Virtual
LANs
Consider a network
design that consists of Layer 2 devices only. For example, this design could be
a single Ethernet segment, an Ethernet switch with many ports, or a network with
several interconnected Ethernet switches. A full Layer 2-only switched network
is referred to as a flat network topology. A flat network is a single broadcast domain, such that
every connected device sees every broadcast packet that is transmitted anywhere
in the network. As the number of stations on the network increases, so does the
number of broadcasts.
A switched
environment offers the technology to overcome flat network limitations. Switched
networks can be subdivided into virtual
networks, or VLANs. By definition, a
VLAN is a single broadcast domain. All devices connected to the VLAN
receive broadcasts sent by any other VLAN members. However, devices connected
to a different VLAN will not receive those same broadcasts.
A VLAN consists of
hosts defined as members, communicating as a logical network segment. In contrast, a physical segment
consists of devices that must be connected to a physical cable segment. Layer 2
switches are configured with a VLAN mapping and provide the logical
connectivity among the VLAN members.
Figure 1-1 shows
how a VLAN can provide logical connectivity between switch ports. Two
workstations on the left switch are assigned to VLAN 1, whereas a third workstation
is assigned to VLAN 100. In this example, no communication can occur between
VLAN 1 and VLAN 100. VLAN 1 can also be extended into the right switch by
assigning both ends of the link between the Switches to VLAN 1. One workstation
on the right Switch also is assigned to VLAN 1. Because there is end-to-end
connectivity of VLAN 1, any of the workstations on VLAN 1 can communicate as if
they were connected to the same physical network segment.
Figure 1-1 VLAN
Functionality
VLAN Membership
When a VLAN is
provided at an access layer switch, an end user must have some means of gaining
membership to it. Two membership methods exist on Cisco switches:
■ Static
VLAN configuration
■ Dynamic
VLAN assignment
Static
VLANs
Static VLANs offer
port-based membership,
in which switch ports are assigned to specific VLANs. End-user devices become
members in a VLAN based on the physical switch port to which they are
connected.
Switch ports are
assigned to VLANs through manual intervention and configuration, hence the
static nature. Each port receives a port VLAN ID (PVID) that associates it with
a VLAN number. The ports on a single switch can be assigned and grouped into
many VLANs. Even though two devices are connected to the same switch, traffic
will not pass between them if they are connected to ports on different VLANs.
To perform this function, you could use either a Layer 3 device to route
packets or an external Layer 2 device to bridge packets between the two VLANs.
The static
port-to-VLAN membership is normally handled in hardware with application specific
integrated circuits (ASICs) in the switch. This membership provides good
performance because all port mappings are done at the hardware level, with no
complex table lookups needed.
Configuring Static VLANs
To use a VLAN, it
must be created on the switch, if it does not already exist. Then, the VLAN
must be assigned to specific switch ports. VLANs are always referenced by a VLAN
number, which can range from 1 to 1005. VLANs
1 and 1002 through 1005 automatically are created and are set aside for special
uses.
VLAN 1 is the default VLAN for every switch
port. VLANs 1002 to 1005 are reserved for legacy functions related to Token
Ring and FDDI switching. VLAN 1 is set to be a VLAN type of Ethernet and have a
maximum transmission unit (MTU) size of 1500 bytes.
Switches can also
support extended-range VLAN numbers 1006
through 4094. With the addition of the extended-range VLANs VLAN numbers
can be 1 to 4094—the same range of numbers as the IEEE 802.1Q standard. The
extended range is enabled only when the switch is configured for VTP transparent
mode with the vtp mode transparent global configuration command. This is
because of limitations with VTP Versions 1 and 2. VTP Version 3 does allow extended range VLANs to be used and
advertised.
To configure a
VLAN, begin by defining the VLAN with the following commands in global
configuration mode:
Switch(config)# vlan
vlan-num
Switch(config-vlan)#
name vlan-name
The VLAN numbered vlan-num
is immediately created and stored in the database, along with a descriptive
text string defined by vlan-name (up to 32 characters with no embedded spaces).
The name command is optional; if it is not used, the default VLAN name is
of the form VLANXXX, where XXX represents the VLAN number. If you need to include
spaces to separate words in the VLAN name, use underscore characters instead.
As an example, you
can use the following commands to create VLANs 2 and 101:
Switch(config)# vlan
2
Switch(config-vlan)#
name Engineering
Switch(config-vlan)#
vlan 101
Switch(config-vlan)#
name Marketing
To delete a VLAN
from the switch configuration, you can use the no vlan vlan-numcommand.
Next, you should
assign one or more switch ports to the VLAN. Use the following configuration
commands:
Switch(config)# interface
type member/module/number
Switch(config-if)#
switchport
Switch(config-if)#
switchport mode access
Switch(config-if)#
switchport access vlan vlan-num
The initial switchport
command configures the port for Layer 2 operation. Switch ports on most switch platforms default to Layer 2 operation.
In that case, the switchport command will already be present in the
configuration and you will not have to enter it explicitly. Otherwise, the
switch will reject any Layer 2 configuration command if the port is not already
configured for Layer 2 operation.
The switchport
mode access command forces the port to be assigned to only a single VLAN,
providing VLAN connectivity to the access layer or end user. The port is given a
static VLAN membership by the switchport access vlan command. Here, the
logical VLAN is referenced by the vlan-num setting (1 to 1005 or 1 to
4094). In Example 4-1 , several switch ports are put into access mode and
assigned to VLANs 2 and 101.
Example 1.1 Assigning Switch Ports to VLANs
Switch(config)#
interface range gigabitethernet4/0/1 - 24
Switch(config-if)#switchport
Switch(config-if)#switchport
mode access
Switch(config-if)#switchport
access vlan 2
Switch(config)#interface
range gigabitethernet2/0/1 - 24
Switch(config-if)#switchport
Switch(config-if)#switchport
mode access
Switch(config-if)#switchport
access vlan 2
Switch(config-if)#exit
Switch(config)#
To
verify VLAN configuration, use the show vlan or show vlan brief command
to output a list of all VLANs defined in the switch, along with the ports that
are assigned to each VLAN. Example 1.2 shows some sample output from the show
vlan command, based on the configuration listed in Example 1.1.
Example 4-2 Verifying VLAN Configuration with the show vlan
Command
Switch#show vlan
VLAN Name Status Ports
---------------------------------------------------------------------------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi3/0/20, Gi4/0/20
2 Engineering active Gi4/0/2, Gi4/0/3, Gi4/0/4, Gi4/0/5
Gi4/0/6,
Gi4/0/7, Gi4/0/8, Gi4/0/9
Gi4/0/10,
Gi4/0/11, Gi4/0/12
101 Marketing active Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8
Gi2/0/9,
Gi2/0/10, Gi2/0/11, Gi2/0/12
Gi2/0/13,
Gi2/0/14, Gi2/0/15, Gi2/0/16
Gi2/0/17,
Gi2/0/18
Next, we will publish about “Dynamic VLAN”
stay connected
No comments:
Post a Comment