Introduction to VLAN

Technology
ExtremeXOS™ Operation and
Configuration, Version 12.1

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
 Student Objectives

Upon completion of this module, you will be able to:

Define VLANs.
Describe port-based (untagged) VLANs.
Describe tagged VLANs.
Describe protocol-based VLANs.
Describe the benefits of VLANs.
Manage port-based (untagged) VLANs.
Manage tagged VLANs.
Manage protocol-based VLANs.

Slide 2
 Virtual LANs
Virtual Local Area Network (VLAN) provide a way of grouping
different network devices to ensure that those devices can
communicate directly with one another.
VLANs can span multiple layer 2 switches and do not restrict node
placement.
Broadcast packets are flooded only within a VLAN / broadcast
domain.

Slide 3
 VLAN Operation

A VLAN emulates a LAN by managing how Ethernet frames are

propagated throughout the network.
• Broadcast, multicast, and unknown unicast Ethernet frames must be
forwarded to all the stations in the VLAN.
• A VLAN defines the parts of the network where broadcast packets are to be
forward (broadcast domain).
A router (Layer 3 forwarding device) is required to forward traffic
from one VLAN to another.
• An external layer 3 router or routing a routing process inside the switch.

A router is
required for
traffic to go from
one VLAN to
another.

Slide 4
 Types of VLANs

VLANs associate network devices with one another based upon

some criteria:
• 802.1Q Tagged VLAN
• Port-based (Untagged) VLAN
• Protocol VLAN

802.1Q Tagged
VLAN
Protocol-based
Port-based VLANs VLAN

Slide 5
 Port-Based VLANs

Port-based VLAN membership is based upon which ports are

assigned to the VLAN.
If a tagged Ethernet frame is received on an untagged port , a
switch may:
• Drop the frame. The switch assumes that the port is only meant for
untagged frames.
• Forward the frame based upon the VLAN ID in the frame.
• Forward the frame as if the incoming frame didn't have a tag.
The network administrator associates ports with the VLAN.
A port can be a member of only one port-based VLAN.

Refer to the product documentation to determine how to configure port-based VLANs.

Slide 6
 802.1Q Tagged VLANs

802.1Q VLAN membership is based upon the VLAN ID in the 802.1Q

field in the incoming packet.
The 801.Q Tag contains four fields:
• Tag Protocol ID (TPID)
• User Priority
• Canonical Format Indicator (CFI)
• VLAN Identifier (VID)

802.1Q Ethernet Frame

6 Bytes 6 Bytes 2 Bytes 3 bits 1 bit 12 bits 2 Bytes 42 to 1500 Bytes 4 Bytes
Destination Source TPID VLAN Type / Data
802.1p CFI CRC
MAC MAC (0x8100) ID Length (Payload / Padding)
64 Bytes Minimum. 1522 Bytes Maximum.

Slide 7
 802.1Q Tagged VLANs Uses

Tagging is most commonly used to create VLANs that span

switches.
Tagging also can be used to differentiate one type of incoming
traffic from another.
Another use for tagged VLANs is the ability to have a port
configured as a member of multiple VLANs.

802.1Q Ethernet Frame

6 Bytes 6 Bytes 2 Bytes 3 bits 1 bit 12 bits 2 Bytes 42 to 1500 Bytes 4 Bytes
Destination Source TPID VLAN Type / Data
802.1p CFI CRC
MAC MAC (0x8100) ID Length (Payload / Padding)
64 Bytes Minimum. 1522 Bytes Maximum.

Remember, a single port can only be a member of one port-based VLAN.

Tags may be used to associate that port with additional VLANs.
Slide 8
 Protocol-Based VLANs

Protocol-based VLANs enable you to define a packet filter that the

switch uses as the matching criteria to determine if a particular
packet belongs to a particular VLAN.
• Type
• Logical Link Control (LLC)
• Subnetwork Access Protocol (SNAP)

Ethernet Frame
6 Bytes 6 Bytes 2 Bytes 3 Bytes 5 Bytes 38 to 1492 Bytes 4 Bytes
LLC SNAP
Destination Source Data
Type (Logical Link (Sub network Access CRC
MAC MAC (Payload / Padding)
Control) Protocol)
64 Bytes Minimum. 1518 Bytes Maximum.

