You are on page 1of 15

WHAT IS A VLAN?

The short form VLAN expands to Virtual Local Area Network. A VLAN is a logical local area
network (LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific
configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in
software.

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by
switches.

This works by, you, the administrator, putting some switch ports in a VLAN other than default VLAN 1,
all ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on
switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any
other VLAN, other than 10. However, these devices can all communicate because they are on the same
VLAN. Without additional configuration, they would not be able to communicate with any other
devices, not in their VLAN.

http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm

HOW IS A VLAN IDENTIFIED?

Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly
prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN
members or groups are properly identified and handled. With frame coloring, packets are given the
proper VLAN ID at their origin so that they may be properly processed as they pass through the
network. The VLAN ID is then used to enable switching and routing engines to make the appropriate
decisions as defined in the VLAN configuration.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so
large and has so much traffic that you need one. Many times, people are simply using VLAN’s because
the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are
already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use
all the ports on a switch and all devices will be able to talk to one another.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 1 

 
When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:

• You have more than 200 devices on your LAN
• You have a lot of broadcast traffic on your LAN
• Groups of users need more security or are being slowed down by too many broadcasts?
• Groups of users need to be on the same broadcast domain because they are running the same
applications. An example would be a company that has VoIP phones. The users using the phone
could be on a different VLAN, not with the regular users.
• Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLAN’s? Each VLAN
should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices
in different physical locations, not going back to the same router, can be on the same network. The
limitation of subnetting a network with a router is that all devices on that subnet must be connected to
the same switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to another
switch, and those devices can still be on the same VLAN (broadcast domain).

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more
than one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-
switch link (ISL) or the IEEE standard 802.1q.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 2 

 
DEFAULT VLANS

SW-A# show vlan

NOTE: VLAN numbers 1, 1002, 1003, 1004 & 1005 are default VLANs.

How do I create a VLAN?

Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no
matter what the commands are, are to:

• Create the new VLAN’s
• Put each port in the proper VLAN

SW-A(config)# vlan 3

VTP VLAN configuration not allowed when device is in CLIENT mode.

SW-A(config)# vtp mode server

Setting device to VTP SERVER mode

SW-A(config)# vlan 3

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 3 

 
SW-A(config-vlan)# end

SW-A# show vlan

NOTE: Remember that, defaults VLANs are 5 and after adding VLAN No. 3, total numbers of VLANs are 6

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 4 

 
SW-A(config)# vlan 4

SW-A(config-vlan)# exit

SW-A(config)# vlan 5

SW-A(config-vlan)# exit

SW-A(config)# vlan 8-10

SW-A(config-vlan)# exit

SW-A(config)# vlan 16,18

SW-A(config-vlan)# exit

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As
the amount of traffic and the number of devices grow, so does the number of broadcast packets. By
using VLAN’s you are containing broadcasts.

VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on
their own network.

Article Summary

Here is what we have learned:

• A VLAN is a broadcast domain formed by switches
• Administrators must create the VLAN’s then assign what port goes in what VLAN,
manually.
• VLAN’s provide better performance for medium and large LAN’s.
• All devices, by default, are in VLAN 1.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 5 

 
A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one
VLAN.

For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.

VTP (VLAN TRUNKING PROTOCOL)

VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that manages
the addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a network-wide basis.
Cisco's VLAN Trunk Protocol reduces administration in a switched network. When a new VLAN is
configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces
the need to configure the same VLAN everywhere. To do this VTP carries VLAN information to all the
switches in a VTP domain. VTP advertisements can be sent over ISL 802.1q, IEEE 802.10 and LANE
trunks. VTP traffic is sent over the management VLAN (VLAN1). So all VLAN trunks must be
configured to pass VLAN1, VTP is available on most of the Cisco Catalyst Family products.

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new
VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the
need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on
most of the Cisco Catalyst series products.

VTP OPERATING MODES

If you intend to make a switch part of a VTP management domain, each switch must be
configured in one of three possible VTP modes. The VTP mode assigned to a switch will determine how
the switch interacts with other VTP switches in the management domain. The three VTP modes that can
be assigned to a Cisco switch include server mode, client mode, and transparent mode. Each of these
roles is outlined below:

SERVER MODE:

Once VTP is configured on a Cisco switch, the default mode used is Server Mode. In any given
VTP management domain, at least one switch must be in Server Mode. When in Server Mode, a switch
can be used to add, delete, and modify VLANs, and this information will be passed to all other switches
in the VTP management domain.

