Posted   by 

Vlan Configuration Pdf

This tutorial explains how to create and assign VLAN, VLAN Membership (Static and Dynamic), Router on Stick and Spanning Tree Protocol (STP) in detail with practical examples in packet tracer. Learn how to create and manage VLAN in Cisco switch step by step.

Different VLAN, that VLAN must first be created: Switch(config)# vlan 100 Switch(config-vlan)# name SERVERS The first command creates VLAN 100, and enters VLAN configuration mode. The second command assigns the name SERVERS to this VLAN. Note that naming a VLAN is not required. The standard range of VLAN numbers is 1 – 1005, with VLANs 1002-1005. Ports are assigned to VLANs in interface configuration mode, using the switchport access vlan vlan-id command. You can assign each port individually or you can use the interface range command to simplify this task, as shown here. Note: This lab provides minimal assistance with the actual commands necessary to configure trunk-based inter-VLAN routing. However, the required configuration commands are provided in Appendix A of this lab. Test your knowledge by trying to configure the devices without referring to the appendix. VLAN Configuration This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the CGR 2010 ESM. It includes information about VLAN membership modes, VLAN configuration mo des, VLAN trunks, and dynamic VLAN assignment. The Ohio State University Raj Jain 8- 13 Layer-3 VLANs q Also known as virtual subnet q VLAN membership implied by MAC-layer protocol type field and subnet field 123.34. q VLAN configuration is learned by the switches.

Create a practice lab in packet tracer as shown in following figure or download pre-created practice lab from second part of this tutorial.

This is the last part of our article 'VLAN, VTP, DTP, STP and Router on Stick Explained with Examples'. You can read other parts of this article here:-

This is the first part of this article. In this part we explained basic concepts of VLAN such as What VLAN is, Advantage of VLAN, VLAN membership Static and Dynamic, VLAN Connections; Access link and trunk links, trunk tagging and how VLAN add additional layer of security with examples.

This is the second part of this article. In this part we explained how to create a practice lab in Packet Tracer. You can create practice lab by following the instruction or alternatively download pre created lab. This lab will we used to demonstrate the configuration part of VLAN, VTP, DTP, STP and router on stick.

This the third part of this article. In this part we explained VTP mode with examples including VTP Server mode, VTP Client mode and VTP transparent mode. Later we configured VTP protocol in our practice lab.

This the fourth part of this article. In this part we explained access link, trunk link, VLAN tagging process, VLAN tagging protocol ISL and 802.1Q, Dynamic trunking protocol and DTP mode with examples. Later in this part we configured trunking in our practice lab.

Creating VLAN

In practice lab network Office1 Switch is configured as VTP Server. Office2 and Office3 switches are configured as VTP clients. We only need to create VLANs in VTP Server. VTP Server will propagate this information to all VTP clients automatically.

vlan vlan number command is used to create the VLAN.

Office 1 Switch

Assigning VLAN Membership

VLAN can be assigned statically or dynamically. CCNA exam only includes static method; therefore we will also use static method to assign VLAN membership. switchport access vlan [vlan number ] command is used to assign VLAN to the interface. Following commands will assign VLANs to the interfaces.

Office 1 Switch
Office 2 Switch
Office 3 Switch

We have successfully assigned VLAN membership. It's time to test our configuration. To test this configuration, we will use ping command. ping command is used to test connectivity between two devices. As per our configuration, devices from same VLAN can communicate. Devices from different VLANs must not be able to communicate with each other without router.

Testing VLAN configuration

Access PC's command prompt to test VLAN configuration. Double click PC-PT and click Command Prompt

We have two VLAN configurations VLAN 10 and VLAN 20. Let's test VLAN 10 first. In VLAN 10 we have three PCs with IP addresses 10.0.0.2, 10.0.0.3 and 10.0.0.4. These PCs must be able to communicate with each other's. At this point PCs from VLAN 10 should not be allowed to access PCs from VLAN 20. VLAN 20 also has three PCs 20.0.0.2, 20.0.0.3 and 20.0.0.4.

We have successfully implemented VLAN 10 now test VLAN 20.

Same as VLAN 10, PCs from VLAN 20 must be able to communicate with other PCs of same VLAN while they should not be able to access VLAN 10.

