You are on page 1of 5

A VLAN allows a network administrator to create groups of logically networked de vices that act as if they are on their own

independent network, even if they sha re a common infrastructure with other VLANs. A VLAN is a logically separate IP subnetwork. VLANs allow multiple IP networks a nd subnets to exist on the same switched network. For computers to communicate on the same VLAN, each must have an IP address and a subnet mask that is consistent for that VLAN. The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. A switch p ort with a singular VLAN configured on it is called an access port. Devices on two separate networks and subnets must communicate via a router (Laye r 3), whether or not VLANs are used. You do not need VLANs to have multiple netw orks and subnets on a switched network, but there are definite advantages to usi ng VLANs. =================================== Benefits of a VLAN: Security - Groups that have sensitive data are separated from the rest of the ne twork, decreasing the chances of confidential information breaches. Faculty comp uters are on VLAN 10 and completely separated from student and guest data traffi c. Cost reduction - Cost savings result from less need for expensive network upgrad es and more efficient use of existing bandwidth and uplinks. Higher performance - Dividing flat Layer 2 networks into multiple logical workgr oups (broadcast domains) reduces unnecessary traffic on the network and boosts p erformance. Broadcast storm mitigation - Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm. As discussed in the "Configu re a Switch" chapter, LAN segmentation prevents a broadcast storm from propagati ng to the whole network. In the figure you can see that although there are six c omputers on this network, there are only three broadcast domains: Faculty, Stude nt, and Guest. Improved IT staff efficiency - VLANs make it easier to manage the network becaus e users with similar network requirements share the same VLAN. When you provisio n a new switch, all the policies and procedures already configured for the parti cular VLAN are implemented when the ports are assigned. It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name. In the figure, for easy identification VLAN 20 has been named "Student", VLAN 10 c ould be named "Faculty", and VLAN 30 "Guest." Simpler project or application management - VLANs aggregate users and network de vices to support business or geographic requirements. Having separate functions makes managing a project or working with a specialized application easier, for e xample, an e-learning development platform for faculty. It is also easier to det ermine the scope of the effects of upgrading network services.

=================================== VLAN =================================== VLAN ID Ranges

They do not handle routing or bridging. TYPES OF VLANS Data VLAN . Layer 2 control traffic. Static VLAN .a "data VLAN". Voice VLAN .1Q trunk port. Dynamic VLAN . This allows any devic e connected to any switch port to communicate with other devices on other switch ports.1Q trunk port place s untagged traffic on the native VLAN.Normal Range VLANs . Management VLAN .A management VLAN is any VLAN you configure to access the mana gement capabilities of a switch. VLAN 1 would serve as the management VLAN if yo u did not proactively define a unique VLAN to serve as the management VLAN.Identified by a VLAN ID between 1006 and 4094. An 802.All switch ports become a member of the default VLAN after the in itial boot up of the switch.Switch ports are Layer 2-only interfaces associated with a physic al port. IDs 1 and 1002 to 1005 are automatically created and cannot be removed.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffi c that does not come from a VLAN (untagged traffic). The importance of separating user data from switch management contr ol data and voice traffic is highlighted by the use of a special term used to id entify VLANs that only carry user data . Switch ports are used for managing the physical interface and associate d Layer 2 protocols. Voice VLANs .A native VLAN is assigned to an 802. CONTROLLING BROADCAST DOMAINS WITH VLAN AND LAYER 3 FORWARDING .Ports on a switch are manually assigned to a VLAN. Switch ports belong to one or more VLANs. Native VLAN . except that you cannot rename it and you can not delete it. Having all the switch ports participate in the defa ult VLAN makes them all part of the same broadcast domain. The default VLAN for Cisco switches is VLAN 1.A vocie VLAN is a VLAN that is configured to carry only voice over ip traffic. The 802.A port is configured to be in voice mode so that it can support an IP phone attached to it. (IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.A dynamic port VLAN membership is configured using a special serv er called a VLAN Membership Policy Server (VMPS). SWITCH PORT MEMBERSHIP MODES Switch Ports . It is common practice to separate voice and management traffic from d ata traffic.) Extended Range VLANs . VLAN 1 has all the featur es of any VLAN. By d efault. such as CDP and spanning tree protocol traffic. A data VLAN is sometimes referred to as a user VLAN. are associated with VLAN 1. Default VLAN .A data VLAN is a VLAN that is configured to carry only user-generate d traffic.Identified by a VLAN ID between 1 and 1005.

