Vlan Moh

K.
Suresh
Sub Divisional Engineer(DX)
Telephones: +91-120-2728412(O)
+91-120-2728839(R)
E-mail: [email protected]
ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 1

Virtual LANs
Layer 2 switched network is referred to

as a flat network topology with single
broadcast domain.
To overcome single broadcast domain
switched networks can be subdivided
into Virtual LANs (VLANs)
By definition, a VLAN is a single
broadcast domain.

Virtual LANs
In a VLAN, computers are assigned to

LAN segments by software.
VLANs are often faster and provide
more flexible network management
than traditional LAN and BN designs.
They are also more complex and so
far usually used for larger networks.
The two basic designs are single
switch and multi-switch VLANs.
Single Switch VLANs
Computers are assigned to individual VLANs
in one of four ways using a single switch :
Port-based VLANs assign computers according
to the VLAN switch port to which they are
attached
MAC-based VLANs assign computers according
each computer’s data link layer address
IP-based VLANs assign computers using their
IP-address
Application-based VLANs assign computers
depending on the application that the computer
typically uses.

Single Switch VLANs
VLAN 200
VLAN 100
VLAN 200
VLAN 400
VLAN 300
VLAN 300
VLAN 400
VLAN 100

Multi-switch VLANs
VLANs in separate locations can be possible by Multi-
Switch VLANs interconnected by Trunk Links
The two ways to implement multi-switch VLANs:
Proprietary protocols are used to envelope the
Ethernet frame (ISL)
which is then sent to its destination switch, where the
Ethernet packet is released and sent to its destination
computer.
Modify the Ethernet packet to include VLAN
information (802.1q) by adding 16 bytes of
overheads
When the IEEE 802.1q packet reaches its destination
switch, its header is stripped off and the Ethernet packet
inside is sent to its destination computer.
Multi-switch VLANs
VLAN 200
VLAN 100
VLAN 200 VLAN 300
VLAN 300 VLAN 100
Trunk Links

VLAN Membership
When a VLAN is provided at an access

layer switch, an end user must have
some means to gain membership to it.
Two membership methods exist on
Cisco Catalyst switches:
Static VLANs and
Dynamic VLANs.

Static VLANs
Static VLANs offer port-based

membership, where switch ports are
assigned to specific VLANs.
End user devices become members in a
VLAN based on which physical switch
port they are connected to.
The ports on a single switch can be
assigned and grouped into many
VLANs.

VLAN Trunks
At the access layer, end user devices

connect to switch ports (a single VLAN)
Intervention of an additional Layer 3
router/switch is needed to communicate
between the VLANs
A trunk link, however, can transport more
than one VLAN through a single switch
port.
Trunk links are most beneficial when
switches are connected to other switches or
switches are connected to routers.

VLAN Tagging
VLAN Tagging is used when a link needs to
carry traffic for more than one VLAN.
The packet is then forwarded to the
appropriate switches or routers based on the
VLAN identifier and MAC address through a
trunk link after adding a tag.
This is known as a trunk link or VLAN
trunking.
Upon reaching the destination Switch the
VLAN ID is removed from the packet by the
adjacent switch and forwarded to the
attached device.
VLAN Tagging

VLAN Tagging
No VLAN Tagging
VLAN Tagging
VLAN Tagging is used when a link needs to carry

traffic for more than one VLAN.
Tagging is used so the receiving switch knows
which ports in should flood broadcast
VLAN Tagging
There are two major methods of

frame tagging,
Cisco proprietary Inter-Switch Link (ISL)
and
IEEE 802.1Q.
ISL used to be the most common, but
is now being replaced by 802.1Q
frame tagging.
Cisco recommends using 802.1Q.
VLAN Tagging
ISL
Ethernet Frame
1500 bytes plus 18 byte header (1518
bytes)
IEEE 802.1Q
SA and DA 802.1q Type/Length Data (max 1500 CRC
New
MACs Tag Field bytes) CRC

ISL (Frame Encapsulation)
Ethernet Frame
1500 bytes plus 18 byte header (1518
bytes)
An Ethernet frame is encapsulated with a header that

transports VLAN Ids
It adds overhead to the packet as a 26-byte header
containing a 10-bit VLAN ID.
In addition, a 4-byte cyclic redundancy check (CRC) is
appended to the end of each frame.
This CRC is in addition to any frame checking that
the Ethernet frame requires.
Standard NIC cards and networking devices don’t
understand this giant frame.
ISL - Selected fields
DA - Destination Address
The DA field of the ISL packet is a 40 bit destination
address.
This address is a multicast address and is currently set
to be: 0x01_00_0C_00_00.
The first 40 bits of the DA field signal the receiver that
the packet is in ISL format.
TYPE - Frame Type
The TYPE field indicates the type of frame that is
encapsulated and could be used in the future to indicate
alternative encapsulations.
The following TYPE codes have been defined:
0000 Ethernet, 0001 Token-Ring
0010 FDDI , 0011 ATM

ISL - Selected fields
SA - Source Address
The SA field is the source address field of the ISL packet.
It is the address of the switch port transmitting the frame.
The receiving device may ignore the SA field of the frame.
VLAN - Virtual LAN ID
It is a 15-bit value that is used to distinguish frames on different
VLANs.
This field is often referred to as the "color" of the packet
CRC - Frame Checksum
The CRC is a standard 32-bit CRC value calculated on the entire
encapsulated frame from the DA field to the ENCAP FRAME field.
The receiving MAC will check this CRC and can discard packets
that do not have a valid CRC on them.

