Virtual LAN

Virtual LAN
Using Hubs
 Layer 1 devices
 Inexpensive
 In one port, out the others
 One collision domain
 One broadcast domain
Hub 1
1 7 2 .3 0 .1 .2 1 1 7 2 .3 0 .1 .2 4
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
S in g le H u b
 O n e N e tw o r k ( IP N e tw o r k A d d r e s s - u s u a lly )
 O n e C o llis io n D o m a in
 O n e B r o a d c a s t D o m a in
This is fine for small workgroups, but does not

scale well for larger workgroups or heavy traffic.
Hub 1
1 7 2 .3 0 .1 .2 1 1 7 2 .3 0 .2 .2 2
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .2 1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
S in g le H u b - T w o s u b n e ts
 T w o s u b n e ts
 O n e C o llis io n D o m a in
What if the computers were on two different subnets?

Could they communicate within their own subnet?
Yes Between subnets? No, need a router.
Hub 1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 7
1 7 2 .3 0 .1 .2 3 Hub 2 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
A ll H ub s
1 7 2 .3 0 .1 .2 4
 O ne N e tw o rk A d d re s s 2 5 5 .2 5 5 .2 5 5 .0
 O ne C o llis io n D o m a in 1 7 2 .3 0 .1 .2 6
1 7 2 .3 0 .1 .2 5 2 5 5 .2 5 5 .2 5 5 .0
 O ne B r o a d c a s t D o m a in 2 5 5 .2 5 5 .2 5 5 .0
 Same issues as before, with more of an impact

on the network.
Using Switches
 Layer 2 devices
 Moderate expense for common access
switches, but can be very expensive.
 Layer 2 filtering based on Destination
MAC addresses and Source Address
Table
 One collision domain per port
 One broadcast domain
Two parallel paths: (complete SAT tables)
Data traffic from 172.30.1.24 to 172.30.1.25
and from 172.30.1.26 to 172.30.1.27
Hub
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 7
1 7 2 .3 0 .1 .2 3 S w itc h 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
S w itc h a n d H u b N e tw o r k
1 7 2 .3 0 .1 .2 4
 O n e N e tw o rk 2 5 5 .2 5 5 .2 5 5 .0
 S e v e r a l C o llis io n D o m a in s 1 7 2 .3 0 .1 .2 6
1 7 2 .3 0 .1 .2 5 2 5 5 .2 5 5 .2 5 5 .0
 O n e p e r s w itc h p o r t 2 5 5 .2 5 5 .2 5 5 .0
 O n e f o r t h e e n t ir e H u b
As opposed to the Hub:
Data traffic from 172.30.1.21 to 172.30.1.22
and from 172.30.1.23 to 172.30.1.24
Collision!
Hub
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 7
1 7 2 .3 0 .1 .2 3 S w itc h 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 4
 O n e N e tw o rk 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 5 2 5 5 .2 5 5 .2 5 5 .0
Collisions and Switches:
What happens when two devices on a switch, send data to
another device on the switch.
172.30.1.24 to 172.30.1.25 and 172.30.1.26 to 172.30.1.25
Hub
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 7
1 7 2 .3 0 .1 .2 3 S w itc h 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 4
 O n e N e tw o rk 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 5 2 5 5 .2 5 5 .2 5 5 .0
The switch keeps the frames in buffer memory, and queues
the traffic for the host 172.30.1.25. This means that the
sending hosts do not know about the collisions and do not
have to re-send the frames.
Hub
Frames in
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
buffer
1 7 2 .3 0 .1 .2 7
1 7 2 .3 0 .1 .2 3 S w itc h 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 4
 O n e N e tw o rk 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 5 2 5 5 .2 5 5 .2 5 5 .0
Other Switching Features
Review
 Asymmetric ports: 10 Mbps and 100
Mbps
 Full-duplex ports
 Cut-through versus Store-and-Forward
switching
Ports between switches and server ports are good candidates
for higher bandwidth ports (100 Mbps) and full-duplex
ports.
S w itc h 1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 8
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .1 .2 3 1 7 2 .3 0 .1 .2 4 S w itc h 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
A ll S w itc h e d N e tw o r k
1 7 2 .3 0 .1 .2 5
 O n e N e tw o rk 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 6 2 5 5 .2 5 5 .2 5 5 .0
Introducing Multiple
Subnets/Networks without Routers
 Switches are Layer 2 devices