Slide 9
 Benefits of VLANs

Help to control traffic.

Provide extra security.
• Only devices belonging to the same VLAN can communicate with each
other.
Ease the change and movement of devices.

Marketing Engineering Operations

Ports 1-4 Ports 9-12 Ports 17-24

Slide 10
VLAN
Implementation
ExtremeXOS™ Operation and
Configuration, Version 12.1

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
Managing
Port-Based VLANs
Displaying, creating, and enabling
VLANs and managing VLAN ports.

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
 Listing The Steps to Create a Port-Based VLAN

Creating a VLAN
• Determine current VLAN configuration
• Create the VLAN
• Add ports to the VLAN
• Verify VLAN functionality
Other management tools
• Enable a VLAN
• Disable a VLAN
• Rename a VLAN

Slide 13
show vlan {detail | <vlan_name>}

Displaying VLAN Information

The first step in evaluating the switches VLAN configuration is

displaying the current VLAN configuration.
To display the switches VLANs, including their tag values, use the
following syntax:
• show vlan { detail | <vlan_name> }
Examples:
• To display a concise description of all VLANs configured on the device, enter
the following command:
show vlan
• To display a detailed description of all VLANs configured on the switch, enter
the following command:
show vlan detail
• To display a detailed description of the VLAN named accounting, enter the
following command:
show vlan detail accounting

Slide 14
show vlan {detail | <vlan_name>}

Displaying VLAN Information (Continued…)

The show vlan command shows high-level info for all VLANs.
* VLAB-R3-BD10808.2 # show vlan
--------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------
Default 1 -------------------------------T---------- ANY 1 /198 VR-Default
Mgmt 4095 10.209.10.37 /24 ---------------------- ANY 1 /1 VR-Mgmt
--------------------------------------------------------------------------------------

Slide 15
show vlan {detail | <vlan_name>}

Creating and Deleting Port-Based VLANs

To create a port-based VLAN, use the following command syntax:

• create vlan <vlan_name>
To delete a port-based VLAN, enter the following command syntax:
• delete vlan <vlan_name>
VLAN names must be unique.
Example
• To create a VLAN named accounting, enter the following command:
create vlan accounting
• To remove the VLAN named accounting, enter the following command:
delete vlan accounting

When the VLAN is created, it has no ports as members.

Slide 16
configure vlan <vlan_name> add ports <ports_list>
configure vlan <vlan_name> delete ports <port_list>

Adding and Removing Ports to and from a Port-

Based VLANs

To add ports to a port-based VLAN, use the following syntax:

• configure vlan <vlan_name> add ports <ports_list>
To remove ports from a port-based VLAN, use the following syntax:
• configure vlan <vlan_name> delete ports <port_list>
Implementation notes
• The VLAN must already exist before you can add (or delete) ports.
• Ports can only be in one VLAN as untagged.
• A port can be added to multiple VLANs only when it has multiple tags.
• By default, all ports are members of the default VLAN.
• In order to add untagged ports to a different VLAN, you must first remove
them from the default VLAN. Failure to do so results in this error:
Error: Protocol conflict when adding untagged port 1:2.
Either add this port as tagged or assign another protocol to
this VLAN.
Slide 17
configure vlan <vlan_name> add ports <ports_list>
configure vlan <vlan_name> delete ports <port_list>

Adding and Removing Ports to and from a Port-

Based VLANs Examples

Examples:
• To add all ports to the VLAN named accounting, use the following command:
configure vlan accounting add ports all
• To remove ports 4, 6, and 10 from the port-based VLAN named accounting,
use the following command:
configure vlan accounting delete ports 4, 6, 10

Slide 18
disable vlan <vlan_name>
enable vlan <vlan_name>

Enabling and Disabling Port-Based VLANs

During complex configurations it might be useful to disable VLANs

prior to deployment (i.e. MPLS).
To disable a port-based VLAN, use the following syntax:
• disable vlan <vlan_name>
To enable a port-based VLAN, use the following syntax:
• enable vlan <vlan_name>
Implementation notes
• Disabling a VLAN stops all traffic on all ports for the VLAN.
• You cannot disable a VLAN that is running a Layer-2 protocol such as ESRP
or EAPS.
• If necessary, you can disable the default VLAN, however you cannot disable
the management VLAN.
• You can remove ports from a disabled VLAN, however you cannot add ports.

