You are on page 1of 15

WHAT IS A VLAN? The short form VLAN expands to Virtual Local Area Network.

A VLAN is a logical local area network (LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software. As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. This works by, you, the administrator, putting some switch ports in a VLAN other than default VLAN 1, all ports in a single VLAN are in a single broadcast domain. Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN. http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm HOW IS A VLAN IDENTIFIED? Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN members or groups are properly identified and handled. With frame coloring, packets are given the proper VLAN ID at their origin so that they may be properly processed as they pass through the network. The VLAN ID is then used to enable switching and routing engines to make the appropriate decisions as defined in the VLAN configuration. Are VLANs required? It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them. Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 1 

When do I need a VLAN? You need to consider using VLAN’s in any of the following situations:
• • • •

You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users. Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network? A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router. With a VLAN, one device can be connected to one switch, another device can be connected to another switch, and those devices can still be on the same VLAN (broadcast domain). What is a trunk port? When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port. A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Interswitch link (ISL) or the IEEE standard 802.1q.

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 2 

DEFAULT VLANS SW-A# show vlan

NOTE: VLAN numbers 1, 1002, 1003, 1004 & 1005 are default VLANs. How do I create a VLAN? Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, are to:
• •

Create the new VLAN’s Put each port in the proper VLAN

SW-A(config)# vlan 3 VTP VLAN configuration not allowed when device is in CLIENT mode. SW-A(config)# vtp mode server Setting device to VTP SERVER mode SW-A(config)# vlan 3

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 3 

SW-A(config-vlan)# end SW-A# show vlan

NOTE: Remember that, defaults VLANs are 5 and after adding VLAN No. 3, total numbers of VLANs are 6 Prepared By:  Javed Ahmad Dogar (VLAN)      Page 4 

SW-A(config)# vlan 4 SW-A(config-vlan)# exit SW-A(config)# vlan 5 SW-A(config-vlan)# exit SW-A(config)# vlan 8-10 SW-A(config-vlan)# exit SW-A(config)# vlan 16,18 SW-A(config-vlan)# exit

What do VLAN’s offer? VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts. VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network. Article Summary Here is what we have learned: • A VLAN is a broadcast domain formed by switches • Administrators must create the VLAN’s then assign what port goes in what VLAN, manually. • VLAN’s provide better performance for medium and large LAN’s. • All devices, by default, are in VLAN 1.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 5 

A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN. For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch. VTP (VLAN TRUNKING PROTOCOL) VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that manages the addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a network-wide basis. Cisco's VLAN Trunk Protocol reduces administration in a switched network. When a new VLAN is configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. To do this VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over ISL 802.1q, IEEE 802.10 and LANE trunks. VTP traffic is sent over the management VLAN (VLAN1). So all VLAN trunks must be configured to pass VLAN1, VTP is available on most of the Cisco Catalyst Family products. VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst series products. VTP OPERATING MODES If you intend to make a switch part of a VTP management domain, each switch must be configured in one of three possible VTP modes. The VTP mode assigned to a switch will determine how the switch interacts with other VTP switches in the management domain. The three VTP modes that can be assigned to a Cisco switch include server mode, client mode, and transparent mode. Each of these roles is outlined below: SERVER MODE: Once VTP is configured on a Cisco switch, the default mode used is Server Mode. In any given VTP management domain, at least one switch must be in Server Mode. When in Server Mode, a switch can be used to add, delete, and modify VLANs, and this information will be passed to all other switches in the VTP management domain. NOTE: Below command will change VTP operating mode to SERVER.

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 6 

CLIENT MODE: When a switch is configured to use VTP Client Mode, it is simply the recipient of any VLANs added, deleted, or modified by a switch in Server Mode within the same management domain. A switch in VTP client mode cannot make any changes to VLAN information.

NOTE: VTP operating mode has been set to CLIENT.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 7 

TRANSPARENT MODE: A switch in VTP Transparent Mode will pass VTP updates received by switches in Server Mode to other switches in the VTP management domain, but will not actually process the contents of these messages. When individual VLANs are added, deleted, or modified on a switch running in transparent mode, the changes are local to that particular switch only, and are not passed to other switches in the VTP management domain.

NOTE: VTP operating mode has been set to TRANSPARENT. CONFIGURATION REVISION NUMBER The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Most of the VTP packets contain the VTP configuration revision number of the sender. This information is used in order to determine whether the received information is more recent than the current version. Each time that you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original name.

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 8 

HOW A REVISION NUMBER INCREASES? Switch(config)# vlan 200 Switch(config-vlan)# end

NOTE: When you create a VLAN, revision number increases. Switch(config)# vlan 55 Switch(config-vlan)# exit Switch(config-vlan)# vlan 8 Switch(config)# exit Switch(config-vlan)# vlan 9 Switch(config)# end

NOTE: The value of revision number is associated with the number of VLANs. Creating a VLAN results an increase in revision number. For example, if you create 5 VLANs (one by one), the value of revision number would be 5. In other words, the revision number is associated with the word VLAN. The number of times you use this word for creating or deleting VLANs, results an increase in revision number.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 9 

