What are VLANs?
- Virtual Networks.
- VLANs separate broadcast domains without the need of an additional router.
- VLANs are used to create multiple networks without having to add a physical interface on the router.
- VLANs logically separate IP networks.
Why do we use VLANs?
- Security – Groups that have sensitive data are separated from the rest of the network, making it less vulnerable to attacks and security breaches.
- Cost Reduction – VLANs are logical networks. Multiple VLANs can be created with just one router. Because the need for additional expensive network equipments is lessened, the cost is reduced.
- Higher Performance – Separating networks increases broadcast domains, which also means lesser hosts on a LAN. Unnecessary traffic on the network is reduced.
- Broadcast Storm Mitigation – Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm.
- Improved IT Staff Efficiency – Management is easier because hosts with similar network requirements share the same vlan.
- Similar Project or Application Management – Having separate functions makes managing a project or working with a specialised application easier.
Types of VLANs
- Data VLAN – this vlan is configured to carry only user-generated traffic.
- Default VLAN – all switch ports belong to a default vlan after the initial boot up of the switch. On Cisco switches, this is VLAN 1. This can be changed. It is highly recommended, due to security reasons, that the default VLAN is changed to another vlan, other than 1. CDP and spanning tree protocol traffic are associated with VLAN 1, by default.
- Native VLAN – is assigned to an 802.1Q trunk port. This serves as a common identifier on opposing ends of a trunk link. Also essential for backwards compatibility.
- Management VLAN – a vlan you configure to access the management capabilities of a switch.
- Voice VLAN – VLAN that carries voice traffic.
Network Traffic Types
The following are traffic types that go traverse a network. These are useful in identifying and assigning VLANs.
- Network Management and Control Traffic – Examples are CDP, SNMP and RMON
- IP Telephony – signalling and voice traffic
- IP Multicast – example would be Cisco IPTV broadcasts
- Normal Data – examples are: print services, email database access, etc. Normal application traffic from users.
- Scavenger Class – traffic of less importance, examples: peer to peer media sharing app, gaming applications
Switch Ports Membership Modes
Switchports are layer 2 only, associated with a physical port which mean they will not have their own IP addresses and will not handle routing or bridging. However, switchports can belong to one or more VLANs.
By default, all switch ports on a Cisco switch belong to the default vlan, VLAN 1. This is so they can communicate with each other after plugging into power for the first time.
VLAN Switchport modes
When configuring a vlan, you must assign it a number ID. This is so we can associate the ports with their vlans. A port can be configured to support the following VLAN types:
- Static VLAN – Manually assigning a port to be part of a VLAN
- Dynamic VLAN – This requires a VLAN Membership Policy Server (VMPS). The port is dynamically assigned a VLAN based on the source mac address (the client mac attached to it). The benefit is, when the user plugs into another port on the switch, he is still part of the same VLAN.
- Voice VLAN – Normally use this to support an IP phone (with a mini switch) attached to the switch. When a phone is first plugged into a switch port that is in voice mode, the switch port sends messages to the phone providing the phone with the appropriate voice VLAN ID and configuration. The IP phone tags the voice frames with the voice VLAN ID and forwards all voice traffic through the voice VLAN.
What is a VLAN trunk?
A point-to-point link between two network devices that carries more than one vlan. It doesn’t belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.
When do we use VLAN trunks?
When you need to send multiple VLAN traffic to another network device (switch or router). Trunk can be configured to allow certain VLAN traffic to pass through it. How does the next switch/router know that where the traffic belong to, after receiving it from the sending switch? This is where Frame tagging takes place.
A Trunk port adds a VLAN tag field to the frame. This field includes the VLAN id of the frame. By doing this, the receiving device (switch or router) is made aware where the traffic came from and where it should go.
Do all switches support this? The old ones don’t. So to make this work with older switches, there’s what’s called a Native VLAN.
A truck port çan be configured to have a Native VLAN. When an older type of switch, that doesn’t support tagging, sends untagged traffic to a newer switch – it sends the traffic to the Native VLAN, for it to be able to communicate with the network. With more switches supporting the Frame tagging feature, Native VLAN has become less important.
Configuring VLANs and Trunks
Before configuring VLANs on a port, we first need to have the vlan active or added to the vlan database, vlan.dat. This file is where the vlan database is stored, not on the running-config. This file is saved on flash.
Adding a vlan to database
After a vlan has been added to the database, we can now assign it to an access port. An access port can be a member of one VLAN at a time.
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan vlan-id
Use the command show vlan brief to get a detailed glimpse of the vlan database.
Unassign a vlan from a port using the command no switchport access vlan on the interface configuration mode. Although, this doesn’t technically remove all clans from that port, it sets the port back to the default vlan (vlan 1) and removes the previously configured access vlan.
To remove a vlan from the database, type no vlan vlan-id from the global configuration mode.
As we have just learned, trunk ports carry multiple VLANs. See the syntax below, on how to configure the port to act as a trunk.
switch(config)#interface interface id –> this is the interface that will carry multiple clans, the trunk
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk native vlan vlan-id
You might have encountered DTP or Dynamic Trunking Protocol and is wondering what that has to do with trunking. As the name suggests, it can dynamically set a port to trunking state.
Trunk ports use DTP advertisements to negotiate the state of the link with the remote port. Here’s a link to its wikipedia page, you’ll learn a lot there.
See the table below for DTP modes.
Troubleshooting VLANs and Trunks
Alrighty, that concludes my CCNA exploration this week. If you want to test your VLAN skills, after reading this post, I recommend you download this Packet Tracer activity and solve it! Click here. It’s a zipped file, by the way, you have to extract it first. And, of course, you gotta have Packet Tracer.
Latest posts by Abigail Abanilla (see all)
- CCNP Route Study Guide: OSPF LSA Type 3 aka Summary - August 23, 2014
- CCNP Route Study Guide: OSPF LSA Type 2 aka Network - August 23, 2014
- CCNP Route Study Guide: OSPF LSA Type 1 aka Router - August 22, 2014