished was the creation of yet another broadcast domain. The Catalysts treat the FDDI VLAN as distinct from any of the Ethernet VLANs unless you associate the broadcast domains as a single domain. Use the set vlan command to merge the FDDI and the Ethernet broadcast domains. Until you do this, the Catalyst cannot transport the Ethernet VLAN over the FDDI trunk. To make an Ethernet VLAN 10 and an FDDI VLAN 100 part of the same broadcast domain, you enter the following command:

Conversely, the following command is equally effective, where you specify the FDDI VLAN first, and then translate it into the Ethernet VLAN:

These are bidirectional commands. You do not need to enter both commands, only one or the other.

About the author


Leave a Comment