You are on page 1of 55

• VLAN is a broadcast domain • Grouped based on logical function, department or application • Traffic can be switched between VLANS with a router and traffic between switches (trunks) is tagged (802.1q) or encapsulated (ISL) to identify VLAN membership

• VLANs can logically segment users into different subnets (broadcast domains) • Broadcast frames are only switched on the same VLAN ID. • Users can be logically group via software based on:
– – – – port number MAC address protocol being used application being used



VLAN introduction

• VLANs provide segmentation based on broadcast domains. • VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. • All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

• You can also use a VLAN to to support the growing reliance of companies on home-based workers. or project teams. you can based on functions.VLAN Overview • A VLAN allows a network administrator to . • These VLANs allow the network administrator to implement to particular groups of users. even if they share a common infrastructure with other VLANs. . departments. • Using VLANs.

• VLANs allow multiple IP networks and subnets to exist on the same switched network.VLAN • A VLAN is . each . • The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. . • For computers to communicate on the same VLAN.

VLANs • Divides switch into two or more “virtual” switches with separate broadcast domains • Achieved by manual configuration through the switches’ management interface • Only that switch will be segmented .

Multiple VLANs in One Switch • Multiple VLANs can be defined on the same switch .

Why VLANs? • Lots of broadcast traffic wastes bandwidth – VLANs create separate broadcast domains • • • • • Microsoft Networking Novell Networking NetBEUI IP RIP Multicast (sometimes acts like broadcast) • VLANs can span multiple switches and therefore create separate broadcast domains that span multiple switches .

Virtual LANs (continued) .

Virtual LANs (continued) .

More Reasons... • Link Multiplexing – slower speed technologies share the high-bandwidth uplink – multiple IP subnets on one physical link with layer 3 switching .

And One More Reason. – Traffic is only seen by who it is intended for • example: Two separate VLANs.. one for accounting and one for sales.. . Sensitive accounting data transmitted over the network will only be seen by devices in the accounting VLAN.

users on separate VLANs cannot talk to each other (benefit of a VLAN!) – However. you have VLAN1 and VLAN2. users on VLAN1 can email users on VLAN2 but they need a router to do it. – Within the switch.Router’s Role • Provides connection between different VLANs • For example. .

They are all on the same switch.0/16 10.2. .1. • What are the broadcast domains in each? 10.0/16 One link per VLAN or a single VLAN Trunk (later) 10. each group on a different IP network. however.1.0. Switch is configured with the ports on the appropriate VLAN.0/16 . Still.Broadcast domains with VLANs and routers . each group is on a different IP network and on a different switch.0.0.0/16 2) With VLANs 10.3.

Reasons For Standardizing VLANs • Old implementations could only be defined in one switch • To connect a VLAN to another network. each VLAN needed a router port • The only multi-switch VLANs were proprietary: – – – – Cisco: ISL Bay: Lattisspan 3Com: VLT Cabletron: SecureFast .

1Q compliant switches .Standards Based VLANs • Includes definition for a new GARP application called GVRP (GARP VLAN Registration Protocol) – Propagate VLAN registration across the net • Associate incoming frames with a VLAN ID • De-associate outgoing frames if necessary • Transmit associated frames between VLAN 802.

Basic VLAN Concepts • Port-based VLANs – Each port on a switch is in one and only one VLAN (except trunk links) • Tagged Frames – VLAN ID and Priority info is inserted (4 bytes) • Trunk Links – Allow for multiple VLANs to cross one link • Access Links – The edge of the network. where legacy devices attach • Hybrid Links – Combo of Trunk and Access Links • VID – VLAN Indentifier .

Tagged Frames • 4 Bytes inserted after Destination and Source Address • Tagged Protocol Identifier (TPID) = 2 Bytes (x8100) – length/type field • Tagged Control Information (TCI) = 2 Bytes – contains VID .

• Ethernet trunks carry the traffic of multiple VLANs over a single link.VLAN Trunk . . such as a router or a switch. • A VLAN trunk allows you to extend the VLANs across an entire network. • Cisco supports for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces.

carries Tagged frames ONLY.Trunk Link • Attaches two VLAN switches . .

. and removes Tags when transmitting frames.the VLAN switch adds Tags to received frames.Access Links • Access Links are Untagged for VLAN unaware devices .

ALL VLAN-unaware devices are in the same VLAN .Hybrid Links • Hybrid Links .

Benefits of VLANs • VLANS provide the following benefits – It is easier to add and move stations on the LAN – It is easier to reconfigure the LAN – There is better traffic control – There is increased security .

Dynamic vs. Static VLANs • VLANs can be configured dynamically or statically • Static VLANs are configured port-by-port • Dynamic VLAN ports automatically learn their VLAN assignment – Software database of MAC address-to-VLAN mappings .

VLAN Standardization • Frame filtering – – – – Frames can be separated into VLANs MAC addresses Network-layer protocol type Application type • Frame tagging – IEEE 802.1q • Also known as frame identification • Adds a four-byte field to Ethernet frame – Inter-Switch Link (ISL) protocol • Cisco proprietary frame-tagging method • 26 byte header .

Creating VLANs • VLAN configuration – – – – – – Rm410HL#vlan database Rm410(vlan)#vtp domain hudlogic Rm410(vlan)#vtp server Rm410(vlan)#vlan 2 name production Rm410(vlan)#vlan 3 name accounting Rm410(vlan)#vlan 4 name marketing .

