• Instructor & Todd Lammle

Sybex CCNA 640-802 Chapter 9: VLAN’s

1

The CCNA Topics Covered in this chapter include:• What is a VLAN?• VLAN Memberships• VLAN links• Frame tagging• VTP• Trunking• Configuring VLANs• Inter-VLAN Communication• Configuration examples

22

• VLAN - Definition: – A logical grouping of network users and resources

–connected to – administratively defined ports on a switch.

–gives you:– Smaller “broadcast domains”

–Organized by:– Location (e.g., the 4th floor)– Function e.g., IT techs, or a group with high

security needs)– Department (e.g., the accounting department)– Application or protocol (e.g., everyone running

AppleTalk – maybe in the Graphics dept.) 3

4

• Simplify network management:– You control each port in a VLAN, and each switch can contain a

number of VLANs, so you can no longer just cable into a switch and see all of the traffic on that switch.

– Also, a VLAN can be configured with a number of reporting functions, for example, report any attempt at unauthorized access

• Provides a level of security over a flat network:– “Flat” as in a network that is one, large broadcast domain

– Security: see ff

• Flexibility and Scalability:– With the old hub & switch networks, you could run out of space on a

switch or in an office, but with VLANs, you just add a new user to an existing VLAN and go.

Book, pp 555 ff, 5

• Broadcasts occur in every protocol– but how often they occur depends upon 3 things:

• The type of protocol (some are worse than others)

• The application(s) running on the internetwork (ditto)

• How these services are used

6

7

• Flat network problems– A flat internetwork’s security used to be tackled by

connecting hubs and switches together with routers.– So it was the router’s job to maintain security. This was

pretty ineffective for several reasons. • First, anyone connecting to the physical network could access the

network resources on that physical LAN. • Second, all anyone had to do to observe any and all traffic in that

network was to plug a network analyzer into the hub

• VLANs– If you create multiple broadcast groups, you have total

control over each port and user! – So the days when anyone could just plug their

workstations into any switch port and gain access to network resources are history because now you get to control each port, plus whatever resources that port can access.

8

• Layer-2 switches only read frames– Can cause a switch to forward all broadcasts

• VLANs – Essentially create broadcast domains

• Greatly reduces broadcast traffic• Ability to add wanted users to a VLAN regardless of

their physical location• Additional VLANs can be created when network

growth consumes more bandwidth

9

10

11

12

• Static VLANs

– Typical method of creating VLANs

– Most secure

• A switch port assigned to a VLAN always maintains that assignment

until changed

• Dynamic VLANs

– Node assignment to a VLAN is automatic

• MAC addresses, protocols, network addresses, etc

– VLAN Management Policy Server (VMPS)

• MAC address database for dynamic assignments

• MAC-address to VLAN mapping

Book, pg 558 ff: 13

• Access links– A link that is part of only one VLAN

• Trunk links– Carries multiple VLANs

14

15

• Frame Tagging: A means of keeping track of users & frames as they travel the switch fabric & VLANs– User-defined ID assigned to each frame

– VLAN ID is removed before exiting trunked links & access links

16

• Inter-Switch Link (ISL)

– Cisco proprietary (becoming obsolete)

– FastEthernet & Gibabit Ethernet only

• IEEE 802.1q

– Must use if trunking between Cisco & non-Cisco switch

17

• ISL: A means of explicitly tagging VLAN information onto an Ethernet frame– Allows VLANs to be multiplexed over a

trunk line

– Cisco proprietary

– External tagging process

18

• Purpose: to manage all configured VLANs across a switch internetwork & maintain consistency– Allows an administrator to add, delete, & rename

VLANs

19

• Benefits– Consistent configuration across all switches in

the network

– Permits trunking over mixed networks, such as Ethernet to ATM LANE or even FDDI

– Accurate tracking and monitoring of VLANs

– Dynamic reporting of added VLANs to all switches in the VTP domain

– Plug-and-Play

• A VTP server must be created to manage VLANs

20

21

• Server– Default for all Catalyst switches– Minimum one server for a VTP domain

• Client– Receives information + sends/receives updates– Cannot make any changes

• Transparent– Does not participate in a VTP domain but forwards

VTP advertisements– Can add/delete VLANs– Locally significant

22

23

24

• Creating VLANs• Assigning Switch Ports to VLANs• Configuring Trunk Ports• Configuring Inter-VLAN routing

25

• Default: Switches are configured to be VTP servers

26

Switch#config t

Switch(config)#int fa0/1

Switch(config-if)# switchport mode trunk

27

Switch#config t

Switch(config)#int f0/1

Switch(config-if)#switchport mode trunk

Switch(config-if)#int f0/2

Switch(config-if)#switchport access vlan 1

Router#config t

Router(config)#int f0/0

Router(config-if)#no ip address

Router(config-if)#no shutdown

Router(config-if)#int f0/0.1

Router(config-subif)#encapsulation dot1q 1

Router(config-subif)#ip address 192.168.10.17 255.255.255.240

28

29

30

31

32

33

34

The End

35