Cisco Virtual Local Area Networks

VLANs are formed to group related users together regardless of the physical connections of their hosts to the network. The users can be spread across a campus network or even across geographically isolated locations. Users can be organized into separate VLANs according to their department, location, function, application, or protocol used. The goal with VLANs is to group users into separate VLANs so their traffic will stay within the VLAN.

 

Benefits of VLANs

Broadcast Control -VLANs provide logical collision and broadcast domains that confine broadcast and multicast traffic to the bridging domain.

 

Security -If a router is not used, no user outside the VLAN can communicate with users or access resources within a VLAN. Restrictions can also be placed on hardware addresses, protocols, and applications

Performance -You can isolate users that require high performance networks for bandwidth intensive projects, VLANs

 

Performance -You can isolate users that require high performance networks for bandwidth intensive projects, VLANs can isolate them from the rest of the network.

 

Network Management -Software on the switch allows you to reconfigure the logical layout of the LAN without having to change cable connections.

 

 

VLAN Memberships

Static VLANs -are the typical method of creating VLANs and are the most secure. The switch port you assign a VLAN association to always maintains that association until an administrator changes the port assignment.

Dynamic VLANs -determine a node's VLAN assignment automatically. Using intelligent management software, you can enable MAC addresses, protocols, of even applications to create dynamic VLANs

 

 

Frame Tagging

Switches use frame tagging to keep track of users and frames as they travel the switch fabric and VLANs. Switch fabric is a group of connected switches. Frame tagging assigns a unique user-defined ID to each frame. Also called VLAN ID or color.

 

Types of Links

Access Links -are only part of 1 VLAN are referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN membership. This device just assumes that it is part of broadcast domain, without any understanding of the physical network. Switches remove any VLAN information before it is sent to an access link device. Access link devices can't communicate with any devices outside their VLAN without a router or layer 3 device.

 

Trunk Links -can carry multiple VLANs and are used to connect switches to other switches, to routers, or servers. Trunk links are only supported on Fast or Gigabit Ethernet (100 or 1000Mbps). Cisco switches support two ways to identify which VLAN a frame belongs to: ISL and 802.1q. Trunk links have a native or default VLAN that is used if the trunk link fails. Trunked links carry the traffic of multiple VLANs from 1 to 1005 at a time. Trunking allows you to make a single port a part of multiple VLANs, so you can be in more than one broadcast domain at a time. When connecting switches together, trunk links can carry some or all VLAN information across the link. If you don't trunk the links then the switch will only carry VLAN 1 information across the link. Cisco switches use the Dynamic Trunking Protocol (DTP) to manage trunks. DTP is a PPP that was created to send trunk information across 802.1q trunks.

 

Trunk types

 

Inter-Switch Link -ISL is a Cisco proprietary protocol for interconnecting multiple switches and maintaining VLAN

information as traffic goes between switches. ISL is similar to 802.10 as they both multiplex bridge groups over a high-speed backbone (ISL runs only on Fast Ethernet). ISL is an external tagging process (original frame is encapsulated in a 26 byte ISL header with a 4 byte FCS at the end, 2 bytes are for the VLAN ID). Since the frame is encapsulated, only devices running ISL can read it. If you need a protocol for other than Cisco Switches use 802.1q. ISL frames can be up to 1522 bytes long.

 

IEEE 802.1q -Created by the IEEE as a standard method of frame tagging. It actually inserts a field into the frame to identify the VLAN. If you are trunking between a Cisco switch and a non-Cisco switch, you will need to use 802.1q for the trunk to work.

 

Local Area Network Emulation (LANE) -LANE is a service that provides interoperability between ATM-based workstations and devices connected to existing LAN technology. LANE uses MAC encapsulation because this approach supports the largest number of existing OSI layer 3 protocols. The end result is that all devices attached to an emulated LAN appear to be on one bridged segment. In ATM LANE environments, the ATM switch handles traffic that belongs to the same emulated LAN and routers handle inter LANE traffic.

 

IEEE 802.10 -Defines a method for securing bridging of data across a shared MAN backbone. The coloring (VLAN ID) of traffic across the FDDI backbone is achieved by inserting a 16byte header between the source MAC and the Link Service Access Point (LSAP) of frames leaving a switch. This header contains the 4-byte VLAN ID or "color". The receiving switch removes the header and forwards the frame to interfaces that match the VLAN color.

 

 

Inter VLAN Communications

To communicate between VLANs you need to have a router with an interface for each VLAN or a router that supports ISL routing. The lowest Cisco router that supports ISL routing is the 2600 series. If you're using a router with one interface and ISL the interface should be at least 100Mbps (Fast Ethernet).

 

VLAN Trunking Protocol

Developed by Cisco, it is the industry's first protocol implementation specifically designed for large VLAN deployments.

 

VTP enhances VLAN deployment by providing the following:

  • Integration of ISL, 802.10, and ATM LAN-based VLANs.
  • Auto-intelligence within the switches for configuring VLANs.
  • Configuration consistency across the network.
  • An auto-mapping scheme for going across mixed-media backbones.
  • Accurate tracking and monitoring of VLANs.
  • Dynamic reporting of added VLANs across the network.
  • Plug-and-Play setup and configuration when adding new VLANs.

 

To allow VTP to manage your VLANs across the network, you must first create a VTP server. All servers that need to share VLAN information must use the same domain name, and a switch can only be in one domain at a time. If all your switches are in the same VLAN then you don't need to use VTP. VTP information is sent via a trunk port. Switches advertise VTP  management domain information, as well as configuration revision number and all known VLANs with any specific  parameters.

 

Modes of VTP

Server -default mode for all catalyst switches. You need at least one to propagate VLAN data throughout the domain. The switch must be in server mode to create, add, or delete VLANs in a VTP domain. Advertisements are sent every 5 minutes or whenever there is a change.

 

Client -receives information from VTP servers and sends and receives updates, but can't make any changes. To add a port on a switch to a VLAN, first make it a client to update the database, then change it to a server to make the changes and have them advertised.

 

Transparent -doesn't participate in the VTP domain, but will still forward VTP advertisements through the configured trunk links. Can add and create VLANs as it doesn't share its database with any other switch, but the VLANs will only be considered locally significant.

 

 

VTP Pruning

It is disabled by default. Pruning is configuring VTP to reduce the amount of broadcasts, multicasts, and other unicast packets to help conserve bandwidth. When you enable VTP pruning on a server, you enable it for the entire domain. VLAN 1 can never prune because it is an administrative VLAN.