TNE10008:

Advanced Networks

VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 Outline
 VLANs
 Intra and Inter VLAN Communications
 Creating VLANs
 VLAN Access Ports
 VLAN Trunking Ports
 DTP – Dynamic Trunking Protocol
 VLAN Types

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
 Overview of VLANs
VLAN Definitions
 A VLAN is a logical partition of a Layer 2 network
 Multiple partitions (VLANs) can be created
 Each VLAN is a broadcast domain
 VLANs are mutually isolated and packets can only pass between
them via a Layer 3 device
 The hosts grouped within a VLAN are typically unaware of the
VLAN’s existence

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Overview of VLANs
VLAN Overview Separate Broadcast
Domains
Traditional switched LANs:
 Physical topology is closely
related to logical topology
 Workstations must be Student
grouped by their physical
proximity to a switch
 To communicate among
LANs, each segment must
Staff
have a separate interface
(fa0/0,fa0/1) on the
backbone device (router)

Admin

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Without VLAN Requirements:
- Students, Admins and Staffs on each floor.
- Three different LANs per floor.
- Separate networks

With routers: Expen$ive!

- 4 Ports each
- 3 hubs / floor
- 9 Broadcast domains
- Inefficient traffic flow

Student Staff Admin

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
 Overview of VLANs
VLAN Definitions

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
 Overview of VLANs
Benefits of VLANs
 Security
 Cost reduction
 Better performance
 Shrink broadcast domains

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
VLAN Communications
Intra VLAN Communications
• PC1 pings PC4
• PC1 ARP table does not contain MAC address of PC4
• An ARP Request is a Broadcast

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
 VLAN Assignment
VLAN Ranges on Catalyst Switches
 Cisco Catalyst 2960 and 3560 Series switches support over 4,000
VLANs
 VLANs are split into two categories:
• Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash memory)
• Extended Range VLANs
• VLAN numbers from 1,006 to 4,095
• Configurations stored in the running configuration (NVRAM)
 Some limitations to Extended VLANs – should limit use to normal
VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
 VLAN Assignment
VLAN Switch Ports
 Step 1: Create the VLAN on switch
• All core/distribution layer switches need to know all VLANs for
traffic they will see
• All access layer switches need to know all VLANs for devices
connected to them
 Step 2: assign switchports to particular VLAN
• Default switchport mode is automatic – instead force mode
• Non-used ports should be shutdown and not assigned to used
VLAN
 Step 3: for Management VLANs, create the virtual interface and
assign the IP address
• Remember gateway to allow inter-VLAN access

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
 VLAN Assignment
VLAN Switch Ports

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
 VLAN Assignment
Confirming VLAN Port Membership

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
 VLAN Assignment
VLAN Access Ports
 Port can only belong to one VLAN
 Traffic is normal – untagged – Ethernet frames
 Network devices are unaware of VLAN
 Network devices see normal Ethernet network
 Traffic is restricted based on
• Only traffic for that VLAN
• Contents of switch CAM Table

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
 VLAN Assignment
VLAN Membership
Static VLAN Dynamic VLAN
 Ports manually assigned  Membership is configured
to a VLAN using a VMPS – VLAN
Membership Policy Server
 Configured with:
switchport access vlan XX  Based on source Mac
address of device
 Requires reconfiguration if
circumstances change

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
 VLAN Trunking
VLAN Trunks
 Inefficient to connect switches using Access Ports – need one
connection for each VLAN
 Trunks allow a single connection to carry traffic of multiple VLANs
 Traffic is still segmented
 Frames are tagged to allow receiving switch to know which VLAN
traffic belongs to

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
 VLAN Trunking
VLAN Tagging
No VLAN Tagging
VLAN Tagging

VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.

 There are two major methods of

frame tagging, Cisco proprietary
Inter-Switch Link (ISL) and IEEE
802.1Q.
 Cisco recommends using 802.1Q.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1616
 VLAN Trunking
Tagging Ethernet Frames for VLAN Identification

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
 VLAN Trunking
Trunk Operation

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
 VLAN Trunking
Native VLANs and 802.1Q Tagging
 Frames that belong to the native VLAN are not tagged
 Frames received untagged remain untagged and are placed in the
native VLAN when forwarded
 If there are no ports associated to the native VLAN and no other
trunk links, an untagged frame is dropped
 In Cisco switches, the native VLAN is VLAN 1, by default

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
 VLAN Trunking
Configuring IEEE 802.1q Trunk Links

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
 Dynamic Trunking Protocol
Introduction to DTP
 Cisco solution to automatically configure switch port state
 Dynamic Trunking Protocol (DTP) manages trunk negotiation
 Cisco proprietary protocol
 Default, enabled in Cisco Catalyst 2960 and 3560 switches
 The default DTP configuration for Cisco Catalyst 2960 and 3560
switches is dynamic auto

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
 Dynamic Trunking Protocol
Negotiated Interface Modes
 Cisco Catalyst 2960 and 3560 support the following trunk modes:
• switchport mode dynamic auto
• switchport mode dynamic desirable
• switchport mode trunk
• switchport nonegotiate

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
 VLAN Types
Available VLAN Types
 Data VLAN
 Default VLAN
 Native VLAN
 Management VLAN
 Voice VLAN

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
 VLAN Types
Data and Default VLANs
Data VLAN Default VLAN
 Configured to Carry data  Default setting on
traffic unconfigured switch
 User VLANs for networked  Cisco – VLAN 1
devices and computers
 Same features as other
VLANs except it cannot be
deleted or renamed
 Default – Carries all Layer
2 control traffic

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
 VLAN Types
Native and Management VLANs
Native VLAN Management VLAN
 Backwards compatibility  Default – VLAN 1
with other switches
 Assigned with IP address
 Non tagged frames on an for network layer
Ethernet Trunk will be connectivity to switch
assumed to belong to this
VLAN
 Best practice – change
from VLAN 1

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
 VLAN Types
Voice VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
VLANs
Summary
In this lecture, we covered:
 VLANs
 Intra and Inter VLAN Communications
 Creating VLANs
 VLAN Access Ports
 VLAN Trunking Ports
 DTP – Dynamic Trunking Protocol
 VLAN Types

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27