MODULE 3: VLANs

VLANs - logical connections with other similar devices

Placing devices into various VLANs have the following characteristics:
- Provides segmentation of the various groups of devices on the same switches
- Provide organization that is more manageable
- Broadcasts, multicasts and unicasts are isolated in the individual VLAN
- Each VLAN will have its own unique range of IP addressing
- Smaller broadcast domains

Benefits of a VLAN Design

BENEFITS of USING VLAN: SIIRBS
 Smaller Broadcast Domains - Dividing the LAN reduces the number of broadcast domains
 Improved Security - Only users in the same VLAN can communicate together
 Improved IT Efficiency - VLANs can group devices with similar requirements, e.g., faculty vs. students
 Reduced Cost - One switch can support multiple groups or VLANs
 Better Performance - Small broadcast domains reduce traffic, improving bandwidth
 Simpler Management - Similar groups will need similar applications and other network resources

TYPES OF VLANS: VDNMV

Default VLAN
 VLAN 1 is the FF: default VLAN, default Native VLAN, Mgmt. VLAN, can’t be deleted/renamed
Data VLAN - Dedicated to user-generated traffic (email and web traffic), VLAN 1 is the default data VLAN
Native VLAN – used for trunk links only
Management VLAN - used for SSH/Telnet VTY traffic and should not be carried with end user traffic, Typically, the VLAN that is the
SVI for the Layer 2 switch
Voice VLAN – assured bandwidth, high QoS priority, ability to avoid congestion, delay less that 150 ms from source to destination

Defining VLAN Trunks

Trunk – point-to-point link between two network devices
Trunk functions:
 Allow more than one VLAN
 Extend the VLAN across the entire network
 By default, supports all VLANs
 Supports 802.1Q trunking

Without VLANs, all devices connected to the switches will receive all unicast, multicast, and broadcast traffic
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer 3 device to connect the VLANs, devices
in different VLANs cannot communicate

VLAN Identification with a Tag:

- The IEEE 802.1Q header is 4 Bytes
- When the tag is created the FCS must be recalculated
- When sent to end devices, this tag must be removed and the FCS recalculated back to its original number

802.1Q VLAN TAG FIELD: TUCV

- Type - 2-Byte field with hexadecimal 0x8100; This is referred to as Tag Protocol ID (TPID)
- User Priority - 3-bit value that supports
- Canonical Format Identifier (CFI) -1-bit value that can support token ring frames on Ethernet
- VLAN ID (VID) - 12-bit VLAN identifier that can support up to 4096 VLANs

802.1Q trunk basics:

- Tagging is typically done on all VLANs
- The use of a native VLAN was designed for legacy use, like the hub in the example
- Unless changed, VLAN 1 is the native VLAN
- Both ends of a trunk link must be configured with the same native VLAN
- Each trunk is configured separately, so it is possible to have a different native VLANs on separate trunks

The VoIP phone is a three-port switch:

 The switch will use CDP (Cisco Discovery Protocol) to inform the phone of the Voice VLAN
 The phone will tag its own traffic (Voice) and can set Cost of Service (CoS). CoS is QoS for layer 2.
 The phone may or may not tag frames from the PC
Traffics: VA
- Voice VLAN - tagged with an appropriate Layer 2 class of service (CoS) priority value
- Access VLAN - can also be tagged with a Layer 2 CoS priority value; is not tagged (no Layer 2 CoS priority value)
show interfaces fa0/18 switchport - show us both data and voice VLANs assigned to the interface
VTP - VLAN Trunking Protocol
Catalyst switches 2960 and 3650 support over 4000 VLANs

Normal Range VLAN 1 – 1005

- Used in Small to Medium sized businesses
- 1002 – 1005 are reserved for legacy VLANs
- 1, 1002 – 1005 are auto created and cannot be deleted
- Stored in the vlan.dat file in flash
- VTP can synchronize between switches

Extended Range VLAN 1006 – 4095

- Used by Service Providers
- Are in Running-Config
- Supports fewer VLAN features
- Requires VTP configurations

VLAN CREATION COMMANDS:

- configure terminal - Enter global configuration mode
- vlan vlan-id - Create a VLAN with a valid ID number
- name vlan-name - Specify a unique name to identify the VLAN
- end - Return to the privileged EXEC mode

VLAN PORT ASSIGNMENT COMMANDS:

- configure terminal – Enter global configuration mode
- interface interface-id – Enter interface configuration mode
- switchport mode access – Set the port to access mode
- switchport access vlan vlan-id - Assign the port to a VLAN
- end – Return to the privileged EXEC mode

VERIFY VLAN INFORMATION:

- brief - Display VLAN name, status, and its ports one VLAN per line
- id vlan-id - Display information about the identified VLAN ID number
- name vlan-name - Display information about the identified VLAN name. The vlan-name is an ASCII string from 1 to 32
characters
- summary - Display VLAN summary information

no switchport access vlan – place interface back in VLAN 1

show vlan brief or the show interface fa0/18 switchport - verify the correct VLAN association
no vlan vlan-id – delete VLANs

TRUNK CONFIGURATION COMMANDS:

- configure terminal – enter global configuration mode
- interface interface-id - Enter interface configuration mode
- switchport mode trunk - Set the port to permanent trunking mode
- switchport trunk native vlan vlan-id - Sets the native VLAN to something other than VLAN 1
- switchport trunk allowed vlan vlan-list - Specify the list of VLANs to be allowed on the trunk link
- end - Return to privileged EXEC mode

switchport mode additional options…

Use the switchport nonegotiate interface configuration command to stop DTP negotiation
OPTIONS:
- access - Permanent access mode and negotiates to convert the neighbouring link into an access link
- dynamic auto - Will becomes a trunk interface if the neighbouring interface is set to trunk or desirable mode
- dynamic desirable - Actively seeks to become a trunk by negotiating with other auto or desirable interfaces
- trunk - Permanent trunking mode and negotiates to convert the neighbouring link into a trunk link