Scribd
Upload
3 views

NetLabT2_L1 & L2

The document provides an overview of Virtual Local Area Networks (VLANs), explaining their purpose in network segmentation, security, and performance. It details the configuration of VLANs, including VLAN ID ranges, trunking methods, and the use of protocols like Dynamic Trunking Protocol (DTP) and VLAN Trunking Protocol (VTP) for managing VLAN information across switches. Additionally, it outlines the differences between default and native VLANs, and includes configuration examples for setting up VLANs on switches.

Uploaded by

alkhowlanyr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

NetLabT2_L1 & L2

The document provides an overview of Virtual Local Area Networks (VLANs), explaining their purpose in network segmentation, security, and performance. It details the configuration of VLANs, including VLAN ID ranges, trunking methods, and the use of protocols like Dynamic Trunking Protocol (DTP) and VLAN Trunking Protocol (VTP) for managing VLAN information across switches. Additionally, it outlines the differences between default and native VLANs, and includes configuration examples for setting up VLANs on switches.

Uploaded by

alkhowlanyr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

IBB University Department of Electrical Engineering

Level: 4
Faculty of Engineering
Networks Lab

Virtual LAN
Lect 1 & 2

Eng. Abeer Mohammed


֎ Virtual Local Area Network or a Virtual LAN (VLAN)

A VLAN is a virtual LAN that allows you to segment your network without the need for physical
segmentation logically. VLANs are very flexible and can be used to provide security, flexibility, and
performance benefits. VLANs work by encapsulating Ethernet frames with a VLAN header that
contains the VLAN ID. This ID is used to identify which devices are on which VLAN.
VLANs are created by adding switch ports to a particular VLAN. Devices on the same VLAN can
communicate with each other without the need for a router. By default, all devices are assigned to
VLAN 1, known as the default VLAN.
❖ Implementing VLAN reduces CPU overhead on each device and improves host performance, by
reducing the number of devices that send broadcast frames.

❖ Implementing VLAN enhances network security. A malicious user can no longer just plug
their workstation into any switch port and sniff the network traffic using a packet sniffer.

❖ Implementing VLAN creates more flexible designs that group users by department, or by
groups that work together, instead of by physical location

Ѻ VLAN ranges:

VLAN ID: The most critical component of the VLAN tag is the VLAN Identifier (VLAN ID), a 12-
bit field. The VLAN ID is used to identify the specific VLAN to which the frame belongs. This
identifier ranges from 1 to 4095, with some IDs reserved for specific purposes.

▪ VLAN 0, 4095: These are reserved VLAN which cannot be seen or used.
▪ VLAN 1: It is the default VLAN of switches. By default, all switch ports are in VLAN. This
VLAN can’t be deleted or edit but can be used.
▪ VLAN 2-1001: This is a normal VLAN range. We can create, edit and delete these VLAN.
▪ VLAN 1002-1005: These are CISCO defaults for fddi and token rings. These VLAN can’t be
deleted.
▪ Vlan 1006-4094: This is the extended range of Vlan.
Ѻ Configuration

Can simply create VLANs by simply assigning the vlan-id and Vlan name.
#switch1(config)#vlan 2

#switch1(config-vlan)#vlan accounts

Eng. Abeer Mohammed 2


Here, 2 is the Vlan I’d and accounts is the Vlan name. Now, assign Vlan to the switch ports.e.g

Switch(config)#int fa0/0

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access Vlan 2

Also, switchport range can be assigned to required vlans.

Switch(config)#int range fa0/0-2

Switch(config-if)#switchport mode access

Switch(config-if) #switchport access Vlan 2

By this, switchport fa0/0, fa0/1, fa0-2 will be assigned Vlan 2.

