ccna3-mod8-VLANs day_1_1.2 ver 2

Embed Size (px)

Citation preview

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    VLANs (Virtual LANs)

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 2

    VLAN introduction

    • VLANs provide segmentation based on broadcast domains.

    • VLANs logically segment switched networks based on the unctions!

    "ro#ect teams! or a""lications o the organization regardless o the"hysical location or connections to the network.

    •  All workstations and ser$ers used by a "articular workgrou" share thesame VLAN! regardless o the "hysical connection or location.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] %

    VLAN introduction

    • VLANs are created to provide segmentation services traditionallyprovided by physical routers in LAN configurations.

    • VLANs address scalability! security! and network management.Routers in VLAN to"ologies "ro$ide broadcast iltering! security! andtraic low management.

    • &witches may not bridge any traic between VLANs! as this would$iolate the integrity o the VLAN broadcast domain.

    • 'raic should only be routed between VLANs.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] (

    Broadcast domains with VLANs and routers

    • A VLAN is a broadcast domain created by one or more switches.

    • The networ design above creates three separate broadcast



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] )

    Broadcast domains with VLANs and


    • *+ No VLANs! or in other words! ,neVLAN. &ingle - network.

    • 2+ /ith or without VLANs. 0owe$er thiscan be and e1am"le o no VLAN&. -n bothe1am"les! each grou" switch+ is on adierent - network.

    • %+ 3sing VLANs. &witch is conigured withthe "orts on the a""ro"riate VLAN.

    • /hat are the broadcast domains in each4

    !) "ithout


    #ne lin

    per VLAN or a single VLAN

    Trun (later)

    $) "ith or


    !) "ith


    !%.%.%.%&' !%.!.%.%&!






  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 5

    VLAN operation

    • 6ach switch "ort can be assigned to a dierent VLAN.

    • orts assigned to the same VLAN share broadcasts.

    • orts that do not belong to that VLAN do not share these broadcasts.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    7/29Rick Graziani [email protected] 7

    VLAN operation

    • *tatic membership VLANs are called port+based and port+centricmembership VLANs.

    •  As a de$ice enters the network! it automatically assumes the VLANmembershi" o the "ort to which it is attached.

    • 8'he default VLAN or e$ery "ort in the switch is the managementVLAN. 'he management VLAN is always VLAN * and may not be

    deleted.9 : This statement does not give the whole story. We will examine

    Management, Default and other VLANs at the end. 

    •  All other "orts on the switch may be reassigned to alternate VLANs.• ;ore on VLAN * later.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    8/29Rick Graziani [email protected] <



    T w o V L A N s

      ' w o & u b n e t s

    * w i t c h !* 7 2 . % = . * . 2 *

    2 ) ) . 2 ) ) . 2 ) ) . =

    V L A N *

    * 7 2 . % = . 2 . * =

    2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

    * 7 2 . % = . * . 2 %

    2 ) ) . 2 ) ) . 2 ) ) . =V L A N *

    * 7 2 . % = . 2 . * 2

    2 ) ) . 2 ) ) . 2 ) ) . =

    V L A N 2

    -m"ortant notes on VLANs>

    *. VLANs are assigned on the switch "ort. 'here is no 8VLAN9

    assignment done on the host usually+.2. -n order or a host to be a "art o that VLAN! it must be assigned an -

    address that belongs to the "ro"er subnet.

    Remember> VLAN ? &ubnet

    ! $ ) , - ( .

    ! $ ! $ $ ! .




  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    9/29Rick Graziani [email protected]

    VLAN operation

    • /ynamic membership VLANs are created through networmanagement software. (Not as common as static VLANs)

    • isco/orks 2=== or isco/orks or &witched -nternetworks is used tocreate Bynamic VLANs.• Bynamic VLANs allow or membershi" based on the ;A address o

    the de$ice connected to the switch "ort.

    •  As a de$ice enters the network! it Cueries a database within the switchor a VLAN membershi".


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    10/29Rick Graziani [email protected] *=

    Benefits of VLANs

    • 'he key beneit o VLANs is that they "ermit the network administrator toorganize the LAN logically instead o "hysically.

