Introduction

A VLAN is a logical grouping of network users and resources connected to

administratively defined ports on a switch. When you create VLANs, you are
given the ability to create smaller broadcast domains within a layer 2 switched
internetwork by assigning different ports on the switch to different
subnetworks. A VLAN is treated like its own subnet or broadcast domain,
which means that frames broadcast onto the network are only switched
between the ports logically grouped within the same VLAN.

So, does this mean we no longer need routers ?

VLAN Basics

There are several ways that VLANs simplify network management :

Network adds, moves, and changes are achieved by configuring a port into the
appropriate VLAN.

A group of users needing high security can be put into a VLAN so that no
users outside of the VLAN can communicate with them.

As a logical grouping of users by function, VLANs can be considered

independent from their physical or geographic locations.

VLANs can enhance network security.

VLANs increase the number of broadcast domains while decreasing their size.
Broadcast Control

Broadcasts occur in every protocol, but how often they occur depends upon
three things :

- Type of protocol.
- The application(s) running on the internetwork.
- How these services are used.
Security

By building VLANs and creating multiple broadcast groups, administrators

can now have control over each port and user! The days when users could just
plug their workstations into any switch port and gain access to network
resources are history, because the administrator is now awarded control over
each port and whatever resources that port can access.
Flexibility and Scalability

Gain the flexibility to add only the users you want into that broadcast domain
regardless of their physical location.

Another advantage is that when a VLAN gets too big, you can create more
VLANs to keep the broadcasts from consuming too much bandwidth the
fewer users in a VLAN, the fewer users affected by broadcasts.
Flexibility and Scalability(Cont…)
Flexibility and Scalability(Cont…)
Flexibility and Scalability(Cont…)

What happened to VLAN 1? That VLAN is an administrative VLAN, and

even though it can be used for a workgroup, Cisco recommends that you use
this for administrative purposes only. You can’t delete or change the name of
VLAN 1, and by default, all ports on a switch are members of VLAN 1 until
you change them.
VLAN Memberships

Static VLANs are the usual way of creating VLANs, and they’re also the most
secure. The switch port that you assign a VLAN association to always
maintains that association until an administrator manually changes that port
assignment.

Dynamic VLAN determines a node’s VLAN assignment automatically. Using

intelligent management software, you can base VLAN assignments on
hardware (MAC) addresses, protocols, or even applications to create dynamic
VLANs. Cisco administrators can use the VLAN Management Policy Server
(VMPS) service to set up a database of MAC addresses that can be used for
dynamic addressing of VLANs. A VMPS database maps MAC addresses to
VLANs.
Identifying VLANs

As frames are switched throughout the network, switches must be able to keep
track of all the different types, plus understand what to do with them
depending on the hardware address. And remember, frames are handled
differently according to the type of link they are traversing.
Identifying VLANs(Cont…)

There are two different types of links in a switched environment :

Access links This type of link is only part of one VLAN, and it’s referred to as
the nativeVLAN of the port. Any device attached to an access link is unaware
of a VLAN membership the device just assumes it’s part of a broadcast
domain, but it has no understanding of the physical network.

Trunk links Trunks can carry multiple VLANs and originally gained their
name after the telephone system trunks that carry multiple telephone
conversations. A trunk link is a 100 or 1000Mbps point-to-point link between
two switches, between a switch and router, or between a switch and server.
These carry the traffic of multiple VLANs from 1 to 1005 at a time.

Trunking allows you to make a single port part of multiple VLANs at the
same time.
Frame Tagging

This frame identification method uniquely assigns a user-defined ID to each

frame. Sometimes people refer to it as a “VLAN ID” or “color.”

Each switch that the frame reaches must first identify the VLAN ID from the
frame tag, then it finds out what to do with the frame by looking at the
information in the filter table. If the frame reaches a switch that has another
trunked link, the frame will be forwarded out the trunk-link port. Once the
frame reaches an exit to an access link matching the frame’s VLAN ID, the
switch removes the VLAN identifier. This is so the destination device can
receive the frames without having to understand their VLAN identification.
VLAN Identification Methods

VLAN identification is what switches use to keep track of all those frames as
they’re traversing a switch fabric. It’s how switches identify which frames
belong to which VLANs, and there’s more than one trunking method :

Inter-Switch Link (ISL) This is proprietary to Cisco switches, and it’s used for
Fast Ethernet and Gigabit Ethernet links only. ISL routing can be used on a
switch port, router interfaces, and server interface cards to trunk a server.

IEEE 802.1Q Created by the IEEE as a standard method of frame tagging, it

actually inserts a field into the frame to identify the VLAN. If you’re trunking
between a Cisco switched link and a different brand of switch, you have to use
802.1Q for the trunk to work.

The basic purpose of ISL and 802.1Q frame-tagging methods is to provide

inter-switch VLAN communication.
VLAN Trunking Protocol (VTP)

The basic goals of VLAN Trunking Protocol (VTP) are to manage all
configured VLANs across a switched internetwork and to maintain
consistency throughout that network. VTP allows an administrator to add,
delete, and rename VLANs information that is then propagated to all other
switches in the VTP domain.
VTP Modes of Operation
VTP Pruning

VTP provides a way for you to preserve bandwidth by configuring it to reduce

the amount of broadcasts, multicasts, and unicast packets. This is called
pruning. VTP pruning only sends broadcasts to trunk links that truly must
have the information.

By default, VTP pruning is disabled on all switches.

When you enable pruning on a VTP server, you enable it for the entire
domain. By default, VLANs 2 through 1005 are pruning-eligible, but VLAN 1
can never prune because it’s an administrative VLAN.
Routing between VLANs

You can use a router that has an interface for each VLAN or a router that
supports ISL routing. The least expensive router that supports ISL routing is
the 2600 series router. The 1600, 1700, and 2500 series don’t support ISL
routing.
Routing between VLANs(Cont…)