Chapter 2

VLAN Networks
Module Switched Networks
3rd Year
2021/2022

1
Part 1
Overview of VLANs

2
 Local Area Network (LAN)
 A set of communicating entities
belonging to the same organization or
Enterprise.
 The enterprise usually consists of
different departments, services, teams,
etc.
 All machines share the same broadcast
domain

Poor exploitation of resources.

Sale
Network overload resulting in low IT RH
s
throughput.
Risk of network congestion due to
multiple broadcasts.
A Single Broadcast Domain
3
 LAN Segmentation (1/2)
Objective: To create multiple broadcast
domains to reduce network overload and
RH
improve network performance.
Solution 1 : Physical Segmentation

 How: Replace switches by routers with a IT

redistribution of machines by services,
department, team.

Requirement for physical grouping of

employees.
Sale
Increase the cost of setting up the network. s Sale
It is not the role of the router to interconnect IT RH
s
several segments of the same network.
It is no longer a single LAN!

Three Broadcast Domains

4
 LAN Segmentation (2/2)
Objective: To create multiple broadcast domains to
reduce network overload and improve network
performance.
Solution 2 : Logical Segmentation

The VLANs
Virtual Local Area Network

 How: Configuration of switches

without the need for physical
grouping of machines.

VLAN = separate broadcast

domain VLA VLA
VLAN
N N
More flexibility in terms of IT
Sales RH
machine layout.
Keep the same architecture
Trois domaines de diffusion
5
 VLAN Definition
 VLANs are logical connections between devices in the same broadcast domain
with the same grouping purpose.

 Placing devices into various VLANs have the following characteristics:

• Provides segmentation of the various groups of devices on the same switches
• Provide organization that is more manageable
• Broadcasts, multicasts and unicasts are isolated in the individual VLAN
• Each VLAN will have its own unique range of IP addressing
• Smaller broadcast domains

6
 Benefits of a VLAN Design

 Benefits of using VLANs are

as follows:

Benefits Description
Smaller Broadcast Domains Dividing the LAN reduces the number of broadcast domains
Improved Security Only users in the same VLAN can communicate together
Improved IT Efficiency VLANs can group devices with similar requirements, e.g. faculty vs. students

Reduced Cost One switch can support multiple groups or VLANs

Better Performance Small broadcast domains reduce traffic, improving bandwidth
Simpler Management Similar groups will need similar applications and other network resources

7
 Types of VLAN (1/3)
 Default VLAN
• If no VLANs are configured, all ports on a switch belong to the default VLAN.
• The default VLAN for Cisco switches is VLAN 1.
 Data VLAN
• Dedicated to user-generated traffic (email and web traffic).
• VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN .
 Native VLAN
• This is used for trunk links only.
• All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.
 Management VLAN
• This is used for SSH/Telnet VTY traffic and should not be carried with end user traffic.
• Typically, the VLAN that is the SVI for the Layer 2 switch.

8
 Types of VLAN (2/3)
 Voice VLAN
• A separate VLAN is required because Voice traffic
requires:
 Assured bandwidth
 High QoS priority
 Ability to avoid congestion
 Delay less that 150 ms from source to
destination
• The entire network must be designed to support voice.

9
 Types of VLAN (3/3)
 Default VLAN : VLAN 1
• The default Native VLAN
• Default Management VLAN
• Can not be deleted or renamed

Vlan 1 is All ports are

the Default assigned to vlan 1
VLAN by default

10
Part 2
VLAN Configuration

11
 VLAN Ranges
 Catalyst switches 2960 and 3650 support
over 4000 VLANs.

Normal Range VLAN 1 – 1005 Extended Range VLAN 1006 - 4095

Used in Small to Medium sized businesses
1002 – 1005 are reserved for legacy VLANs
1, 1002 – 1005 are auto created and cannot be
deleted
Stored in the vlan.dat file in flash
VTP can synchronize between switches
Used by Service Providers
Are in Running-Config
Supports fewer VLAN features
Requires VTP configurations

12
 VLAN Creation Commands
 VLAN details are stored in the vlan.dat file. You create VLANs in the global
configuration mode.

