Module 8: Virtual LANs - PowerPoint PPT Presentation

1 / 31
About This Presentation

Module 8: Virtual LANs


Module 8: Virtual LANs CCNA 3 Version 3.1 Introduction to VLANs A VLAN (Virtual Local Area Network) is a logical grouping of devices or users devices or users can ... – PowerPoint PPT presentation

Number of Views:177
Avg rating:3.0/5.0
Slides: 32
Provided by: webdesign6
Tags: lans | module | virtual


Transcript and Presenter's Notes

Title: Module 8: Virtual LANs

Module 8Virtual LANs
  • CCNA 3 Version 3.1

Introduction to VLANs
  • A VLAN (Virtual Local Area Network) is a logical
    grouping of devices or users
  • devices or users can be grouped by
  • Function
  • Department
  • Application
  • Devices on a VLAN are restricted to only
    communicating with devices that are on their own
  • Routers provide connectivity between different
    VLAN segments
  • Just as routers provide connectivity between
    different LAN segments

Benefits of VLANs
  • VLANs increase overall network performance by
    logically grouping users and resources together
  • VLANs are used to ensure that a particular set
    of users are logically grouped regardless of the
    physical location.
  • VLANs can enhance scalability, security, and
    network management
  • Routers in VLAN topologies provide broadcast
    filtering, security, and traffic flow management
  • VLANs simplify tasks when additions, moves, and
    changes to a network are necessary

Traditional LAN Segmentation vs.VLAN Segmentation
A VLAN is a group of network services not
restricted to a physical segment or LAN switch.
Introduction to VLANs
Intro to VLANs contd
  • Physically connecting or moving cables and
    equipment is unnecessary when configuring VLANs.
  • Configuration or reconfiguration of VLANs is done
    through software.

Communication within VLANs
  • VLANs logically segment the network into
    different broadcast domains
  • packets are only switched between ports that are
    designated for the same VLAN
  • A workstation in a VLAN group is restricted to
    communicating with file servers or other
    workstations in the same VLAN group.
  • VLANs consist of hosts or networking equipment
    connected by a single bridging domain.
  • The bridging domain is supported on different
    networking equipment
  • LAN switches operate bridging protocols with a
    separate bridge group for each VLAN.

A Network without VLANs
Uses one router and three switches
Three separate broadcast domains
A Network with VLANs
Uses one router and one switch
Still three separate broadcast domains
Frame Forwarding in VLANs
  • Implementing VLANs on a switch causes the
    following to occur
  • The switch maintains a separate bridging table
    for each VLAN
  • If the frame comes in on a port in VLAN 1, the
    switch searches the bridging table for VLAN 1.
  • When the frame is received, the switch adds the
    source address to the bridging table if it is
    currently unknown.
  • The destination is checked so a forwarding
    decision can be made.
  • For learning and forwarding the search is made
    against the address table for that VLAN only.

VLAN Configuration
  • Static vs. Dynamic VLAN configuration

Static VLANs
  • Static membership VLANs are called port-based and
    port-centric membership VLANs
  • As a device enters the network, it automatically
    assumes the VLAN membership of the port to which
    it is attached

More on Dynamic VLANs
  • Dynamic membership VLANs are created through
    network management software
  • CiscoWorks 2000 or CiscoWorks for Switched
  • Dynamic VLANs allow for membership based on the
    MAC address of the device connected to the switch
  • As a device enters the network, it queries a
    database within the switch for a VLAN membership

Port-based (Port-centric)VLAN Membership
  • In port-based or port-centric VLAN membership,
    the port is assigned to a specific VLAN
    membership independent of the user or system
    attached to the port
  • all users of the same port must be in the same
  • A single user, or multiple users, can be attached
    to a port and never realize that a VLAN exists
  • This approach is easy to manage because no
    complex lookup tables are required for VLAN

Dynamic VLANs
Benefits of VLANs
  • Key benefit of VLANs is the ability to organize a
    LAN logically, allowing administrators to
  • Easily move workstations on the LAN
  • Easily add workstations to the LAN
  • Easily change the LAN configuration
  • Easily control network traffic
  • Improve security

