You are on page 1of 42

VLANs

CCNA Exploration Semester 3 Chapter 3

20 Aug 2013

1

Topics
 The

role of VLANs in a network  Trunking VLANs  Configure VLANs on switches  Troubleshoot common VLAN problems

20 Aug 2013

2

Semester 3
LAN Design Basic Switch Concepts VLANs VTP
20 Aug 2013

Wireless STP Inter-VLAN routing
3

Some requirements of LANs
 Need

to split up broadcast domains to make good use of bandwidth  People in the same department may need to be grouped together for access to servers  Security: restrict access by certain users to some areas of the LAN  Provide a way for different areas of the LAN to communicate with each other
20 Aug 2013 4

Solution using routers  Divide the LAN into subnets  Use routers to link the subnets 20 Aug 2013 5 .

Solution using routers BUT  Routers are expensive  Routers are slower than switches  Subnets are restricted to limited physical areas  Subnets are inflexible 20 Aug 2013 6 .

Solution using VLANs    VLAN membership can be by function and not by location VLANs managed by switches Router needed for communication between VLANs 20 Aug 2013 7 .

Traffic for each VLAN is kept separate from other VLANs. A VLAN is a subnet.VLANs  All hosts in a VLAN have addresses in the same subnet.  Layer 2 switches cannot route between VLANs.  Broadcasts are kept within the VLAN. 20 Aug 2013 8 . A VLAN is a broadcast domain.  The switch has a separate MAC address table for each VLAN.

VLAN numbers  VLAN 1: default Ethernet LAN. all ports start in this VLAN.  VLANs 1002 – 1005 automatically created for Token Ring and FDDI  Numbers 2 to 1001 can be used for new VLANs  Up to 255 VLANs on Catalyst 2960 switch  Extended range 1006 – 4094 possible but fewer features 20 Aug 2013 9 .

VLAN information  VLAN information is stored in the VLAN database.dat in the flash memory of the switch.  vlan. 20 Aug 2013 10 .

Port based  Each switch port intended for an end device is configured to belong to a VLAN.  Any device connecting to that port belongs to the port’s VLAN.  There are other ways of assigning VLANs but this is now the normal way.  Ports that link switches can be configured to carry traffic for all VLANs (trunking) 20 Aug 2013 11 .

Types of VLAN  Data or user VLAN  Voice VLAN  Management VLAN  Native VLAN  Default VLAN 20 Aug 2013 12 .

 VLAN 1. shared application traffic.heart and soul of all switches 20 Aug 2013 13 . most user traffic.Data VLAN  Carry files. e-mails.  Separate VLAN for each group of users.

Voice VLAN  Use with IP phone. 20 Aug 2013 14 . no priority.  Voice traffic is tagged. given priority.  Phone acts as a switch too.  Data not tagged.

 Actual vlan pero hindi special  Only administrators are allowed to access it  20 Aug 2013 15 .  Better not to use VLAN 1 for security reasons.  Used for telnet/SSH or web access for management purposes.Management VLAN Has the switch IP address.

NOT AN ACTUAL VLAN By default native vlan is 1 20 Aug 2013 16 . VLAN is identified by a “tag” in the frame. Trunk ports carry traffic from multiple VLANs. Relevant to trunk ports.Native VLAN        For backward compatibility with older systems. Native VLAN does not have a tag.

 Do not use it for data. voice or management traffic for security reasons.  Initially all ports are in this VLAN.Default VLAN  VLAN 1 on Cisco switches. 20 Aug 2013 17 .  Carries CDP and STP (spanning tree protocol) traffic.

given number and name. 20 Aug 2013 18 . then the VLAN is created. Port configured to be on a VLAN.  If a port is put on a VLAN and the VLAN does not exist.  VLAN can be created using CLI command. Connected device is on this VLAN.  VLAN can be learned from another switch.Static VLAN  The normal type.

Static VLAN (Port-centric)  If VLAN 20 did not exist before – then it does now. 20 Aug 2013 19 .

 Intended to support VoIP services 20 Aug 2013 20 .Voice VLAN  Configured for voice VLAN and data VLAN.

 Assign a device to a VLAN based on its MAC address. 21 20 Aug 2013 .  Connect device. server assigns VLAN.  Useful if you want to move devices around.  Use a VLAN Membership Policy Server (VMPS).Dynamic VLAN  Not widely used.

