CCNA and CCNP Study - Technical Rock

Routing- Static Route, Default Route, RIP, EIGRP, OSPF, BGP, NAT, Access-List, WAN Technology, IPV6, Switching- VLAN, VTP, STP, HSRP, VRRP, GLBP, EtherChannel,

Tuesday, February 20, 2024

Virtual LAN (VLANs)

 

"A VLAN divides a single broadcast domain into multiple smaller broadcast domains. By doing so, VLANs isolate traffic within each domain, reducing the overall broadcast traffic on the network and improving network performance and security."

VLANs is a layer 2 security that divides a single broadcast domain into multiple broadcast domains. By default, all switch port is part of a single broadcast domain and VLAN can divide it into multiple smaller broadcast domains. VLANs range started from 1 to 1005 and we can create VLANs from 2 to 1001. VLAN 1 is the default VLAN and by default, all switched ports are members of VLAN 1 also known as Native VLANs. VLAN range 1001 to 1005 is reserved for Token Ring and FDDI. We can also use VLANs' extended range from 1006-4094.

 

Advantages of VLANs-

1.      It controls unnecessary broadcasts over the network.

2.      It can enhance network security.

3.      It can improve network performance.

4.      It can logically segment based on a particular department.

5.      It can help to manage the network smoothly.

 

There are two types of VLAN-

Static VLAN-

1.      Static VLANs are based on port numbers.

2.      Need to manually assign a port on a switch to a VLAN.

3.      Static VLAN is also called port-based VLAN.

4.      One port can be a member of only one VLAN

Dynamic VLAN-

1.      Dynamic VLANs are based on the Mac add of a PC.

2.      Switch automatically assigns a port to a VLAN

3.      Each port can be a member of multiple VLANs

4.      For dynamic VLAN configuration a software called VMPS (VLAN membership policy server) is needed.

Access Ports-

Access ports are the fundamental building blocks of a managed switch. An access port is assigned to only one VLAN. It carries traffic from the specified VLAN to the device connected to it or from the device to other devices on the same VLAN on that switch. The 802.1Q tags are not included in packets transmitted or received on access ports.

Trunk links-

Trunks can carry multiple VLAN traffic. A trunk link is a 100 or 1000mbps point-to-point link between two switches between a switch and router or between a switch and server. These carry the traffic of multiple LANs from 1 to 1005 at a time. Trunking allows you to make a single port part of multiple VLANs at the same time.

VLAN identification method (Frame Tagging)-

1.      Single VLAN can span over multiple switches.

2.      To make sure that the same VLAN users on different switches communicate with each other there is a method of tagging that happens on trunk links.

3.      Tag is added before a frame is sent and removed once it is received on the trunk link.

4.      Frame tagging happens only on trunk links

5.      Vlan identification is what switches use to keep track of all those frames moving through the trunk links.

Trunking method for frame tagging process-

Inter-Switch link (ISL)

1.      It is a Cisco proprietary version.

2.      It works with Ethernet standards.

3.      It adds 30 bytes of tagging information.

4.      All VLAN traffic is tagged.

5.      Frame is not modified.

IEEE802.1Q

1.      It is an open standard and we can use it on different vendor switches.

2.      It works only on Ethernet standards.

3.      Only 4 bytes tag will be added to the original frame.

4.      Unlike ISL, 802.1Q does not encapsulate the frame. It modifies the existing Ethernet frame to include the VLAN ID.

How to Configure VLANs-

 

 

Access switches 1 configuration-

Create VLANs-

 

Switch#conf t

Switch(config)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

[OK]

 

See VLANs Status-

 

Switch(config-vlan)#do sh vlan brief

Switch(config-vlan)#do sh interface trunk

Switch#show vlan id 10

Switch#show vlan name IT

 

Assign port to specific VLANs-

 

Switch(config)#int range fa 0/1-2

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 10

Switch(config-if-range)#int range fa 0/3-4

Switch(config-if-range)#switchport mode trunk

 

Access switches2 configurations-

Create VLANs-

 

Switch#conf t

Switch(config)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

[OK]

 

See VLANs Status-

 

Switch(config-vlan)#do sh vlan brief

Switch(config-vlan)#do sh interface trunk

Switch#show vlan id 10

Switch#show vlan name IT

 

Assign port to specific VLANs-

 

Switch(config)#int range fa 0/1-2

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 20

Switch(config-if-range)#int range fa 0/3-4

Switch(config-if-range)#switchport mode trunk

 