 Router are Layer 3 devices
 Data between subnets/networks must
pass through a router.
A Switched Network with two subnets:
What are the issues? Can data travel within the subnet?
Yes Can data travel between subnets? No, need a router!
What is the impact of a layer 2 broadcast, like an ARP
Request?
ARP Request
S w itc h 1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 6
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3 1 7 2 .3 0 .2 .1 2 S w itc h 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
A ll S w itc h e d N e tw o r k - T w o N e tw o r k s
 T w o S u b n e ts
1 7 2 .3 0 .1 .2 5
 S e v e r a l C o llis io n D o m a in s 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 7
 O n e p e r s w it c h p o r t 1 7 2 .3 0 .2 .1 4 2 5 5 .2 5 5 .2 5 5 .0
 O n e B r o a d c a s t D o m a in 2 5 5 .2 5 5 .2 5 5 .0
All devices see the ARP Request. One broadcast domain
means the switches flood all broadcast out all ports, except
the incoming port. Switches have no idea of the layer 3
information contained in the ARP Request. This consumes
bandwidth on the network and processing cycles on the
hosts.
S w itc h 1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 6
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3 1 7 2 .3 0 .2 .1 2 S w itc h 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
A ll S w itc h e d N e tw o r k - T w o N e tw o r k s
1 7 2 .3 0 .1 .2 5
1 7 2 .3 0 .1 .2 7
 O n e B r o a d c a s t D o m a in 2 5 5 .2 5 5 .2 5 5 .0
One Solution:
Physically separate the subnets. But still no data can travel
between the subnets. How can we get the data to travel
between the two subnets?
S w itc h 1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 6
1 7 2 .3 0 .1 .2 3 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .1 .2 6 S w itc h 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
T w o S w itc h e d N e tw o r k s
1 7 2 .3 0 .2 .1 0
1 7 2 .3 0 .2 .1 4
 T w o B r o a d c a s t D o m a in 2 5 5 .2 5 5 .2 5 5 .0
Introducing Multiple
Subnets/Networks with Routers
 Switches are Layer 2 devices

 Router are Layer 3 devices
 Data between subnets/networks must
pass through a router.
Routed Network:
Two separate broadcast domains, because the router will not
forward the layer 2 broadcasts such as ARP Requests.
1 7 2 .3 0 .1 .1
2 5 5 .2 5 5 .2 5 5 .0
S w itc h 1 1 7 2 .3 0 .2 .1
1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te r
1 7 2 .3 0 .2 .1 6
1 7 2 .3 0 .1 .2 3 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .1 .2 6 S w itc h 2 2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te d N e tw o rk s
1 7 2 .3 0 .2 .1 0
1 7 2 .3 0 .2 .1 4
 C o m m u n ic a t io n b e tw e e n s u b n e ts 2 5 5 .2 5 5 .2 5 5 .0
Switches with multiple subnets
 So far this should have been a review.
 Lets see what happens when we have two
subnets on a single switch and we want to
route between the two subnets.
Router-on-a-stick:
When a single interface is used to route between subnets or
networks, this is know as a router-on-a-stick. To assign multiple
ip addresses to the same interface, secondary addresses or
subinterfaces are used.
interface e 0 1 7 2 .3 0 .1 .1
ip address 172.30.1.1 255.255.255.0 1 7 2 .3 0 .2 .1 s e c
ip address 172.30.2.1 255.255.255.0 secondary R o u te r 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
 C o m m u n ic a tio n b e t w e e n s u b n e ts
Router-on-a-stick
Advantages
 Useful when there are limited Ethernet interfaces
on the router.
Disadvantage
 Because a single link is used to connect multiple
subnets, one link is having to carry the traffic for
multiple subnets.
 Be sure this is link can handle the traffic. You
may wish to use a high-speed link (100 Mbps)
and full-duplex.
Gotcha’s
1. Remember to have the proper default gateway
set for each host.
 172.30.1.0 hosts - default gateway is 172.30.1.1
2. The router must still route between subnets, so