NOTE: Below command will change VTP operating mode to SERVER.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 6 

 
CLIENT MODE:

When a switch is configured to use VTP Client Mode, it is simply the recipient of any VLANs
added, deleted, or modified by a switch in Server Mode within the same management domain. A switch
in VTP client mode cannot make any changes to VLAN information.

NOTE: VTP operating mode has been set to CLIENT.
Prepared By:  Javed Ahmad Dogar (VLAN)    Page 7 

 
TRANSPARENT MODE:

A switch in VTP Transparent Mode will pass VTP updates received by switches in Server Mode
to other switches in the VTP management domain, but will not actually process the contents of these
messages. When individual VLANs are added, deleted, or modified on a switch running in transparent
mode, the changes are local to that particular switch only, and are not passed to other switches in the
VTP management domain.

NOTE: VTP operating mode has been set to TRANSPARENT.

CONFIGURATION REVISION NUMBER

The configuration revision number is a 32-bit number that indicates the level of revision for a
VTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Most
of the VTP packets contain the VTP configuration revision number of the sender. This information is
used in order to determine whether the received information is more recent than the current version.
Each time that you make a VLAN change in a VTP device, the configuration revision is incremented by
one. In order to reset the configuration revision of a switch, change the VTP domain name, and then
change the name back to the original name.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 8 

 
HOW A REVISION NUMBER INCREASES?

Switch(config)# vlan 200

Switch(config-vlan)# end

NOTE: When you create a VLAN, revision number increases.

Switch(config)# vlan 55
Switch(config-vlan)# exit
Switch(config-vlan)# vlan 8
Switch(config)# exit
Switch(config-vlan)# vlan 9
Switch(config)# end

NOTE: The value of revision number is associated with the number of VLANs. Creating a
VLAN results an increase in revision number. For example, if you create 5 VLANs (one by one),
the value of revision number would be 5.

In other words, the revision number is associated with the word VLAN.
The number of times you use this word for creating or deleting VLANs, results an increase in
revision number.
Prepared By:  Javed Ahmad Dogar (VLAN)    Page 9 

 
How to Delete VLAN

Switch(config)# no vlan 10 -----Æ only delete VLAN 10

Switch(config)# no vlan 11,13-2 -----ÆDelete VLAN 11, and from 13 to 20 (means,13,14,15…20)

Switch(config)# exit

NOTE: When you delete multiple VLANs with a single command, only one number adds in the value of
revision number.

HOW TO RESET THE VALUE OF REVISION NUMBER TO ZERO

METHOD #1: (BY CHANGING THE DOMAIN NAME

Switch(config)# vtp domain pucit

Changing VTP domain name from NULL to pucit

Switch(config)# exit

NOTE: The revision number has been change to ZERO.

METHOD #2: (BY SETTING THE VTP OPERATING MODE TO TRANSPARENT)

Switch(config)# vtp mode transparent

Setting device to VTP TRANSPARENT mode

Switch(config)# exit

NOTE: The revision number has been change to ZERO in Transparent mode.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 10 

 
Refresh the Switch like brand new configuration
STEP-1 (It also use to change the revision number to zero)

Switch# write erase

Erasing the NVRAM filesystem will remove all configuration files! Continue?

[Confirm]

[OK]

Erase of nvram: complete

%SYS-7NV_BLOCK_INIT: Initialized the geometry of nvram

STEP-2

Switch# delete flash:vlan.dat

Delete filename [vlan.dat]?

Delete flash:/vlan.dat? [Confirm]

STEP-4

Switch# reload

Proceed with reload? [Confirm]

DYNAMIC TRUNKING

DTP (DYNAMIC TRUNKING PROTOCOL)

The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco
Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for
negotiating the type of trunking encapsulation to be used. It works on the Layer 2 of the OSI model.
VLAN trunks formed using DTP may utilize either IEEE 802.1Q or Cisco ISL trunking protocols. DTP
should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence
information between switches. DTP aids with trunk port establishment. Neither protocol transmits the
data frames that trunks carry.