 Router can route between VLANs. 20 Aug 2013 22 . These act like router interfaces to route between VLANs. It needs to provide a default gateway for each VLAN as VLANs are separate subnets.Traffic between VLANs  Layer 2 switch keeps VLANs separate.  Layer 3 switch has a switch virtual interface (SVI) configured for each VLAN.

Trunking  Both switches have the same 5 VLANs. 20 Aug 2013 23 .  Do you have a link for each VLAN?  More efficient for them to share a link.

Trunking   Traffic for all the VLANs travels between the switches on ONE shared trunk or backbone Wala na sya sa vlans kasi trunk na kapag nag show vlans 20 Aug 2013 24 .

INTER SWITCH LINK (ISL)  Used as a trunking mode  Legacy trunking protocol  ISL DOT1Q pwede i configure 20 Aug 2013 S Ward Abingdon and Witney College 25 .

DTP  Dynamic Trunking Protocol  Cisco proprietary  Supports both ISL and 802.1q 20 Aug 2013 S Ward Abingdon and Witney College 26 .

Trunking 20 Aug 2013 S Ward Abingdon and Witney College 27 .

Tag to identify VLAN   Tag is added to the frame when it goes on to the trunk Tag is removed when it leaves the trunk 20 Aug 2013 28 .

1Q 1.518 bytes Dest Add Source Add Type/Len Data FCS Normal frame FCS Dest Add Source Add Tag Type/Len Data Add 4-byte tag.4096 29 20 Aug 2013 . recalculate FCS Tag protocol Priority ID 0x8100 CFI for token VLAN ID ring 1 .Frame tagging principle IEEE 802.

Native VLAN     Untagged frames received on a trunk port are forwarded on to the native VLAN. 20 Aug 2013 30 . vlan 1 will have a tag. This can happen if non-Cisco devices are connected. If other vlan is assigned as native. Frame received from the native VLAN should be untagged (like for vlan1) Switch will drop tagged frames received from the native VLAN.

Configure trunk port  Make a port into a trunk port and tell it which VLAN is native.  SW1(config)#int fa0/1  SW1(config-if)switchport mode trunk  SW1(config-if)switchport trunk native vlan 99  By default native VLAN is 1. 31 20 Aug 2013 .

Dynamic trunking protocol Dynamic auto/des Dynamic auto/des Dynamic auto Dynamic desirable Dynamic desirable 20 Aug 2013 trunk access access trunk trunk Mode trunk Mode access Dynamic auto Dynamic desirable Dynamic auto 32 .

 If you do not give it a name then it will be called vlan0020.Create a VLAN  SW1(config)#vlan 20  SW1(config-vlan)#name Finance  SW1(config-vlan)#end  VLAN will be saved in VLAN database rather than running config. 33 20 Aug 2013 .

Assign port to VLAN  SW1(config)#int fa 0/14  SW1(config-if)#switchport mode access  SW1(config-if)#switchport access vlan 20  SW1(config-if)#end 20 Aug 2013 34 .

show vlan brief  List of VLANs with ports 20 Aug 2013 35 .

Show commands  show vlan brief (list of VLANs and ports)  show vlan summary  show interfaces vlan (up/down. trunking) 20 Aug 2013 36 . traffic etc)  Show interfaces fa0/14 switchport (access mode.

it is automatically removed from its existing VLAN.Remove port from VLAN  SW1(config)#int fa 0/14  SW1(config-if)#no switchport access vlan  SW1(config-if)#end  The port goes back to VLAN 1. 37 20 Aug 2013 .  If you assign a port to a new VLAN.

They need to be reassigned. 20 Aug 2013 38 .  Any ports still on VLAN 20 will be inactive – not on any VLAN.Delete a VLAN  SW1(config)#no vlan 20  SW1(config)#end  VLAN 20 is deleted.

 You cannot delete VLAN 1.dat  Switch goes back to the default with all ports in VLAN 1. 20 Aug 2013 39 .  SW1#delete flash:vlan.Delete VLAN database  Erasing the startup configuration does not get rid of VLANs because they are saved in a separate file.

Configure trunk  SW1(config)#int fa0/1  SW1(config-if)#switchport mode trunk  SW1(config-if)#switchport trunk native vlan 99  SW1(config-if)#switchport trunk allowed vlan add 10. 20. 30  SW1(config-if)#end 40 20 Aug 2013 .

 Both ends must be configured with trunking on or so that trunking is negotiated with the other end and comes on.  20 Aug 2013 41 .Trunk problems Both ends must have the same native VLAN.  The right VLANs must be allowed on the trunk.  Subnetting and addressing must be right.

The End 20 Aug 2013 42 .