UCCN 1004

Data Communications & Networks

Introduction to Virtual LAN &
VLAN Trunking Protocol
 Switched Network in Enterprise
• As enterprise are getting more IT and network enable, switched networks
are getting more popular.
• Switched Network in Enterprise is getting more important due to:
– Scalability, Manageability, Performance and Security.
Virtual LAN
 What is VLAN?
• One of the major function of managed switch is to create Virtual LAN
(VLAN).
• As stated previously, LAN is formed by connecting to a switch but bound
by router.
• What is a VLAN then?
• VLAN is:
– Logical segregation of switch ports into separate LANs (that DO NOT
communicate with each other) within the same physical switch.
 What is VLAN?
• If you have created VLANs (via configuration) in a managed
switch, it is equivalent to create a few “smaller” but
separated switches within one physical switch.
• VLANs within a physical switch are separated broadcast
domains that do not communicate with each other.

1 physical
switch

=
Equivalent
 Difference Between LAN & VLAN
• LANs are separated and linked • VLANs are “logically” formed
by routers. by managed switches
• LAN is formed with a physical • Router is needed for
(normally non-managed) switch communication between
which is location based. VLANs
Broadcast domains with VLANs & routers
• Without VLANs, each group is Without
10.1.0.0/16

on a different IP network and VLANs

on a different switch. 10.2.0.0/16

• Using VLANs. Switch is 10.3.0.0/16

configured with the ports on
the appropriate VLAN. Still,
each group on a different IP
network; however, they are all 10.1.0.0/16

on the same switch. With

VLANs 10.2.0.0/16

• What are the broadcast

domains in each? 10.3.0.0/16
 Steps of Creating VLAN & Members
• Step #1:
– Create a new VLAN

• Step #2:
– Naming the new VLAN (optional)

• Step #3:
– Assigning switch ports as member of a
particular VLAN.
• That particular VLAN must be created first.
VLAN 1 & “show vlan”

vlan 1 (default)

• If the switch is fresh

out of the box, it has
only one VLAN which
is VLAN 1 and every
switch port is assigned
to VLAN 1 by default.
• “show vlan” will
display the VLANs and
its associated member
ports.
 “show vlan brief”

• “show vlan brief” will display an “abridged”

and “cleaner” version of “show vlan”.
 Creating VLANs
• Create the VLAN:
– Switch#conf t
– Switch(config)#vlan vlan_number
– Switch(vlan)#exit
Switch#conf t
Switch(config)#vlan 2 Create
Switch(config-vlan)#end
Switch#show vlan brief
new VLAN.
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24 Verify that
2 VLAN0002 active
1002 fddi-default active the VLAN
1003 token-ring-default
1004 fddinet-default
active
active
is created.
1005 trnet-default active
Switch#
 VLAN numbers
• VLAN 1:
– default Ethernet LAN, all ports start in this VLAN.

• VLANs 1002 – 1005:

– automatically created for Token Ring and FDDI

• Numbers 2 to 1001 can be used for new VLANs

 Naming a VLAN
• If you create a VLAN without specific name, the VLAN
name will be automatically named with VLAN number.
• VLAN 1 can’t be renamed.
Assigning Switch Ports to VLAN

vlan 1 vlan 2 vlan 1

§ Assign ports to the VLAN:

– Switch(config)#interface fastethernet
switch_port
– Switch(config-if)#switchport access vlan
vlan_number
range Command to Assign ports
 Deleting a Port VLAN Membership
• Switch(config-if)#no switchport access vlan
vlan_number

Deleting ports from VLANs

will “reassign” the ports
back to VLAN 1.
 Deleting a VLAN
• Switch(config)#no vlan vlan_number

Deleting a VLAN will make all the

ports assigned to the VLAN “fall
back” the ports back to VLAN 1.

VLAN 1 can’t
be deleted.
WHY VLAN?
• Benefits of VLANs are
–VLANs improve network security by
isolating users that have access to
sensitive data and applications.
–VLANs divide a network into smaller
logical networks, resulting in lower
susceptibility to broadcast storms
• VLANs allow network
administrators to
organize LANs logically
instead of physically.
– Easily move
workstations on the LAN
– Easily add workstations
to the LAN
– Easily change the LAN
configuration
– Easily control network
traffic
– Improve security
 Bad reasons to use VLANs

• Because you can, and you feel cool J

• Because they will completely secure your

hosts (or so you think)

• Because they allow you to extend the same

IP network over multiple separate buildings.
Trunking
 VLAN Spanning Multi-Switches
• One of the major strength of VLAN is to extend the VLAN to
multiple switches.
• By doing this, you can “integrate” VLAN of multiple switches
into one “unified” VLAN.
• The following example shows two “unified” VLANs (VLAN 4
& VLAN 5) spanning across three switches.
 Ports Used in Forming “Unified” VLAN

• In the process of forming “integrated” VLAN, switch ports from two

switches have to set to the VLAN and be connected with a cable.
– Without this switch-to-switch VLAN linkage, PC0 and PC4 can’t be in the
same “unified” VLAN.
• Switch2 in the example has to set aside 4 switch ports just to perform
switch-to-switch linkage for VLAN 4 and VLAN 5.

