TN 323: LAN SWITCHING

Lecture 05: Virtual Local Area

Networks (VLANs)
Objectives
▪ Explain the role of VLANs in a network.

▪ Explain the role of trunking VLANs in a network.

▪ Configure VLANs on the switches in a network topology.

▪ Troubleshoot the misconfigurations associated with VLANs

Introducing VLANs (Before VLANs)
▪ Consider a small community college with student dorms
and the faculty offices all in one building.
–The figure shows the student computers in one LAN and
the faculty computers in another LAN.
–This works fine because each department is physically
together, so it is easy to provide them with their network
resources.
▪ A year later, the college has grown and now has 3
buildings.
–In the figure, student and faculty computers are spread
out across three buildings.
–The student dorms remain on the fifth floor and the
faculty offices remain on the third floor.
▪ How can the network accommodate the shared needs of
the geographically separated departments?
–Do you create a large LAN and wire each department
together?
–It would be great to group the people with the
resources they use regardless of their geographic
location
VLAN Overview
▪ The solution for the community college is to use a
networking technology called a virtual LAN (VLAN).
–A VLAN allows a network administrator to create
groups of logically networked devices that act as if they
are on their own independent network, even if they share a
common infrastructure with other VLANs.
–Using VLANs, you can logically segment switched
networks based on functions, departments, or project
teams.
–A VLAN is a logically separate IP subnetwork.
▪ In the figure, one VLAN is created for students and
another for faculty.
–These VLANs allow the network administrator to
implement access and security policies to particular
groups of users.
–For example, the faculty, but not the students, can be
allowed access to e-learning management servers for
developing online course materials.
VLAN Overview
▪ For computers to communicate on the same VLAN,
– Each must have an IP address and a subnet mask that is
consistent for that VLAN.
– The switch has to be configured with the VLAN
– Each port in the VLAN must be assigned to the VLAN.
– A switch port with a singular VLAN configured on it is
called an access port.
– Remember, just because two computers are physically
connected to the same switch does not mean that they can
communicate.
– Devices on two separate networks and subnets must
communicate via a router (Layer 3), whether or not
VLANs are used.
VLAN Overview
Remember, just because two computers
are physically connected to the same
switch does not mean that they can
communicate.
 VLAN Operations
Switch A • Each logical VLAN is like a
separate physical switch

• Management/HR Department (red)

• Accounting Department (black)
• Data Recovery & IT Department (green)
•Practically we use numbers and
Red Black Green
VLAN VLAN VLAN (optionaly) names to identify VLANs

