Scribd
Upload
5 views

7-VLAN

The document provides an overview of Virtual Local Area Networks (VLANs), detailing their characteristics, types, and configurations. It highlights the benefits of VLANs, such as reducing broadcast domains, enhancing security, and allowing for flexible network management. Additionally, it includes practical examples of VLAN configurations and inter-VLAN routing using various devices.

Uploaded by

talha.ali9ctn
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

7-VLAN

The document provides an overview of Virtual Local Area Networks (VLANs), detailing their characteristics, types, and configurations. It highlights the benefits of VLANs, such as reducing broadcast domains, enhancing security, and allowing for flexible network management. Additionally, it includes practical examples of VLAN configurations and inter-VLAN routing using various devices.

Uploaded by

talha.ali9ctn
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 47

Virtual Local Area Network

Dr. Kashif Ishaq


Virtual Local Area Network (VLAN)

Find the broadcast and collision domain in the above diagram.


Virtual Local Area Network (VLAN)

Poorly designed network because one device is a single point of failure.


Virtual Local Area Network (VLAN)
▪ Essential LANs within a LAN

▪ Accomplished with managed switches.

▪ Logical grouping of devices in the same broadcast domain.

▪ Configured on switches by placing some interfaces into one broadcast


domain and some interfaces into another.

▪ VLAN acts as a subgroup of the switch ports in an Ethernet LAN.


Virtual Local Area Network (VLAN)
▪ Assign specific switch interfaces (ports) to specific virtual
LANs.

o Human Resource VLAN (Interfaces 1, 2, 3)

o Accounting VLAN (Interfaces 4, 5, 6)

▪ All ports are in VLAN 1 by default


Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)
Physical Topology
Virtual Local Area Network (VLAN)
Logical Topology
Virtual Local Area Network (VLAN)
Logical Topology
Virtual Local Area Network (VLAN)
Logical Topology
Virtual Local Area Network (VLAN)-1
Virtual Local Area Network (VLAN)-2
CHARACTERISTICS OF
VLAN
Characteristics of VLAN

▪ Reduces Broadcast Domains


▪ Segments Network by Role
▪ Increases Security
▪ Devices cannot Communicate with other VLANS
▪ Group devices by need, Not Physical Location
Characteristics of VLAN (cont.)

▪ Virtual LANs offer a structure for making groups of devices, even if their
networks are different.

▪ Implementing VLANs reduces the security risks as the number of hosts


that are connected to the broadcast domain decreases.

▪ This is performed by configuring a separate virtual LAN for only the


hosts having sensitive information.
Characteristics of VLAN (cont.)

▪ It has a flexible networking model that groups users depending on their


departments instead of network location.

▪ Changing hosts/users on a VLAN is relatively easy. It just needs a new


port-level configuration.

▪ It can reduce congestion by sharing traffic as individual VLAN works as


a separate LAN.

▪ A workstation can be used with full bandwidth at each port.


Characteristics of VLAN (cont.)

▪ Terminal reallocations become easy.

▪ A VLAN can span multiple switches.

▪ The link of the trunk can carry traffic for multiple LANs
Types of VLAN
Types of VLAN
Data VLAN:
A VLAN that carries user data traffic which are known as user VLANS. All
switch ports that are members of a data VLAN are assigned the same VLAN
ID.

Voice VLAN:
A voice VLAN is a special type of data VLAN that is configured to carry real-
time voice traffic. Voice VLANS give priority to voice traffic over other
types of traffic, and all switch ports that are members of a voice VLAN are
assigned the same Voice Class of Service (CoS) value.

Surveillance VLAN:
A surveillance VLAN is a special type of data VLAN that is configured to
carry real-time video traffic.
Types of VLAN
Management VLAN:
A management VLAN is a special type of data VLAN that is used to carry
out-of-band management traffic for devices on a network, such as
switches, routers, and firewalls. Management VLANS typically use IP
addresses that are not routable on the public Internet.

Default VLAN:
A default VLAN is a network switch configuration in which all ports are
assigned to a single VLAN. This can simplify switch administration by
allowing all devices on the same VLAN to communicate with each other
without the need for configuring separate VLANs.
Network Diagram
Trunk Port
▪ Connect to another switch or router

▪ Transmit data from multiple VLANs

▪ Tags to get to the correct endpoint

▪ IEEE 802.1Q encapsulation or tagging method, in order to correctly


deliver the traffic on a trunk port with several VLANs

▪ Trunk Port offers higher bandwidth and lower latency

▪ ISL (Inter-Switch Link) – Cisco Proprietary – not supported


802.1Q
Frame Check Sequence

802.1Q frame take 4 byte tag


802.1Q

802.1Q VLAN tags are inserted into the Ethernet frames’


header to identify traffic from multiple VLANs and untagged
VLANs.
Original Frame:

802.1Q Frame:
802.1Q Tag Fields
802.1Q tag is a 32-bit (or 4-byte) field between the Source MAC address
and the EtherType.

Two main fields:

▪ Tag Protocol Identifier (TPID)


▪ Tag Control Information (TCI)

Tag Protocol Identifier (TPID)


This 16-bit or 2-byte field is used to identify 802.1Q tagged frames from untagged
frames.
802.1Q Tag Fields
Tag Control Information (TCI)
This 16-bit field contains the following sub-fields:

Priority Code Point (PCP) – This 3-bit field can be used in prioritizing different traffic
classes.

Drop Eligible Indicator (DEI) – This 1-bit field can indicate frames that can be dropped
in case of traffic congestion.

VLAN Identifier (VID) – This 12-bit field specifies the VLAN to which the Ethernet frame
belongs.