Switch ports have to set aside to be configured

to same VLAN and linked with cables.
 Problem of “Unified” VLAN
• The more “unified” VLANs in the multi-switch environment,
the more switch ports have to be set aside to maintain the
“linkage”.
• For the following example, in order to maintain 5 VLANs
across 3 switches, Switch3 has the set 10 switch ports, with
5 cables linking to another switch.
• If we have 24 VLANs, all the switch ports within two
switches would be used just to link to each other.
 Solution: Trunk
• Both switches have the same 5 VLANs.
• You need 5 cables to link them up.

• However, by using a technique called VLAN trunk,

we can combine 5 cables (or many cables) into 1
single cable.
trunk
 What is a Trunk?
• A VLAN trunk is a special link that:
– allows for data from multiple VLANs to travel across a single link
between two managed switches.
– allows for reduced cabling needed as for you won't have to run
multiple cables between switches in order to have up-links for every
VLAN.
• Traffic for all the VLAN’s travels between two switches
automatically on a trunk.

Trunk
 Configure Trunk in Switches
• Guideline to select switch ports for trunks:
– Preferably higher bandwidth (e.g. GigabitEthernet in 2960 switches)
– Switch ports of both switches preferably share the same speed.
• Key in the following commands for both Switch0 and
Switch1.

Switch(config)#int gig1/1
Switch(config-if)#switchport mode trunk
 Fine Tuning Trunk mode in Switches
• By default, trunk carries VLAN from 1 to 1005.
– If we have 200 VLANs, the trunk is a bottleneck.
• For the following example, we “fine tune” the trunk link to just carry data for certain
VLANS (2,3,100-200) by keying in the following commands in Switch0 and
Switch1.
– You must configure the link as trunk mode first.
• After the command, PC0 can ping PC3. PC1 can ping PC4. However, PC2 CAN’T
ping PC5 (VLAN 4).

Switch(config-if)#int gig1/1
Switch(config-if)#switchport trunk allowed vlan 2,3,100-200
 Useful show trunk commands
• Switch#show int trunk
• Example:
Switch#show int trunk
Port Mode Encapsulation Status Native vlan
Gig1/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Gig1/1 2-3,100-200

Port Vlans allowed and active in management domain

Gig1/1 2,3

Port Vlans in spanning tree forwarding state and not pruned

Gig1/1 2,3
Inter-VLAN Routing
 VLAN obeys IP Subnet Rule
• VLAN is still a “LAN” which follows
the IP subnet rules.
• You still need hosts with same IP
network ID to communicate within a
VLAN. 10.1.0.0/16
• You need a router to route two
VLANs.
• Two VLANS are preferred to have 10.2.0.0/16
two distinct network ID.

10.3.0.0/16
 inter-VLAN routing (method 1)
• Trunk between switches for “unified VLAN”.
• PC5 still has to go to Router0 first before going to PC7
– Go through Switch2, Switch1, Switch0 to Router0 and back.
 Trunk to Router

5 physical links 1 physical link

5 interfaces 1 interface
5 gateway IP 5 gateway IP
5 subinterfaces
 Router on a Stick
• There are 8 VLANs in the following network.
– F0/0 of Router0 has 8 subinterfaces, one for each VLAN.
– Each subinterface must have a gateway IP address for
each VLAN.

Router on
a stick
 Subinterfaces
• Subinterfaces take the interface name followed by a dot
and a number.
– e.g. interface f0/0.10
• It is normal to use the VLAN number. If this ties in with the
IP address, even better.
– e.g. interface f0/0.2, interface fa0/0.3
– “.2” and “.3” are numbers that differentiate the subinterfaces.
• Each of the subinterfaces have an IP address.
• Subinterfaces need to use 802.1Q trunking protocol to
differentiate the VLANs in the trunks
– e.g. encapsulation dot1q 11
– The above command means only accept traffic of VLAN 11
• The physical interface has no IP address
– but physical interface need “no shutdown”
Example of Configuring subinterfaces

Switch(config)#int gig1/1
Switch(config-if)#switchport mode trunk

The number after dot1q

indicate the VLAN number

Router(config)#int fa0/1
Router(config-if)#no shutdown
Router(config-if)#int fa0/1.10
Router(config-subif)#encap dot1q 2
Router(config-subif)#ip addr 192.168.1.254 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa0/1.11
Router(config-subif)#encap dot1q 3
Router(config-subif)#ip addr 192.168.2.254 255.255.255.0
VLAN Trunking Protocol (VTP)
 VLAN Management Challenge
• It is not difficult to add new VLAN
for a small network (switch by
switch).

• It is not easy to add a new VLAN to

all of switches in a complex
switched network.
 VTP Domain

• VTP Domain consists of one or more interconnected switches.

• All switches in a domain share VLAN configuration details using VTP
advertisements.
• A router or Layer 3 switch defines the boundary of each domain.
 VTP Mode

• VTP Modes - A switch can be configured in one of

three modes: server, client, or transparent.
 Port Membership of VLAN in VTP
• VLAN added in VTP mode does not include
“automatic” switch ports assignment.
• You still have to assign the switch ports in different
switches manually.
• Switch ports assigned to the “unified” VLAN added
in VTP can be different for every switches.