Slide 19
enable vlan accounting
disable vlan accounting

Enabling and Disabling Port-Based VLANs

(Continued…)

Examples:
• To enable and disable a port-based VLAN named accounting, use the
following command:
enable vlan accounting
disable vlan accounting

Slide 20
configure vlan <vlan_name> name <name>

Renaming VLANs

To rename a VLAN, use the following command syntax:

• configure vlan <vlan_name> name <name>
To rename the accounting VLAN to finance, use the following
command:
• configure vlan accounting name finance

Slide 21
show vlan <vlan_name>

Verifying Port-Based VLAN Configuration

Verify VLAN configuration

show vlan blue

Slide 22
show vlan default

System VLAN – Default There are two pre-configured port-

based VLANs: The Default VLAN
and the Mgmt VLAN.

Default VLAN
• Comes pre-configured on all switches
• All data ports are members
• Internal VLAN ID of 1
• Cannot be deleted or renamed

VR-Mgmt VR-Default

“Mgmt" vlan “Default" vlan

Management Ethernet Port Data Ports

Slide 23
show vlan mgmt

System VLANs - Mgmt Not all platforms have a

management port. Refer to product
documentation for your systems.

Mgmt VLAN
• Only exists on switches that have an Ethernet management port.
• Only contains the management port.
• Is only used for network management access:
Telnet, HTTP, SNMP, and TFTP
• Not capable of supporting switching or routing functions.

VR-Mgmt VR-Default

“Mgmt" vlan “Default" vlan

Management Ethernet Port Data Ports

Slide 24
 Extending Port-Based VLANs Across Switches
Marketing Engineering Operations
Create VLANs on each switch. Ports 1-4 Ports 9-12 Ports 17-24
• The same VLAN name must be configured
on each switch.
Add ports to each VLAN on each
switch.
• Each switch must have at least one
configured port for each VLAN.
Physically connect switches together
using one port on each switch per
VLAN.
• Each link between the switch ports must
connect to a port that is a member of the
same VLAN on the next switch.

Marketing Engineering Operations

Ports 1-4 Ports 9-12 Ports 17-24

Slide 25
Managing
Tagged VLANs
Creating, and enabling VLANs and
managing VLAN ports.

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
 Listing The Steps to Create a Tagged VLAN

Creating a Tagged VLAN

1. Create the VLAN
2. Assign a tag value to the VLAN
3. Add ports to the VLAN
4. Verify tagged VLAN configuration
5. Verify tagged VLAN functionality

Slide 27
 Creating a Tagged VLAN

Create the VLAN

• create vlan <vlan_name>
Assign a tag value (VLAN ID) to the VLAN (2 - 4094):
• configure vlan <vlan_name> tag <tag_value>
Examples
• To create a VLAN named ENGINEERING with a VLAN ID of 2004, enter the
following commands:
create vlan ENGINEERING
configure vlan ENGINEERING tag 2004
Implementation
• The tag range is 2 - 4094.

Slide 28
 Adding and Deleting Ports to and from a Tagged
VLAN

Ingress Processing is based upon:

• Ethernet frame’s VLAN ID.
• Port membership type (tagged / untagged).
• Presence of associated VLAN ID associated with port.
Egress Processing is based upon
• VLAN associated with frame.
• Port membership type.

Port VLAN ID VLAN Name Member As

1 2 FINANCE tagged
1 3 FACILITIES tagged
1 4 GUEST untagged
Slide 29
 Adding and Deleting Ports to and from a Tagged
VLAN

Before adding port, ensure it has been deleted from untagged

VLANs such as the Default VLAN:
• configure vlan <vlan_name> delete port <port_list>
Add the port to the VLAN as with tagged or untagged membership:
• configure vlan <vlan_name> add port <port_list>
[ tagged | untagged ]
Verify that the ports are tagged or untagged ports:
• show vlan <vlan_name>
Examples
• configure vlan default delete port 7
• configure vlan ENGINEERING add port 7 untagged
• configure vlan ENGINEERING add ports 2,3 tagged
• show vlan ENGINEERING
Slide 30
 Verifying Tagged VLAN Configuration
Verify VLAN
configuration
show vlan blue
Verify
• name
• tag value
• ports
Note: For the
purposes of VLAN
classification, packets
arriving on a port with
an 802.1Q tag
containing a VLAN ID
of 0 are treated as
untagged.

