Tag - What Is A Vlan

What is a VLAN? How to Setup a VLAN on a Cisco Switch?

What is a VLAN?

According to IT Portal (2002), a Virtual Local Area Network (VLAN) may be defined as a group of LANs that have different physical connections, but which communicate as if they are connected on a single network segment. VLANs were created because IT administrators realised that there was a need for a network segmenting solution, since network traffic increases with network size.

VLANs increase overall network performance by grouping users and resources that communicate most frequently with each other. This means that the use of unicast or broadcast data transmission is limited, and traffic is reduced. It is a software based solution and allows IT administrators to adapt to networking changes.

vlan

Advantages of VLANs

VLANs provide the following advantages:

  • Ease of administration

VLANs enable logical grouping of end-stations that are physically dispersed on a network. When users on a VLAN move to a new physical location but continue to perform the same job function, the end-stations of those users do not need to be reconfigured. Similarly, if users change their job function, they need not physically move: changing the VLAN membership of the end-stations to that of the new team makes the users’ end-stations local to the resources of the new team.

  • Confinement of broadcast domains

VLANs reduce the need to have routers deployed on a network to contain broadcast traffic. Flooding of a packet is limited to the switch ports that belong to a VLAN.

  • Reduction in network traffic

As a result of confinement of broadcast domains on a network, traffic on the network is significantly reduced.

  • Enforcement of security policies

By confining the broadcast domains, end-stations on a VLAN can be isolated from listening to or receiving broadcasts not intended for them. Moreover, if a router is not connected between the VLANs, the end-stations of a VLAN cannot communicate with the end-stations of the other VLANs.

Types of VLANs

According to Intel Corporation (2002), in general, there are three basic models for dvcermining and controlling how a packet gets assigned to a VLAN.

Port-based VLANs

In this implementation, the administrator assigns each port of a switch to a VLAN. For example, ports 1-3 might be assigned to the Sales VLAN, ports 4-6 to the Engineering VLAN and ports 7-9 to the Administrative VLAN (see Figure 4). The switch dvcermines the VLAN membership of each packet by noting the port on which it arrives.

When a user is moved to a different port of the switch, the administrator can simply reassign the new port to the user’s old VLAN. The network change is then complvcely transparent to the user, and the administrator saves a trip to the wiring closet. However, this method has one significant drawback. If a repeater is attached to a port on the switch, all of the users connected to that repeater must be members of the same VLAN.

MAC address-based VLANs

The VLAN membership of a packet in this case is dvcermined by its source or destination MAC address. Each switch maintains a table of MAC addresses and their corresponding VLAN memberships. A key advantage of this method is that the switch doesn’t need to be reconfigured when a user moves to a different port.

However, assigning VLAN membership to each MAC address can be a time consuming task. Also, a single MAC address cannot easily be a member of multiple VLANs. This can be a significant limitation, making it difficult to share server resources between more than one VLAN. (Although a MAC address can theoretically be assigned to multiple VLANs, this can cause serious problems with existing bridging and routing, producing confusion in switch forwarding tables.)

Layer 3 (or protocol)-based VLANs

With this method, the VLAN membership of a packet is based on protocols (IP, IPX, NetBIOS, etc.) and Layer 3 addresses. This is the most flexible method and provides the most logical grouping of users. An IP subnet or an IPX network, for example, can each be assigned their own VLAN. Additionally, protocol-based membership allows the administrator to assign non-routable protocols, such as NetBIOS or DECnet, to larger VLANs than routable protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs.

Another important distinction between VLAN implementations is the method used to indicate membership when a packet travels between switches. Two methods exist — implicit and explicit.

Implicit

VLAN membership is indicated by the MAC address. In this case, all switches that support a particular VLAN must share a table of member MAC addresses.

Explicit

A tag is added to the packet to indicate VLAN membership. Cisco ISL and the IEEE 802.1q VLAN specifications both use this method.

To summarize, when a packet enters its local switch, the dvcermination of its VLAN membership can be port-based, MAC-based or protocol-based. When the packet travels to other switches, the dvcermination of VLAN membership for that packet can be either implicit (using the MAC address) or explicit (using a tag that was added by the first switch). Port-based and protocol-based VLANs use explicit tagging as their preferred indication method. MAC-based VLANs are almost always implicit.

The bottom line is that the IEEE 802.1q specification is going to support port-based membership and explicit tagging, so these will be the default VLAN model in the future.

Requirements to set up VLANs

The following requirements must be satisfied before setting up VLANs in a network:

  • The switches deployed in the network either must comply with IEEE 802.1Q standards or must have a vendor-specific implementation of VLANs.
  • For an end-station to support multiple VLANs, it must be able to dynamically register or must be statically configured to belong to a VLAN.

If an end-station cannot register or cannot be configured to belong to a VLAN, the end-station can belong only to one VLAN. This VLAN is configured on the switch port to which the end-station connects.

Communication in a VLAN explained

When a computer on a VLAN sends packets, they are only flooded to the members of the VLAN. If there is communication between  VLANs, then the packets will need to go through a router. The diagram on the next page illustrates how communication occurs between geographically dispersed VLAN members. Here, VLAN 10 (Engineering), VLAN 20 (Marketing), and VLAN 30 (Finance) span three floors of a building. If a member of VLAN 10 on Floor 1 wants to communicate with a member of VLAN 10 on Floor 3, the communication occurs without going through the router, and packet flooding is limited to port 1 of Switch 2 and Switch 3 even if the destination MAC address to Switch 2 and Switch 3 is not known.

