Introduction to VLAN's

I've got kind of a simplified little piece of my network right here for you to look
at.

Now what I want you to pay attention to is the fact that well first of all I've got
two switches and these are great old switches.

They work fantastically well and everybody on my network plugs into them.

So we usually use these red cables I've got this laptop right here so I guess he's
the only guy plugged in right now.

Well technically not the only guy.

The other thing I have is a crossover cable here that connects the two switches.

And then I have one of four different wireless access points that I use for
wireless throughout my network plugged into the switches as well.

So that's my basic setup but I've got a problem.

The problem I have is that I have a lot of public people coming in and using my
wireless network I want them to it's a good thing.

OK.

But the challenge is that I'm plugging my switches and my servers and everything
into this one big broadcast domain.

So a bad person could in theory via my wireless network access file servers and
things like that that I don't want them to have access to.

Now granted I can put passwords on to servers and stuff like that but I want to be
a little bit more secure.

So one of the things we can do is something we call a virtual land or of the land
of the land takes one big broadcast domain because if you look at this all my
switches are interconnected this is one huge broadcast domain and breaks it up into
two or more smaller broadcast domains.

So it's kind of like taking a switch and kind of like cutting it in half.

So we use villans all the time as a way to segregate our network into individual
broadcast domains.

Now at first glance when you hear this you go OK Mike that sounds nice but why
don't just put all your wireless devices on one switch and then everybody else on
another switch and divide them that way.

Well I can't.

There's nothing wrong with that.

But keep in mind that in a big network you get big banks of switches and they're
kind of fixed in place and to be arbitrarily pulling and yanking and moving stuff
around is a really bad idea.

We need a way to separate broadcast domains electronically and that's why we use
villans as opposed to just bringing in more switches and making them.

I could show you some messes I've seen over the years.

For people who don't.

So the cool part about the land is well you have to have switches that understand
how to do this.

So you basically have two types of switches in life.

You've got unmanaged switches which are usually very inexpensive.

Those are the $10 or $20 switches you can find and then you have managed switches
manage switches tend to be a lot more expensive because they can do cool things
like Well for one thing.

The lan's now in order for me to configure this.

I've got to actually get into the switch somehow and do configuration now switches
by definition run at Layer 2 of the OSI-7 or model they use MAC addresses.

So we need to be able to get into this switch somehow.

So what we typically do with switches is we give them you ready an IP address

switches don't need an IP address to do their job.

We just give them an IP address so we can open up a web page or a configuration or

something so we can go in and configure the silly things now on these particular
switches that I have here.

These come from Cisco and Cisco provides a very cool tool called the Cisco network
assistant or CNA.

Now you download this from Cisco and you plug in and you punch into the IP address
of the individual switches and they have default IP addresses so you can punch into
them and you can do the configuration.

So the best way to start understanding Leanne's is to go through the configuration

process.

I'm going to use good Cisco CNA right now and let's configure one of these switches
for villans.

Now I have a copy of Cisco network assistent here on my computer so when I'm going
to do is actually connect to one of my switches right now.

Now I know the IP address for the switch because I configured it a long time ago.

So I'm just going to type it in.

OK.

And these switches have usernames and passwords and today I am now connected in
fact even sees another switch which is kind of cool.

In fact this thing even says if you saw that but I've got an error that says My fan
is dead.
So that's why we use these for demonstration as opposed actually have them online
and working for a living and I need to put a new fan into this particular switch.

So in order to appreciate what's going on here let's just go ahead and change the
view.

This is one of the cool things about the CNA is that it has this wonderful graphic
I can actually see all my switches and I can even see which ports are plugged in
right now.

So this is plugged into the other switch here.

This one is plugged into my laptop right now.

And this is plugged into my wireless access point was kind of a cool little
feature.

Anyway what we want to do is we want to set up some plans now by default and this
is important.

All switches are preset to use VLAN one.

Now you've got to be careful with this because on the network plus exam they seem
to think that the default VPN is zero and that that's not really accurate.

I'm not going to try to argue with CompTIA but the default VPN is VPN number one.

So let's go ahead and get in here a little bit and let's take a look.

Now right now I have exactly one VLANs and it's called VLAN one.

When you set up villans you don't give them funny names like Timmy the wonder
pootle They're just called VLAN one the next one is really into Sometimes you can
call if you want you can call it like VLAN 101 to 1 whatever it is.

But it's just a numeric value.

All right.

So here is my default VLAN.

I'm going to add a new VPN right now so I'm just going to hit create and I'm going
to give it a very clever name like VLAN and two and if I want to I can give it a
clever name if I wanted to but I'm just going to leave it with the default name.

And I've now set up a new VLAN

Now what's the VLAN made.

I'd now have to go through the process of saying who's going to be on that VLAN.

So there's a lot of different ways to do this.

So one of the ways we're going to do is we can come over to configure ports and you
can see a listing of all the ports this is a 24 port switch so all 24 listed this
terminology you're seeing where it says F.A. zero.

That's basically Cisco IIS for fast Ethernet.

So it's a zero the number one two three four on down.

So what I'm going to choose is I'm going to say that five six seven eight are going
to be assigned to VLAN and two you can see right now are assigned to land one so I
can just go right in here and set that to VLAN two

So I've now set port number five to VLAN and.

And I can keep marching down and get the rest of these day what just for brevity
we'll just do these first three OK.

Now before we get out of here there's something kind of cool I want you to see
here.

So we're looking at port number seven of my little switch here.

Now I am setting it statically to VLAN 2.