Congratulations we have successfully achieved one more mile stones of this article.

Configure Router on Stick

Typically routers are configured to receive data on one physical interface and forward that data from another physical interface based on its configuration. Each VLAN has a layer 3 address that should be configured as default gateway address on all its devices. In our scenario we reserved IP address 10.0.0.1 for VLAN 10 and 20.0.0.1 for VLAN 20.

With default configuration we need two physical interfaces on router to make this intra VLAN communication. Due to price of router, it’s not a cost effective solution to use a physical interface of router for each VLAN. Usually a router has one or two Ethernet interface. For example if we have 50 VLANs, we would need nearly 25 routers in order to make intra VLANs communications. To deal with situation we use Router on Stick.

Router on Stick is router that supports trunk connection and has an ability to switch frames between the VLANs on this trunk connection. On this router, single physical interface is sufficient to make communication between our both VLANs.

Access command prompt of Router

To configure Router on Stick we have to access CLI prompt of Router. Click Router and Click CLI from menu items and Press Enter key to access the CLI

Run following commands in same sequence to configure Router on Stick

  • In above configuration we broke up single physical interface [FastEthernet 0/0] into two logical interfaces, known as sub-interfaces. Router supports up to 1000 interfaces including both physical and logical.
  • By default interface link works as access link. We need to change it into trunk link. encapsulation commands specify the trunk type and associate VLAN with sub-interface.
  • In next step we assigned IP address to our sub-interface.

That's all configuration we need to switch VLANs. Now we can test different VLAN communications. To test intra VLANs communication open command prompt of PC and ping the PC of other VLAN.

PC [10.0.0.3] from VLAN 10 can now access PC [20.0.0.2] from VLAN 20.

Packet Tracer Vlan Configuration Pdf

Spanning Tree Protocol (STP)

STP is a layer 2 protocol, used for removing loops. For backup purpose we typically create backup links for important resources. In our scenario, all offices have backup links that create loops in topology. STP automatically removes layer 2 loops. STP multicasts frame that contain information about switch interfaces. These frames are called BPDU (Bridge Protocol Data Units). Switch use BPDUs to learn network topology. If it found any loop, it will automatically remove that. To remove loop, STP disables port or ports that are causing it.

How to configure VLAN VTP DTP cheat sheet

Command Descriptions
Switch(config)#vtp mode server Configure Switch as VTP Server
Switch(config)#vtp mode client Configure Switch as VTP Client
Switch(config)#vtp mode transparent Configure Switch as VTP Transparent
Switch(config)#no vtp mode Configure Switch to default VTP Server Mode
Switch(config)#vtp domain domain-name Set VTP Domain name.
Switch(config)#vtp password password Set VTP password. Password is case sensitive
Switch#show vtp status Display VTP status including general information
Switch#show vtp counters Show VTP counters of switch
Switch(config-if) #switchport mode trunk Change interface mode in Trunk
Switch(config)#vlan 10 Create VLAN and associate number ID 10 with it
Switch(config-vlan)#name Sales Assign name to VLAN
Switch(config-vlan)#exit Return in Global configuration mode from VLAN configuration mode
Switch(config)#interface fastethernet 0/1 Enter in interface configuration mode
Switch(config-if)#switchport mode access Set interface link type to access link
Switch(config-if)#switchport access vlan 10 Assign this interface to VLAN 10
Switch#show vlan Displays VLAN information
Switch#show vlan brief Displays VLAN information in short
Switch#show vlan id 10 Displays information VLAN ID 10 only
Switch#show vlan name sales Displays information about VLAN named sales only
Switch(config)#interface fastethernet 0/8 Enter in Interface configuration mode
Switch(config-if)#no switchport access vlan 10 Removes interface from VLAN 10 and reassigns it to the default VLAN - VLAN 1
Switch(config-if)#exit Move back to Global configuration mode
Switch(config)#no vlan 10 Delete VLAN 10 from VLAN database
Switch#copy running-config startup-config Saves the running configuration in NVRAM

Use this configured topology for cross check if you are not getting the same output after following all steps.

That's all for this article. I hope you have enjoyed this tutorial.

This tutorial explains basic concepts of VLAN, VLAN Membership (Static & Dynamic) and VLAN Connections (Access link & Trunk link) in detail with VLAN examples. Learn what VLAN is and what advantages it provides in computer network step by step.