Communication in a VLAN (Source : Network Applicance Inc (2001)

Creating the VLAN 

After all the hardware connections are in place, then the VLAN can be created. First, the user will need to log onto the switch using telnet or SSH in order to access the switch’s Command Line Interface (CLI). If the user is lucky, the switch may contain an easy-to-use menu system for managing the switch. This essay will describe how to create a VLAN using the not-so-friendly CLI. Cisco’s Command Reference (1998) was used for assistance.

After logging on to the switch, the user will have to enter administrative mode. This can be done by typing enable at the command prompt as shown below. The system will request for a password and this should be given.

[ South Rack, Centre of Excellence, Rhodes University ]

# Use of this computer system is restricted to authorized users.    #

# All other users will be prosecuted to the full extent of the law. #

User Access Verification

Password:

cat2.ict>enable

Password:

cat2.ict#

To create a VLAN, the system must be in vlan mode. To enter vlan mode, the user must type vlan database at the prompt as shown below :

cat2.ict#vlan database

cat2.ict(vlan)#

If the user wants to create a VLAN named Fari which is assigned the number 20 then he must type vlan 20 name Fari. This should be followed by the exit command, to apply the changes. The output appears as follows:

cat2.ict(vlan)#vlan 20 name Fari

VLAN 20 modified:

Name: Fari

type exit to save the changes

cat2.ict(vlan)#exit

APPLY complvced.

Exiting….

cat2.ict#

The user can then view the VLAN that he has created by typing show vlan :

cat2.ict#show vlan

VLAN Name                             Status    Ports

—- ——————————– ——— ——————————-

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

Fa0/9, Fa0/10, Fa0/11, Fa0/12,

Fa0/13, Fa0/14, Fa0/15, Fa0/16,

Fa0/17, Fa0/18, Fa0/19, Fa0/20,

Fa0/21, Fa0/22, Fa0/23, Fa0/24

2    DragonsCave                      active

3    Mya                              active

5    Honours1                         active

10   VLAN0010                         active

13   GraemesSpot                      active

14   NiksVlan                         suspended

16   Paddington                       active

18   Jasmine                          suspended

20   Fari                             active

69   Imarx’sVlan                      active

70   Uma                              active

1002 fddi-default                     active

1003 token-ring-default               active

1004 fddinet-default                  active

1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

—- —– ———- —– —— —— ——– —- ——– —— ——

1    enet  100001     1500  –      –      –        –    –        1002   1003

2    enet  100002     1500  –      –      –        –    –        0      0

3    enet  100003     1500  –      –      –        –    –        0      0

5    enet  100005     1500  –      –      –        –    –        0      0

10   enet  100010     1500  –      –      –        –    –        0      0

13   enet  100013     1500  –      –      –        –    –        0      0

14   enet  100014     1500  –      –      –        –    –        0      0

16   enet  100016     1500  –      –      –        –    –        0      0

18   enet  100018     1580  –      –      –        –    –        0      0

20   enet  100020     1500  –      –      –        –    –        0      0

69   enet  100069     1500  –      –      –        –    –        0      0

70   enet  100070     1500  –      –      –        –    –        0      0

1002 fddi  101002     1500  –      –      –        –    –        1      1003

1003 tr    101003     1500  1005   0      –        –    srb      1      1002

1004 fdnet 101004     1500  –      –      1        ibm  –        0      0

1005 trnet 101005     1500  –      –      1        ibm  –        0      0

Maintaining the VLAN

If the user wants to make any changes, he can follow the same steps above, and the changes will overwrite the old configuration. To delvce a VLAN, the user needs to enter VLAN mode using vlan database and then type no vlan #  where # represents the number of the VLAN to be delvced.

Conclusion

It can be seen that creating and managing a VLAN can be quite a complex task. The LAN administrator needs to have a clear understanding about how VLANs work and he must know the commands needed in order to configure and set up the switches in his network.

What is a VLAN? How to Setup a VLAN on a Cisco Switch

Have you ever wondered what a Virtual LAN (or VLAN) is or been unclear as to why you would want one? If so, I have been in your place at one time too. Since then, I have learned a lot about what a VLAN is and how it can help me. In this article, I will share that knowledge with you.

vlan

What is a LAN?

Okay, most of you already know what a LAN is but let’s give it a definition to make sure. We have to do this because, if you don’t know what a LAN is, you can’t understand what a VLAN is.

A LAN is a local area network and is defined as all devices in the same broadcast domain. If you remember, routers stop broadcasts, switches just forward them.

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:

  • You have more than 200 devices on your LAN
  • You have a lot of broadcast traffic on your LAN
  • Groups of users need more security or are being slowed down by too many broadcasts?
  • Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.
  • Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to another switch, and those devices can still be on the same VLAN (broadcast domain).

How can devices on different VLAN’s communicate?

Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.

How do I create a VLAN?

Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, is to:

  • Create the new VLAN’s
  • Put each port in the proper VLAN

Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5 (Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is how you would do it:

At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5 should be able to communicate. That is because each of these is in its own VLAN. For the device on port 2 to communicate with the device on port 4, you would have to configure a trunk port to a router so that it can strip off the VLAN information, route the packet, and add back the VLAN information.

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts.

VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network.

Article Summary

Here is what we have learned:

  • A VLAN is a broadcast domain formed by switches
  • Administrators must create the VLAN’s then assign what port goes in what VLAN, manually.
  • VLAN’s provide better performance for medium and large LAN’s.
  • All devices, by default, are in VLAN 1.
  • A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN.
  • For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.

Copyright ©2010 - 2022 Ciscoforall.com | Privacy Policy | Terms & Conditions