[[Networking]]

Overview

• VLANs are logically segmented networks based on function, project, teams, apps etc.
• All workstations and servers used by particular workgroup share the same VLAN regardless of the physical connection or location.
• VLANs function by logically segmenting the network into different broadcast domains so that packets are only switched between ports that are designed for the same VLAN.

Broadcast Domains

• Each VLAN represents one broadcast domain.
• Traffic between devices within the same VLAN is switched.
• Traffic between devices in different VLANs require a Layer-3 device to communicate.
• Broadcasts from one VLAN will not be forwarded to another VLAN
  • Logical separation provided by VLAN is NOT A LAYER-3 FUNCTION
  • VLAN tags are inserted into the Layer-2 header.
• VLANs are a layer 2 function
• A VLAN often has a relationship with an IP subnet, but it is not required.

VLAN Membership

• VLAN membership can be configured in two ways:
  • Statically
    • Statically assigning a VLAN involves manually assigning an individual or group of ports to a VLAN
      • Any host connected to that port or ports immediately becomes a member of that VLAN
      • This is transparent to the host - it is unaware that it belongs to a VLAN
  • Dynamically
    • VLANs can be assigned dynamically based on the MAC address, regardless of which switch port it is connected to.
      • Allows for more membership based on MAC address of the device connected to the switch port
      • As a device enters the network, it queries a database within the switch for a VLAN membership

Bandwidth in VLAN

• Users attached to the same shared segment, they share the bandwidth of the segment
  • More users = more bandwith usage
• VLANS offer more bandwidth than a shared network
• The default VLAN port is for management VLAN
  • The management VLAN is VLAN 1 which cannot be deleted

VLAN Operations/Configuration

• By default all interfaces belong to VLAN1. To assign an interface to a different VLAN, that VLAN must be created

Creating VLAN ~~~ $switch(config)# vlan 100$switch(config-vlan)# name SERVERS ~~~ - The first command created VLAN 100, and enters VLAN conf mode - The second command assigned the name SERVERS to VLAN 100

Removing VLANS - Removing specific vlan ~~~ $switch(config)# no vlan 100 ~~~ **Removing a group of VLANS** ~~~$switch(config)# no vlan 100-200 ~~~

Statically Assigning VLANS - To statically assign an interface to a VLAN ~~~ $switch(config)# interface gi1/10$switch(config-if)# switchport mode access $switch(config-if)# switchport access vlan 100 ~~~

VLAN Port Types

• A VLAN-enables switch supports two types of ports
  • Access ports
  • Trunk ports
• An access port is a member of only a single VLAN
• Access ports are most often used to connect host devices such as computers, printers etc
• A trunk port is not a member of a single VLAN. The traffic from any or all VLANS can traverse the trunk links to different switches

VLAN Across Multiple Switches

• It is possible for a VLAN to span across more than one switch, there are two methods to do so:
  • Creating an uplink access port between switches. One for each VLAN.
  • Create a trunk connection between switches

VLAN Frame-Tagging

• When VLANS span many switches, we need something to identify what VLAN the frame belongs to
  • For this we use Frame Tagging
• Tagging only occurs when a frame is sent out of a trunk port. Traffic from an access port is never tagged.