What is VLAN

VLAN is a logical grouping of networking devices. When we create VLAN, we actually break large broadcast domain in smaller broadcast domains. Consider VLAN as a subnet. Same as two different subnets cannot communicate with each other without router, different VLANs also requires router to communicate.

Advantage of VLAN

Mikrotik Vlan Configuration Pdf

VLAN provides following advantages:-

  • Solve broadcast problem
  • Reduce the size of broadcast domains
  • Allow us to add additional layer of security
  • Make device management easier
  • Allow us to implement the logical grouping of devices by function instead of location

Vlan Vtp Configuration Pdf

This tutorial is the first part of our article 'VLAN, VTP, DTP, STP and Router on Stick Explained with Examples'. You can read other parts of this article here:-

This is the second part of this article. In this part we will setup a practice lab in Packet Tracer. You can create practice lab by following the instruction or alternatively download pre created lab. This lab will be used to demonstrate the configuration part of VLAN, VTP, DTP, STP and router on stick.

This the third part of this article. In this part we will explain VTP mode with examples including VTP Server mode, VTP Client mode and VTP transparent mode. Later we will configure VTP Server and clients in our practice lab.

This the fourth part of this article. In this part we will explain access link, trunk link, VLAN tagging process, VLAN tagging protocol ISL and 802.1Q, Dynamic trunking protocol and DTP mode with examples. After that we will configure trunking in our practice lab.

This is the last part of this article. In this part we will provide a step by step guide to configure the VLAN. We will also configure the Intra VLAN communication with router on stick example. At end of this article we will provide a summary of all commands used in this tutorial to configure the VLAN VTP and DTP.

Solve broadcast problem

When we connect devices into the switch ports, switch creates separate collision domain for each port and single broadcast domain for all ports. Switch forwards a broadcast frame from all possible ports. In a large network having hundreds of computers, it could create performance issue. Of course we could use routers to solve broadcast problem, but that would be costly solution since each broadcast domain requires its own port on router. Switch has a unique solution to broadcast issue known as VLAN. In practical environment we use VLAN to solve broadcast issue instead of router.

Each VLAN has a separate broadcast domain. Logically VLANs are also subnets. Each VLAN requires a unique network number known as VLAN ID. Devices with same VLAN ID are the members of same broadcast domain and receive all broadcasts. These broadcasts are filtered from all ports on a switch that aren’t members of the same VLAN.

Reduce the size of broadcast domains

VLAN increase the numbers of broadcast domain while reducing their size. For example we have a network of 100 devices. Without any VLAN implementation we have single broadcast domain that contain 100 devices. We create 2 VLANs and assign 50 devices in each VLAN. Now we have two broadcast domains with fifty devices in each. Thus more VLAN means more broadcast domain with less devices.

Allow us to add additional layer of security

VLANs enhance the network security. In a typical layer 2 network, all users can see all devices by default. Any user can see network broadcast and responds to it. Users can access any network resources located on that specific network. Users could join a workgroup by just attaching their system in existing switch. This could create real trouble on security platform. Properly configured VLANs gives us total control over each port and users. With VLANs, you can control the users from gaining unwanted access over the resources. We can put the group of users that need high level security into their own VLAN so that users outside from VLAN can’t communicate with them.

Make device management easier

Device management is easier with VLANs. Since VLANs are a logical approach, a device can be located anywhere in the switched network and still belong to the same broadcast domain. We can move a user from one switch to another switch in same network while keeping his original VLAN. For example our company has a five story building and a single layer two network. In this scenario, VLAN allows us to move the users from one floor to another floor while keeping his original VLAN ID. The only limitation we have is that device when moved, must still be connected to the same layer 2 network.

Allow us to implement the logical grouping of devices by function instead of location

VLANs allow us to group the users by their function instead of their geographic locations. Switches maintain the integrity of your VLANs. Users will see only what they are supposed to see regardless what their physical locations are.

VLAN Examples

Advertisements

To understand VLAN more clearly let's take an example.

  • Our company has three offices.
  • All offices are connected with back links.
  • Company has three departments Development, Production and Administration.
  • Development department has six computers.
  • Production department has three computers.
  • Administration department also has three computers.
  • Each office has two PCs from development department and one from both production and administration department.
  • Administration and production department have sensitive information and need to be separate from development department.