However there are some other things you can do and that's what this administrative
mode is all about.

So let me hit the pulldown here static access means I'm going to physically assign
what VPN goes to each port I'm going to come in here and set it physically dynamic
access and dynamic desirable which are actually the more common default have to do
with something called trunking I'll explain that in just a second or we can force
them into it what we call a trunk mode.

Let's talk about that for a minute.

One of the things you need to appreciate about VLAN is that once I set the VLAN up
like that VLAN to it's not limited to one particular switch.

We have protocols like for example Cisco has the proprietary VTP protocol which
will in essence tell this one switch to advertise to other switches that there's
other VLANs out there.

So if you take a look at my two switches.

First of all I've got them interconnected using this crossover but I can start
setting up the VLANs with the same numbers as I have here on this switch.

And because of VTP its not the only way to do it.

But that's the Cisco way to do it.

They will start talking to each other so I can go into this switch and set certain
ports up to be really into.

And then these ports will be on the same VLAN as these ports.

And this is all handled because of something called trunking trunking our ports
that send all the land track I don't care what Villon it's on trunk ports take care
of everything.

So anytime you're interconnecting to switches those ports that are being plugged in
are going to be trunk ports pretty much automatically.

So most of the time when you're working on Cisco products and other competitors
have a similar thing they'll invariably have a setting like we saw with this
particular guy called Dynamic desirable dynamic desirable basically means if you
plug me into somebody I'm going to listen to what kind of Port he's plugged me into
and I'll act like him.

So the moment we plug these two guys in because they were preset to dynamic
desirable they suddenly realized Hey man we're a crossover we can hear everybody's
information we're going to make ourselves to be in the trunk ports.

And they've done it automatically.

So and that's why these villans work is because the trunk ports automatically work
in that fashion.

So trunking is really really important.

And invariably it's the interconnections between the switches are what become the
trunk ports themselves.

All right let's go ahead and finish our configuration.

OK so let's go ahead and complete the process here.

So I'm going to have five through eight on that top switch to be set to Vili's
into.

So you can see I've got that set up now.

Now the important thing to appreciate is if I plug any device into these four ports
right here that he's not going to hear anybody else other than devices that are
plugged into one of the three other ports.

So the VLAN has created a complete separation.

It's as though I've got a little 4 port switch inside my big switch with trunking
kicked in.

I can make a VLAN two on a second switch and whatever ports I set to VLAN to on
that second switch they'll talk to these four ports but that's it.

So it's actually pretty cool.

This is kind of fun you can see right here.

So we click on VLAN and you can see that it automatically set itself up to be a
trunk 8:0 2.1 queue is a standard for trunking that's used to define how people do
trunking.

OK so anyway.

So that's all set up and pretty much ready to rock and roll.

So these are the basics of the plan.

The things I want you to take away from this more than anything else is the
Leanne's take a single broadcast domain and break it up into smaller broadcast
domains.

Also keep in mind that you have to go into the switch somehow to configure the
VLANs and that via trunking we can propagate a single VLAN or more across multiple
switches.

A VLAN splits one broadcast domain into two or more broadcast domains

A Managed switch that supports VLANs requires configuration

Trunking enables VLANs to be on more than one switch

InterVLAN Routing

One of the big issues when you're setting up the VLANs is that you have literally
taken one big network and separated it into two separate broadcast domains.

Now that's good because from security reasons inside we like that.

But the downside is is there sometimes you want these two separate networks to be
able to talk to each other and you can but it can be a little bit messy.

So let's take a look over here.

So just to keep things simple what I'm going to say is I've said that this entire
switch to be on the VLAN too and this switch underneath it to be on the VLAN three.

Of course we don't have to do it that way we could have ports on two and three all
over the place.

But just for simplicity's sake we're going to say it's that way.

Now what I've done is I've thrown an old router on top of the two switches and I'm
going to show you how we used to do things in the old days.

If I've got to separate the VLANs I'm going to have to use a router to interconnect
them.

So I'm going to go something like this on on this particular router it has two
ethernet ports the other ports are just used for management.

So I'm going to plug this puppy up and it's going to look something like this.

So what I've done is I've taken one arbitrary port from VLANs and to plug that into
one side of my router and then I took another arbitrary port from the land three
and plugged it into the other side.

Now that I've got this all plugged in I can go into my router configuration and I
can set it all up and put in firewalls an Access Control list whatever I want to do
to keep one VLAN from getting too far into the other VLANs And so whatever I want
to do there I can do.

The downside to this is that unless we come up with something different every time
I come up with another plan that's going to be a separate broadcast domain.

And I'm going to have to keep adding more and more routers or at least adding more
and more ports to a single router to allow everybody to interconnect.

It's a mess.

So what we do instead is we use something called InterVLAN routing.

Now InterVLAN routing is in essence a virtualization of the functions of a router

that's put into higher end switches with intervening routing turned on.

I can say OK I've got two VLANs VLAN two and VLAN and three and you literally go
into your switch configuration to do this.

So I go in I have two and three and I allow InterVLAN Routing and I turn it on and
on a really good switch I can even add things like access control and stuff like
that.

So InterVLAN routing is simply the tool that we use that if you make a bunch of
lands and you're going to have to reconnect them via routers instead of having a
bunch of big ugly routers like this laying around with the right type of switch and
the little bit of patience because sometimes InterVLAN Routing can be challenging.

You can do it all within one or two boxes.

VLANs create separate broadcast domains

Connect the broadcast domains with physical routers

Broadcast domains can be connected with virtual routers using InterVLAN Routing