CH09 04 Vlan

.
MODULE 9: VLANs
Overview
Define VLANs List the benefits of VLANs Explain how VLANs are used to create broadcast domains Explain how routers are used for communication between VLANs List the common VLAN types (static and dynamic) Define trunkings for VLAN (I.e. ISL and 802.1Q ) Explain the concept of geographic VLANs VLAN configuration Configure static VLANs on 29xx series Catalyst switches Verify and save VLAN configurations Delete VLANs from a switch configuration
HD ICT Enterprise Network
page 1
MODULE 9: VLANs
VLAN introduction
Switched networks that are logically segmented on an organizational basis by

functions, project teams, or applications rather than on a physical or geographical basis.
Traffic should only be routed between VLANs. In order to have inter-vlan communications, a router is required.
page 2
MODULE 9: VLANs
VLAN introduction
non-VLAN Whenever a station transmits in a shared network such as a legacy halfduplex 10BaseT system, all stations attached to the segment receive a copy of the frame, even if they are not the intended recipients. Anyone with a protocol anaylzer can capture passwords, sensitive e-mail, and any other traffic on the shared network. Switches allow for micro-segmentation (i.e. collision domain per port) Each user that connects directly to a switch port is on his or her own segment.
If every device has its own segment (switchport) then only the sender and receiver will see unicast traffic.
VLANs contain broadcast traffic VLAN is created by one or more switches. Only users on the same VLAN will see broadcasts
page 3
MODULE 9: VLANs
Reasons to use VLANs

Reasons to use VLANs include:
LAN assignments are logically based, not geographical. Keep up with moves and changes (i.e. flexible) VLANs offer network security. VLANs offer broadcast control. Bandwidth utilization is efficient with VLANs.
page 4
MODULE 9: VLANs
Benefits of VLANs
Permit to organize the LAN logically
instead of physically. VLANs also limit the broadcast domains This means that an administrator is able to do all of the following: Easily move workstations on the LAN. Easily add workstations to the LAN. Easily change the LAN configuration. Easily control network traffic. Improve security.
If a hub is connected to VLAN port on a switch, all devices on that hub must belong to the same VLAN.
page 5
MODULE 9: VLANs
Without VLANs No Broadcast Control

ARP Request
172.30.1.21 255.255.255.0
Switch 1
172.30.2.12 255.255.255.0
172.30.2.10 255.255.255.0
172.30.1.23 255.255.255.0
No VLANs Same as a single VLAN Two Subnets
Without VLANs, the ARP Request would be seen by all hosts.
Again, consuming unnecessary network bandwidth and host processing cycles.

page 6
MODULE 9: VLANs
With VLANs Broadcast Control

Switch Port: VLAN ID
ARP Request
172.30.1.21 255.255.255.0 VLAN 1
Switch 1
172.30.2.12 255.255.255.0 VLAN 2
172.30.2.10 255.255.255.0 VLAN 2
172.30.1.23 255.255.255.0 VLAN 1
1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN
Two VLANs Two Subnets

page 7
MODULE 9: VLANs
Broadcast domains with VLANs and routers
A VLAN is a broadcast domain created by one or more switches. The network design below creates three separate broadcast domains.
1) Without VLANs
1) Switch without VLANs. One LAN. Single IP network. One broadcast domain, 3 collision domains Each group (switch) is on a different IP network. 3) Using VLANs. Switch is configured with the ports on the appropriate VLAN.
page 8
MODULE 9: VLANs
Broadcast domains with VLANs and routers (2)

One link per VLAN or a single VLAN Trunk
1) With VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
page 9
MODULE 9: VLANs
Improve BW Utilization & Decrease Latency
Bandwidth is shared in legacy Ethernet; a switch improves BW

utilization by eliminating collisions (micro-segmentation).
VLANs further improve BW utilization by confining broadcasts and

other traffic
Switches only flood ports that belong to the source ports VLAN If switches and VLANs were used here instead of routers, as shown in
figure below, Accounting users would experience less latency.
VLAN
page 10
MODULE 9: VLANs
VLAN operation
There are two types of VLANs
Each switch port can be assigned to a different VLAN. Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts.
page 11
MODULE 9: VLANs
VLAN operation (Static)
Static membership VLANs are called port-based or port-centric membership

VLANs. As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached. The default VLAN for every port in the switch is the management VLAN. The VLAN is always VLAN 1 and may NOT be deleted. All other ports on the switch may be reassigned to alternate VLANs.
page 12
MODULE 9: VLANs
VLAN operation (dynamic)
Dynamic membership VLANs are created through network management

software. In practice, dynamic VLANs not as common as static VLANs) Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, it queries a database within the switch for a VLAN membership.
page 13
MODULE 9: VLANs
VLAN operation (protocol)

