CCNA – Semester3

Module 8
Virtual LANs

Objectives

• VLAN concepts
• VLAN configuration
• Troubleshooting VLAN
 VLAN Concepts

VLAN introduction

• A VLAN is a group of network services not

restricted to a physical segment or LAN switch
• VLANs logically segment switched networks
based on the functions, project teams, or
applications of the organization.
• A workstation in a VLAN group is restricted to
communicating with other devices in the same
VLAN group.
VLAN introduction

Broadcast domain
VLAN and broadcast domain

VLAN Specifications
• VLANs work at Layer 2 and Layer 3 of the
OSI reference model.
• VLANs provide a method of controlling
network broadcasts.
• Communication between VLANs is provided
by Layer 3 routing.
• The network administrator assigns users to
a VLAN.
• VLANs can increase network security.
Switch port mode

Trunk link

Access link Access link

VLAN operation

• Each switch port could be assigned to a

different VLAN.
• Two methods that can be used to assign a
switch port to a VLAN:
– Static
– Dynamic
Static VLANs

• Static membership VLANs are called port-based and

port-centric membership VLANs.

Dynamic VLANs

• Dynamic VLANs allow for membership based on the

MAC address of the device connected to the switch port.
Static and dynamic VLAN assignment

Benefits of VLANs

• The key benefit of VLANs is that they permit the network

administrator to organize the LAN logically instead of
physically. This means that an administrator is able to
do all of the following:
– Easily move workstations on the LAN.
– Easily add workstations to the LAN.
– Easily change the LAN configuration.
– Easily control network traffic.
– Improve security.
VLAN types

• There are three basic VLAN memberships for

determining and controlling how a packet gets
assigned:
– Port-based VLANs
– MAC address based VLANs
– Protocol based VLANs

Number of VLANs

• The number of VLANs in a switch vary

depending on several factors:
– Traffic patterns
– Types of applications
– Network management needs
– Group commonality
• In addition, an important consideration in
defining the size of the switch and the number
of VLANs is the IP addressing scheme.
Frames Tagging
• Every frame is appended with a tag or VLAN ID.
• Each switch examines every frame’s VLAN ID before
forwarding.
• Frame’s VLAN ID is removed before transmitted to
end stations

Trunking Protocols

• There are two major methods of frame tagging, Inter-

Switch Link (ISL) and 802.1Q. ISL used to be the
most common, but is now being replaced by 802.1Q
frame tagging.
Communicating between VLANs

VLAN Configuration
End-to-end VLAN
• An end-to-end VLAN network comprises the following
characteristics:
– Users are grouped into VLANs dependent on group or job function.
– All users in a VLAN should have the same 80/20 traffic flow patterns.
– As a user moves around the campus, VLAN membership for that user should
not change.
– Each VLAN has a common set of security requirements for all members.
– Allow devices to be grouped based upon resource usage.

Geographic VLANs
• As many corporate networks have moved to centralize their
resources, end-to-end VLANs have become more difficult to
maintain.
• VLANs are now more frequently being created around geographic
boundaries rather than commonality boundaries.
• The new 20/80 rule in effect.
80 percent of the traffic is
remote to the user and 20
percent of the traffic is local
to the user.
Static VLANs

• Static VLAN works well in networks where the

following is true:
– Moves are controlled and managed.
– There is robust VLAN management software to configure
the ports.
– It is not desirable to assume the additional overhead
required when maintaining end-station MAC addresses
and custom filtering tables.

VLANs on Cisco 29xx switches

• The maximum number of VLANs is switch dependent.