Slide 31
 Verifying Tagged VLAN Functionality

Generate tagged and untagged Ethernet Frames

• IXIA, Network Packet Generator (npg.exe), switch, or PC.
Verify ingress and egress functionality
• Do untagged and untagged frames get forwarded the correct ports?
• Capture Frames
Wireshark, Sniffer, tcpdump, windump
• Onboard statistics
clear counters
configure port [<port_list> | all} monitor vlan <vlan name>
show ports {port_list} vlan statistics {no-refresh}

Frame Generator Frame Capture

Slide 32
 Example: Configuring Tagged VLANs on Multiple
Switches
10 20

1 2 3 4 5 6 7 8

10 20

1 2 3 4 5 6 7 8

D S 10 T/L Payload Padding CRD D S 20 T/L Payload Padding CRD

create vlan red create vlan green

configure vlan red tag 10 configure vlan green tag 20
configure vlan red add configure vlan green add
port 1-3 untagged port 5-8 untagged
configure vlan red add configure vlan green add
port 4 tagged port 4 tagged

Slide 33
 VLAN Rules

U
U
10

Switch 1
U
T T 10
U 30

10 T
Switch 2
T
T T T
U
U T
30 T
Switch 3
T

VLAN Rules:
30
Use consistent tag values on all links between switches.
Use consistent VLAN names and VLAN IDs across switches.
Configure links between switches to use tags.

Slide 34
Managing
Protocol-Based
VLANs
Creating, and enabling protocol-
based VLANs and managing VLAN
ports.

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
 Listing The Steps to Create a Protocol-Based VLAN

Creating a Protocol-Based VLAN

1. Create the VLAN
2. Add tag to VLAN (optional)
3. Create and configure protocol filter (optional)
4. Assign a protocol filter to the VLAN
5. Add ports to the VLAN
6. Verify VLAN configuration
7. Verify VLAN functionality

Slide 36
 Creating a Protocol-Based VLAN

The process of creating a protocol-based VLAN is exactly the same

as with tagged and untagged VLANs.
• create vlan <vlan_name>
You can associate a tag value with the VLAN (optional).
• configure vlan <vlan_name> tag <vlan_id>
The VLAN is defined, but has no ports.

VR-default

"protoVLAN" vlan

Slide 37
 Creating a Protocol Filter

Define a protocol filter to be used as the matching criteria to

determine if a particular packet belongs to a particular VLAN.
Manually define filters or use the pre-defined protocol filters on the
switch.
Green Protocol
VLAN (AppleTalk)

Multiple
Blue Protocol
Incoming
VLAN (IPX)
Protocols

Orange Protocol
VLAN (IP)

Slide 38
 Predefined Protocol Filters
There are eight predefined protocol filters
Filter Name Type Value
IP ETYPE 0x0800, 0x0806
IPX ETYPE 0x8137
IPv6 ETYPE 0x86DD
MPLS ETYPE 0x8847
DECNet ETYPE 0x6003, 0x6004
NetBIOS LLC 0xF0F0, 0xF0F1
IPX_8022 LLC 0xE0E0
IPX_SNAP SNAP OUI = 0x8137
AppleTalk SNAP OUI = 0x809B, 0x80F3
ETYPE DA SA ETYPE Data CRC

LLC DA SA LENGTH LLC CNTRL Data CRC

SNAP DA SA LENGTH SNAP 0xAAAA03 OUI Data CRC

Slide 39
 Custom Protocol Filters

To create a custom VLAN protocol:

• create protocol <protocol_name>
To add a custom filter to a custom VLAN protocol:
• configure protocol <protocol_name> add [ etype | llc | snap]
<hex_value>
You may add multiple filters to a single protocol:
• configure protocol myProtoFilter add etype 0xfeed
• configure protocol myProtoFilter add etype 0xface
adding two filters using two commands
• configure protocol myProtoFilter add etype 0xfeed etype 0xface
using one command to accomplish the same
A maximum of 15 protocol filters, each containing a maximum of 6
protocols, can be defined.
No more than 7 protocols can be active and configured for use.
Slide 40
 Verifying Protocol-Based VLANs
* sanjose 3 # show protocol
Protocol Name Type Value
------------------------------------------------
IP etype 0x0800
etype 0x0806
ANY ANY 0xffff
foo llc 0xfbaf
ipx etype 0x8137
IPv6 etype 0x86dd
fooz
decnet etype 0x6003
etype 0x6004
netbios llc 0xf0f0
llc 0xf0f1
ipx_8022 llc 0xe0e0
ipx_snap snap 0x8137
appletalk snap 0x809b
snap 0x80f3
* sanjose 3 # show protocol IPv6
Protocol Name Type Value
------------------------------------------------
IPv6 etype 0x86dd