VLAN Configuration

Switch>enable
Switch# configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name ENG
Switch(config-vlan)# exit

Switch(config)#vlan 20
Switch(config-vlan)#name IT
Switch(config-vlan)#exit
Switch# show vlan
Switch# configure terminal

Eng. Abeer Mohammed 3


Switch(config)#interface range f0/1 - 12
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit

Switch(config)#interface range f0/13 - 24


Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#end
Switch# show vlan brief

Example:

֎ The configuration
Switch>enable
Switch# configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name Chemistry_Lab
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name Physics_Lab
Switch(config-vlan)#exit

Eng. Abeer Mohammed 4


Switch(config)#vlan 30
Switch(config-vlan)#name Biology_Lab
Switch(config-vlan)#exit
Switch(config)#exit
Switch#show vlan brief

Switch# configure terminal


Switch(config)#interface range f0/1 - 8
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit

Switch(config)#interface range f0/9 - 16


Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#interface range f0/17 - 24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#end
Switch#show vlan brief
Switch# configure terminal
Switch(config)#int vlan 10
Switch(config-if)#ip add 192.168.10.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#int vlan 20
Switch(config-if)#ip add 192.168.20.1 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int vlan 30
Switch(config-if)#ip add 192.168.30.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#end

Eng. Abeer Mohammed 5


Switch# configure terminal
Switch(config)#ip dhcp pool Netvlan10
Switch(dhcp-config)#network 192.168.10.0 255.255.255.0
Switch(dhcp-config)#default-router 192.168.10.1
Switch(dhcp-config)#exit
Switch(config)#ip dhcp excluded-address 192.168.10.1

Switch(config)#ip dhcp pool Netvlan20


Switch(dhcp-config)#network 192.168.20.0 255.255.255.0
Switch(dhcp-config)#default-router 192.168.20.1
Switch(dhcp-config)#exit
Switch(config)#ip dhcp excluded-address 192.168.20.1

Switch(config)#ip dhcp pool Netvlan30


Switch(dhcp-config)#network 192.168.30.0 255.255.255.0
Switch(dhcp-config)#default-router 192.168.30.1
Switch(dhcp-config)#exit
Switch(config)#ip dhcp excluded-address 192.168.30.1
Switch(config)#end
Switch#copy running-config startup-config
Switch# show ip int brief

❖ VLAN Trunking
Trunking and Frame Forwarding: Trunking, enabled by IEEE 802.1Q, allows switches to

transmit frames from multiple VLANs over a single physical link. Each frame is tagged before

transmission. On the receiving end, switches extract the VLAN tag, allowing them to direct the

frame to the appropriate VLAN or perform inter-VLAN routing.

VLAN Tagging: When a switch receives an Ethernet frame that needs to be transmitted across a

trunk link or to a device in a different VLAN, it adds the appropriate VLAN tag to the frame’s

header. This tag encapsulates the frame with the necessary VLAN information.

Eng. Abeer Mohammed 6


Trunk Encapsulation
There are two Ethernet trunking methods:
1. Cisco's proprietary InterSwitch Link (ISL) protocol for Ethernet.
2. IEEE's 802.1Q, commonly referred to as dot1q for Ethernet.
IEEE 802.1Q is a foundational protocol that enables the effective implementation of VLANs. By
facilitating VLAN tagging and trunking, IEEE 802.1Q empowers network administrators to create
flexible, efficient, and secure networks.

SW2> enable
SW2# configure terminal
SW2(config)# interface gigethernet 0/1
SW2(config-if)# switchport trunk encapsulation ?
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on interface

֎ The configuration
In SW1

SW1> enable
SW1# configure terminal
SWl(config)# vlan 10
SWl(config-vlan)# exit
SWl(config)# vlan 11
SWl(config-vlan)# exit

Eng. Abeer Mohammed 7


SWl(config)# interface range f0/1 - 8
SWl(config-if-range)#switchport mode access
SWl(config-if-range)# switchport access vlan 1
SWl(config-if-range)# exit

