8/8/2019 Vlan Notes

1/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 1

WHAT IS A VLAN?

The short form VLAN expands to Virtual Local Area Network. A VLAN is a logical local area

network (LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific

configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in

software.

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created byswitches.

This works by, you, the administrator, putting some switch ports in a VLAN other than default VLAN 1all ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports onswitch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in anyother VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any othe

devices, not in their VLAN.

http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm

HOW IS A VLAN IDENTIFIED?

Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly

prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN

members or groups are properly identified and handled. With frame coloring, packets are given the

proper VLAN ID at their origin so that they may be properly processed as they pass through the

network. The VLAN ID is then used to enable switching and routing engines to make the appropriatedecisions as defined in the VLAN configuration.

Are VLANs required?

It is important to point out that you dont have to configure a VLAN until your network gets solarge and has so much traffic that you need one. Many times, people are simply using VLANs becausethe network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLANs are enabled by default and ALL devices are

already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just useall the ports on a switch and all devices will be able to talk to one another.

8/8/2019 Vlan Notes

2/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 2

When do I need a VLAN?

You need to consider using VLANs in any of the following situations:

You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same

applications. An example would be a company that has VoIP phones. The users using the phonecould be on a different VLAN, not with the regular users.

Or, just to make a single switch into multiple virtual switches.Why not just subnet my network?

A common question is why not just subnet the network instead of using VLANs? Each VLANshould be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devicesin different physical locations, not going back to the same router, can be on the same network. The

limitation of subnetting a network with a router is that all devices on that subnet must be connected tothe same switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to anotherswitch, and those devices can still be on the same VLAN (broadcast domain).

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of morethan one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Ciscos proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.

8/8/2019 Vlan Notes

3/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 3

DEFAULT VLANS

SW-A# show vlan

NOTE: VLAN numbers 1, 1002, 1003, 1004 & 1005 are default VLANs.

How do I create a VLAN?

Configuring VLANs can vary even between different models of Cisco switches. Your goals, nomatter what the commands are, are to:

Create the new VLANs Put each port in the proper VLAN

SW-A(config)# vlan 3

VTP VLAN configuration not allowed when device is in CLIENT mode.

SW-A(config)# vtp mode server

Setting device to VTP SERVER mode

SW-A(config)# vlan 3

8/8/2019 Vlan Notes

4/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 4

SW-A(config-vlan)# end

SW-A# show vlan

NOTE: Remember that, defaults VLANs are 5 and after adding VLAN No. 3, total numbers of VLANs are 6

8/8/2019 Vlan Notes

5/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 5

SW-A(config)# vlan 4

SW-A(config-vlan)# exit

SW-A(config)# vlan 5

SW-A(config-vlan)# exit

SW-A(config)# vlan 8-10

SW-A(config-vlan)# exit

SW-A(config)# vlan 16,18

SW-A(config-vlan)# exit

What do VLANs offer?

VLANs offer higher performance for medium and large LANs because they limit broadcasts. Asthe amount of traffic and the number of devices grow, so does the number of broadcast packets. Byusing VLANs you are containing broadcasts.

VLANs also provide security because you are essentially putting one group of devices, in one VLAN, ontheir own network.

Article Summary

Here is what we have learned:

A VLAN is a broadcast domain formed by switches Administrators must create the VLANs then assign what port goes in what VLAN

manually.

VLANs provide better performance for medium and large LANs. All devices, by default, are in VLAN 1.

8/8/2019 Vlan Notes

6/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 6

A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than oneVLAN.

For devices in different VLANs to communicate, you must use a router or Layer 3 switch.

VTP (VLAN TRUNKING PROTOCOL)

VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that managesthe addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a network-wide basis

Cisco's VLAN Trunk Protocol reduces administration in a switched network. When a new VLAN is

configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces

the need to configure the same VLAN everywhere. To do this VTP carries VLAN information to all the

switches in a VTP domain. VTP advertisements can be sent over ISL 802.1q, IEEE 802.10 and LANE

trunks. VTP traffic is sent over the management VLAN (VLAN1). So all VLAN trunks must be

configured to pass VLAN1, VTP is available on most of the Cisco Catalyst Family products.

