VLAN stands for Virtual LANs. It is used to create LANs that seems to be virtually separated although they are actually in the same physical network. One of the reasons for creating VLANs is to disconnect a network let’s say the IT security network from the Administration network in an office virtually.
Take for example a network with PC1 to PC10. Two VLANs are created which are VLAN A (PC1 – PC5) and VLAN B (PC6 to PC10). When a VLAN is created in the network, the broadcasts that were initially sent to all users will be restricted to the users in the same VLAN only. This can be done because the frame is tagged with a VLAN ID when it sends its data to the switch so that the switch knows where to send to. For this example, broadcasts that were initially sent to PC 1 to PC 10 when there were no VLANs will change. Only PC 1 to PC 5 will get the broadcast if it happens from VLAN A. Also, when VLANs are applied PC1 could even not ping to PC 6 – PC 10 because they are in a different network. Cisco’s best practice is to have 1 VLAN per subnet.
To show the VLANs and existing ports on it, the command “show vlan brief” can be used on the switch’s CLI. If the port that is supposed to be there does not exists in the "show vlan brief" command, then it means that the port is in the trunking command. To make sure of this, type the “show vlan trunk” command. To create a VLAN (e.g VLAN 20) just type the command VLAN 20 in the switch’s configuration mode. To insert an interface to a VLAN (assume to VLAN 20) go to the interface mode and type the “switchport access vlan 20” command.
A trunk can be created to make the VLANs across local LANs. However, a trunk belongs to all VLANs. To create a trunk, put the command “switchport mode trunk” in the interface mode of the desired interface on the switch to be the trunk. If the pairing switch is set at dynamic, then the pair switch will automatically make its port connecting to the originating switch as a trunk as well.
All the VLAN configuration above is done with “static” VLAN. There is also a possibility to create a dynamic VLAN which can detect automatically the MAC address of the device and puts them in the same VLAN although it has changed its port. This is done with a VMPS (VLAN Membership Policy Server). It can do this dynamic assignment by using a TFTP server that has a database that can store information about the mapping of VLANs and their MAC addresses associated to it. This database is downloaded every time the power cycle is done. The port on the switch that receives a dynamic VLAN assignment will turn its port to Portfast automatically. VMPS itself uses UDP data to listen to its clients requests.
So, to summarize, vlans are created to separate networks on a same physical network. It can also be done to create a LAN although it is physically separated, but remember to put a trunk port in the switches before. Besides static VLAN configuration, there is also dynamic VLANs which uses the VMPS.
Take for example a network with PC1 to PC10. Two VLANs are created which are VLAN A (PC1 – PC5) and VLAN B (PC6 to PC10). When a VLAN is created in the network, the broadcasts that were initially sent to all users will be restricted to the users in the same VLAN only. This can be done because the frame is tagged with a VLAN ID when it sends its data to the switch so that the switch knows where to send to. For this example, broadcasts that were initially sent to PC 1 to PC 10 when there were no VLANs will change. Only PC 1 to PC 5 will get the broadcast if it happens from VLAN A. Also, when VLANs are applied PC1 could even not ping to PC 6 – PC 10 because they are in a different network. Cisco’s best practice is to have 1 VLAN per subnet.
To show the VLANs and existing ports on it, the command “show vlan brief” can be used on the switch’s CLI. If the port that is supposed to be there does not exists in the "show vlan brief" command, then it means that the port is in the trunking command. To make sure of this, type the “show vlan trunk” command. To create a VLAN (e.g VLAN 20) just type the command VLAN 20 in the switch’s configuration mode. To insert an interface to a VLAN (assume to VLAN 20) go to the interface mode and type the “switchport access vlan 20” command.
A trunk can be created to make the VLANs across local LANs. However, a trunk belongs to all VLANs. To create a trunk, put the command “switchport mode trunk” in the interface mode of the desired interface on the switch to be the trunk. If the pairing switch is set at dynamic, then the pair switch will automatically make its port connecting to the originating switch as a trunk as well.
All the VLAN configuration above is done with “static” VLAN. There is also a possibility to create a dynamic VLAN which can detect automatically the MAC address of the device and puts them in the same VLAN although it has changed its port. This is done with a VMPS (VLAN Membership Policy Server). It can do this dynamic assignment by using a TFTP server that has a database that can store information about the mapping of VLANs and their MAC addresses associated to it. This database is downloaded every time the power cycle is done. The port on the switch that receives a dynamic VLAN assignment will turn its port to Portfast automatically. VMPS itself uses UDP data to listen to its clients requests.
So, to summarize, vlans are created to separate networks on a same physical network. It can also be done to create a LAN although it is physically separated, but remember to put a trunk port in the switches before. Besides static VLAN configuration, there is also dynamic VLANs which uses the VMPS.
No comments:
Post a Comment