SWl(config)# interface range f0/9 -16


SWl(config-if-range)# switchport mode access
SWl(config-if-range)# switchport access vlan 10
SWl(config-if-range)# exit

SWl(config)# interface range fa0/17 - 24


SWl(config-if-range)# switchport mode access
SWl(config-if-range)# switchport access vlan 11
SWl(config-if-range)# exit

SWl(config)# interface gig 0/1


SW1(config-if)# switchport trunk encapsulation dot1q
SW1 (config-if)#switchport trunk allowed vlan 10,11
SWl(config-if)# switchport mode trunk
SWl(config-if)# end
SWl# show interface trunk

SWl #conf t
SWl (config)#int vlan 1
SWl (config-if)#ip add 192.168.1.1 255.255.255.0
SWl (config-if)#no shutdown
SWl (config-if)#int vlan 10
SWl (config-if)#ip add 192.168.2.1 255.255.255.0
SWl (config-if)#no shutdown
SWl (config-if)#int vlan 11
SWl (config-if)#ip add 192.168.3.1 255.255.255.0
SWl (config-if)#no shutdown

Eng. Abeer Mohammed 8


In SW2

SW2> enable
SW2# configure terminal
SW2(config)# vlan 10
SW2(config-vlan)# exit
SW2(config)# vlan 11
SW2(config-vlan)# exit

SW2(config)# interface range f0/1 - 8


SW2 (config-if-range) #switchport mode access
SW2 (config-if-range) #switchport access vlan 1
SW2 (config-if-range) #exit

SW2(config)# interface range f0/9 -16


SW2 (config-if-range) #switchport mode access
SW2 (config-if-range) #switchport access vlan 10
SW2 (config-if-range) #exit
SW2(config)# interface range fa0/17 - 24
SW2 (config-if-range) #switchport mode access
SW2 (config-if-range) #switchport access vlan 11
SW2 (config-if-range) #exit

SW2(config)# interface gig 0/1


SW2(config-if)# switchport trunk encapsulation dot1q
SW2 (config-if)#switchport trunk allowed vlan 10,11
SW2(config-if)# switchport mode trunk
SW2(config-if)# end
SW2# show interface trunk
SW2 #conf t
SW2 (config)#int vlan 1
SW2 (config-if)#ip add 192.168.1.1 255.255.255.0
SW2 (config-if)#no shutdown

Eng. Abeer Mohammed 9


SW2 (config-if)#int vlan 10
SW2 (config-if)#ip add 192.168.2.1 255.255.255.0
SW2 (config-if)#no shutdown
SW2 (config-if)#int vlan 11
SW2 (config-if)#ip add 192.168.3.1 255.255.255.0
SW2 (config-if)#no shutdown
SW2 (config-if)#exit

֎ Native VLAN

A native VLAN is a special VLAN whose traffic traverses on the 802.1Q trunk without any VLAN
tag. A native VLAN is defined in 802.1Q (it supports untagged traffic while inter-switch link
doesn’t support untagged traffic.) trunk port standard which supports traffic coming from several
VLANs as well as the traffic that doesn’t come from a VLAN. The native VLAN is per trunk per
switch configuration. The 802.1Q trunk port assigns untagged traffic on a native VLAN. That is,
the native VLAN detects and identifies traffic coming from each end of a trunk link. By default, the
native VLAN is VLAN 1, but it can be changed to any number such as VLAN 10, VLAN 20,
VLAN 99, etc.

Switch(config)#int g0/1
Switch(config-if)# switchport trunk native vlan 10

Difference Between Default VLAN and Native VLAN

Criteria Default VLAN Native VLAN

Modification of The default VLAN is always VLAN 1, By default, Native VLAN is VLAN 1, but it
VLAN and it can’t be changed. can be changed to any VLAN.

Untagged Traffic can be sent irrespective of Default


Traffic will be sent when both Default and
traffic in and Native VLAN being the same or
Native VLAN are the same.
VLAN different.