    • Note> an be done without VLANs! but VLANs limit the broadcast domains

    •'his means that an administrator is able to do all o the ollowing>

     : 6asily mo$e workstations on the LAN.

     : 6asily add workstations to the LAN.

     : 6asily change the LAN coniguration.

     : 6asily control network traic.

     :-m"ro$e security.

    0f a hub is connected to VLAN port on

    a switch1 all devices on that hub must

    belong to the same VLAN.

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    11/29Rick Graziani [email protected] **

    N o V L A N s

      & a m e a s a s i n g l e V L A N

      ' w o & u b n e t s

    * w i t c h !* 7 2 . % = . * . 2 *

    2 ) ) . 2 ) ) . 2 ) ) . =

    * 7 2 . % = . 2 . * =

    2 ) ) . 2 ) ) . 2 ) ) . =

    * 7 2 . % = . * . 2 %

    2 ) ) . 2 ) ) . 2 ) ) . =

    * 7 2 . % = . 2 . * 2

    2 ) ) . 2 ) ) . 2 ) ) . =

    • /ithout VLANs! the AR ReCuest would be seen by all hosts.

    •  Again! consuming unnecessary network bandwidth and host "rocessingcycles.

    A2 2e3uest

    /ithout VLANs : No Droadcast ontrol

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    12/29Rick Graziani [email protected] *2

    T w o V L A N s

      ' w o & u b n e t s

    * w i t c h !* 7 2 . % = . * . 2 *

    2 ) ) . 2 ) ) . 2 ) ) . =

    V L A N *

    * 7 2 . % = . 2 . * =

    2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

    * 7 2 . % = . * . 2 %

    2 ) ) . 2 ) ) . 2 ) ) . =V L A N *

    * 7 2 . % = . 2 . * 2

    2 ) ) . 2 ) ) . 2 ) ) . =V L A N 2

    *witch ort4 VLAN 0/

    A2 2e3uest

    /ith VLANs : Droadcast ontrol

    ! $ ) , - ( .

    ! $ ! $ $ ! .



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    13/29Rick Graziani [email protected] *%

    VLAN Types

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    14/29Rick Graziani [email protected] *(

    5A6 address Based VLANs

    • Rarely im"lemented.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    15/29Rick Graziani [email protected] *)

    VLAN Tagging

    • VLAN Tagging is used when a lin needs to carry traffic for more than one VLAN. : Trun lin4 As "ackets are recei$ed by the switch rom any attached endEstation de$ice!

    a uniCue "acket identiier is added within each header.

    • This header information designates the VLAN membership of each pacet.• 'he "acket is then orwarded to the a""ro"riate switches or routers based on the VLAN

    identiier and ;A address.

    • 3"on reaching the destination node &witch+ the VLAN -B is remo$ed rom the "acket by thead#acent switch and orwarded to the attached de$ice.

    • acket tagging "ro$ides a mechanism or controlling the low o broadcasts and a""licationswhile not interering with the network and a""lications.

    • 'his is known as a trunk link or VLAN trunking.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    16/29Rick Graziani [email protected] *5

    VLAN Tagging

    • VLAN 'agging is used when a single link needs to carrytraic or more than one VLAN.

    No VLAN Tagging 

    VLAN Tagging 


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    17/29Rick Graziani [email protected] *7

    VLAN Tagging

    • 'here are two ma#or methods o rame tagging! isco "ro"rietary 0nter+*witch Lin (0*L) and 0777 '%$.!8.

    • -&L used to be the most common! but is now being re"laced by

  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    18/29Rick Graziani [email protected] *<

    6onfiguring static VLANs

    • 'he ollowing guidelines must be ollowed when coniguring VLANs on

    isco 211 switches> : 'he ma1imum number o VLANs is switch de"endent.

    • 211 switches commonly allow (!=) VLANs

     : VLAN * is one o the actoryEdeault VLANs.

     : VLAN * is the deault 6thernet VLAN.

     : isco Bisco$ery rotocol B+ and VLAN 'runking rotocol V'+ad$ertisements are sent on VLAN *.

     : 'he atalyst 211 - address is in the VLAN * broadcast domain bydeault.