Switch A Switch B
• Each logical
VLAN is like a
separate physical
switch
• VLANs can span
across multiple
VLAN 1 VLAN 2 VLAN 4 VLAN 1 VLAN 2 VLAN 3 switches
Benefits of a VLAN
▪ The primary benefits of using VLANs are:
–Security - Groups that have sensitive data are separated from the rest of the
network.
–Cost reduction - Cost savings result from less need for expensive network
upgrades and more efficient use of existing bandwidth and uplinks.
–Higher performance - Dividing flat Layer 2 networks into multiple logical
workgroups (broadcast domains) reduces unnecessary traffic on the network.
–Broadcast storm mitigation - Dividing a network into VLANs reduces the
number of devices that may participate in a broadcast storm.
–Improved IT staff efficiency - VLANs make it easier to manage the
network.
•When you provision a new switch, all the policies and procedures
already configured for the particular VLAN are implemented when the
ports are assigned.
–Simpler project or application management - Having separate functions
makes working with a specialized application easier, for example, an e-
learning development platform for faculty.
VLAN Standards (Tagging Protocol): Cisco ISL and
IEEE 802.1Q (also called dot1q)
▪ Some Cisco switch can be configured to support 2 types of trunk
ports,
–IEEE 802.1Q and ISL (Cisco propriatery)
–Today only 802.1Q is used. However, legacy networks may
still use ISL An 802.1Q trunk port supports simultaneous
tagged and untagged traffic.
•An 802.1Q trunk port is assigned a default PVID, and all
untagged traffic travels on the port default PVID.
•All untagged traffic and tagged traffic with a null VLAN
ID are assumed to belong to the port default PVID.
•A packet with a VLAN ID equal to the outgoing port
default PVID is sent untagged. All other traffic is sent with a
VLAN tag.
IEEE 802.1Q Frame Format
TWO VLAN ID Ranges
▪ Normal Range VLANs
–Identified by a VLAN ID between 1 and 1005.
–IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
–IDs 1 and 1002 to 1005 are automatically created and cannot be
removed.
–Configurations are stored within a VLAN database file, called vlan.dat.
•The vlan.dat file is located in the flash memory.
–The VLAN trunking protocol (VTP), can only learn normal range
VLANs.
▪ Extended Range VLANs
–Enable service providers to extend their infrastructure to a greater
number of customers.
–Identified by a VLAN ID between 1006 and 4094.
–Support fewer VLAN features.
–Are saved in the running configuration file.
Common VLAN Terminologies
▪ Default VLAN
–All switch ports become a member of the default VLAN after the initial
boot up of the switch.
–The default VLAN for Cisco switches is VLAN 1.
–VLAN 1 cannot be renamed and deleted.
▪Native VLAN
–Untagged traffic is said to be coming from a Native VLAN
–For Cisco, Native VLAN is by default VLAN 1
–An 802.1Q trunk port supports traffic coming from VLANs (tagged
traffic) as well as traffic that does not come from a VLAN (untagged
traffic).
–The 802.1Q trunk port places untagged traffic on the native VLAN.
–Native VLANs are set out in the IEEE 802.1Q specification to maintain
backward compatibility with untagged traffic common to legacy LAN
scenarios.
–It is a best practice to use a VLAN other than VLAN 1 as the native
VLAN
Common VLAN Terminologies
▪ Management VLAN
–A management VLAN is any VLAN you configure to access the
management capabilities of a switch.
–You assign the management VLAN an IP address and subnet mask.
▪Access Port
–Any port in a switch which is allowed access/belong to a single VLAN.
An access port can not belong to more than one VLAN at a time
–Wen normally configure ports connected to end devices as Access ports
▪Trunk Port
–These are ports that connect a switch to another switch or router
–Trunk ports are configured to carry out traffic of more that one VLAN
▪Dynamic Port:
–Will negotiate to be either trunk/access when connected
Common VLAN Terminologies
▪ Trunk Port Vs. Access Ports
Common VLAN Terminologies
A Trunk in Action
1) In the figure, PC1 on VLAN 10 and PC3 on VLAN 30 send
broadcast frames to switch S2.
Configuring VLANs and Trunks
Step 5: Attach Computers to Respective Ports
▪ Attach Computers to respective ports
– Remember that each vlan is an IP subnet, so each
VLAN shall have its IP address range which does not
interfere/overlap with other VLAN Subnets
▪ IP Address Assignment
–If you are using manual IP configuration, assign each
device an IP address within the choosen subnet.
–If your are using DHCP server, then each VLAN must
have the corresponding IP address pool configured
Step 6: Test Communication Between Members of the
same VLAN
Class Activity

VLAN CONFIGURATION AND

TESTING FOR A SINGLE
SWITCH
Summary
▪ VLANS
Allows an administrator to logically group devices
that act as their own network
Are used to segment broadcast domains
Some benefits of VLANs include
Cost reduction, security, higher performance,
better management
Summary

▪ EEE 802.1Q
The standard VLAN trunking protocol
Uses frame tagging to identify
Tony Chen CODthe VLAN to which a
frame belongs
Cisco Networking Academy
Does not tag native VLAN traffic
▪ Any VLAN is a complete network subnet (it has its own
IP address range, gateway and other settings)
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN
Simple Two VLAN