You are on page 1of 5

A VLAN allows a network administrator to create groups of logically networked de vices that act as if they are on their own

independent network, even if they sha re a common infrastructure with other VLANs. A VLAN is a logically separate IP subnetwork. VLANs allow multiple IP networks a nd subnets to exist on the same switched network. For computers to communicate on the same VLAN, each must have an IP address and a subnet mask that is consistent for that VLAN. The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. A switch p ort with a singular VLAN configured on it is called an access port. Devices on two separate networks and subnets must communicate via a router (Laye r 3), whether or not VLANs are used. You do not need VLANs to have multiple netw orks and subnets on a switched network, but there are definite advantages to usi ng VLANs. =================================== Benefits of a VLAN: Security - Groups that have sensitive data are separated from the rest of the ne twork, decreasing the chances of confidential information breaches. Faculty comp uters are on VLAN 10 and completely separated from student and guest data traffi c. Cost reduction - Cost savings result from less need for expensive network upgrad es and more efficient use of existing bandwidth and uplinks. Higher performance - Dividing flat Layer 2 networks into multiple logical workgr oups (broadcast domains) reduces unnecessary traffic on the network and boosts p erformance. Broadcast storm mitigation - Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm. As discussed in the "Configu re a Switch" chapter, LAN segmentation prevents a broadcast storm from propagati ng to the whole network. In the figure you can see that although there are six c omputers on this network, there are only three broadcast domains: Faculty, Stude nt, and Guest. Improved IT staff efficiency - VLANs make it easier to manage the network becaus e users with similar network requirements share the same VLAN. When you provisio n a new switch, all the policies and procedures already configured for the parti cular VLAN are implemented when the ports are assigned. It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name. In the figure, for easy identification VLAN 20 has been named "Student", VLAN 10 c ould be named "Faculty", and VLAN 30 "Guest." Simpler project or application management - VLANs aggregate users and network de vices to support business or geographic requirements. Having separate functions makes managing a project or working with a specialized application easier, for e xample, an e-learning development platform for faculty. It is also easier to det ermine the scope of the effects of upgrading network services.

=================================== VLAN =================================== VLAN ID Ranges

It is common practice to separate voice and management traffic from d ata traffic. The importance of separating user data from switch management contr ol data and voice traffic is highlighted by the use of a special term used to id entify VLANs that only carry user data . such as CDP and spanning tree protocol traffic. Having all the switch ports participate in the defa ult VLAN makes them all part of the same broadcast domain.A management VLAN is any VLAN you configure to access the mana gement capabilities of a switch. By d efault. This allows any devic e connected to any switch port to communicate with other devices on other switch ports.Switch ports are Layer 2-only interfaces associated with a physic al port. are associated with VLAN 1. Voice VLANs . IDs 1 and 1002 to 1005 are automatically created and cannot be removed. Switch ports belong to one or more VLANs. Native VLAN .a "data VLAN". Default VLAN . SWITCH PORT MEMBERSHIP MODES Switch Ports . Dynamic VLAN .Normal Range VLANs . The 802.1Q trunk port place s untagged traffic on the native VLAN. except that you cannot rename it and you can not delete it.1Q trunk port.Ports on a switch are manually assigned to a VLAN. They do not handle routing or bridging.A data VLAN is a VLAN that is configured to carry only user-generate d traffic.) Extended Range VLANs .Identified by a VLAN ID between 1006 and 4094. Static VLAN . A data VLAN is sometimes referred to as a user VLAN. CONTROLLING BROADCAST DOMAINS WITH VLAN AND LAYER 3 FORWARDING . Switch ports are used for managing the physical interface and associate d Layer 2 protocols. Management VLAN . TYPES OF VLANS Data VLAN . (IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.A vocie VLAN is a VLAN that is configured to carry only voice over ip traffic. An 802. The default VLAN for Cisco switches is VLAN 1.A native VLAN is assigned to an 802.All switch ports become a member of the default VLAN after the in itial boot up of the switch. Layer 2 control traffic.Identified by a VLAN ID between 1 and 1005.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffi c that does not come from a VLAN (untagged traffic). VLAN 1 would serve as the management VLAN if yo u did not proactively define a unique VLAN to serve as the management VLAN. VLAN 1 has all the featur es of any VLAN.A port is configured to be in voice mode so that it can support an IP phone attached to it. Voice VLAN .A dynamic port VLAN membership is configured using a special serv er called a VLAN Membership Policy Server (VMPS).