Establishing VLAN Membership
  • There are three basic VLAN memberships for
    determining and controlling how a packet gets
  • Port-based VLANs
  • MAC address based VLANs
  • Protocol based VLANs
  • The frame headers are encapsulated or modified to
    reflect a VLAN ID before the frame is sent over
    the link between switches.
  • Before forwarding to the destination device, the
    frame header is changed back to the original

VLAN Types
Identifying Frames through Frame Tagging
  • Frame Tagging (frame identification) uniquely
    assigns a user-defined ID to each frame
  • There are two major methods of frame tagging
  • Inter-Switch Link (ISL) (frame is lengthened)
  • 802.1Q (header is modified)
  • ISL used to be the most common, but is now being
    replaced by 802.1Q frame tagging
  • A unique identifier is placed in the header of
    the frame
  • The ID is removed when frame exits the backbone

VLAN Configuration
  • VLANs can exist either as end-to-end networks or
    they can exist inside of geographic boundaries
  • An end-to-end VLAN network comprises the
    following characteristics
  • Users are grouped into VLANs independent of
    physical location, but dependent on group or job
  • All users in a VLAN should have the same 80/20
    traffic flow patterns (80 percent of the traffic
    is contained within the VLAN and 20 percent of
    the traffic crosses the router to the enterprise
    servers, Internet, or WAN)
  • As a user moves around the campus, VLAN
    membership for that user should not change.
  • Each VLAN has a common set of security
    requirements for all members.

End-to-End VLANs
Geographic VLANs
Today, users are required to use many different
resources, many of which are no longer in their
Because of this shift in placement and usage of
resources, VLANs are now more frequently being
created around geographic boundaries rather than
commonality boundaries (resulting in a 20/80
traffic pattern)
Static VLAN Configuration
  • The following guidelines must be followed when
    configuring VLANs on Cisco 29xx switches
  • The maximum number of VLANs is switch dependent.
  • VLAN 1 is one of the factory-default VLANs.
  • VLAN 1 is the default Ethernet VLAN.
  • Cisco Discovery Protocol (CDP) and VLAN Trunking
    Protocol (VTP) advertisements are sent on VLAN 1.
  • The Catalyst 29xx IP address is in the VLAN 1
    broadcast domain by default.
  • The switch must be in VTP server mode to create,
    add, or delete VLANs.

Static VLAN Configuration
  • Steps to create the VLAN (A VLAN name may also
    be configured)
  • Switchvlan databaseSwitch(vlan)vlan
  • Upon exiting, the VLAN is applied to the switch.
    The next step is to assign the VLAN to one or
    more interfaces
  • Switch(config)interface fastethernet
    0/9Switch(config-if)switchport access vlan

Static VLAN Configuration
  • Verify VLAN configuration by using the show vlan,
    show vlan brief, or show vlan id id_number
  • Note
  • A created VLAN remains unused until it is mapped
    to switch ports.
  • All Ethernet ports are on VLAN 1 by default.

Adding and Deleting VLANs
  • Commands to assign and new VLAN to a switch port
  • Commands to delete a VLAN

Note When a VLAN is deleted any ports assigned
to that VLAN become inactive. The ports will,
however, remain associated with the deleted VLAN
until assigned to a new VLAN.
VLAN Troubleshooting
Well cover Trunking later in Mod 9
VLAN Troubleshooting Show Commands
  • show vlan
  • displays the VLAN information on the switch
  • The display shows  the VLAN ID, name, status, and
    assigned ports.
  • show vlan (keyword options and keyword)
  • displays information about that VLAN on the
  • The show vlan command followed by the VLAN number
    displays specific information about that VLAN on
    the router
  • Output from the command includes the VLAN ID,
    router subinterface, and protocol information.
  • show spanning-tree
  • displays the spanning-tree topology known to the

VLAN Troubleshooting
  • The Spanning-Tree Protocol (STP) is considered
    one of the most important Layer 2 protocols on
    the Catalyst switches
  • By preventing logical loops in a bridged network,
    STP allows Layer 2 redundancy without generating
    broadcast storms.
  • Minimize spanning-tree problems by actively
    developing a baseline study of the network

VLAN Troubleshooting
  • Well cover more troubleshooting techniques next
    class when we discuss Module 9 VLAN Trunking

Module 8Virtual LANs
  • CCNA 3 Version 3.1

Write a Comment
User Comments (0)