you must include:
Router (config)# router rip
Router (config-router)# network 172.30.0.0
Multiple interfaces:
Two Ethernet router ports may be used instead of one. However
this may be difficult if you do not have enough Ethernet ports on
your router.
E0 E1
1 7 2 .3 0 .1 .1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te r
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
 C o m m u n ic a tio n b e tw e e n s u b n e ts
One switch two subnets:
Good News: Data can travel between subnets and we have
two separate broadcast domains. Bad News: Hosts are on
different subnets but on a single layer 2 broadcast domain.
1 7 2 .3 0 .1 .1
1 7 2 .3 0 .2 .1 s e c
R o u te r 2 5 5 .2 5 5 .2 5 5 .0
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
An ARP Request from 172.30.1.21 for 172.30.1.23 will still
be seen by all hosts on the switch. The switch is a layer 2
device and will flood broadcast traffic out all ports, except
the incoming port.
1 7 2 .3 0 .1 .1
1 7 2 .3 0 .2 .1 s e c
R o u te r 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
Introducing VLANs
 VLANs create separate broadcast domains
 Routers are needed to pass information
between different VLANs
 VLANs are not necessary to have separate
subnets on a switched network, but as we
will see they give us more advantages
when it comes to things like data link (layer
2) broadcasts.
VLAN Definition
 A logical subgroup within a local area network that is created via
software rather than manually moving cables in the wiring closet. It
combines user stations and network devices into a single unit
regardless of the physical LAN segment they are attached to and allows
traffic to flow more efficiently within populations of mutual interest.
 VLANs are implemented in port switching hubs and LAN switches and
generally offer proprietary solutions. VLANs reduce the time it takes to
implement moves, adds and changes.
 VLANs function at layer 2. Since their purpose is to isolate traffic within