Slide 41
 Assigning a Protocol Filter to a Protocol-Based VLAN
Adding a Port to a Protocol-Based VLAN

To assign a protocol to a VLAN, use the following syntax:

• configure vlan <vlan_name> protocol <protocol_name>
To add a port to a protocol-based VLAN:
• configure vlan <vlan_name> add ports <port_list>
The protocol-based VLAN is now configured. Now, when a frame is
received on a port, the system checks:
• Is frame is tagged? If yes, and port is a member, then forward appropriately.
• Does frame have matching protocol filter? If yes then forward appropriately.
Protocol filters may include ANY

Slide 42
 Protocol-Based VLAN Example Configuration

IPX
AppleTalk / IP / IPX Server
IPX Client IPX Client IPX Client
Client

AppleTalk ATalk
Client Server

IP Client
IP
Server
AppleTalk Protocol

IP Protocol
AppleTalk / IP / IPX
IPX Client IPX Client
IPX Protocol Client

Slide 43
 Protocol-Based VLAN Example Configuration
(Continued…)

Configure 3 Protocol-Based VLANs, each with four ports.

• All three VLANs have three ports in common. The ports are serving the
Summit switches at the perimeter.

IP Server
Port 2:20
Port 2:17

Apple Server
Port 2:18 Port 2:21

Novell Server
Port 2:19 Port 2:22

Slide 44
 Configuring Protocol-Based VLANs
orange blue
Protocol Filter = IP Protocol Filter = IPX

create vlan orange

configure orange protocol ip
configure orange add port 1-4

1 2 3 4 5 6 7 8
create vlan blue
configure blue protocol ipx
configure blue add port 4-8
IP IP / IPX IP

Slide 45
 Notes on Protocol-Based VLANs

When a new VLAN is created, it is assigned the “any”

„any‟ protocol
protocolby
by
default.
When a protocol filter is deleted, the VLANs which had the protocol
filters assigned are now assigned a protocol filter of "none" or an
error occurs.
• No traffic is forwarded until a protocol is assigned.
Tagged packets take precedence over protocol filters associated
with a VLAN.

Ethernet Frame IPX

Tagged, IPX

Tag=10

Slide 46
 Summary

You should now be able to:

Define VLANs.
Describe port-based (untagged) VLANs.
Describe tagged VLANs.
Describe protocol-based VLANs.
Describe the benefits of VLANs.
Manage port-based (untagged) VLANs.
Manage tagged VLANs.
Manage protocol-based VLANs.

Slide 47
 Lab

Turn to the Port-based VLAN Configuration and the Tagged VLAN

Configuration Lab in the ExtremeXOS™ Operations and Configuration -
Lab Guide Rev. 12.1 and complete the hands-on portion of this module.

Slide 48
Review Questions

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
This presentation contains forward-looking statements that involve
risks and uncertainties, including statements regarding our
expectations as to products, trends and our performance. There can be
no assurances that any forward-looking statements will be achieved,
and actual results could differ materially from forecasts and estimates.
For factors that may affect our business and financial results please
refer to our filings with the Securities and Exchange Commission,
including, without limitation, under the captions: “Management’s
Discussion and Analysis of Financial Condition and Results of
Operations,” and “Risk Factors,” which is on file with the Securities and
Exchange Commission (http://www.sec.gov). We undertake no
obligation to update the forward-looking information in this release.

© 2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.
The End

2008All
© Inc.
© 2008 Extreme Networks, Extreme Networks,ExtremeXOS
rights reserved. Inc. All rightsOperation
reserved. and
EXOS 12.1. Part Version
Configuration, # DOC-00919.
12.1. Part number DOC-00919.