Creating VLANs (continued) • VLAN configuration (continued) – – – – – – Rm410#configure terminal Rm410(config)#interface f0/1 Rm410(config-if)#switchport mode trunk Rm410(config-if)#exit Rm410(config)#interface f0/2 Rm410(config-if)#switchport access vlan 1 .

Link Types And Configuration • Two types of links • Trunk links – – – – Switch-to-switch links Switch-to-router links 100 Mbps links 1 Gbps links • Access links – Non-VLAN aware devices .

Link Types And Configuration (continued) • Trunk links have five states – – – – – Auto Desirable Non-negotiate Off On • Rm410(config)#interface f0/1 • Rm410(config-if)#switchport mode trunk .

Trunking Protocol • VLAN trunking protocol – Layer 2 messaging protocol – Manages all changes to the VLANs across networks • VTP domains – VTP devices are organized in to domains – Switches can only belong to one domain .

Trunking Protocol (continued) • VTP device modes – Server • Rm410(vlan)# vtp server – Client • Rm410(vlan)# vtp client – Transparent • Rm410(vlan)# vtp transparent • Default to server mode • VTP pruning – Reduces the number of VTP updates on trunk link – Rm410(vlan)# vtp pruning .

Routers and VLANs • • • • Increase security Manage traffic between VLANs Subinterfaces Access-lists .

255.1 – Router(config-subif)# ip address 164.1 255.0 – Router(config-subif)# encapsulation isl 2 .106.106.1.Routers and VLANs (continued) • Enable inter-VLAN communication between VLAN 1 and VLAN 2 – Router(config)# interface e0.2 – Router(config-subif)# ip address – Router(config-subif)# encapsulation isl 1 – Router(config-if)# exit – Router(config)# interface e0.

Routers and VLANs (continued) .

COMN B/w SWs .

Comn between SWs .


Types of VLANs .

Data VLAN a VLAN that is configured to carry only user-generated traffic.Types of VLANs . • A data VLAN is sometimes referred to as a . • It is common practice to separate from data traffic.

– VLAN 1 has all the features of any VLAN. except that you cannot rename it and you can not delete it. . – The default VLAN for Cisco switches is VLAN 1.Default VLAN • All switch ports become – Having all the switch ports participate in the default VLAN makes them all part of the same broadcast domain.Types of VLANs. – This allows any device connected to any switch port to communicate with other devices on other switch ports.

this cannot be changed. VLAN 1 traffic is forwarded over the VLAN trunks connecting the S1. and S3 switches. . will always be associated with VLAN 1 . – In the figure.Types of VLANs. – It is a security best practice to change the default VLAN to a VLAN other than VLAN 1. this entails configuring all the ports on the switch to be associated with a default VLAN other than VLAN 1. S2.Default VLAN .

1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). • In the figure.Types of VLANs . • The 802. the native VLAN is VLAN 99. • Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN.Native VLAN • An 802. .1Q trunk port places untagged traffic on the native VLAN.

• It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.Native VLAN specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. • For our purposes. a native VLAN serves as a common identifier on opposing ends of a trunk link.Types of VLANs . .

you wouldn't want an arbitrary user connecting to a switch to default to the management VLAN. Telnet. – VLAN1 would be a bad choice as the management VLAN. • VLAN 1 is normally used as the default VLAN. . or SNMP. • You assign the management VLAN an IP address and subnet mask.Management VLAN is any VLAN you configure to access the management capabilities of a switch.Types of VLANs . – A switch can be managed via HTTP. SSH. • VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the .

• VoIP traffic requires: – Assured bandwidth to ensure voice quality – Transmission priority over other types of network traffic – Ability to be routed around congested areas on the network – Delay of less than 150 milliseconds (ms) across the network .Types of VLANs .Voice VLAN • It is easy to appreciate why a separate VLAN is needed (VoIP).


Benefits of VLAN .

. – Faculty computers are on VLAN 10 and completely separated from student and guest data traffic.Benefits of VLAN . .Cost savings result from less need for expensive network upgrades and more efficient use of existing bandwidth and uplinks.Groups that have sensitive data are separated from the rest of the network. decreasing the chances of confidential information breaches.

– In the figure you can see that although there are six computers on this network. .Benefits of VLAN . and Guest.Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm.Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. Student. . there are only three broadcast domains: Faculty.

VLAN 10 could be named "Faculty". for easy identification VLAN 20 could be named "Student". all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. and VLAN 30 "Guest.VLANs make it easier to manage the network because users with similar network requirements share the same VLAN. – When you provision a new switch. – In the figure." . – It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name.Benefits of VLAN .

– Having separate functions makes managing a project or working with a specialized application easier.Benefits of VLAN VLANs aggregate users and network devices to support business or geographic requirements. – It is also easier to determine the scope of the effects of upgrading network services. . an e-learning development platform for faculty. for example.

and changing network configurations easier • VLAN information is communicated to switches using the VLAN trunking protocol (VTP) . instead a VLAN is a logical broadcast domain implemented via one or more switches • Performance benefits associated with VLANs are derived from limiting the amount of broadcast traffic that would naturally pass through a switch without filtration • The enhanced flexibility to assign any port on any switch to a particular VLAN makes moving. adding.Summary • VLANs are separate broadcast domains that are not limited by physical configurations.