Module 3: VLANs

Switching, Routing, and Wireless

Essentials v7.0 (SRWE)
3.1 Overview of VLANs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
 Overview of VLANs
VLAN Definitions
VLANs are logical connections with other similar
devices.
Placing devices into various VLANs have the following
characteristics:
• Provides segmentation of the various groups of
devices on the same switches
• Provide organization that is more manageable
• Broadcasts, multicasts and unicasts are
isolated in the individual VLAN
• Each VLAN will have its own unique
range of IP addressing
• Smaller broadcast domains
 Overview of VLANs
Benefits of a VLAN Design

Benefits of using VLANs are as

follows:
Benefits Description
Smaller Broadcast Dividing the LAN reduces the number of broadcast domains
Domains
Improved Security Only users in the same VLAN can communicate together
Improved IT Efficiency VLANs can group devices with similar requirements, e.g. faculty vs. students

Reduced Cost One switch can support multiple groups or VLANs

Better Performance Small broadcast domains reduce traffic, improving bandwidth
Simpler Management Similar groups will need similar applications and other network resources
 Overview of VLANs
Types of VLANs
Default VLAN
VLAN 1 is the following:
• The default VLAN
• The default Native VLAN
• The default Management
VLAN
• Cannot be deleted or
renamed

Note: While we cannot delete

VLAN1 Cisco will recommend that
we assign these default features
to other VLANs
 Overview of VLANs
Types of VLANs (Cont.)
Data VLAN
• Dedicated to user-generated traffic (email and web traffic).
• VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN.
Native VLAN
• This is used for trunk links only.
• All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.
Management VLAN
• This is used for SSH/Telnet VTY traffic and should not be carried with end user traffic.
• Typically, the VLAN that is the SVI for the Layer 2 switch.
 Overview of VLANs
Types of VLANs (Cont.)
Voice VLAN
• A separate VLAN is required because Voice
traffic requires:
• Assured bandwidth
• High QoS priority
• Ability to avoid congestion
• Delay less that 150 ms from source to
destination
• The entire network must be designed to
support voice.
3.2 VLANs in a
Multi-Switched Environment

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
 VLANs in a Multi-Switched Environment
Defining VLAN Trunks
A trunk is a point-to-point link between
two network devices.
Cisco trunk functions:
• Allow more than one VLAN
• Extend the VLAN across the entire
network
• By default, supports all VLANs
• Supports 802.1Q trunking
 VLANs in a Multi-Switched Environment
Networks without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic.
 VLANs in a Multi-Switched Environment
Networks with VLANs
With VLANs, unicast, multicast, and broadcast traffic is confined to a VLAN. Without a Layer 3 device
to connect the VLANs, devices in different VLANs cannot communicate.
 VLANs in a Multi-Switched Environment
VLAN Identification with a Tag
• The IEEE 802.1Q header is 4 Bytes
• When the tag is created the FCS must be recalculated.
• When sent to end devices, this tag must be removed and
the FCS recalculated back to its original number.

802.1Q VLAN Tag Field Function

Type • 2-Byte field with hexadecimal 0x8100
• This is referred to as Tag Protocol ID (TPID)
User Priority • 3-bit value that supports
Canonical Format Identifier (CFI) • 1-bit value that can support token ring frames on Ethernet
VLAN ID (VID) • 12-bit VLAN identifier that can support up to 4096 VLANs
 VLANs in a Multi-Switched Environment
Native VLANs and 802.1Q Tagging
802.1Q trunk basics:
• Tagging is typically done on all VLANs.
• The use of a native VLAN was designed for legacy
use, like the hub in the example.
• Unless changed, VLAN1 is the native VLAN.
• Both ends of a trunk link must be configured with
the same native VLAN.
• Each trunk is configured separately, so it is
possible to have a different native VLANs on
separate trunks.
 VLANs in a Multi-Switched Environment
Voice VLAN Tagging
The VoIP phone is a three port switch:
• The switch will use CDP to inform the phone of the Voice VLAN.

• The phone will tag its own traffic (Voice) and can set Cost of
Service (CoS). CoS is QoS for layer 2.

• The phone may or may not tag frames from the PC.

Traffic Tagging Function

Voice VLAN tagged with an appropriate Layer 2 class of service (CoS) priority value
Access VLAN can also be tagged with a Layer 2 CoS priority value
Access VLAN is not tagged (no Layer 2 CoS priority value)
 VLANs in a Multi-Switched Environment
Voice VLAN Verification Example
The show interfaces fa0/18 switchport command can show us both data and voice VLANs
assigned to the interface.
3.3 VLAN Configuration

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
 VLAN Configuration
VLAN Ranges on Catalyst Switches

Catalyst switches 2960 and 3650 support over 4000

VLANs.

Normal Range VLAN 1 – 1005 Extended Range VLAN 1006 - 4095

Used in Small to Medium sized businesses Used by Service Providers

1002 – 1005 are reserved for legacy VLANs
1, 1002 – 1005 are auto created and cannot be
deleted
Stored in the vlan.dat file in flash
VTP can synchronize between switches
Are in Running-Config
Supports fewer VLAN features
Requires VTP configurations
 VLAN Configuration
VLAN Creation Example