Task IOS Command

Enter global configuration mode.
Create a VLAN with a valid ID number.
(Mandatory)
Specify a unique name to identify the VLAN.
(Optional)
Return to the privileged EXEC mode.
Enter global configuration mode.
Switch# configure terminal
Switch(config)# vlan vlan-id
Switch(config-vlan)# name vlan-name
Switch(config-vlan)# end
Or
Ctrl-z
Switch# configure terminal

13
 VLAN Creation Example
• If the Student PC is going to be in VLAN
20, we will create the VLAN first and
then name it.
 If you do not name it, the Cisco IOS will
give it a default name, the four digit
number of the VLAN.
For example : vlan0020 for VLAN 20
Prompt Commande
S1# Configure terminal
S1(config)# vlan 20
S1(config-vlan)# name student
S1(config-vlan)# end

14
 Checking the creation of VLANs
 You can check that the vlan has been created using the following command:
Switch# show vlan brief

15
 Verify VLAN Information
 Use the show vlan command. The complete syntaxe is:
Switch# show vlan [brief | id vlan-id | name vlan-name ]

Task Command Option

Display VLAN name, status, and its ports one VLAN per line. brief

Display information about the identified VLAN ID number. id vlan-id

Display information about the identified VLAN name. The vlan-name is an ASCII string
name vlan-name
from 1 to 32 characters.

16
 Port Assignment (Access Mode)

Access Mode:
A port in "access"
mode is a port that
belongs to a single
vlan

17
 VLAN Port Assignment Commands
 Once the VLAN is created, we can then assign it to the correct interfaces.

Task Command
Enter global configuration mode. Switch# configure terminal

Enter interface configuration mode. Switch(config)# interface interface-id

Set the port to access mode. Switch(config-if)# switchport mode access

Assign the port to a VLAN. Switch(config-if)# switchport access vlan vlan-id

Return to the privileged EXEC mode. Switch(config-if)# end

18
 VLAN Port Assignment Example
 We can assign the port interface to the
VLAN.
• Once the device is assigned the VLAN,
then the end device will need the IP
address information for that VLAN
• Here, Student PC receives 172.17.20.22
Prompt Command
S1# Configure terminal
S1(config)# Interface fa0/18
S1(config-if)# Switchport mode access
S1(config-if)# Switchport access vlan 20
S1(config-if)# end

19
 Checking VLAN Port Assignment
 You can check that the port has been assigned to the correct VLAN by using the :
Switch# show vlan brief

20
 Change VLAN Port Membership

 There are a number of ways to change

VLAN membership:
• Option 1 : re-enter switchport access vlan
vlan-id command
• Option 2 : use the no switchport access vlan
to place interface back in VLAN 1
 Use the show vlan brief or the show
interface fa0/18 switchport commands to
verify the correct VLAN association.

21
Part 3
VLAN Trunks

22
 Ports Assignment (Trunk mode)

Access Mode: Trunk Mode :

A port in "access" A trunk port can
mode is a port that carry traffic from
belongs to a single different vlans
vlan

23
 Defining VLAN Trunk
 A trunk is a point-to-point link between two network devices.

 Cisco trunk functions:

• Allow more than one VLAN
• Extend the VLAN across the entire network
• By default, supports all VLANs
• Supports 802.1Q trunking

24
 VLAN Identification
 The IEEE 802.1Q header is 4 Bytes
 When the tag is created the FCS must be recalculated.
 When sent to end devices, this tag must be removed
and the FCS recalculated back to its original number.

802.1Q VLAN Tag Field Function

Type • 2-Byte field with hexadecimal 0x8100
• This is referred to as Tag Protocol ID (TPID)
User Priority • 3-bit value that supports a certain priority for flows
Canonical Format Identifier (CFI) • 1-bit value that can support token ring frames on Ethernet
VLAN ID (VID) • 12-bit VLAN identifier that can support up to 4096 VLANs
• Example: 0000 0110 0100 = VID: 100
25
 Native VLANs and 802.1Q Tagging
 802.1Q trunk basics:
• Tagging is typically done on all VLANs.
• The use of a native VLAN was designed for
legacy use, like the hub in the example.
• Unless changed, VLAN1 is the native VLAN.
• Each trunk is configured separately, so it is
possible to have a different native VLANs on
separate trunks.

