A VLAN is a switched network that is logically segmented (Logical Network) with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow us to group end stations. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN.
VLANs are usually associated with IP subnetworks. Traffic between VLANs must be routed. LAN port VLAN membership is assigned manually on a port by port basis.
Credit to C for this wonderful picture |
VLAN Ranges:
0 and 4095 Reserved For System user only
1 Normal Cisco Default (Can be used but can’t delete it)
2 -1 001 Normal Ethernet VLANs, Create, Use and Delete these VLANs
1002 – 1005 Normal Cisco default for FDDI and Token Ring, Cant delete
1006 – 4094 Extended For Ethernet VLANs only
Types of VLANs:
Default VLANs: All switch port become a member of the default VLAN which makes them all part of same broadcast domain. This allows any network device to connect to any switch port and communicate with each other. It’s technically VLAN 1 and can’t be deleted from the switch.
Data VLANs: This is also called User VLAN which is configured to carry user generated traffic.
Native VLANs: The native VLAN observes and identifies traffic coming from each end of a trunk link. It’s assigned to an 802 IQ trunk port and support traffic coming from many VLANs as well as traffic that do not come from any specific VLAN. Traffic belonging to VLAN is not tagged. You can designate any VLAN as you native on switch as long as its matches on the both ends of the trunk connection.
Voice VLANs: It’s configured to carry voice traffic. The voice VLAN is where the QoS policies are applied in order to priorities this traffic to send it through the LAN. Voice VLANs are mostly given transmission priority over other types of network traffic.
Management VLANs: This is normally used for management of the switch. Any of the switch VLAN could be configured as the management VLAN.
Reserved VLANs: Some VLANs are reserved internally on your switch in order to use them on other environments like FDDI, Token Ring etc. We can’t delete reserved VLANs.
Private VLANs: It’s also known as port isolation (layer 2 isolation between ports) each private VLAN typically contains many private port and single uplink. Private VLANs split the domain into multiple isolated broadcast subdomains. We can call it VLANs inside VLAN. Hosts in different PVLANs still belong to the same IP subnet, but required level 3 device such as router to talk to each other.
VLANs Configration:
We can configure VLANs in global and configuration mode, the VLAN configuration is saved in “vlan.dat” files.
Important points:
· Extended range VLANs can only be configured in global configuration mode.
· Before we create VLAN switch must be in in VTP server or VTP transparent mode.
· We need to create backup of vlan.dat file in addition to backing up the running-config
and startup config files.
· If the switch is in VLAN transparent mode, use the copy running-config startup-config command to save the VLAN configuration to the startup-config file.
· Enter the VLAN with an unsued id to create a VLAN, Enter the vlan command for an existing VLAN to modify the VLAN.
· If we don’t define VLAN type with media keyword, the vlan is an Ethernet VLAN
· When we delete a VLAN, any LAN ports configured as access ports assigned to that VLAN become inactive.
Create an Ethernet VLAN in global configuration mode:
# Configure terminal
# vlan [vlan_ID] i.e vlan 10
# end
# exit
Create an Ethernet VLAN in database mode:
# vlan database
# vlan 10
VLAN 10 added:
Name: VLAN0010
# exit
VLAN port Assignemnet:
VLAN are assigned to individual switch ports either by statically or dynamically. All ports are assigned to VLAN1 by default but they can be active only if they are assigned to VLANs that exists on the switch. Static VLAN are assigned by administrator. Dynamic VLANs are assigned to a port based on MAC address of the device plugged into port and dynamic VLAN configration requires a VLAN Membership Policy Server (VMPS), client and database.
Following example shows how to configure (Static VLAN) an Ethernet interface to join our above created VLAN10 on switch.
#Configure terminal
# interface Ethernet 1/9
# switchport mode access
# switchport access vlan 10
# exit
Useful Commands:
# show vlan [id or name] To display specific VLAN configuration
# copy running-config startup-config To copy/save running configuration into startup
configuration.
# copy vlan.dat tftp To backup vlan.dat.
# no vlan [vlan-ID] To deletes VLAN
# no switchport access vlan [vlan-id] To reset the access mode to the default VLAN
# show interface switchport Display the administrative and operational status of a port