• If the Student PC is going to be in VLAN

20, we will create the VLAN first and then
name it.
• If you do not name it, the Cisco IOS will
give it a default name of vlan and the four Prompt Command
digit number of the VLAN. E.g. vlan0020 S1# Configure terminal
for VLAN 20.
S1(config)# vlan 20
S1(config-vlan)# name student
S1(config-vlan)# end
 VLAN Configuration
VLAN Port Assignment Example
We can assign the VLAN to the port
interface.
• Once the device is assigned the VLAN,
then the end device will need the IP
address information for that VLAN
• Here, Student PC receives 172.17.20.22 Prompt Command
S1# Configure terminal
S1(config)# Interface fa0/18
S1(config-if)# Switchport mode access
S1(config-if)# Switchport access vlan 20
S1(config-if)# end
 VLAN Configuration
Data and Voice VLANs
An access port may only be assigned to
one data VLAN. However it may also be
assigned to one Voice VLAN for when a
phone and an end device are off of the
same switchport.
 VLAN Configuration
Data and Voice VLAN Example
• We will want to create and name both Voice and
Data VLANs.
• In addition to assigning the data VLAN, we will
also assign the Voice VLAN and turn on QoS for
the voice traffic to the interface.
• The newer catalyst switch will automatically
create the VLAN, if it does not already exist, when
it is assigned to an interface.
Note: QoS is beyond the scope of this course. Here
we do show the use of the mls qos trust [cos |
device cisco-phone | dscp | ip-precedence]
command.
 VLAN Configuration
Verify VLAN Information
Use the show vlan command. The
complete syntax is:
show vlan [brief | id vlan-id | name
vlan-name | summary]

Task Command Option

Display VLAN name, status, and its ports one VLAN per line. brief
Display information about the identified VLAN ID number. id vlan-id
Display information about the identified VLAN name. The vlan-name is an
name vlan-name
ASCII string from 1 to 32 characters.
Display VLAN summary information. summary
 VLAN Configuration
Change VLAN Port Membership

There are a number of ways to change VLAN

membership:
• re-enter switchport access vlan vlan-id
command
• use the no switchport access vlan to place
interface back in VLAN 1
Use the show vlan brief or the show interface
fa0/18 switchport commands to verify the
correct VLAN association.
 VLAN Configuration
Delete VLANs
Delete VLANs with the no vlan vlan-id command.
Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.
• Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.
• Reload the switch when deleting all VLANs.
Note: To restore to factory default – unplug all data cables, erase the startup-configuration and delete
the vlan.dat file, then reload the device.
3.4 VLAN Trunks

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
 VLAN Trunks
Trunk Configuration Commands

Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.

Task IOS Command

Enter global configuration mode.
Enter interface configuration mode.
Set the port to permanent trunking mode.
Sets the native VLAN to something other than
VLAN 1.
Specify the list of VLANs to be allowed on the
trunk link.
Return to the privileged EXEC mode.
Switch# configure terminal
Switch(config)# interface interface-id
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan vlan-
id
Switch(config-if)# switchport trunk allowed vlan
vlan-list
Switch(config-if)# end
 VLAN Trunks
Trunk Configuration Example
The subnets associated with each VLAN are:
– VLAN 10 - Faculty/Staff - 172.17.10.0/24
– VLAN 20 - Students - 172.17.20.0/24
– VLAN 30 - Guests - 172.17.30.0/24
– VLAN 99 - Native - 172.17.99.0/24

F0/1 port on S1 is configured as a Prompt Command

trunk port.
S1(config)# Interface fa0/1
Note: This assumes a 2960 switch S1(config-if)# Switchport mode trunk
using 802.1q tagging. Layer 3
S1(config-if)# Switchport trunk native vlan 99
switches require the encapsulation
to be configured before the trunk S1(config-if)# Switchport trunk allowed vlan 10,20,30,99
mode.
S1(config-if)# end
 VLAN Trunks
Verify Trunk Configuration
Set the trunk mode and native vlan.
Notice sh int fa0/1 switchport command:
• Is set to trunk administratively
• Is set as trunk operationally (functioning)
• Encapsulation is dot1q
• Native VLAN set to VLAN 99
• All VLANs created on the switch will pass traffic
on this trunk
 VLAN Trunks
Reset the Trunk to the Default State
• Reset the default trunk settings with the
no command.
• All VLANs allowed to pass traffic
• Native VLAN = VLAN 1
• Verify the default settings with a sh
int fa0/1 switchport command.
3.5 Dynamic Trunking Protocol

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
 Dynamic Trunking Protocol
Introduction to DTP
Dynamic Trunking Protocol (DTP) is a proprietary Cisco protocol.
DTP characteristics are as follows:
• On by default on Catalyst 2960 and 2950 switches
• Dynamic-auto is default on the 2960 and 2950 switches
• May be turned off with the nonegotiate command
• May be turned back on by setting the interface to dynamic-auto
• Setting a switch to a static trunk or static access will avoid negotiation issues with the switchport
mode trunk or the switchport mode access commands.
 Dynamic Trunking Protocol
Negotiated Interface Modes
The switchport mode command has additional options.
Use the switchport nonegotiate interface configuration command to stop DTP negotiation.

Option Description

Permanent access mode and negotiates to convert the neighboring link into an
access
access link
Will becomes a trunk interface if the neighboring interface is set to trunk or
dynamic auto
desirable mode
Actively seeks to become a trunk by negotiating with other auto or desirable
dynamic desirable
interfaces
Permanent trunking mode and negotiates to convert the neighboring link into
trunk
a trunk link
 Dynamic Trunking Protocol
Results of a DTP Configuration

DTP configuration options are as follows:

Dynamic Auto Dynamic Desirable Trunk Access

Dynamic Auto Access Trunk Trunk Access
Dynamic Desirable Trunk Trunk Trunk Access
Limited
Trunk Trunk Trunk Trunk
connectivity
Limited
Access Access Access Access
connectivity
 Dynamic Trunking Protocol
Verify DTP Mode

The default DTP

configuration is dependent
on the Cisco IOS version and
platform.
▪ Use the show dtp interface
command to determine the
current DTP mode.
▪ Best practice recommends
that the interfaces be set to
access or trunk and to