• Although a Cisco switch can be configured to support two types of trunk ports, IEEE 802.1Q and ISL, today only 802.1Q is used. • 802.1Q: An IEEE 802.1Q trunk port supports simultaneou[r]
(1)CCNA – Semester 3
Chapter 3: VLANs
(2)2
Objectives
• Explain the role of VLANs in a network
• Explain the role of trunking VLANs in a network
• Configure VLANs on the switches in a network topology
(3)(4)4
(5)5
(6)6
(7)7
(8)8
(9)9
Types of VLANs
• Today there is essentially one way of implementing VLANs -port-based VLANs A -port-based VLAN is associated with a port called an access VLAN
• However in the network there are a number of terms for VLANs Some terms define the type of network traffic they carry and others define a specific function a VLAN performs
VLAN Types:
• Data VLAN:
– Is a VLAN that is configured to carry only user-generated traffic
– A VLAN could carry voice-based traffic or traffic used to manage the switch, but this traffic would not be part of a data VLAN
(10)10
Types of VLANs
• Default VLAN:
– All switch ports become a member of the default VLAN after the initial boot up of the switch
– The default VLAN for Cisco switches is VLAN 1, you cannot rename it and you can not delete it
– Layer control traffic, such as CDP and spanning tree protocol traffic, will always be associated with VLAN -this cannot be changed
– It is a security best practice to change the default VLAN to a VLAN other than VLAN
(11)11
Types of VLANs
• Native VLAN:
– A native VLAN is assigned to an 802.1Q trunk port An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic) The 802.1Q trunk port places untagged traffic on the native VLAN
– Native VLANs are set out in the IEEE 802.1Q
specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios
(12)12
Types of VLANs
• Management VLAN
– A management VLAN is any VLAN you configure to access the management capabilities of a switch
– VLAN would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the
management VLAN
– You assign the management VLAN an IP address and subnet mask A switch can be managed via HTTP,
Telnet, SSH, or SNMP
(13)13
Types of VLANs
• Voice VLANs
VoIP traffic requires:
– Assured bandwidth to ensure voice quality
– Transmission priority over other types of network traffic
– Ability to be routed around congested areas on the network
– Delay of less than 150 milliseconds (ms) across the network
A Cisco Phone is a Switch: contains an integrated three-port 10/100 switch:
– Port connects to the switch or other voice-over-IP (VoIP) device
– Port is an internal 10/100 interface that carries the IP phone traffic
(14)14
Types of VLANs
(15)15
Types of VLANs
(16)16
Network Traffic Types
(17)17
Network Traffic Types
(18)18
Network Traffic Types
(19)19
Network Traffic Types
(20)20
Switch Port Membership Modes
• Switch ports are Layer 2-only interfaces associated with a physical port
A port can be configured to support these VLAN types:
• Static VLAN - Ports on a switch are manually assigned to a
VLAN
• Dynamic VLAN - This mode is not widely used in production
networks and is not explored in this course However, it is useful to know what a dynamic VLAN is A dynamic port VLAN membership is configured using a special server
called a VLAN Membership Policy Server (VMPS), based on the source MAC address of the device connected to the port
• Voice VLAN - A port is configured to be in voice mode so
that it can support an IP phone attached to it Before you configure a voice VLAN on the port, you need to first
(21)21
(22)22
Switch Port Membership Modes
(23)23
Controlling Broadcast Domains with VLANs
• Without VLANs: In normal operation, when a switch
(24)24
Controlling Broadcast Domains with VLANs
• With VLANs: the broadcast frame arrives at the only other
(25)25
Controlling Broadcast Domains with Switches and Routers
Intra-VLAN Communication
(26)26
Controlling Broadcast Domains with Switches and Routers
Inter-VLAN Communication
(27)27
Controlling Broadcast Domains with VLANs and Layer Forwarding
SVI: switch virtual interface
• SVI is a logical interface configured for a specific VLAN You need to configure an SVI for a VLAN if you want to route
(28)28
(29)(30)30
VLAN Trunks
• It is hard to describe VLANs without mentioning VLAN trunks
• A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device, such as a router or a switch
• Ethernet trunks carry the traffic of multiple VLANs over a single link
• A VLAN trunk allows you to extend the VLANs across an
entire network Cisco supports IEEE 802.1Q for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces
(31)31
VLAN Trunks
(32)32
VLAN Trunks
(33)33
VLAN Trunks
802.1Q Frame Tagging
• Switches are layer devices, use the Ethernet frame header information to forward packets The frame header does not contain information about which VLAN the frame should belong to
• When Ethernet frames are placed on a trunk they need
additional information about the VLANs they belong to This is accomplished by using the 802.1q encapsulation header This header adds a tag to the original Ethernet frame
(34)34
VLAN Trunks
(35)35
(36)36
(37)37
(38)38
Trunking Modes
• Although a Cisco switch can be configured to support two types of trunk ports, IEEE 802.1Q and ISL, today only 802.1Q is used
• 802.1Q: An IEEE 802.1Q trunk port supports simultaneous tagged
and untagged traffic An 802.1Q trunk port is assigned a default PVID, and all untagged traffic travels on the port default PVID All untagged traffic and tagged traffic with a null VLAN ID are
assumed to belong to the port default PVID A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged All
other traffic is sent with a VLAN tag
• ISL (Inter-Switch Link): In an ISL trunk port, all received packets
(39)39
Trunking Modes
DTP (Dynamic Trunking Protocol )
• A Cisco proprietary protocol
• DTP manages trunk negotiation only if the port on the other switch is configured in a trunk mode that supports DTP DTP supports both ISL and 802.1Q trunks
(40)(41)41
Configuring VLANs &Trunks Overview
Use the following steps to configure and verify VLANs and trunks on a switch network:
1 Create the VLANs
2 Assign switch ports to VLANs statically
3 Verify VLAN configuration
4 Enable trunking on the inter-switch connections
(42)42
Configure a VLAN
(43)43
Configure a VLAN
(44)44
Configure a VLAN
(45)45
(46)46
(47)47
(48)48
Managing VLANs
(49)49
Managing VLANs
• Delete VLANs:
– No vlan vlan-id
• You can delete vlan database:
(50)50
Configure a Trunk
(51)51
(52)52
Configure a Trunk
(53)53
(54)54
(55)(56)56
Common Problems witch Trunks
(57)57
Common Problem with VLAN configurations
VLAN and IP Subnets
(58)58
(59)59
Summary
• VLANs separate broadcast domains on switches
• VLANs improve network performance, management, and security
• VLAN can be used for data, voice, network protocol and network management traffic
• There are different membership modes: Static, Dynamic, and Voice VLAN mode
• Routers or Layer switches are required for inter-VLAN communication
• Trunks allow multiple VLANs to traverse a single link to simplify intra-VLAN communication across multiple switches
• IEEE 802.1Q is the standard trunking protocol
• 802.1Q uses a process of frame tagging to keep VLAN traffic separate as it traverse the trunk link