2^12=4096 VLANs can be created


Trunk Port

On the segment between two switches, a process called VLAN trunking is used. Let’s say that PC1 sends
a broadcast frame. SW1 “tags” the frame by inserting the VLAN ID in the header of the frame before
sending the frame to SW2. SW2 receives the frame and sees the VLAN tag, so it knows the frame
belongs to VLAN 2, so it sends it only to PC3 since that PC3 is in VLAN 2.
Access Port
▪ Connectivity of a device with a switch

▪ Transmits data to and from a specific/single VLAN

▪ Frames remain within the same VLAN

▪ Sends and receives frames that are not tagged

▪ PCs and printers to a network


Access Port
Basic Configuration
switch> enable

switch# config terminal

switch(config)# hostname S1

S1(config)# enable secret class

S1(config)# banner motd $ Authorized Users Only! $

S1# clock set 12:30:00 20 May 2024

S1# copy running-config startup-config OR Write


Creating VLANs
S1(config)# vlan 3

S1(config-vlan)# name Management

S1(config-vlan)# vlan 4

S1(config-vlan)# name Science

S1(config-vlan)# vlan 7

S1(config-vlan)# name Technology

S1(config-vlan)# vlan 8

S1(config-vlan)# name Arts


Assigning Ports to VLANs
S1(config)# interface range fa0/2 - 4

S1(config-if-range)# switchport mode access

S1(config-if-range)# switchport access vlan 3

Note: Deactivate the other ports

S1(config)# interface range fa0/5 - 24

S1(config-if-range)# shutdown
Assigning Ports to VLANs
S1# show vlan brief

VLAN Name Status Ports


---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/5

3 Management active Fa0/6

4 Science active

7 Technology active Fa0/2, Fa0/3, Fa0/4, Fa0/7, Fa0/8, Fa0/9, Fa0/10,


Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22,
Fa0/23, Fa0/24, Gi0/1, Gi0/2
8 Arts active
Trunk Between the Switches
S1(config)# interface f0/1
S1(config-if)# switchport mode trunk

S2(config)# interface f0/1


S2(config-if)# switchport mode trunk

Allowed to cross the trunk

S1(config-if)# switchport trunk allowed vlan 3,4,8


S2(config-if)# switchport trunk allowed vlan 3,4,8

S2#show interfaces trunk


Inter VLAN Routing
There are two typical devices that are used to perform routing between
VLANs:

Multilayer Switch (Layer 3 switch)


MLS switches work at both Layer 2 and Layer 3 of the OSI model which can switch
frames and perform IP routing between VLANs.

Router
There are two ways to use a router as a device that performs IP routing between VLANs.
▪ Connecting separate router interface to each VLAN and give each interface an IP
address from the respective VLAN subnet.
▪ Connecting a router with a single link to a switch trunk port and defining sub-
interfaces for each vlan. An IP address is then configured on each sub-interface from
the respective VLAN.
Inter VLAN Routing - ROAS

ROAS Physical
Scenario
Inter VLAN Routing - ROAS

ROAS Logical
Scenario
Inter VLAN Routing - ROAS
R1(config)# interface g0/1
R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface g0/1.3


R1(config-subif)# description Management Network
R1(config-subif)# encapsulation dot1q 3
R1(config-subif)# ip address 192.168.3.1 255.255.255.0

R1(config-subif)# interface g0/1.4


R1(config-subif)# description Operations Network
R1(config-subif)# encapsulation dot1q 4
R1(config-subif)# ip address 192.168.4.1 255.255.255.0
Inter VLAN Routing – MLS / SVI
Switched Virtual
Interface

MLS Physical
Scenario
Inter VLAN Routing – MLS / SVI

MLS
Logical
Scenario
Inter VLAN Routing – MLS / SVI
L3Switch(config)#vlan 10
L3Switch(config-vlan)#name IT
L3Switch(config-vlan)#exit
!
L3Switch(config)#vlan 20
L3Switch(config-vlan)#name Science
L3Switch(config-vlan)#exit

L3Switch(config)#int range fastEthernet 0/1 - 4


L3Switch(config-if-range)#switchport access vlan 10
L3Switch(config-if-range)#exit

L3Switch(config)#int range fastEthernet 0/15 - 18


L3Switch(config-if-range)#switchport access vlan 20
L3Switch(config-if-range)#end
Inter VLAN Routing - MLS
L3Swtich#configure terminal
L3Swtich(config)#interface Vlan10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
L3Swtich(config-if)#description IT
L3Swtich(config-if)#ip address 192.168.1.1 255.255.255.0
L3Swtich(config-if)#exit
L3Swtich(config)#interface Vlan20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
L3Swtich(config-if)#description Science
L3Swtich(config-if)#ip address 10.1.0.1 255.255.255.0
L3Swtich(config-if)#end
L3Swtich(config)#ip routing
L3Switch# show ip route
Task to do
Configure the network as follows:
1) 3650 = layer 3 switch with IP addresses and inter-VLAN routing:
VLAN 1 = 10.1.1.254/24
VLAN 10 = 10.1.10.254/24,
VLAN 20 = 10.1.20.254/24
VLAN 30 = 10.1.30.254/24,
VLAN 100 = 10.1.100.254/24
2) Access layer switches will only have management IP addresses in VLAN 1:
Switch 1 = 10.1.1.1/24
Switch 2 = 10.1.1.2/24
Switch 3 = 10.1.1.3/24
3) Configure access ports as follows:
PC1 in VLAN 10 - 10.1.10.10/24
PC2 in VLAN 20 - 10.1.20.20/24
PC3 in VLAN 30 - 10.1.30.30/24
Server1 in VLAN 100 - 10.1.100.100/24

4) Configure ports between switches as trunks


5) Make sure that PCs can ping each other and the server
6) Make sure that switches can ping the PCs and server
Versions of VTP ?
Thank You

You might also like