VLANs

 Some requirements of LANs

Need to split up broadcast domains to make good
use of bandwidth
People in the same department may need to be
grouped together for access to servers
Security: restrict access by certain users to some
areas of the LAN
 Solution using routers
 Divide the LAN

into subnets
 Use routers to link

the subnets
 Solution using routers
BUT
 Routers are expensive

 Routers are slower than switches

 Routers are restricted to limited physical areas

 Subnets are inflexible

 .
 Solution using VLANs
VLAN membership can
be by function and
not by location
VLANs managed
by switches
Router needed for
communication between
VLANs
 VLANs
All hosts in a VLAN have addresses in the same subnet.
A VLAN is a subnet.
Broadcasts are kept within the VLAN. A VLAN is a
broadcast domain.
The switch has a separate MAC address table for each
VLAN. Traffic for each VLAN is kept separate from
other VLANs.
Layer 2 switches cannot route between VLANs.
 Benefits of VLANs
Scalability
Security
Network Management
Broadcast Filtering
Traffic Flow Management
Cost reduction
Better performance
VLAN numbers
 VLAN 1: default Ethernet LAN, all ports start in this
VLAN.
 VLANs 1002 – 1005 automatically created for Token Ring
and FDDI
 Numbers 2 to 1001 can be used for new VLANs
 Up to 255 VLANs on Catalyst 2960 switch
 Extended range 1006 – 4094 possible but fewer features
VLAN information
 Normal range VLANs
VLAN information is stored in the VLAN database.
vlan.dat in the flash memory of the switch.
 Extended Range VLANs
Configurations stored in the start-up configuration
(NVRAM)
Port based

 Each switch port intended for an end device is configured to

belong to a VLAN.
 There are other ways of assigning VLANs but this is now the
normal way.
 Ports that link switches can be configured to carry traffic for
all VLANs (trunking)
Types of VLAN

 Static or Port-Based:
Ports on a switch are assigned to a specific VLAN.
VLAN can be learned from another switch.
If a port is put on a VLAN and the VLAN does not exist,
then the VLAN is created.
 Dynamic:
VLANs created by accessing a Network Management
server. The MAC address/VLAN ID mapping is set up by
the Network Administrator and the server assigns
a VLAN ID when the device contacts it.
Types of Port-Based VLANs

 Data or user VLAN

 Management VLAN
 Native VLAN
 Default VLAN
 Voice VLAN
 Data VLAN
 Carry files, e-mails, shared application traffic, most
user traffic.
Separate VLAN for each group of users.
 Management VLAN
Has the switch IP address.
Used for telnet/SSH or web access for management
purposes.
Better not to use VLAN 1 for security reasons.
 Native VLAN
Relevant to trunk ports.
Trunk ports carry traffic from multiple VLANs.
VLAN is identified by a “tag” in the frame.
 Default VLAN
VLAN 1 on Cisco switches.
Carries CDP and STP (spanning tree protocol) traffic.
Initially all ports are in this VLAN.
Do not use it for data, voice or management traffic for
security reasons.
 Voice VLAN
Use with IP phone.
Phone acts as a switch too.
Voice traffic is tagged, given priority.
Data not tagged, no priority.
 Static VLAN
Ports on a switch are manually assigned to a VLAN.
 Dynamic VLAN
Configured using a special server called a VLAN
Membership Policy Server (VMPS).
Assign switch ports to VLANs based on the source
MAC address of the device connected to the port.
 Voice VLAN
Ensures that voice traffic is
identified as priority traffic.

Voice VLAN
Data VLAN

Remember that the entire network must be set up to prioritize

voice traffic. You cannot just configure the switch port.
Controlling Broadcast Domains with VLANs

Network without VLANs

Sends a
Broadcast
• Network with VLANs
Sends a Broadcast

Sends a Broadcast