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a newVLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the

need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on

most of the Cisco Catalyst series products.

VTP OPERATING MODES

If you intend to make a switch part of a VTP management domain, each switch must be

configured in one of three possible VTP modes. The VTP mode assigned to a switch will determine how

the switch interacts with other VTP switches in the management domain. The three VTP modes that can

be assigned to a Cisco switch include server mode, client mode, and transparent mode. Each of theseroles is outlined below:

SERVER MODE:

Once VTP is configured on a Cisco switch, the default mode used is Server Mode. In any given

VTP management domain, at least one switch must be in Server Mode. When in Server Mode, a switch

can be used to add, delete, and modify VLANs, and this information will be passed to all other switches

in the VTP management domain.

NOTE: Below command will change VTP operating mode to SERVER.

8/8/2019 Vlan Notes

7/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 7

CLIENT MODE:

When a switch is configured to use VTP Client Mode, it is simply the recipient of any VLANs

added, deleted, or modified by a switch in Server Mode within the same management domain. A switch

in VTP client mode cannot make any changes to VLAN information.

NOTE: VTP operating mode has been set to CLIENT.

8/8/2019 Vlan Notes

8/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 8

TRANSPARENT MODE:

A switch in VTP Transparent Mode will pass VTP updates received by switches in Server Mode

to other switches in the VTP management domain, but will not actually process the contents of these

messages. When individual VLANs are added, deleted, or modified on a switch running in transparent

mode, the changes are local to that particular switch only, and are not passed to other switches in the

VTP management domain.

NOTE: VTP operating mode has been set to TRANSPARENT.

CONFIGURATION REVISION NUMBER

The configuration revision number is a 32-bit number that indicates the level of revision for aVTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Mostof the VTP packets contain the VTP configuration revision number of the sender. This information iused in order to determine whether the received information is more recent than the current version.

Each time that you make a VLAN change in a VTP device, the configuration revision is incremented byone. In order to reset the configuration revision of a switch, change the VTP domain name, and thenchange the name back to the original name.

8/8/2019 Vlan Notes

9/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 9

HOW A REVISION NUMBER INCREASES?

Switch(config)# vlan 200

Switch(config-vlan)# end

NOTE: When you create a VLAN, revision number increases.

Switch(config)# vlan 55Switch(config-vlan)# exitSwitch(config-vlan)# vlan 8Switch(config)# exitSwitch(config-vlan)# vlan 9Switch(config)# end

NOTE: The value of revision number is associated with the number of VLANs. Creating a

VLAN results an increase in revision number. For example, if you create 5 VLANs (one by one),the value of revision number would be 5.

In other words, the revision number is associated with the word VLAN.The number of times you use this word for creating or deleting VLANs, results an increase inrevision number.

8/8/2019 Vlan Notes

10/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 10

How to Delete VLAN

Switch(config)# no vlan 10 ----- only delete VLAN 10Switch(config)# no vlan 11,13-2 -----Delete VLAN 11, and from 13 to 20 (means,13,14,1520)Switch(config)# exit

NOTE: When you delete multiple VLANs with a single command, only one number adds in the value of

revision number.

HOW TO RESET THE VALUE OF REVISION NUMBER TO ZERO

METHOD #1: (BY CHANGING THE DOMAIN NAME

Switch(config)# vtp domain pucit

Changing VTP domain name from NULL to pucit

Switch(config)# exit

NOTE: The revision number has been change to ZERO.

METHOD #2: (BY SETTING THE VTP OPERATING MODE TO TRANSPARENT)

Switch(config)# vtp mode transparent

Setting device to VTP TRANSPARENT mode

Switch(config)# exit

NOTE: The revision number has been change to ZERO in Transparent mode.