172.30.1.21 255.255.255.0 VLAN 1
Switch 1
172.30.2.12 255.255.255.0 VLAN 2
1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN
172.30.2.10 255.255.255.0 VLAN 2
172.30.1.23 255.255.255.0 VLAN 1
Two VLANs Two Subnets
Important notes on VLANs: 1. VLANs are assigned on the switch port. There is no VLAN assignment done on the host (usually). 2. In order for a host to be a part of that VLAN, it must be assigned an IP address that belongs to the proper subnet. Remember: VLAN = Subnet
page 14
MODULE 9: VLANs
VLAN Types
page 15
MODULE 9: VLANs
Local VLAN and End-to-end VLAN

Local VLAN VLAN terminate at switch port end-to-end VLAN VLAN span several LAN switches Two different types of methods for frames span across different
swtich
frame filtering frame tagging (or frame identification)
page 16
MODULE 9: VLANs
Access and Trunk Links

An access link is a link on the switch that is a member of only one VLAN. Known as native VLAN of the port. Any device that is attached to the port is unaware that a VLAN exists. A trunk link is capable of supporting multiple VLANs. used to connect switches to other switches or routers. Switches support trunk links on both Fast Ethernet and Gigabit Ethernet
ports.
page 17
MODULE 9: VLANs
End-to-End VLANs
End-to-End or Campus-wide VLANs Trunking at the Core Same VLAN/Subnet no matter what the location is
on the network
NOT recommended by Cisco or other Vendors Adds complexity to network administration Does not resolve Layer 2 Spanning Tree issues Use to be recommended with routing at the Core was considered to slow.
page 18
MODULE 9: VLANs
Frame filtering
page 19
MODULE 9: VLANs
Frame Tagging
Frame Tagging is used when a link needs to carry traffic for more than one
VLAN. Uniquely assigns a VLAN ID to each frame VLAN IDs assigned by switch administrator VLAN Trunk link As packets are received by the switch from any attached end-station device, a
unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address.
Chosen by IEEE for its scalability Gaining recognition as the standard trunking mechanism IEEE 802.1q states that Frame Tagging is the way to implement VLANs Upon reaching the destination node (Switch) the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device.
page 20
MODULE 9: VLANs
Frame Tagging
No VLAN Tagging
VLAN Tagging
VLAN Tagging is used when a single link needs to carry traffic for more than one VLAN. There are two major methods of frame tagging Cisco proprietary Inter-Switch Link (ISL) IEEE 802.1Q. ISL is now being replaced by 802.1Q frame tagging.
page 21
MODULE 9: VLANs
Geographic or Local VLANs

In a VLAN structure, 80 percent of the traffic is remote to the user
and 20 percent of the traffic is local to the user.
Users are required to use many different resources, many of

which are no longer in their VLAN.
Because of this shift in placement and usage of resources, VLANs

are now more frequently being created around geographic boundaries rather than commonality boundaries.
Geographic or Local VLANs

More common Routing at the core Different VLAN/Subnet depending upon location
As many corporate networks have moved to centralize their

resources, end-to-end VLANs have become more difficult to maintain.
page 22
MODULE 9: VLANs
Configuring static VLANs
The following guidelines must be followed when configuring VLANs on Cisco

29xx switches: The maximum number of VLANs is switch dependent.
29xx switches commonly allow 4,095 VLANs
VLAN 1 is one of the factory-default VLANs. VLAN 1 is the default Ethernet VLAN. Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP)
advertisements are sent on VLAN 1. The Catalyst 29xx IP address is in the VLAN 1 broadcast domain by default. The switch must be in VTP server mode to create, add, or delete VLANs. (This is not true. Switch could be in VTP Transparent mode.
page 23
MODULE 9: VLANs
Creating VLANs
Assigning access ports (non-trunk ports) to a specific VLAN

Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan vlan_number
Create the VLAN: (This step is not required and will be discussed later.)
Switch#vlan database Switch(vlan)#vlan vlan_number Switch(vlan)#exit
page 24
MODULE 9: VLANs
Creating VLANs
Default vlan 1
vlan 10
Default vlan 1
Assign ports to the VLAN

Switch(config)#interface fastethernet 0/9 Switch(config-if)#switchport access vlan 10
access Denotes this port as an access port and not a trunk link (later)
page 25
MODULE 9: VLANs
Creating VLANs
Default vlan 1
vlan 300
Default vlan 1
page 26
MODULE 9: VLANs
Configuring Ranges of VLANs
vlan 2
SydneySwitch(config)#interface fastethernet 0/5 SydneySwitch(config-if)#switchport access vlan 2 SydneySwitch(config-if)#exit SydneySwitch(config)#interface fastethernet 0/6 SydneySwitch(config-if)#switchport access vlan 2 SydneySwitch(config-if)#exit SydneySwitch(config)#interface fastethernet 0/7 SydneySwitch(config-if)#switchport access vlan 2
page 27
MODULE 9: VLANs
Configuring Ranges of VLANs
vlan 3
SydneySwitch(config)#interface range fastethernet 0/8, fastethernet 0/12
SydneySwitch(config-if)#switchport access vlan 3

