Designa VLANVirtual Local Area Network Based Network
Designa VLANVirtual Local Area Network Based Network
net/publication/341979907
CITATIONS READS
6 27,524
1 author:
SEE PROFILE
All content following this page was uploaded by Md. Humayun Kabir on 06 June 2020.
VLANs make it easy for network administrators to partition a single switched network to
match the functional and security requirements of their systems without having to run new
cables or make major changes in their current network infrastructure. VLANs are often set up
by larger businesses to re-partition devices for better traffic management.
VLANs are also important because they can help improve the overall performance of a
network by grouping together devices that communicate most frequently. VLANs also
provide security on larger networks by allowing a higher degree of control over which devices
Page 1 of 9
have access to each other. VLANs tend to be flexible because they are based on logical
connections, rather than physical.
One or more network switches may support multiple, independent VLANs, creating Layer 2
(data link) implementations of subnets. A VLAN is associated with a broadcast domain. It is
usually composed of one or more network switches.
Types of VLANs
Types of VLANs include Protocol based, static and dynamic VLANs.
➢ A Protocol VLAN- which has traffic handled based on its protocol. A switch will
segregate, or forward traffic based on the traffics protocol.
➢ Static VLAN- also referred to as port-based VLAN, needs a network administrator to
assign the ports on a network switch to a virtual network; while:
➢ Dynamic VLAN- allows a network administrator just to define network membership
based on device characteristics, as opposed to switch port location.
Page 2 of 9
Each VLAN provides data link access to all hosts connected to switch ports configured with
the same VLAN ID. The VLAN tag is a 12-bit field in the Ethernet header that provides
support for up to 4,096 VLANs per switching domain. VLAN tagging is standardized in IEEE
(Institute of Electrical and Electronics Engineers) 802.1Q and is often called Dot1Q.
When an untagged frame is received from an attached host, the VLAN ID tag configured on
that interface is added to the data link frame header, using the 802.1Q format. The 802.1Q
frame is then forwarded toward the destination. Each switch uses the tag to keep each VLAN's
traffic separate from other VLANs, forwarding it only where the VLAN is configured. Trunk
links between switches handle multiple VLANs, using the tag to keep them segregated. When
the frame reaches the destination switch port, the VLAN tag is removed before the frame is to
be transmitted to the destination device.
Multiple VLANs can be configured on a single port using a trunk configuration in which each
frame sent via the port is tagged with the VLAN ID, as described above. The neighbouring
device's interface, which may be on another switch or on a host that supports 802.1Q tagging,
will need to support trunk mode configuration to transmit and receive tagged frames. Any
untagged Ethernet frames are assigned to a default VLAN, which can be designated in the
switch configuration.
When a VLAN-enabled switch receives an untagged Ethernet frame from an attached host, it
adds the VLAN tag assigned to the ingress interface. The frame is forwarded to the port of the
host with the destination MAC address (media access control address). Broadcast, unknown
unicast and multicast (BUM traffic) is forwarded to all ports in the VLAN. When a previously
unknown host replies to an unknown unicast frame, the switches learn the location of this
host and do not flood subsequent frames addressed to that host.
The switch-forwarding tables are kept up to date by two mechanisms. First, old forwarding
entries are removed from the forwarding tables periodically, often a configurable timer.
Second, any topology change causes the forwarding table refresh timer to be reduced,
triggering a refresh.
The Spanning Tree Protocol (STP) is used to create loop-free topology among the switches in
each Layer 2 domain. A per-VLAN STP instance can be used, which enables different Layer 2
topologies or a multi-instance STP (MISTP) can be used to reduce STP overhead if the
topology is the same among multiple VLANs. STP blocks forwarding on links that might
produce forwarding loops, creating a spanning tree from a selected root switch. This blocking
means that some links will not be used for forwarding until a failure in another part of the
network causes STP to make the link part of an active forwarding path.
The figure above shows a switch domain with four switches with two VLANs. The switches
are connected in a ring topology. STP causes one port to go into blocking state so that a tree
topology is formed (i.e., no forwarding loops). The port on switch D to switch C is blocking,
as indicated by the red bar across the link. The links between the switches and to the router
are trunking VLAN 10 (orange) and VLAN 20 (green). The hosts connected to VLAN 10 can
Page 3 of 9
communicate with server O. The hosts connected to VLAN 20 can communicate with server
G. The router has an IPv4 subnet configured on each VLAN to provide connectivity for any
communications between the two VLANs.
Learning Objectives
VLAN Configuration
Switch>enable
Switch#configure
Switch(config)#hostname CoreSwitch
CoreSwitch(config)#exit
CoreSwitch#wr
Page 4 of 9
CoreSwitch#show vlan
CoreSwitch#configure
CoreSwitch(config)#vlan 2
CoreSwitch(config-vlan)#name Sales
CoreSwitch(config-vlan)#exit
CoreSwitch(config)#vlan 3
CoreSwitch(config-vlan)#name HR
CoreSwitch(config-vlan)#exit
CoreSwitch(config)#vlan 4
CoreSwitch(config-vlan)#name Accounts
CoreSwitch(config-vlan)#exit
CoreSwitch#wr
CoreSwitch#configure
CoreSwitch(config)#interface fastEthernet 0/3
CoreSwitch(config-if)#switchport access vlan 2
CoreSwitch(config-if)#exit
CoreSwitch(config)#interface range fastEthernet 0/4-5
CoreSwitch(config-if-range)#switchport access vlan 2
CoreSwitch(config-if-range)#exit
CoreSwitch(config-if-range)#interface range fastEthernet 0/6-8
CoreSwitch(config-if-range)#switchport access vlan 3
CoreSwitch(config-if-range)#exit
CoreSwitch(config)#interface range fastEthernet 0/9-11
CoreSwitch(config-if-range)#switchport access vlan 4
CoreSwitch(config-if-range)#exit
CoreSwitch#wr
Page 5 of 9
Figure 4: Create VLAN in Network.