8/8/2019 Vlan Notes

11/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 11

Refresh the Switch like brand new configuration

STEP-1 (It also use to change the revision number to zero)

Switch# write erase

Erasing the NVRAM filesystem will remove all configuration files! Continue?

[Confirm]

[OK]

Erase of nvram: complete

%SYS-7NV_BLOCK_INIT: Initialized the geometry of nvram

STEP-2

Switch# delete flash:vlan.dat

Delete filename [vlan.dat]?

Delete flash:/vlan.dat? [Confirm]

STEP-4

Switch# reload

Proceed with reload? [Confirm]

DYNAMIC TRUNKING

DTP (DYNAMIC TRUNKING PROTOCOL)

The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco

Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for

negotiating the type of trunking encapsulation to be used. It works on the Layer 2 of the OSI model.

VLAN trunks formed using DTP may utilize either IEEE 802.1Q or Cisco ISL trunking protocols. DTP

should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence

information between switches. DTP aids with trunk port establishment. Neither protocol transmits the

data frames that trunks carry.

DTP MODES http://www.javvin.com/protocolDTP.html

On a Catalyst set-based switch, the syntax for setting up a link as a trunk is:

Use this command to set the specified port or ports to trunking.

8/8/2019 Vlan Notes

12/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 12

The first set of keyword arguments governs the DTP modes:

Mode What the Mode Does

on Forces the link into permanent trunking, even if the neighbor doesn't agree

off Forces the link to permanently not trunk, even if the neighbor doesn't agree

desirable Causes the port to actively attempt to become a trunk, subject to neighbor agreement(neighbor set to on, desirable, or auto )

autoCauses the port to passively be willing to convert to trunking. The port will not trunk unlessthe neighbor is set to on or desirable . This is the default mode. Note that auto-auto (both

ends default) links will not become trunks.

nonegotiate

Forces the port to permanently trunk but not send DTP frames. For use when the DTP

frames confuse the neighboring (non-Cisco) 802.1q switch. You must manually set theneighboring switch to trunking.

WITCHPORT MODESThe options for the switchport mode command are as follows:

TRUNK:

Configures the port to permanent trunk mode and negotiates with the connected device on the

other side to convert the link to trunk mode. If multiple trunk encapsulations are available, the

encapsulation must be chosen before this command will work.

ACCESS

Disables port trunk mode and negotiates with the connected device to convert the link to

nontrunk. This port will belong to only the configured access VLAN.DYNAMIC DESIRABLE

Triggers the port to negotiate the link from nontrunk to trunk mode, the port negotiates to a

trunk port if the connected device is in the trunk, dynamic desirable or dynamic auto state. Otherwise,

the port becomes a nontrunk port. This is the default for IOS switch ports.

DYNAMIC AUTO

Enables the port to become a trunk only if the connected device has the state set to trunk or

dynamic desirable;

NONNEGOTIATE

Configures the port to permanent trunk mode, No negotiation takes place with the partner. Theother side must be trunk or nonegotiate for the trunk to work. You must also specify the encapsulation

before choosing this mode.

8/8/2019 Vlan Notes

13/15

8/8/2019 Vlan Notes

14/15

8/8/2019 Vlan Notes

15/15

Prepared By: Javed Ahmad Dogar (VLAN) Page 15

NOTE: We know that trunk is only made when we set switchport mode to dynamic auto on one

side (e.g Switch-A) and dynamic desirable on other side (e.g. Switch-B) or dynamic desirable on

one side (e.g. Switch-A) and dynamic desirable on other side (e.g. Switch-B).

According to above topology, switchport mode of fastethernet0/1 of Switch-A is dynamic auto

and switchport mode of fastethernet0/2 of Switch-B is also dynamic auto, therefore trunk is not

made on this link.Now change the Switchport mode of fastethernet0/1 of Switch-B to dynamic desirable and switchport

mode of fastethernet0/1 of Switch-A is dynamic auto, then trunk link will be establish.

NOTE: After changing the switchport mode to dynamic desirable of interface fastethernet 0/2

of Switch B, we can see two trunks on Switch B.