Default VLAN is specified through the Native VLAN is specified through the
Operand
VLAN operand command. NATIVE operand command.
Disabling of It is not possible to disable Default
It is possible to disable VLAN.
VLAN VLAN.
Encapsulation
It supports .1Q as well as ISL. It only supports .1Q.
type
Tagging is allowed in Native VLAN if
Tagging Tagging is allowed in default VLAN.
required but it is Untagged by default.

Eng. Abeer Mohammed 10


Ѻ Dynamic Trunking Protocol (DTP)

DTP, is a trunking protocol that is developed and proprietary to Cisco which is used to
automatically negotiate trunks between Cisco switches. Trunk negotiations are managed by DTP
only if the port is directly connected to each other.

The scenarios in which the switch interface will either become a trunk or access interface.
Dynamic Dynamic
trunk access
Auto desirable
Dynamic Auto access trunk trunk access

Dynamic desirable trunk trunk trunk access


limited
trunk trunk trunk trunk
connectivity

access access access limited connectivity access

Ѻ VLAN Trunking Protocol (VTP)

VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to
exchange VLAN information. With VTP, you can synchronize VLAN information (such as VLAN
ID or VLAN name) with switches inside the same VTP domain. A VTP domain is a set of trunked
switches with the matching VTP settings (the domain name, password and VTP version). All
switches inside the same VTP domain share their VLAN information with each other.To better
understand the true value of VTP, consider an example network with 100 switches. Without VTP, if
you want to create a VLAN on each switch, you would have to manually enter VLAN configuration
commands on every switch! VTP enables you to create the VLAN only on a single switch. That
switch can then propagate information about the VLAN to every other switch on the network and
cause other switches to create it. Likewise, if you want to delete a VLAN, you only need to delete it
on one switch, and the change is automatically propagated to every other switch inside the same
VTP domain.

Requirements – There are some requirements for VTP to communicate VLAN information
between switches. These are:
1. The VTP version must be same on the switches user wants to configure
2. VTP domain name must be same on the switches
3. One of the switches must be a server
4. Authentication should match if applied

Eng. Abeer Mohammed 11


VTP modes

• Server – The switches are set to this mode by default. This mode allows you to create, add and
delete VLANs. The changes you want to make should be done in this mode. Any changes that are
done on this mode(on a particular switch) will be advertised to all the switches that are in the same
VTP domain. In this mode, the configuration are saved in NVRAM.

Configuration – User will first make the switch VTP server


Switch# config terminal
Switch(config)#vtp mode server
Now, User has to make a VTP domain and assign a password for authentication.
Switch(config)#vtp domain ENG
Switch(config)#vtp password Net123
User can verify the configuration by:
Switch(config)#do show vtp password
Switch(config)#do show vtp
switch(config)#do show vtp status
• Client – In this mode, the switches receive the updates and can also forward the updates to other
switches(which are in the same VTP domain). The updates received here are not saved in NVRAM
so all the configuration will be deleted if the switch is reset or reloaded i.e the switches will only
learn and pass the VTP summary advertisements to the other switches.
Configuration – As the switches are set to server mode by default, therefore user can change it to
client mode by:
Switch(config)#vtp mode client
• Transparent – This mode only forwards the VTP summary advertisements through trunk link. The
transparent mode switches can make their own local database which keep secret from other
switches. The whole purpose of transparent mode is to forward the VTP summary advertisements
but not to take part in the VLAN assignments.
Configuration – User can change the mode to transparent by
Switch(config)#vtp mode transparent

֎ Delete VLANs
Switch# erase startup-config
Switch# dir flash:
Switch # delete vlan.dat

Eng. Abeer Mohammed 12


OR Switch # delete flash:vlan.dat
OR Switch # erase flash:vlan.dat
Switch# reload