     : 8'he switch must be in V' ser$er mode to create! add! or deleteVLANs.9 (This is not true. *witch could be in VT Transparent

    mode. VT will be discussed in a moment.)


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    19/29Rick Graziani [email protected] *

    6reating VLANs

    • Assigning access ports (non+trun ports) to a specific VLANSwitch(config)#interface fastethernet 0/9

    Switch(config-if)#switchport access vlan vlan_number 

    • 6reate the VLAN4 (This step is not re3uired and will be discussedlater.)

    Switch#vlan database

    Switch(vlan)#vlan vlan_number 



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    20/29Rick Graziani [email protected] 2=

    6reating VLANs

    • Assign ports to the VLANSwitch(config)#interface fastethernet 0/9

    Switch(config-if)#switchport access vlan 10

    • access : Benotes this "ort as an access "ort and not a trunk link later+



    vlan !


    vlan !


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    21/29Rick Graziani [email protected] 2*

    6reating VLANs



    vlan !


    vlan !


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    22/29Rick Graziani [email protected] 22

    6onfiguring 2anges of VLANs

    SydneySwitch(config)#interface fastethernet 0/5

    SydneySwitch(config-if)#switchport access vlan 2


    SydneySwitch(config)#interface fastethernet 0/6SydneySwitch(config-if)#switchport access vlan 2


    SydneySwitch(config)#interface fastethernet 0/7

    SydneySwitch(config-if)#switchport access vlan 2

    vlan $


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    23/29Rick Graziani [email protected] 2%

    6onfiguring 2anges of VLANs

    SydneySwitch(config)#interface range fastethernet 0/8,

    fastethernet 0/12

    SydneySwitch(config-if)#switchport access vlan 3


    This command does not wor on all $9%% switches1 such as the $9%%

    *eries :L. 0t does wor on the $9-%.



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2

    24/29Rick Graziani [email protected] 2(

    6reating VLANs



    vlan !


    vlan !

    SydneySwitch(config)#interface fastethernet 0/1

    SydneySwitch(config-if)#switchport ode access


    Note> 'he switchport mode access command should be conigured

    on all "orts that the network administrator does not want to become atrunk "ort.

    • 'his will be discussed in more in the ne1t cha"ter! section on B'.


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 2)

    6reating VLANs

    /efault4 dynamic desirable

    • Dy deault! all "orts are conigured as switchport ode d!naicdesirable! which means that i the "ort is connected to another switch with

    an "ort conigured with the same deault mode or desirable or auto+! this link

    will become a trunking link. &ee my article on B' on my web site or more


    • /hen the switchport access vlan command is used! the switchportmode access command is not necessary since the switchport access

    vlan command conigures the interace as an 8access9 "ort nonEtrunk "ort+.

    • 'his will be discussed in more in the ne1t cha"ter! section on B'.

    This lin will become a truning lin unless one of the

    ports is configured with as an access lin1 0.e.

    switchport mode access


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 25

    Verifying VLANs ; show vlan

    vlan vlan $vlan !



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 27

    Verifying VLANs ; show vlan brief 

    vlan vlan $vlan !



  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    Rick Graziani [email protected] 2<

    vlan database commands

    • ,"tional ommand to add! delete! or modiy VLANs.• VLAN names! numbers! and VT VLAN 'runking rotocol+inormation can be entered which 8may9 aect other switches besidesthis one. Biscussed later+.

    • 'his does not assign any VLANs to an interace.

    "witch#vlan database


     '()* database editing b+ffer anip+lation coands

      abort -xit ode witho+t appl!ing the changes

      appl! )ppl! c+rrent changes and b+p revision n+ber

      exit )ppl! changes, b+p revision n+ber, and exit ode  no *egate a coand or set its defa+lts

      reset )bandon c+rrent changes and reread c+rrent database

      show "how database inforation

      vlan )dd, delete, or odif! val+es associated with a single '()*

      vtp .erfor '. adinistrative f+nctions


  • 8/18/2019 ccna3-mod8-VLANs day_1_1.2 ver 2


    /eleting VLANs

    Switch(config-if)#no switchport access vlan vlan_number 