A Layer 3 switch has the ability to route transmissions bet ween VLANs.SVI is a logical interface configured for a specific VLAN.After the switch inserts the EtherType and tag control information f ields. This value is called t he tag protocol ID (TPID) value. =================================== VLAN Trunking ============================== ===== VLAN Trunk . FCS field .The VLAN tag field consists of an EtherType field. Subsequently.A trunk is a point-to-point link between two network devices that c arries more than one VLAN.The tag control information field contains: 3 bits of user priority .1Q encapsulation header. which specifies h ow to provide expedited transmission of Layer 2 frames. when Ethernet frames are placed on a trunk they need additi onal information about the VLANs they belong to.1p standard. Cisco supports IEEE 802. Layer 3 Forwarding .VLAN identification numbers.Enables Token Ring frames t o be carried across Ethernet links easily.Used by the 802. supports up to 4 096 VLAN IDs. the switch receiving the frame knows to look for information in the tag control information field. You need to con figure an SVI for a VLAN if you want to route between VLANs or to provide IP hos t connectivity to the switch. an SVI is created for the default VLAN (VLAN 1) to permit remote switch administration. 12 bits of VLAN ID (VID) . it recalculates the FCS values and inserts it into the frame. .and the FCS field EtherType field . A VLAN trunk allows you to extend the VLANs across an entire network. 802. 1 bit of Canonical Format Identifier (CFI) .SVI . With the EtherType field set to the TPID value. Tag control information field . By default. This header adds a tag to the original Ethernet frame specifying the VLAN to which the frame belongs. except that the SVIs act as the router interfaces for routing the dat a between VLANs. The frame header does not contain information about which VLAN the frame should belo ng to. This is accomplished by using t he 802.1Q for coordinating trunks on Fast Ethe rnet and Gigabit Ethernet interfaces. The procedure is the same as inter-VLAN communication using a separa te router. a tag control in formation field. Tag Fields .Set to the hexadecimal value of 0x8100.1Q FRAME TAGGING Switches only use the Ethernet frame header information to forward packets.

the local port ends up in trunking state only if the remote port trunk mode has been configured to be on or desirable. regardless of what DTP i nformation the remote port sends as a response to the advertisement. to the rem ote port. After a DTP negotiation. On (default): The switch port periodically sends DTP frames. Consequently . The local port then. Switches from other vendors do not suppor t DTP. called advertisements.1Q trunk p ort receives a tagged frame on the native VLAN. The local port is then considered to be in an uncondi tional trunking state. desirable. Dynamic auto: The switch port periodically sends DTP frames to the remote port. the local port ends up in tr unking state. Untagged Frames on the Native VLAN: When a Cisco switch trunk port receives untagged frames it forwards those frames to the native VLAN. If the remote switch port is in the nonegotiate mode. DTP is automatically enabled on a switch port when certain trunking modes are configured on the switch port. The local switch port adver tises to the remote switch port that it is able to trunk and asks the remote swi tch port to go to the trunking state. when configuring a switch port on a Cisco switch. you need to identify these d evices and configure them so that they do not send tagged frames on the native V LAN.Tagged Frames on the Native VLAN: Control traffic sent on the native VLAN should be untagged. or auto mode. Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol. the local sw itch port remains as a nontrunking port. they do n ot negotiate to be in a trunking state. If an 802. They negotiate to be in the access (nontrunk) mode state. DTP supp orts both ISL (cisco legacy protocol) and 802. TRUNK MODES The trunking mode defines how the port negotiates using DTP to set up a trunk li nk with its peer port. DTP manages trunk negotiation only if the po rt on the other switch is configured in a trunk mode that supports DTP. Use this feature when you need to configure a trunk with . Dynamic desirable: DTP frames are sent periodically to the remote port. it drops the frame. The local swit ch port advertises to the remote switch port that it is able to trunk but does n ot request to go to the trunking state. changes to a trunking state. The local switch port advertises to the remote port that it is dynamic ally changing to a trunking state. If the local port detects that the remote has been configured in on. If both ports on the switches are set to auto.1Q trunks. Off: You can turn off DTP for the trunk so that the local port does not send out DTP frames to the remote port. The following provides a brief description of the availab le trunking modes and how DTP is implemented in each.

.a switch from another switch vendor.