DTP MODES http://www.javvin.com/protocolDTP.html

On a Catalyst set-based switch, the syntax for setting up a link as a trunk is:
Use this command to set the specified port or ports to trunking.
Prepared By:  Javed Ahmad Dogar (VLAN)    Page 11 

 
The first set of keyword arguments governs the DTP modes:

Mode What the Mode Does

on Forces the link into permanent trunking, even if the neighbor doesn't agree

off Forces the link to permanently not trunk, even if the neighbor doesn't agree

Causes the port to actively attempt to become a trunk, subject to neighbor agreement
desirable
(neighbor set to on, desirable, or auto )

Causes the port to passively be willing to convert to trunking. The port will not trunk unless
auto the neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both
ends default) links will not become trunks.

Forces the port to permanently trunk but not send DTP frames. For use when the DTP
nonegotiate frames confuse the neighboring (non-Cisco) 802.1q switch. You must manually set the
neighboring switch to trunking.

WITCHPORT MODES
The options for the switchport mode command are as follows:

TRUNK:
Configures the port to permanent trunk mode and negotiates with the connected device on the
other side to convert the link to trunk mode. If multiple trunk encapsulations are available, the
encapsulation must be chosen before this command will work.
ACCESS
Disables port trunk mode and negotiates with the connected device to convert the link to
nontrunk. This port will belong to only the configured access VLAN.
DYNAMIC DESIRABLE
Triggers the port to negotiate the link from nontrunk to trunk mode, the port negotiates to a
trunk port if the connected device is in the trunk, dynamic desirable or dynamic auto state. Otherwise,
the port becomes a nontrunk port. This is the default for IOS switch ports.
DYNAMIC AUTO
Enables the port to become a trunk only if the connected device has the state set to trunk or
dynamic desirable;
NONNEGOTIATE
Configures the port to permanent trunk mode, No negotiation takes place with the partner. The
other side must be trunk or nonegotiate for the trunk to work. You must also specify the encapsulation
before choosing this mode.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 12 

 
LAB – SWITCHPORT MODES

BASIC CONFIGURATION OF SWITCH-A

switch(config)# hostname A
A(config)# vtp domain pucit
Changing VTP domain name from NULL to pucit
A(config)#vtp password javed
Setting device VLAN database password to javed
A(config)# vtp mode server
Setting device to VTP SERVER mode
BASIC CONFIGURATION OF SWITCH-B
switch(config)# hostname B
B(config)# vtp domain pucit
Prepared By:  Javed Ahmad Dogar (VLAN)    Page 13 

 
Changing VTP domain name from NULL to pucit
B(config)#vtp password javed
Setting device VLAN database password to javed
B(config)# vtp mode server
Setting device to VTP SERVER mode

BASIC CONFIGURATION OF SWITCH-C
switch(config)# hostname C
C(config)# vtp domain pucit
Changing VTP domain name from NULL to pucit
C(config)#vtp password javed
Setting device VLAN database password to javed
C(config)# vtp mode server
Setting device to VTP SERVER mode

Verify Trunk B/W Switch-A and Switch-B
B# show interface trunk
---no trunk found---
Note: Check the mode of port to establish the trunk link B/W Switch-A and Switch-B

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 14 

 
NOTE: We know that trunk is only made when we set switchport mode to dynamic auto on one
side (e.g Switch-A) and dynamic desirable on other side (e.g. Switch-B) or dynamic desirable on
one side (e.g. Switch-A) and dynamic desirable on other side (e.g. Switch-B).
According to above topology, switchport mode of fastethernet0/1 of Switch-A is dynamic auto
and switchport mode of fastethernet0/2 of Switch-B is also dynamic auto, therefore trunk is not
made on this link.
Now change the Switchport mode of fastethernet0/1 of Switch-B to dynamic desirable and switchport
mode of fastethernet0/1 of Switch-A is dynamic auto, then trunk link will be establish.

NOTE: After changing the switchport mode to dynamic desirable of interface fastethernet 0/2
of Switch B, we can see two trunks on Switch B.

Prepared By:  Javed Ahmad Dogar (VLAN)    Page 15