Both ends of a trunk link must be configured with the same native VLAN.

26
 Trunk Configuration Command
 Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all
VLANs
Task IOS Command
Enter global configuration mode. Switch# configure terminal

Enter interface configuration mode. Switch(config)# interface interface-id

Set the port to permanent trunking mode. Switch(config-if)# switchport mode trunk

Sets the native VLAN to something other than

VLAN 1. Switch(config-if)# switchport trunk native vlan vlan-id
Note: The Native VLAN must already be created

Specify the list of VLANs to be allowed on the trunk

Switch(config-if)# switchport trunk allowed vlan vlan-list
link.

Return to the privileged EXEC mode. Switch(config-if)# end

27
 Trunk Configuration Example
 The subnets associated with each VLAN
are:
• VLAN 10 - Faculty/Staff - 172.17.10.0/24
• VLAN 20 - Students - 172.17.20.0/24
• VLAN 30 - Guests - 172.17.30.0/24
• VLAN 99 - Native - 172.17.99.0/24 Prompt Command
S1(config)# Interface fa0/1
S1(config-if)# Switchport mode trunk
 F0/1 port on S1 is configured as a trunk
S1(config-if)# Switchport trunk native vlan 99
port.
S1(config-if)# Switchport trunk allowed vlan 10,20,30,99
S1(config-if)# end

28
 Verify Trunk Configuration
 Notice the result of the command
Switch#show interface fa0/1 switchport
• Is set to trunk administratively
• Is set as trunk operationally (functioning) On

• Encapsulation is dot1q
• Native VLAN set to VLAN 99
• All VLANs created on the switch will pass traffic
on this trunk

29
 Reset the Trunk to the Default State (1/2)

 Reset the default trunk settings with the

no command.
• All VLANs allowed to pass traffic
• Native VLAN = VLAN 1
 Verify the default settings with the
command
show interface fa0/1 switchport .

30
 Reset the Trunk to the Default State (2/2)

 Reset the trunk to an access mode with

the switchport mode access
command:
• Is set to an access interface
administratively
• Is set as an access interface operationally
(functioning)

31
 Delete VLAN
 Delete VLANs with the command no vlan vlan-id.

Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.

 Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.
 Reload the switch when deleting all VLANs.

32
Part 4
DTP Protocol (Dynamic Trunking Protocol)

33
 Introduction to DTP protocol
 Dynamic Trunking Protocol (DTP) is a proprietary Cisco protocol.
 DTP characteristics are as follows:
• On by default on Catalyst 2960 and 2950 switches
• Dynamic-auto is default on the 2960 and 2950 switches
• May be turned off with the nonegotiate command
• May be turned back on by setting the interface to dynamic-auto
• Setting a switch to a static trunk or static access will avoid negotiation issues with the
switchport mode trunk or the switchport mode access commands.

34
 Negotiated Interface Modes
 The switchport mode command has additional options.
 Use the switchport nonegotiate interface configuration command to stop DTP
negotiation.

Option Description
Permanent access mode and negotiates to convert the neighboring link into an
Access
access link
Will becomes a trunk interface if the neighboring interface is set to trunk or
Dynamic auto
desirable mode
Actively seeks to become a trunk by negotiating with other auto or desirable
Dynamic desirable
interfaces
Permanent trunking mode and negotiates to convert the neighboring link into a
Trunk
trunk link

35
 Results of a DTP configuration
 The configuration options for the DTP protocol are:

Port1 Option
Dynamic Auto Dynamic Desirable Trunk Access
Port2 Option
Dynamic Auto Access Trunk Trunk Access

Dynamic Desirable Trunk Trunk Trunk Access

Trunk Trunk Trunk Trunk Limited Connectivity

Access Access Access Limited Connectivity Access

36
 Example of DTP configuration (1/3)
 By Default

37
 Example of DTP configuration (2/3)
 Configuration of the F0/1 interface of switch S2 in dynamic desirable mode :

 Checking the configuration :

38
 Example of DTP configuration (3/3)
 Checking the port mode :

39
End chapter 2

40