the VLAN, in order to bridge from one VLAN to another, a router is
required. The router works at the higher layer 3 network protocol, which
requires that network layer segments are identified and coordinated with
the VLANs. This is a complicated job, and VLANs tend to break down
as networks expand and more routers are encountered.
Layer 2 broadcast control:
An ARP Request from 172.30.1.21 for 172.30.1.23 will only
be seen by hosts on that VLAN. The switch will flood
broadcast traffic out only those ports belonging to that
particular VLAN, in this case VLAN 1.
ARP Request
Switch Port: VLAN ID
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1
Tw o VLANs
Port-centric VLAN Switches
Remember, as the Network Administrator, it is your job
to assign switch ports to the proper VLAN. This
assignment is only done at the switch and not at the
host. Note: The following diagrams show the VLAN
below the host, but it is actually assigned within the
switch.
123456. Port
121221. VLAN
Catalyst 1900 - VLAN Membership Configuration
Port VLAN Membership Type
-----------------------------
1 1 Static
2 2 Static
3 1 Static
4 2 Static
5 2 Static
6 1 Static
7 1 Static
8 1 Static
9 1 Static
10 1 Static
11 1 Static
12 2 Static
AUI 1 Static
A 1 Static
B 1 Static
[M] Membership type [V] VLAN assignment
[R] Reconfirm dynamic membership [X] Exit to previous menu
Enter Selection:
Layer 2 broadcast control:
Without VLANs, the ARP Request would be seen by all
hosts. Again, consuming unnecessary network bandwidth
and host processing cycles.
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
No VLANs
 S a m e a s a s in g le V L A N
With VLANs:
Data will only travel within the VLAN. Remember that
switches are Layer 2 devices and they can only pass traffic
within the VLAN.
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1
Tw o VLANs
123456. Port
121221. VLAN
With VLANs:
A switch cannot route data between different VLANs.
Example: Data from 172.30.1.21 to 172.30.2.12
X Switch Port: VLAN ID
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1
Tw o VLANs
Gotcha’s
1. Remember that VLAN IDs (numbers) are
assigned to the switch port and not to the
host. (Port-centric VLAN switches)
2. Be sure to have all of the hosts on the same
subnet belong to the same VLAN, or you will
have problems.
Hosts on subnet 172.30.1.0/24 - VLAN 1
Hosts on subnet 172.30.2.0/24 - VLAN 2
etc.
Routing and VLANs
 In the previous example data could travel
within the VLAN, but not between VLANs.
 Just like subnets, a router is needed to
route information between different
VLANs.
 The advantage is the switch propagates
broadcast traffic only within the VLAN.
Data between VLANs is routed through the router. Data
from 172.30.1.21 to 172.30.2.12
1 7 2 .3 0 .1 .1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 1 R o u te r VLAN 2
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
VL ANs 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1
 C o m m u n ic a t io n b e tw e e n V L A N s
 N O T E : V L A N s a s s ig n e d o n ly to th e
p o rts
Gotcha’s
1. Remember to have the proper default gateway set
for each host.
2. The router must still route between subnets, so you
must include:
3. The switch ports to the router must have the
corresponding VLAN ID to that subnet.
Switch port to 172.30.1.1 must be on VLAN 1
(VLAN ID not set at router.)
1 7 2 .3 0 .1 .1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
(V L A N 1 ) R o u te r (V L A N 2 )
123456. Port
121221. VLAN
So, what’s the difference?
 One of the main differences between
subnets with VLANs and subnets without
VLANs on switched networks, is that
VLANs offer layer 2 broadcast control.
Here is an ARP Request example without VLANs.
1 7 2 .3 0 .1 .1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te r
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
 C o m m u n ic a tio n b e tw e e n s u b n e ts
Here is an ARP Request example with VLANs. Notice that
the broadcast is isolated only to the VLAN that it came
from, in this case VLAN 1.
1 7 2 .3 0 .1 .1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 1 R o u te r VLAN 2
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
VL ANs 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1
 C o m m u n ic a t io n b e tw e e n V L A N s
 N O T E : V L A N s a s s ig n e d o n ly to th e
p o rts
 Can I use the Router-on-a-stick method
with multiple VLANs?
 Can you remind me what Router-on-a-
stick is?
What is Router-on-a-stick?
When a single interface is used to route between subnets or
networks, this is know as a router-on-a-stick. To assign multiple
ip addresses to the same interface, secondary addresses or
subinterfaces are used.
interface e 0 1 7 2 .3 0 .1 .1
ip address 172.30.1.1 255.255.255.0 1 7 2 .3 0 .2 .1 s e c
ip address 172.30.2.1 255.255.255.0 secondary R o u te r 2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
R o u te d N e tw o rk s 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
With Router-on-a-stick, ISL or 802.1Q trunking is needed.
We will talk about tagging and trunking in the next section.
1 7 2 .3 0 .1 .1
1 7 2 .3 0 .2 .1 s e c o n d a ry
2 5 5 .2 5 5 .2 5 5 .0
R o u te r T r u n k in g IS L o r 8 0 2 .1 Q
T r u n k in g IS L o r 8 0 2 .1 Q
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VL ANs VLAN 2 VLAN 1
 C o m m u n ic a t io n b e tw e e n V L A N s u s in g tr u n k in g
 N O T E : V L A N s a s s ig n e d o n ly to th e p o r ts
.
VLAN introduction
 VLANs provide segmentation based on broadcast domains.

 VLANs logically segment switched networks based on the functions,
project teams, or applications of the organization regardless of the
physical location or connections to the network.
 All workstations and servers used by a particular workgroup share
the same VLAN, regardless of the physical connection or location.
.
VLAN introduction
 VLANs are created to provide segmentation services traditionally

provided by physical routers in LAN configurations.
 VLANs address scalability, security, and network management. Routers in
VLAN topologies provide broadcast filtering, security, and traffic flow
management.
 Switches may not bridge any traffic between VLANs, as this would violate
the integrity of the VLAN broadcast domain.
 Traffic should only be routed between VLANs.
. Broadcast domains with VLANs and
routers
 A VLAN is a broadcast domain created by one or more switches.