Tag control information field . =================================== VLAN Trunking ============================== ===== VLAN Trunk .1Q for coordinating trunks on Fast Ethe rnet and Gigabit Ethernet interfaces.1p standard.1Q FRAME TAGGING Switches only use the Ethernet frame header information to forward packets. the switch receiving the frame knows to look for information in the tag control information field. a tag control in formation field. The procedure is the same as inter-VLAN communication using a separa te router. Cisco supports IEEE 802. supports up to 4 096 VLAN IDs.SVI . 802. The frame header does not contain information about which VLAN the frame should belo ng to.A Layer 3 switch has the ability to route transmissions bet ween VLANs. an SVI is created for the default VLAN (VLAN 1) to permit remote switch administration.After the switch inserts the EtherType and tag control information f ields. which specifies h ow to provide expedited transmission of Layer 2 frames.Enables Token Ring frames t o be carried across Ethernet links easily.SVI is a logical interface configured for a specific VLAN. Subsequently. it recalculates the FCS values and inserts it into the frame.The VLAN tag field consists of an EtherType field. A VLAN trunk allows you to extend the VLANs across an entire network.and the FCS field EtherType field . Tag Fields . when Ethernet frames are placed on a trunk they need additi onal information about the VLANs they belong to. With the EtherType field set to the TPID value. 1 bit of Canonical Format Identifier (CFI) .Used by the 802.A trunk is a point-to-point link between two network devices that c arries more than one VLAN. This value is called t he tag protocol ID (TPID) value. 12 bits of VLAN ID (VID) .VLAN identification numbers. By default. . This is accomplished by using t he 802. except that the SVIs act as the router interfaces for routing the dat a between VLANs.The tag control information field contains: 3 bits of user priority .Set to the hexadecimal value of 0x8100. Layer 3 Forwarding . FCS field . This header adds a tag to the original Ethernet frame specifying the VLAN to which the frame belongs.1Q encapsulation header. You need to con figure an SVI for a VLAN if you want to route between VLANs or to provide IP hos t connectivity to the switch.

They negotiate to be in the access (nontrunk) mode state. If the remote switch port is in the nonegotiate mode. DTP is automatically enabled on a switch port when certain trunking modes are configured on the switch port. Off: You can turn off DTP for the trunk so that the local port does not send out DTP frames to the remote port. changes to a trunking state. called advertisements. On (default): The switch port periodically sends DTP frames. The local swit ch port advertises to the remote switch port that it is able to trunk but does n ot request to go to the trunking state.Tagged Frames on the Native VLAN: Control traffic sent on the native VLAN should be untagged. the local port ends up in trunking state only if the remote port trunk mode has been configured to be on or desirable. The following provides a brief description of the availab le trunking modes and how DTP is implemented in each. desirable. The local port is then considered to be in an uncondi tional trunking state. regardless of what DTP i nformation the remote port sends as a response to the advertisement. Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol. or auto mode. you need to identify these d evices and configure them so that they do not send tagged frames on the native V LAN. DTP supp orts both ISL (cisco legacy protocol) and 802. the local port ends up in tr unking state. Consequently . Untagged Frames on the Native VLAN: When a Cisco switch trunk port receives untagged frames it forwards those frames to the native VLAN. the local sw itch port remains as a nontrunking port. they do n ot negotiate to be in a trunking state. Switches from other vendors do not suppor t DTP. If an 802. The local switch port adver tises to the remote switch port that it is able to trunk and asks the remote swi tch port to go to the trunking state.1Q trunk p ort receives a tagged frame on the native VLAN. The local port then. Dynamic desirable: DTP frames are sent periodically to the remote port. TRUNK MODES The trunking mode defines how the port negotiates using DTP to set up a trunk li nk with its peer port. DTP manages trunk negotiation only if the po rt on the other switch is configured in a trunk mode that supports DTP. it drops the frame. Use this feature when you need to configure a trunk with . If the local port detects that the remote has been configured in on. If both ports on the switches are set to auto. After a DTP negotiation. when configuring a switch port on a Cisco switch. Dynamic auto: The switch port periodically sends DTP frames to the remote port. to the rem ote port.1Q trunks. The local switch port advertises to the remote port that it is dynamic ally changing to a trunking state.

.a switch from another switch vendor.