Switch VLAN Config
Author: James Saunders Date: Fri, 9 Jan 2004 12:00:00 CET
What is a VLAN?
VLANs (Virtual Local Area Networks) are a way to structure a network logically, put simply a VLAN is a collection of nodes which are grouped together in a single broadcast domain (address range) that is based on something other than physical location.
A broadcast domain is a network (or portion of a network) that will receive a broadcast frame from any node located within that network. In a typical network, everything on the same side of the router is all part of the same broadcast domain. A switch that you have implemented VLANs on has multiple broadcast domains, similar to a router. But you still need a router (or Layer 3 routing engine) to route from one VLAN to another -- the switch can't do this by itself.
Some uses for VLANS are:
- Security - Separating systems that have sensitive data from the rest of the network.
- Projects/Special applications - Managing a project can be simplified by the use of a VLAN that brings all of the required nodes together.
- Performance/Bandwidth - Allows the network administrator to create VLANs that reduce the number of router hops and increase bandwidth.
- Departments/Specific job types - Companies may want VLANs set up for departments that are heavy network users (such as multimedia or engineering), or a VLAN across departments that is dedicated to specific types of employees (such as management or sales).
You can create a VLAN using most manufacturers switches, they can usually be configured by logging into the switch via Telnet or HTTP and entering the parameters for the VLAN (name, domain and port assignments). After you have created the VLAN, any network segments connected to the assigned ports will become part of that VLAN.
While you can have more than one VLAN on a switch, they cannot communicate directly with one another on that switch. If they could, it would defeat the purpose of having a VLAN, which is to isolate a part of the network. Communication between VLANs requires the use of a router.
VLANs can span multiple switches, and you can have more than one VLAN on each switch. For multiple VLANs on multiple switches to be able to communicate via a single link between the switches, you must use a process called trunking, a technology that allows information from multiple VLANs to be carried over a single link between switches.
The VLAN trunking protocol (VTP) is the protocol that switches use to communicate among themselves about VLAN configuration.
In the image above, each switch has two VLANs. On the first switch, VLAN 1 and VLAN 2 are sent through a single port (trunked) to the second switch. and vice versa VLAN 1 and VLAN 2 are trunked on the second switch to the first switch.. This trunk can carry traffic to and from both VLANs, but neither VLAN 1 or VLAN 2 can communicate with each other.
Some Cisco switches with IOS...
Cisco Catalyst 2950 24 Port 10/100 Switch Cisco Catalyst 1900 Enterprise Switch (1924) Cisco 3524 XL 10/100/1000 VLAN Switch Cisco 1924C Enterprise
Config
The configuration below shows how to configure a Cisco switch to have two VLANs, with VLAN1 being on ports 1 - 12 and VLAN2 being on ports 12 - 23, with port 24 acting as a trunk port.
Current configuration : 1883 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname switch1 enable password cisco ! ip subnet-zero ! spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address ! interface FastEthernet0/2 no ip address ! interface FastEthernet0/3 no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 no ip address ! interface FastEthernet0/6 no ip address ! interface FastEthernet0/7 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface FastEthernet0/13 switchport access vlan 2 no ip address ! interface FastEthernet0/14 switchport access vlan 2 no ip address ! interface FastEthernet0/15 switchport access vlan 2 no ip address ! interface FastEthernet0/16 switchport access vlan 2 no ip address ! interface FastEthernet0/17 switchport access vlan 2 no ip address ! interface FastEthernet0/18 switchport access vlan 2 no ip address ! interface FastEthernet0/19 switchport access vlan 2 no ip address ! interface FastEthernet0/20 switchport access vlan 2 no ip address ! interface FastEthernet0/21 switchport access vlan 2 no ip address ! interface FastEthernet0/22 switchport access vlan 2 no ip address ! interface FastEthernet0/23 switchport access vlan 2 no ip address ! interface FastEthernet0/24 switchport mode trunk switchport trunk encapsulation dot1q no ip address ! interface Vlan1 description vlan1 no ip address no ip route-cache ! interface Vlan2 description vlan2 management ip address 192.168.1.99 255.255.255.0 no ip route-cache ! no ip http server ! ! line con 0 exec-timeout 0 0 line vty 0 4 password 7 pass123 login line vty 5 15 password 7 cisco login ! end
Before duplicating the same configuration onto Switch 2, check to see if the VLAN's have been configured properly. Enter the following command:
switch1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 2 VLAN1 active Fa0/1, Fa0/2 ... Fa0/12 3 VLAN2 active Fa0/13, Fa0/14 ... Fa0/23 ...
note: There are two trunking protocols which can be used between switches, ISL and 802.1q. ISL is Cisco's own protocol and can only be used between Cisco switches, 802.1q is an IEEE standard which other manufacturers use. The switch config above shows the trunk port has been configured on port fa0/24 with the 802.1q trunking protocol, the following line can be modified to change trunking protocol:
switch1(config-if)#switchport trunk encapsulation isl
An easier way to create a successful VLAN config on a IOS Cisco switch is to use the "vlan database" command which is a tool used to create VLAN's automatically.
Digg this Page
Add to del.icio.us
Bookmark this Page
Post to Slashdot