With default configuration, all computers share same broadcast domain. Development department can access the administration or production department resources.

With VLAN we could create logical boundaries over the physical network. Assume that we created three VLANs for our network and assigned them to the related computers.

  • VLAN Admin for Administration department
  • VLAN Dev for Development department
  • VLAN Pro for Production department

Physically we changed nothing but logically we grouped devices according to their function. These groups [VLANs] need router to communicate with each other. Logically our network look likes following diagram.

With the help of VLAN, we have separated our single network in three small networks. These networks do not share broadcast with each other improving network performance. VLAN also enhances the security. Now Development department cannot access the Administration and Production department directly. Different VLAN can communicate only via Router where we can configure wild range of security options.

So far in this article we have explained VLAN, in following section we will explain VLAN terms in more details.

VLAN Membership

Vlan

Cisco Ccna Vlan Configuration Pdf

VLAN membership can be assigned to a device by one of two methods

  1. Static
  2. Dynamic

These methods decide how a switch will associate its ports with VLANs.

Static

Assigning VLANs statically is the most common and secure method. It is pretty easy to set up and supervise. In this method we manually assign VLAN to switch port. VLANs configured in this way are usually known as port-based VLANs.

Static method is the most secure method also. As any switch port that we have assigned a VLAN will keep this association always unless we manually change it. It works really well in a networking environment where any user movement within the network needs to be controlled.

Dynamic

In dynamic method, VLANs are assigned to port automatically depending on the connected device. In this method we have configure one switch from network as a server. Server contains device specific information like MAC address, IP address etc. This information is mapped with VLAN. Switch acting as server is known as VMPS (VLAN Membership Policy Server). Only high end switch can configured as VMPS. Low end switch works as client and retrieve VLAN information from VMPS.

Dynamic VLANs supports plug and play movability. For example if we move a PC from one port to another port, new switch port will automatically be configured to the VLAN which the user belongs. In static method we have to do this process manually.

VLAN Connections

During the configuration of VLAN on port, we need to know what type of connection it has.

Switch supports two types of VLAN connection

  • Access link
  • Trunk link

Access link

Access link connection is the connection where switch port is connected with a device that has a standardized Ethernet NIC. Standard NIC only understand IEEE 802.3 or Ethernet II frames. Access link connection can only be assigned with single VLAN. That means all devices connected to this port will be in same broadcast domain.

For example twenty users are connected to a hub, and we connect that hub with an access link port on switch, then all of these users belong to same VLAN. If we want to keep ten users in another VLAN, then we have to purchase another hub. We need to plug in those ten users in that hub and then connect it with another access link port on switch.

Trunk link

Trunk link connection is the connection where switch port is connected with a device that is capable to understand multiple VLANs. Usually trunk link connection is used to connect two switches or switch to router. Remember earlier in this article I said that VLAN can span anywhere in network, that is happen due to trunk link connection. Trunking allows us to send or receive VLAN information across the network. To support trunking, original Ethernet frame is modified to carry VLAN information.

Trunk Tagging

In trunking a separate logical connection is created for each VLAN instead of a single physical connection. In tagging switch adds the source port’s VLAN identifier to the frame so that other end device can understands what VLAN originated this frame. Based on this information destination switch can make intelligent forwarding decisions on not just the destination MAC address, but also the source VLAN identifier.

Since original Ethernet frame is modified to add information, standard NICs will not understand this information and will typically drop the frame. Therefore, we need to ensure that when we set up a trunk connection on a switch’s port, the device at the other end also supports the same trunking protocol and has it configured. If the device at the other end doesn’t understand these modified frames it will drop them. The modification of these frames, commonly called tagging. Tagging is done in hardware by application-specific integrated circuits (ASICs).

Switch supports two types of Ethernet trunking methods:

  • ISL [ Inter Switch Link, Cisco’s proprietary protocol for Ethernet ]
  • Dot1q [ IEEE’s 802.1Q, protocol for Ethernet]

Vlan Trunking Protocol Configuration Pdf

That's all for this part. In next part of this article we will practically implement what we have learnt from this part on Cisco switches.