 The network design above creates three separate broadcast domains.
Broadcast domains with VLANs and
routers
10.0.0.0/8 2) With or 10.1.0.0/16
1) Without
VLANs without
VLANs
10.2.0.0/16
10.3.0.0/16
 1) No VLANs, or in other words, One One link per VLAN or a single VLAN
VLAN. Single IP network. Trunk (later) 10.1.0.0/16
 2) With or without VLANs. However this 1) With
can be and example of no VLANS. In VLANs
both examples, each group (switch) is on 10.2.0.0/16
a different IP network.
 3) Using VLANs. Switch is configured
with the ports on the appropriate VLAN. 10.3.0.0/16
 What are the broadcast domains in each?
Tagging and Trunking
Non-tagging Switches
 Lets first see how multiple VLANs are

interconnected using switches that do
not have the tagging capability.
Non-tagging Switches
For each VLAN, there must be a link between the two
switches. One link per VLAN. Be sure the switch ports
on the switches are configured for the proper VLAN.
Port 1 = VLAN 1 & Port 2 = VLAN 2 100BaseT Ports
Moe
1 2
VLAN 1: Port 1 on switch Moe is connected to Port 1
on Switch Larry.
VLAN 2: Port 2 on switch Moe is connected to Port 2
on Switch Larry.
1 2
Larry
Port 1 = VLAN 1 & Port 2 = VLAN 2 100BaseT Ports
Advantages
 Each VLAN gets its own dedicated link
with its own bandwidth.
Disadvantages
 This requires a separate link for each
VLAN. There may not be enough ports
on the switch to accommodate a lot of
different VLANs.
Introducing Tagging and Trunking
Some quick terminology
 Channel - multiple links that carry a
single VLAN (I.e. Fast-Etherchannel)
 Trunk - one link that carries multiple
VLANs
 Tagging - used to Identify which VLAN
a frame belongs to
Reminder: Switches and Routers
 It is important to remember that hosts
on different switches, can communicate
with hosts which belong to their same
subnet, without VLANs.
 It is also important to remember that if
hosts on different subnets wish to
communicate, then that traffic must be
routed via a router.
VLANs and Switches
 However, if you put those hosts that are
on different subnets, into different
VLANs, then the switches will need to
communicate the VLAN IDs.
 Again, this can be done without VLANs,
but as we saw one of the benefits to
VLANs is layer 2 broadcast control.
 Trunking (or tagging) is needed
between switches, or a switch and a
router, to pass traffic for multiple
VLANs, if a single link is used.
 Your switches must have ports that can
do this trunking or tagging.
Advantages:
 A single port on a switch or router can be
used to send and receive traffic for
multiple VLANs.
Disadvantages:
 This can put a lot of traffic on a single
link, so be sure the link has enough
bandwidth to handle it.
 This also requires the switch and/or
router ports that are used for tagging to
be capable of doing the tagging/trunking.
Tagging needed between the switches. Note, that there is
no router here, so there is no communications between the
VLANs. Here is an example of 172.30.1.20 sending
information to 172.30.1.25
1 7 2 .3 0 .1 .2 0 1 7 2 .3 0 .2 .3 0 1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 1 VLAN 2 VLAN 1
P o rt A T ru n k P o rt A
< - T a g g in g - >
S w itc h 1 IS L o r 8 0 2 .1 Q S w itc h 2
1 7 2 .3 0 .2 .3 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .3 1 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .2 .3 5
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 1 VLAN 2 VLAN 1 VLAN 2
VLAN Network - Inter-switch VLANs
 Two separate Broadcast Domains (VLAN 1 and
VLAN 2)
 Communications over the trunk links (i.e. between
switches) uses Tagging
 802.1q
 ISL (Inter-Switch Link) - Cisco
 802.10 - FDDI
 ATM LANE
 Tagging needed between the switches
 No communications between the VLANs, because
there is not a router
 NOTE: VLAN ID is on the switches not on the
hosts.
Catalyst 1900 - VLAN Membership Configuration
Port VLAN Membership Type
-----------------------------
1 1 Static
2 2 Static
3 1 Static
4 2 Static NOTE: This is just an example
5 2 Static of a switch configuration menu
6 1 Static and does not show represent the
7 1 Static configuration of the previous
8 1 Static
9 1 Static
example.
10 1 Static
11 1 Static
12 2 Static
AUI 1 Static
A 1 Static
B 1 Static
[M] Membership type [V] VLAN assignment
[R] Reconfirm dynamic membership [X] Exit to previous menu
Enter Selection:
The router is now connected, so we can see how to
communicate between the VLANs. Because we are using
Router-on-a-stick, the router will also need to be configured
to include the ISL or 802.1Q tagging.
1 7 2 .3 0 .1 .1
1 7 2 .3 0 .2 .1 s e c o n d a ry
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 0 1 7 2 .3 0 .2 .3 0 1 7 2 .3 0 .1 .2 1 R o u te r
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 T a g g in g
VLAN 1 VLAN 2 VLAN 1 IS L o r 8 0 2 .1 Q
< - T a g g in g - >
1 7 2 .3 0 .2 .3 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .3 1 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .2 .3 5
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
Same Gotcha’s
1. Remember to have the proper default gateway set
for each host.
2. The router must still route between subnets, so you
must include:
3. The switch ports to the router must have the
corresponding VLAN ID to that subnet.
New Gotcha’s
4. Ports interconnecting switches must be capable of
doing VLAN trunking, with either ISL or 802.1Q.
5. If you are using Router-on-a-stick, then the switch port
and the router interface must be capable and configured
to do trunking/tagging with either ISL or 802.1Q.
6. Remember, all traffic between different VLANs must be
routed via the router.
Question
 What if the router is not capable of doing the tagging or
trunking? How can we use the router to switch between
VLANs?
That’s right! You use two interfaces on the router instead of
one. One for each VLAN. On the switch you will not need
to use trunk ports for the router. No ISL or 802.1Q tagging is
needed.
E th e rn e t 0
1 7 2 .3 0 .1 .1
2 5 5 .2 5 5 .2 5 5 .0
E th e rn e t 1
1 7 2 .3 0 .1 .2 0 1 7 2 .3 0 .2 .3 0 1 7 2 .3 0 .1 .2 1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te r 2 5 5 .2 5 5 .2 5 5 .0
N o ta g g in g
< - T a g g in g - >
1 7 2 .3 0 .2 .3 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .3 1 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .2 .3 5
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
 Would you like to see how the router is
configured, with and without trunking?
Well, we will do it anyways. :-)
Instead of using secondary addresses, we