SydneySwitch(config-if)#exit This command does not work on all 2900 switches, such as the 2900 Series XL. It does work on the 2950.
page 28
MODULE 9: VLANs
Creating VLANs
Default vlan 1
vlan 300
Default vlan 1
SydneySwitch(config)#interface fastethernet 0/1 SydneySwitch(config-if)#switchport mode access SydneySwitch(config-if)#exit Note: The switchport mode access command should be configured on all ports that the network administrator does not want to become a trunk port.
This will be discussed in more in the next chapter, section on DTP.
page 29
MODULE 9: VLANs
Creating VLANs
Default: dynamic desirable
This link will become a trunking link unless one of the ports is configured with as an access link, I.e. switchport mode access
By default, all ports are configured as switchport mode dynamic desirable,

which means that if the port is connected to another switch with an port configured with the same default mode (or desirable or auto), this link will become a trunking link. (See my article on DTP on my web site for more information.)
When the switchport access vlan command is used, the switchport

mode access command is not necessary since the switchport access vlan command configures the interface as an access port (non-trunk port).
This will be discussed in more in the next chapter, section on DTP.

page 30
MODULE 9: VLANs
Verifying VLANs show vlan
vlan 1 default
vlan 2
vlan 3
page 31
MODULE 9: VLANs
Summary
Switch is designed to physically segment a LAN into individual domains LAN typically configured according to the physical infrastructure it connects LANs that use LAN switching devices - VLAN technology is cost effective and an
efficient way of grouping network users into virtual workgroups regardless of their physical placement
VLANs work at Layer 2 and Layer 3 of the OSI layers VLAN architecture allow transportation of VLAN information between
interconnected switches and routers on the corporate backbone
Two types of VLAN: static and dynamics (MAC); a special dynamic VLAN is called protocol VLAN that based on its logical
address
Most common approach for logically grouping users into distinct VLANS (i.e.
trunking of different VLANs) are frame filtering and frame tagging.
page 32
MODULE 9: VLANs
Summary (2)
Types of VLANS Port-centric or Static (most common) Dynamic (based on MAC address) Protocol (Layer 3, or directory service) VLANs provide benefits Reduce administration costs easy to move, additions and
changes
Controlled broadcast activity Workgroup and network security Higher performance / security by using existing infrastructure
and cables (i.e. save money)
page 33
MODULE 9: VLANs
QUIZ
see answer in note page

page 34
MODULE 9: VLANs
QUIZ

page 35
MODULE 9: VLANs
QUIZ

page 36
MODULE 9: VLANs
QUIZ

page 37
MODULE 9: VLANs
QUIZ

page 38
MODULE 9: VLANs
QUIZ

page 39
MODULE 9: VLANs
QUIZ

page 40

CH09 04 Vlan

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CH09 04 Vlan

Uploaded by

Copyright:

Available Formats

.

Switched networks that are logically segmented on an organizational basis by

Reasons to use VLANs

HD ICT Enterprise Network

HD ICT Enterprise Network

Without VLANs No Broadcast Control

No VLANs Same as a single VLAN Two Subnets

Without VLANs, the ARP Request would be seen by all hosts.

Again, consuming unnecessary network bandwidth and host processing cycles.

HD ICT Enterprise Network

With VLANs Broadcast Control

172.30.1.21 255.255.255.0 VLAN 1

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

Two VLANs Two Subnets

Broadcast domains with VLANs and routers

Broadcast domains with VLANs and routers (2)

HD ICT Enterprise Network

Improve BW Utilization & Decrease Latency

Bandwidth is shared in legacy Ethernet; a switch improves BW

VLANs further improve BW utilization by confining broadcasts and

HD ICT Enterprise Network

VLAN operation (Static)

Static membership VLANs are called port-based or port-centric membership

VLAN operation (dynamic)

Dynamic membership VLANs are created through network management

VLAN operation (protocol)

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

Two VLANs Two Subnets

HD ICT Enterprise Network

Local VLAN and End-to-end VLAN

frame filtering frame tagging (or frame identification)

HD ICT Enterprise Network

Access and Trunk Links

HD ICT Enterprise Network

HD ICT Enterprise Network

HD ICT Enterprise Network

HD ICT Enterprise Network

Geographic or Local VLANs

Users are required to use many different resources, many of

Because of this shift in placement and usage of resources, VLANs

Geographic or Local VLANs

As many corporate networks have moved to centralize their

Configuring static VLANs

The following guidelines must be followed when configuring VLANs on Cisco

Assigning access ports (non-trunk ports) to a specific VLAN

Assign ports to the VLAN

HD ICT Enterprise Network

HD ICT Enterprise Network

Configuring Ranges of VLANs

Configuring Ranges of VLANs

SydneySwitch(config)#interface range fastethernet 0/8, fastethernet 0/12

SydneySwitch(config-if)#switchport access vlan 3

This will be discussed in more in the next chapter, section on DTP.

HD ICT Enterprise Network

Default: dynamic desirable

By default, all ports are configured as switchport mode dynamic desirable,

When the switchport access vlan command is used, the switchport

This will be discussed in more in the next chapter, section on DTP.

Verifying VLANs show vlan

HD ICT Enterprise Network