A virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast domain that can span multiple physical segments.
Advantages of VLANs:
- Increase the number of broadcast domains while reducing their size.
- Provide additional security.
- Increase the flexibility of network equipment.
- Allow a logical grouping of users by function, not location.
- Make user adds, moves, and changes easier.
Subnets and VLANsLogically speaking, VLANs are also subnets. A subnet, or a network, is a contained broadcast domain. A broadcast that occurs in one subnet will not be forwarded, by default, to another subnet. Routers, or layer-3 devices, provide this boundary function. Switch provide this function at layer 2 by VLAN.
ScalabilityVLANs provide for location independence. This flexibility makes adds, changes, and moves of networking devices a simple process. It also allows you to group people together, which also makes implementing your security policies straightforward.
IP protocols supports 500 devices per vlans.
VLAN MembershipA device’s membership in a VLAN can be determined by one of two methods: static or dynamic
- Static: - you have to assign manually
- Dynamic:- Configure VTP server and it will automatically do rest
two types of connections: access links and trunks.Access-Link Connections An access-link connection is a connection between a switch and a device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered.
Trunk Connections trunk connections are capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet trunking methods:
- Cisco’s proprietary Inter Switch Link (ISL) protocol for Ethernet
- IEEE’s 802.1Q, commonly referred to as dot1q for Ethernet
802.1Q is a standardized trunking method that inserts a four-byte field into the original Ethernet frame and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support two types of frames: tagged and untagged.
- An untagged frame does not carry any VLAN identification information in it—basically, this is a standard, unaltered Ethernet frame.
- A tagged frame contains VLAN information, and only other 802.1Q-aware devices on the trunk will be able to process this frame
Trunk TaggingFor VLANs to span across multiple switches, you obviously need to connect the switches to each other. Although it is possible to simply plug one switch into another using an Access port just as you would plug in a host or a hub, doing so kills the VLAN-spanning feature and a bunch of other useful stuff too. A switch-to-switch link must be set up as a trunk link in order for the VLAN system to work properly. A trunk link is a special connection; the key difference between an ordinary connection (an Access port) and a Trunk port is that although an Access port is only in one VLAN at a time, a Trunk port has the job of carrying traffic for all VLANs from one switch to another. Any time you connect a switch to another switch, you want to make it a trunk.
Trunking methods create the illusion that instead of a single physical connection between the two trunking devices, a separate logical connection exists for each VLAN between them. When trunking, the switch adds the source port’s VLAN identifier to the frame so that the device (typically a switch) at the other end of the trunk understands what VLAN originated this frame and the destination switch can make intelligent forwarding decisions on not just the destination MAC address, but also the source VLAN identifier. Since information is added to the original Ethernet frame, normal NICs will not understand this information and will typically drop the frame. Therefore, you need to ensure that when you set up a trunk connection on a switch’s interface, the device at the other end also supports the same trunking protocol and has it configured. If the device at the other end doesn’t understand these modified frames or is not set up for trunking, it will, in most situations, drop them. The modification of these frames, commonly called tagging.
By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links always require the use of a crossover cable, never a straight-through cable.
Key feature about DTP
- A trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection; 10Mb Ethernet ports are not fast enough to support the increased traffic from multiple VLANs, so the commands are not available for a regular Ethernet port.
- By default, traffic from all VLANs is allowed on a trunk. You can specify which VLANs are permitted (or not) to cross a particular trunk if you have that requirement, but these functions are not covered in the CCNA exam.
- Switches (whether trunked or not) are always connected with crossover cables, not straight-through cables.
Dynamic Trunk Protocol (DTP) DTP supports five trunking modes
- On or Trunk interface always assumes the connection is a trunk, even if the remote end does not support trunking.
- Desirable the interface will generate DTP messages on the interface, but it make the assumption that the other side is not trunk-capable and will wait for a DTP message from the remote side. In this state, the interface starts as an access-link connection. If the remote side sends a DTP message, and this message indicates that trunking is compatible between the two switches, a trunk will be formed and the switch will start tagging frames on the interface. If the other side does not support trunking, the interface will remain as an access-link connection
- Auto-negotiate interface passively listens for DTP messages from the remote side and leaves the interface as an access-link connection. If the interface receives a DTP message, and the message matches trunking capabilities of the interface, then the interface will change from an access-link connection to a trunk connection and start tagging frames
- No-negotiate, interface is set as a trunk connection and will automatically tag frames with VLAN information; however, the interface will not generate DTP messages: DTP is disabled. This mode is typically used when connecting trunk connections to non-Cisco devices that don’t understand Cisco’s proprietary trunking protocol and thus won’t understand the contents of these messages.
- Off If an interface is set to off, the interface is configured as an access link. No DTP messages are generated in this mode, nor are frames tagged.
VLAN Trunk Protocol (VTP)VTP is a Layer 2 protocol that takes care of the steps of creating and naming VLANs on all switches in the system. We still have to set port membership to VLANs at each switch, which we can do either statically or using a VMPS. VTP works by establishing a single switch as being in charge of the VLAN information for a domain. In this case, a domain is simply a group of switches that all have the same VTP domain name. This simply puts all the switches into a common administrative group.
The VLAN Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN configuration information between Cisco switches on trunk connections When you are setting up VTP, you have three different modes: Server client and transparent.
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
VTP MessagesAn advertisement request message is a VTP message a client generates When the server responds to a client’s request, it generates a subset advertisement A summary advertisement is also generated by a switch in VTP server mode. Summary advertisements are generated every five minutes by default (300 seconds), or when a configuration change takes place on the server switch
VTP PruningVTP gives you a way to preserve bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning enabled switches sends broadcasts only to trunk links that actually must have the information.
VTP pruning is used on trunk connections to dynamically remove VLANs not active between the two switches. It requires all of the switches to be in server mode.
Next Coming Soon................