Inter-VLAN routing

Inter-VLAN routing is the ability to route, or send, traffic between VLANs that are normally
blocked by default. Switches and VLANs work at the MAC address Layer (Layer 2). Traffic can’t
be routed between VLANs at Layer 2 based on MAC addresses. Therefore, routers (or Layer 3
switches) that use IP addresses (Layer 3) are required for inter-VLAN routing. Inter VLAN Routing is
the process of forwarding network traffic from one VLAN to another VLAN using a router. As we know
that, VLAN trunk allows you to communicate between two or more same VLAN on different switches. Same
like this, Inter VLAN routing allows you to communicate between two or more completely different VLAN
in the same switch or other with the help of layer device Router.

Types of Inter VLAN Routing:

Inter VLAN can be configured in three different ways:

• Traditional Method
• Router on stick
• Inter VLAN in layer 3 switch

1- Traditional Method

This is an old method and not in use nowadays. In this method, you need separate physical
interfaces for each VLAN. For example, if there is 10 VLAN then your router must have 10
physical ports to configure Inter VLAN. For this reason, it is also cost-effective.

2- Router on a stick

Eng. Abeer Mohammed 13


Router configuration in which a single physical interface routes traffic between multiple VLAN on a
network is called router on a stick. This is the latest method and nowadays every network admin
using this method. This method allows you to create subinterfaces on the single port of a router. For
example, there is 10 VLAN then unlike traditional method you no need 10 physical port on a router.

Instead of this, you can add all the VLAN in the single port of a router itself by creating virtual
subinterfaces. (eg: f0/0.1, f0/0.2, f0/0.3, etc)

Example:

The configuration

In switch
Switch#enable
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name ENG
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name IT
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#name Cyber
Switch(config-vlan)#exit

Switch(config)#interface range f0/1 - 8


Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit

Eng. Abeer Mohammed 14


Switch(config)#interface range f0/9 - 16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit

Switch(config)#interface range f0/17 - 24


Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#end
Switch#show vlan brief

Switch#conf terminal
Switch(config)#interface gig 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport nonegotiate
Switch(config-if)#end
Switch#show interface trunk
Switch#write

In Router
Router>en
Router#conf t
Router(config)#int g0/1
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int g0/1.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip add 192.168.10.1 255.255.255.0
Router(config-subif)#no shut

Router(config-subif)#int g0/1.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip add 192.168.20.1 255.255.255.0
Router(config-subif)#no shut

Router(config-subif)#int g0/1.30
Router(config-subif)#encapsulation dot1Q 30

Eng. Abeer Mohammed 15


Router(config-subif)#ip add 192.168.30.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#end
Router#show ip int br
Router#show ip route

Router#configure terminal
Router(config)#ip dhcp pool Netvlan10
Router(dhcp-config)#network 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.10.1

Router(config)#ip dhcp pool Netvlan20


Router(dhcp-config)#network 192.168.20.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.20.1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.20.1

Router(config)#ip dhcp pool Netvlan30


Router(dhcp-config)#network 192.168.30.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.30.1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.30.1
Router(config)#end
Router#write

3- Inter VLAN in layer 3 switch

This method allows you to configure Inter VLAN Routing in the switch itself. But, for this, you
need layer 3 switches. You cannot configure Inter VLAN on layer 2 switch.

Eng. Abeer Mohammed 16


Multilayer Switch

A multilayer switch is a network device that has the ability to operate at higher layers of the OSI
reference model, unlike the Data Link Layer (DLL) traditionally used by switches. A multilayer
switch can perform the functions of a switch as well as that of a router at incredibly fast speeds. A
switch traditionally inspects frames, while a multilayer switch inspects deeper into the protocol
description unit (at packet or even at segment level). Multilayer switches use ASIC hardware
circuits to perform routing functions. This differs from typical routers, which reside on a
microprocessor and use applications running on it to perform their routing operations.

Homework: Configuration this network

Eng. Abeer Mohammed 17

You might also like