11 Mar 2013
Switching - VLANs and trunks
VLAN (Virtual Local Area Network) is a networking mechanism for separating broadcast domains. By using multiple VLANs, Administrators can group multiple devices into smaller functional groups. Imagine you have a company with multiple departments, it would be inappropriate to have the IT department computers and the HR department computers in the same broadcast domain. In this post I will describe VLANs functionality and also how to configure and troubleshoot them.
VLANs are used to create separated logical groups of devices that act as independent networks. A network can have multiple VLANs and even if a device is connected with another device on the same switch, they can be in different VLANs. Virtual Local Area Networks are configured at the port level, a port that is configured with a VLAN is called an access port. You can separate switch ports into different VLANs and you can even name VLANs so that they are easier to manage. In modern networks VLANs are the same as subnets, so when you are separating devices into multiple broadcast domains, you segment the network into multiple subnets. There are some main, visible benefits of using VLANs:
- makes easier to manage networks because you configure and troubleshoot VLANs as multiple independent networks.
- reduces the broadcast traffic and increases network speed.
- security is increased because devices from different VLANs cannot communicate between them.
- the cost is reduced because you can segment devices using the same infrastructure.
- reduces the probability of broadcast storms (a network event in which multiple devices transmit broadcast messages at the same time).
Every VLAN has it's own unique ID number that is stored in the vlan.dat file, there are some main VLAN ID ranges as follows:
1 - 1005
1002 - 1005 reserved for Token Ring and FDDI VLANs
1006 - 4094 - used by service providers
Remember from the previews post that you can configure a management VLAN for accessing and configuring switches from remote locations.
The default VLAN is automatically created when the switch is powered on. At first, all ports are part of the default VLAN.
The native VLAN is used by network trunks to carry tagged and untagged traffic, we will discuss about trunks later.
Data VLANs are used to carry data generated by end devices.
Voice VLANs are used to carry VoIP traffic (Voice over IP).
As I've told you earlier, VLANs are configured at the port level. You can assign VLANs to ports either by using a static or a dynamic configuration mode, we will talk only about the static configuration mode. When using a voice VLAN, the configuration is a little more complex, voice VLANs are not studied for the CCNA certification. By using multiple VLANs, you control broadcast domains.
I think you've made a little idea of what is a VLAN. I will show you how to configure and troubleshoot VLANs, but first we have to talk about trunks. A trunk is a point-to-point communication channel between two network devices, that is used to carry traffic from multiple VLANs. By using a trunk on the same wire, you can send traffic from multiple VLANs. Without network trunks, you would have to connect a different cable for each VLAN. When frames are sent onto a trunk, they are tagged with the VLAN's ID. By using this mechanism, trunks know for which VLAN each frame is destined to. When configuring a link as a trunk, devices must negotiate to determine how this link will function. The negotiation of the trunk link is made by using the DTP (Dynamic Trunking Protocol) protocol. The trunking modes are the following:
ON - this mode will put the link in the trunking mode without considering the other end of communication.
Dynamic desirable - in this mode, the switch will send periodic updates to the other switch. The local port will not be set in the trunking mode until the other switch will configure it's port in on, dynamic desirable or dynamic auto mode.
Dynamic auto - the switch port will be set in the trunk mode only if the remote switch port is set to the on or dynamic desirable mode.
To configure a VLAN you'll have to enter in the global configuration mode. Then, by using the command vlan [ID] you assign an ID to the VLAN. You will be then prompted to the vlan configuration mode. Here, you'll have to give a name to the VLAN. The following image will display the commands needed to configure a VLAN:
To view the newly configured VLAN, type show vlan or show vlan brief:
After this step is complete, you will have to assign the newly created VLAN to the desired port/ports. To do this enter the desired interface and type the following:
You can even configure multiple ports at the same time using the interface range command:
To view all the ports configured in a VLAN, type show vlan name [vlan_name]:
Type the following commands to see their output: show interfaces vlan [id], show interfaces [interface] switchport, show vlan brief, show vlan id [ID]. To remove a VLAN from a port, type the following: no switchport access vlan from the interface configuration mode. If you want, you can even delete the entire VLAN file by using the following command: delete flash:vlan.dat. This command will delete the .dat file and when the switch will be powered on again, the default vlan.dat file will be automatically created.
To configure a trunk, we use almost the same commands as with VLANs. The next image will display the trunk configuration commands:
We used the switchport trunk native vlan 99, to specify what native VLAN will be used to carry traffic over the trunk link. We can also set VLANs from which traffic will be allowed to flow over the trunk channel, by using the switchport trunk allowed command:
Remember that you will have to be very careful when configuring VLANs, native VLANs and trunk links because any misconfigured port or link can result in network failure. When I will post the practise video tutorial, you will better understand how VLANs and trunk links work.
I hope this post will serve you well, add any comment that you have and share my article with others. Thank you very much for reading this, have a wonderful day.