• VLAN 1 is one of the factory-default VLANs.
• VLAN 1 is the default Ethernet VLAN.
• Cisco Discovery Protocol (CDP) and VLAN Trunking
Protocol (VTP) advertisements are sent on VLAN 1.
• The Catalyst 29xx IP address is in the VLAN 1 broadcast
domain by default.
• The switch must be in VTP server mode to create, add,
or delete VLANs (default).
Create VLANs

• If using a Cisco IOS command based switch,

enter the VLAN configuration mode.
Switch#vlan database
Switch(vlan)#vlan vlan_id name vlan_name
Switch(vlan)#exit
• Upon exiting, the VLAN is applied to the switch
and VLAN information is stored in flash:vlan.dat
(using Ctrl+Z will discard all changes).

Assign VLANs

• The next step is to assign the VLAN to one or

more interfaces:
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan vlan_id
Switch(config-if)#switchport mode access
Verifying VLAN configuration

• A good practice is to verify VLAN configuration

by using:
• show vlan
• show vlan brief
• show vlan id id_number
• The following facts apply to VLANs:
– A created VLAN remains unused until it is mapped to
switch ports.
– All Ethernet ports are on VLAN 1 by default.

Show vlan
Deleting VLANs

• To remove a VLAN from the interface or delete a specific

VLAN, simply use the no form of the command.
• If a VLAN is deleted, any ports assigned to that VLAN
become inactive. The ports will remain associated with
the deleted VLAN until assigned to a new VLAN.
• To delete all VLAN and VTP configuration use the
command:
Switch#delete flash:vlan.dat

Troubleshooting VLAN
VLAN problems isolation

STP problems

• STP problems include broadcast storms, loops,

dropped BPDUs and packets.
• The root bridge is the central point of a
spanning-tree configuration that controls how
the protocol operates.
• Configuration of root bridge timers set
parameters for forwarding delay or maximum
age for STP information
Preventing broadcast storms

• A broadcast storm occurs when a large number

of broadcast packets are received on a port.
• Prevention of broadcast storms by setting
threshold values to high or low discards
excessive broadcast, multicast, or unicast MAC
traffic.
• In addition, configuration of values for rising
thresholds on a switch will shut the port down.

VLANs common problems

Show vlan

Show vlan output fields

VLAN troubleshooting: scenarios 1

• A trunk link cannot be established between a switch

and a router.

VLAN troubleshooting: scenarios 1

• Make sure that the port is connected and not receiving any
physical-layer, alignment or frame-check-sequence (FCS) errors.
Use show interface
• Verify that the duplex and speed are set properly between the
switch and the router. Use show int status on switch or show interface
on router.
• Configure the physical router interface with one subinterface for
each VLAN that will route traffic and make sure that each
subinterface on the router has the proper encapsulation type, VLAN
number, IP address, and subnet mask configured. Use show
interface and show running-config.
• Confirm that the router is running an IOS release that supports
trunking. Use show version.
VLAN troubleshooting: scenarios 2

• VTP is not correctly propagating VLAN configuration

changes.

VLAN troubleshooting: scenarios 2

• Make sure the switches are connected through trunk links. VTP
updates are exchanged only over trunk links. Use show int status
command.
• Make sure the VTP domain name is the same on all switches that
need to communicate with each other. VTP updates are exchanged
only between switches in the same VTP domain. Use show vtp status
command.
• Check the VTP mode of the switch. If the switch is in VTP
transparent mode, it will not update its VLAN configuration
dynamically. Use the show vtp status command.
• If using VTP passwords, the same password must be configured on
all switches in the VTP domain. To clear an existing VTP password,
use the no vtp password password command on the VLAN mode.
VLAN troubleshooting: scenarios 3

• Problems can arise for

internetworks in which
both IEEE and DEC
spanning-tree algorithms
are used by bridging
nodes causing dropped
packets and loops.
• To resolve this problem,
reconfigure all switches
for IEEE.

Summary

• The key elements of a redundant networking

topology
• The benefits and risks of a redundant
topology
• The role of spanning tree in a redundant-
path switched network
• The key elements of spanning-tree
operation
• The process for root bridge election
• Spanning-tree states
• Rapid Spanning-Tree Protocol
Lab Topology

CCNA3 – Module8