IEEE 802.1Q
SA and DA 802.1q Type/Length Data (max 1500 bytes) New
CRC
MACs Tag Field CRC
Significantly less overhead than the ISL

As opposed to the 30 bytes added by ISL, 802.1Q
inserts only an additional 4 bytes (TPID & TCI) into
the Ethernet frame
NIC cards and networking devices can understand
this “baby giant” frame (1522 bytes).
However, a switch must remove this
encapsulation before sending the frame out on an
access link.
New CRC is calculated every time the tag is added
or removed
802.1q (TPID & TCI)
TPID (Tag Protocol ID)–2 bytes
A 2-byte TPID = 0x8100.
TPID indicates that the frame carries the
802.1Q/802.1p tag information.
TCI (Tag Control Information)-2 bytes
Three-bit user priority (8 priority levels, 0 to 7)
One-bit canonical format Indicator(CFI), 0=
canonical, 1 = noncanonical, to signal bit order in
the encapsulated frame
Twelve-bit VLAN identifier (VID)-Uniquely identifies
the VLAN to which the frame belongs, defining
4,096 VLANs,
VLAN IDs 0 and 4095 are reserved.
Trunking operation
or 802.1Q
Trunking protocols were developed to effectively

manage the transfer of frames from different
VLANs on a single physical line.
Trunk links may carry traffic for all VLANs or only
specific VLANs.
VLANs and trunking
Non-Trunk Links
Trunk Link
Non-Trunk Links
It is important to understand that a trunk

link does not belong to a specific VLAN.
The responsibility of a trunk link is to act as
a pipe for VLANs between switches
Dynamic VLANs
Dynamic VLANs are used to provide

membership based on the MAC address of
an end user device.
When a device is connected to a switch
port, the switch must query a database to
establish VLAN membership.
A network administrator must assign a
VLAN using the database of a VLAN
Membership Policy Server (VMPS).
Dynamic VLANs allow a great deal of
flexibility and mobility for end users,

VLAN trunking protocol
VTP shares VLAN configuration

information between the Switches.
Each Switch that make up the
switching fabric is configured as one
of the following modes:
Server mode
Client Mode
Transparent Mode

VTP Modes
Server Mode
VTP-Servers can create, modify, and delete VLANs
and other configuration parameters for the entire
VTP domain;
This information is propagated to the VTP clients in
that same domain.
Client Mode
A VTP client cannot create, change, or delete
VLANs, nor can it save VLAN configurations in
nonvolatile memory (NVRAM).
Transparent Mode
VTP transparent mode is used when a switch does
not need or want to participate in VTP, but is willing
to pass VTP advertisements to other switches.

How VTP works
VTP advertisements are flooded every 5
minutes, or whenever there is a change in
VLAN configurations.
Included in a VTP advertisement is a
configuration revision number, as well as
VLAN names and numbers, and information
about which switches have ports assigned
to each VLAN.
By configuring the details on one server
and propagating the information via
advertisements, all switches know the
names and numbers of all VLANs.
VTP pruning

VTP pruning
VTP pruning makes more efficient use of
trunk bandwidth by reducing unnecessary
flooded traffic.
When a Catalyst switch has a port
associated with a VLAN, the switch sends
an advertisement to its neighbor switches
that it has active ports on that VLAN.
The neighbors keep this information,
enabling them to decide if flooded traffic
from a VLAN should use a trunk port or
not.
VTP pruning

Inter-VLAN Routing
When a node in one VLAN needs to

communicate with a node in another VLAN,
a router is necessary to route the traffic
between VLANs.
Without the routing device, inter-VLAN
traffic would not be possible.
Inter-VLAN Routing - Non-trunk Links
10.10.0.11/16 10.20.0.22/16
10.20.0.1/16
10.10.0.1/16
One option is to use a separate link to the

router for each VLAN instead of trunk links.
However, this does not scale well.
It may not make efficient use of links with
little traffic.
Physical and logical interfaces
Sub-interfaces on a router can be used to divide a

single physical interface into multiple logical interfaces.
Lower-end routers such as the 2500 and 1600 do not
support subinterfaces.
Each physical interface can have up to 65,535 logical
interfaces.
Inter-VLAN Routing - Trunk Links
10.10.0.11/16 10.20.0.22/16
Trunk Link
10.1.0.1/16
10.10.0.1/16
10.20.0.1/16

Management VLAN
By default, all Ethernet interfaces on

Cisco switches are on VLAN 1.
Notice that User VLANs have been
configured for VLANs other than VLAN
1.
The management VLAN refers to a
separate VLAN for your switches and
routers.
This helps ensure access to these
devices when another VLAN is
experiencing problems.

Vlan Moh

Uploaded by

Copyright:

Available Formats

Vlan Moh

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vlan Moh

Uploaded by

Copyright:

Available Formats

K.

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 1

Layer 2 switched network is referred to

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 2

In a VLAN, computers are assigned to

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 4

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 5

VLAN 200 VLAN 300

VLAN 300 VLAN 100

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 7

When a VLAN is provided at an access

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 8

Static VLANs offer port-based

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 9

At the access layer, end user devices

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 10

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 12

VLAN Tagging is used when a link needs to carry

There are two major methods of

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 15

An Ethernet frame is encapsulated with a header that

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 17

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 18

Significantly less overhead than the ISL

Trunking protocols were developed to effectively

It is important to understand that a trunk

Dynamic VLANs are used to provide

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 23

VTP shares VLAN configuration

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 24

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 25

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 27

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 29

When a node in one VLAN needs to

One option is to use a separate link to the

Sub-interfaces on a router can be used to divide a

ALTTC/ DX Faculty/ KSK/ VLAN/ Nov 2004 33

By default, all Ethernet interfaces on

You might also like