CoreSwitch#show vlan
CoreSwitch#configure
CoreSwitch(config)#interface vlan 2
CoreSwitch(config-if)#ip address 172.16.20.100 255.255.0.0
CoreSwitch(config-if)#no shutdown
CoreSwitch(config-if)#exit
CoreSwitch(config)#interface vlan 3
CoreSwitch(config-if)#ip address 172.17.20.100 255.255.0.0
CoreSwitch(config-if)#no shutdown
CoreSwitch(config-if)#exit
CoreSwitch(config)#interface vlan 4
CoreSwitch(config-if)#ip address 172.18.20.100 255.255.0.0
CoreSwitch(config-if)#no shutdown
CoreSwitch(config-if)#exit
CoreSwitch(config)#exit
CoreSwitch#wr
CoreSwitch#show running-config
Page 6 of 9
R-VLAN(config-subif)#ip address 172.17.20.1 255.255.0.0
R-VLAN(config-subif)#no shutdown
R-VLAN(config-subif)#exit
R-VLAN(config)#int gi0/0.3
R-VLAN(config-subif)#encapsulation dot1Q 4
R-VLAN(config-subif)#ip address 172.18.20.1 255.255.0.0
R-VLAN(config-subif)#exit
R-VLAN(config)#exit
R-VLAN#wr
Mother Switch or Core Switch Configuration
CoreSwitch >enable
CoreSwitch #config
CoreSwitch (config)#int f0/1
CoreSwitch (config-if)#switchport mode trunk
CoreSwitch (config-if)#exit
CoreSwitch (config)#exit
CoreSwitch #wr
VTP Configuration in Core Switch
CoreSwitch >enable
CoreSwitch #show vlan
CoreSwitch #show vtp status
CoreSwitch #config
CoreSwitch (config)#vtp mode server
CoreSwitch (config)#vtp domain erevo.net
CoreSwitch (config)#vtp password test
CoreSwitch (config)#exit
CoreSwitch #wr
CoreSwitch >en
CoreSwitch #config
CoreSwitch (config)#int f0/2
CoreSwitch (config-if)#switchport mode trunk
CoreSwitch (config-if)#switchport trunk allowed vlan all
CoreSwitch (config-if)#exit
CoreSwitch (config)#exit
CoreSwitch #wr
Page 7 of 9
Switch(config)#hostname C-S-1
C-S-1(config)#exit
C-S-1#show vtp status
C-S-1#show vlan
C-S-1#config
C-S-1(config)#vtp mode client
C-S-1(config)#vtp domain erevo.net
C-S-1(config)#vtp password test
C-S-1(config)#exit
C-S-1#wr
C-S-1#config
C-S-1(config)#int f0/15
C-S-1(config-if)#switchport access vlan 2
C-S-1(config-if)#exit
C-S-1(config)#int f0/16
C-S-1(config-if)#switchport access vlan 3
C-S-1(config-if)#exit
C-S-1(config)#int f0/17
C-S-1(config-if)#switchport access vlan 4
C-S-1(config-if)#exit
C-S-1(config)#exit
C-S-1#wr
C-S-1>enable
C-S-1#conf
C-S-1(config)#int f0/15
C-S-1(config-if)#switchport mode trunk
C-S-1(config-if)#no shutdown
C-S-1(config-if)#exit
C-S-1(config)#int f0/16
C-S-1(config-if)#switchport mode trunk
C-S-1(config-if)#no shutdown
C-S-1(config-if)#exit
C-S-1(config)#int f0/17
C-S-1(config-if)#switchport mode trunk
C-S-1(config-if)#no shutdown
C-S-1(config-if)#exit
C-S-1(config)#exit
C-S-1#wr
Page 8 of 9
C-S-1>enable
C-S-1#config
C-S-1(config)#int f0/15
C-S-1(config-if)#switchport mode access
C-S-1(config-if)#switchport access vlan 2
C-S-1(config-if)#exit
C-S-1(config)#int f0/16
C-S-1(config-if)#switchport mode access
C-S-1(config-if)#switchport access vlan 3
C-S-1(config-if)#exit
C-S-1(config)#int f0/17
C-S-1(config-if)#switchport mode access
C-S-1(config-if)#switchport access vlan 4
C-S-1(config-if)#exit
C-S-1(config)#exit
C-S-1#wr
After Configuration properly, then check by ping test each client PC to another client PC.
Reference:
1. Virtual Local Area Network (VLAN), Definition from WhatIs.com. (2020). Retrieved 6
June 2019, from https://searchnetworking.techtarget.com/definition/virtual-LAN
2. VLAN Implementation Guide: The Basics. (2020). Retrieved 6 June 2019, from
https://www.networkcomputing.com/networking/vlan-implementation-guide-basics
Page 9 of 9