How to Delete VLAN Switch(config)# no vlan 10 ----only delete VLAN 10

Switch(config)# no vlan 11,13-2 ----- Delete VLAN 11, and from 13 to 20 (means,13,14,15…20) Switch(config)# exit NOTE: When you delete multiple VLANs with a single command, only one number adds in the value of revision number. HOW TO RESET THE VALUE OF REVISION NUMBER TO ZERO METHOD #1: (BY CHANGING THE DOMAIN NAME Switch(config)# vtp domain pucit Changing VTP domain name from NULL to pucit Switch(config)# exit

NOTE: The revision number has been change to ZERO. METHOD #2: (BY SETTING THE VTP OPERATING MODE TO TRANSPARENT) Switch(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode Switch(config)# exit NOTE: The revision number has been change to ZERO in Transparent mode.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 10 

Refresh the Switch like brand new configuration
STEP-1 Switch# write erase Erasing the NVRAM filesystem will remove all configuration files! Continue? [Confirm] [OK] Erase of nvram: complete %SYS-7NV_BLOCK_INIT: Initialized the geometry of nvram STEP-2 Switch# delete flash:vlan.dat Delete filename [vlan.dat]? Delete flash:/vlan.dat? [Confirm] STEP-4 Switch# reload Proceed with reload? [Confirm] DYNAMIC TRUNKING DTP (DYNAMIC TRUNKING PROTOCOL) The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used. It works on the Layer 2 of the OSI model. VLAN trunks formed using DTP may utilize either IEEE 802.1Q or Cisco ISL trunking protocols. DTP should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence information between switches. DTP aids with trunk port establishment. Neither protocol transmits the data frames that trunks carry. DTP MODES http://www.javvin.com/protocolDTP.html (It also use to change the revision number to zero)

On a Catalyst set-based switch, the syntax for setting up a link as a trunk is: Use this command to set the specified port or ports to trunking.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 11 

The first set of keyword arguments governs the DTP modes:
Mode on off desirable What the Mode Does Forces the link into permanent trunking, even if the neighbor doesn't agree Forces the link to permanently not trunk, even if the neighbor doesn't agree Causes the port to actively attempt to become a trunk, subject to neighbor agreement (neighbor set to on, desirable, or auto ) Causes the port to passively be willing to convert to trunking. The port will not trunk unless the neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both ends default) links will not become trunks.

auto

Forces the port to permanently trunk but not send DTP frames. For use when the DTP nonegotiate frames confuse the neighboring (non-Cisco) 802.1q switch. You must manually set the neighboring switch to trunking.

WITCHPORT MODES
The options for the switchport mode command are as follows: TRUNK: Configures the port to permanent trunk mode and negotiates with the connected device on the other side to convert the link to trunk mode. If multiple trunk encapsulations are available, the encapsulation must be chosen before this command will work. ACCESS Disables port trunk mode and negotiates with the connected device to convert the link to nontrunk. This port will belong to only the configured access VLAN. DYNAMIC DESIRABLE Triggers the port to negotiate the link from nontrunk to trunk mode, the port negotiates to a trunk port if the connected device is in the trunk, dynamic desirable or dynamic auto state. Otherwise, the port becomes a nontrunk port. This is the default for IOS switch ports. DYNAMIC AUTO Enables the port to become a trunk only if the connected device has the state set to trunk or dynamic desirable; NONNEGOTIATE Configures the port to permanent trunk mode, No negotiation takes place with the partner. The other side must be trunk or nonegotiate for the trunk to work. You must also specify the encapsulation before choosing this mode.

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 12 

LAB – SWITCHPORT MODES

BASIC CONFIGURATION OF SWITCH-A switch(config)# hostname A A(config)# vtp domain pucit Changing VTP domain name from NULL to pucit A(config)#vtp password javed Setting device VLAN database password to javed A(config)# vtp mode server Setting device to VTP SERVER mode BASIC CONFIGURATION OF SWITCH-B switch(config)# hostname B B(config)# vtp domain pucit
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 13 

Changing VTP domain name from NULL to pucit B(config)#vtp password javed Setting device VLAN database password to javed B(config)# vtp mode server Setting device to VTP SERVER mode BASIC CONFIGURATION OF SWITCH-C switch(config)# hostname C C(config)# vtp domain pucit Changing VTP domain name from NULL to pucit C(config)#vtp password javed Setting device VLAN database password to javed C(config)# vtp mode server Setting device to VTP SERVER mode Verify Trunk B/W Switch-A and Switch-B B# show interface trunk ---no trunk found--Note: Check the mode of port to establish the trunk link B/W Switch-A and Switch-B

Prepared By:  Javed Ahmad Dogar (VLAN)   

 

Page 14 

NOTE: We know that trunk is only made when we set switchport mode to dynamic auto on one side (e.g Switch-A) and dynamic desirable on other side (e.g. Switch-B) or dynamic desirable on one side (e.g. Switch-A) and dynamic desirable on other side (e.g. Switch-B). According to above topology, switchport mode of fastethernet0/1 of Switch-A is dynamic auto and switchport mode of fastethernet0/2 of Switch-B is also dynamic auto, therefore trunk is not made on this link. Now change the Switchport mode of fastethernet0/1 of Switch-B to dynamic desirable and switchport mode of fastethernet0/1 of Switch-A is dynamic auto, then trunk link will be establish.

NOTE: After changing the switchport mode to dynamic desirable of interface fastethernet 0/2 of Switch B, we can see two trunks on Switch B.
Prepared By:  Javed Ahmad Dogar (VLAN)      Page 15