Access switches3 configurations-

Create VLANs-

 

Switch#conf t

Switch(config)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

[OK]

 

See VLANs Status-

 

Switch(config-vlan)#do sh vlan brief

Switch(config-vlan)#do sh interface trunk

Switch#show vlan id 10

Switch#show vlan name IT

 

Assign port to specific VLANs-

 

Switch(config)#int range fa 0/1-2

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 30

Switch(config-if-range)#int range fa 0/3-4

Switch(config-if-range)#switchport mode trunk

 

 

Access switches 4 configurations-

Create VLANs-

 

Switch#conf t

Switch(config)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

[OK]

 

See VLANs Status-

 

Switch(config-vlan)#do sh vlan brief

Switch(config-vlan)#do sh interface trunk

Switch#show vlan id 10

Switch#show vlan name IT

 

Assign port to specific VLANs-

 

Switch(config)#int range fa 0/1-2

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 10

Switch(config-if-range)#int range fa 0/3-4

Switch(config-if-range)#switchport mode trunk

 

Distribution Switch 1 configuration

 

Switch#conf t

Switch(config)#int range fa 0/1-5

Switch(config-if-range)#switchport mode trunk

Switch(config-if-range)#do wr

Building configuration...

[OK]

Switch(config-if-range)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

 

 

Distribution Switch 2 configuration

 

Switch#conf t

Switch(config)#int range fa 0/1-5

Switch(config-if-range)#switchport mode trunk

Switch(config-if-range)#do wr

Building configuration...

[OK]

Switch(config-if-range)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...

 

 

Core Switch configuration

 

Switch#conf t

Switch(config)#int range fa 0/1-2

Switch(config-if-range)#switchport mode trunk

Switch(config-if-range)#do wr

Building configuration...

[OK]

Switch(config-if-range)#vlan 10

Switch(config-vlan)#name sales

Switch(config-vlan)#vlan 20

Switch(config-vlan)#name Account

Switch(config-vlan)#vlan 30

Switch(config-vlan)#name IT

Switch(config-vlan)#do wr

Building configuration...




What Is Inter-VLAN Routing?

VLANs are used to segment switched Layer 2 networks and two different VLANs cannot communicate with each other. It means hosts in one VLAN cannot communicate with hosts in another VLAN unless there is a router or a Layer 3 switch to provide routing services.

Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN.

There are three inter-VLAN routing options:

  • Legacy Inter-VLAN routing: This is a legacy solution. It does not scale well.
  • Router-on-a-Stick: This is an acceptable solution for a small- to medium-sized network.
  • Layer 3 switch using switched virtual interfaces (SVIs): This is the most scalable solution for medium to large organizations.

 

InterVLAN Routing by Layer 3 Switch

 

CoreSwitch(config-if)#int vlan 10

CoreSwitch(config-if)#ip add 10.0.0.1 255.0.0.0

CoreSwitch(config-if)#no shut

CoreSwitch(config-if)#int vlan 20

CoreSwitch(config-if)#ip add 20.0.0.1 255.0.0.0

CoreSwitch(config-if)#no shut

CoreSwitch(config-if)#int vlan 30

CoreSwitch(config-if)#ip add 30.0.0.1 255.0.0.0

CoreSwitch(config-if)#no shut

CoreSwitch(config-if)#do wr

Building configuration...

[OK]

CoreSwitch(config-if)#exit

CoreSwitch(config)#ip routing

CoreSwitch(config)#do wr

Building configuration...

[OK]

 

 

InterVLAN Routing by Router

 

 

If you are going to configure Inter-VLAN routing by Router then you need to configure Encapsulation on router Fast Ethernet Interface by creating Sub-Interface for multiple VLANs- for example

 

#Conf t

#int fa 0/0.10

#encapsulation dot1.Q VLAN 10

#IP address 10.0.0.1 255.255.255.0

 

#int fa 0/0.20

#encapsulation dot1.Q VLAN 20

#IP address 20.0.0.1 255.255.255.0

 

 

#int fa 0/0.30

#encapsulation dot1.Q VLAN 30

#IP address 30.0.0.1 255.255.255.0

 

#int fa 0/0

#no shut

#do wr

 

Rakesh Shukla at No comments:
Labels:
Subscribe to: Comments (Atom)

EtherChannel

  • Network Address Translation (NAT)
      NETWORK ADDRESS TRANSLATION NAT is used to translate a private IP address into a public IP address. If you want to access the internet t...
Update cookies preferences