Scribd
Upload
64 views20 pages

Layer 2 Engineering - Vlans: Campus Network Design & Operations Workshop

This document provides an overview of VLANs (Virtual Local Area Networks) including: - VLANs allow a switch to be split into separate virtual switches to separate broadcast domains and filter traffic between VLAN members. - VLAN trunks allow inter-switch communication by tagging frames with VLAN IDs according to the 802.1Q standard so switches from different vendors can exchange VLAN traffic. - For traffic between VLANs, frames must pass through a router; this can be done with a single trunk interface or separate interfaces on the router for each VLAN.

Uploaded by

Roberto Carlos Espitia Steer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
64 views20 pages

Layer 2 Engineering - Vlans: Campus Network Design & Operations Workshop

This document provides an overview of VLANs (Virtual Local Area Networks) including: - VLANs allow a switch to be split into separate virtual switches to separate broadcast domains and filter traffic between VLAN members. - VLAN trunks allow inter-switch communication by tagging frames with VLAN IDs according to the 802.1Q standard so switches from different vendors can exchange VLAN traffic. - For traffic between VLANs, frames must pass through a router; this can be done with a single trunk interface or separate interfaces on the router for each VLAN.

Uploaded by

Roberto Carlos Espitia Steer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Layer 2 Engineering – VLANs

Campus Network Design & Operations Workshop

These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license
(http://creativecommons.org/licenses/by-nc/4.0/)

Last updated 2nd June 2017


Virtual LANs (VLANs)
• Allow us to split switches into separate (virtual) switches
• Only members of a VLAN can see that VLAN’s traffic
– Inter-vlan traffic must go through a router
• Allow us to reuse router interfaces to carry traffic for separate
subnets
– E.g. sub-interfaces in Cisco routers
Local VLANs
• Two or more VLANs within a single switch
• The switch behaves as several virtual switches, sending traffic
only within VLAN members
• Access ports, where end nodes are connected, are configured
as members of a VLAN
• By default, all ports of a switch are members of VLAN 1 or default
VLAN (VLAN ID = 1)
• Newly created VLANs must have a VLAN ID other than 1
– Then add ports by moving them out of VLAN 1 into our new VLAN
Local VLANs

Switch
VLAN 20 VLAN 30
Access ports

VLAN 20 nodes VLAN 30 nodes


VLANs across switches
• Two switches can exchange traffic from one or more VLANs
• Inter-switch links are configured as trunks, carrying frames from
all or a subset of a switch’s VLANs
• Each frame carries a tag that identifies which VLAN it belongs to
802.1Q
• The IEEE standard that defines how ethernet frames should be
tagged when moving across switch trunks
• This means that switches from different vendors are able to
exchange VLAN traffic.
802.1Q tagged frame
VLANs across switches
Tagged Frames

802.1Q Trunk
Trunk Port

VLAN 20 VLAN 30 VLAN 20 VLAN 30


Access Ports

This is called “VLAN Trunking”


Tagged vs. Untagged
• Frames sent out on access ports are not tagged
– frames received on access ports are not expected to be tagged either
• You only need to tag frames in switch-to-switch links (trunks),
when transporting multiple VLANs
• However, a trunk can transport both tagged and untagged frames
– As long as the two switches agree on how to handle untagged frames
Routing Inter-VLAN traffic
Traffic between VLANs must now go through a router.

 Single interface on the router used


as a trunk
VLAN
VLAN 20
20 VLAN
VLAN 30
30

802.1Q Trunks
Trunk Port Trunk Port

VLAN
VLAN 20
20 VLAN
VLAN 30
30 VLAN
VLAN 20
20 VLAN
VLAN 30
30
Access Ports
Routing Inter-VLAN traffic (2)

 Separate interfaces for each VLAN

VLAN
VLAN 20
20 VLAN
VLAN 30
30

802.1Q Trunks
Trunk Port Trunk Port

VLAN
VLAN 20
20 VLAN
VLAN 30
30 VLAN
VLAN 20
20 VLAN
VLAN 30
30
Access Ports
Routing Inter-VLAN traffic (3)
Can use a 802.1Q compliant Layer-3 switch to do switching as
well routing

802.1Q Trunks
Trunk Port Trunk Port

VLAN
VLAN 20
20 VLAN
VLAN 30
30 VLAN
VLAN 20
20 VLAN
VLAN 30
30
Access Ports
VLANs increase complexity
• You can no longer “just replace” a switch
– Now you have VLAN configuration to maintain
– Field technicians need more skills
• You have to make sure that all the switch-to-switch trunks are
configures to carry frames of all the necessary VLANs
– Need to keep in mind when adding/removing VLANs
Good reasons to use VLANs
• You want multiple subnets in a building, and carry them over a
single fibre to your core router
• You want to segment your network into multiple subnets, without
buying more switches
– Separate broadcast domains for wired, wireless, phones, device
management etc.
• Separate control traffic from user traffic
– Restrict who can access your switch management address
Bad reasons to use VLANs
• Because you can, and you feel cool 
• Because they will completely secure your hosts (or so you think)
• Because they allow you to extend the same IP network over
multiple separate buildings
– This is actually very common, but a bad idea
Do not build “VLAN spaghetti”
• Extending a VLAN to multiple buildings across trunk ports
• Bad idea because:
– Broadcast traffic is carried across all trunks from one end of the network
to another
– Broadcast storm can spread across the extent of the VLAN, and affect all
VLANS!
– Maintenance and troubleshooting nightmare
Cisco configuration
• Configure access port
– interface GigabitEthernet1/0/3
switchport mode access
switchport access vlan 10
• Configure trunk port
– interface GigabitEthernet1/0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
Cisco mis-features
• Disable VLAN Trunking Protocol (VTP)
– vtp mode transparent
• Disable Dynamic Trunking Protocol (DTP)
– interface range Gi 1 - 8
switchport mode [trunk|access]
switchport nonegotiate
HP configuration
• Configure access ports
– vlan 10
untagged 3,5-7,12
• Configure trunk ports
– vlan 10
tagged 1-2
vlan 20
tagged 1-2
vlan 30
tagged 1-2
Questions?

You might also like