will use something more current, know
as subinterfaces.
 This allows you to configure multiple
interfaces on a single physical interface.
 Cisco has said that secondary
addresses will eventually not be a part
of future IOS releases.
Router-on-a-stick, the router will also need to be configured
to include the ISL or 802.1Q tagging. Secondary or
subinterfaces can be used.
1 7 2 .3 0 .1 .1
1 7 2 .3 0 .2 .1 s e c o n d a ry
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .1 .2 0 1 7 2 .3 0 .2 .3 0 1 7 2 .3 0 .1 .2 1 R o u te r
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 T a g g in g
VLAN 1 VLAN 2 VLAN 1 IS L o r 8 0 2 .1 Q
< - T a g g in g - >
1 7 2 .3 0 .2 .3 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .3 1 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .2 .3 5
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
Using multiple Ethernet interfaces. On the switch you will
not need to use trunk ports for the router. No ISL or 802.1Q
tagging is needed. Each switch port is on a separate VLAN.
E th e rn e t 0
1 7 2 .3 0 .1 .1
2 5 5 .2 5 5 .2 5 5 .0
E th e rn e t 1
1 7 2 .3 0 .1 .2 0 1 7 2 .3 0 .2 .3 0 1 7 2 .3 0 .1 .2 1 1 7 2 .3 0 .2 .1
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
R o u te r 2 5 5 .2 5 5 .2 5 5 .0
N o ta g g in g
< - T a g g in g - >
1 7 2 .3 0 .2 .3 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .1 .2 2 1 7 2 .3 0 .2 .3 1 1 7 2 .3 0 .1 .2 5 1 7 2 .3 0 .2 .3 5
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
Fast Etherchannel
Fast Etherchannel
Allows two or four contiguous 100 Mbps ports to

operate as a single link, giving twice the
throughput. (command: port-channel mode on)
10BaseT Ports (12) 100BaseT Ports
Moe
A B
Two 100BaseT Full-duplex ports:
2 x (100 x 2) = 400 Mbps throughput
10BaseT Ports (12)

A B
Larry
100BaseT Ports
 Fast Etherchannel is a Cisco proprietary
feature, although other vendors have a
similar solution.
 Fast Etherchannel allows some Cisco
switches to use either two or four 100
Mbps ports as a single, virtual port.
 To the switch the multiple links will look
like one, single, higher-bandwidth
connection, combining the bandwidth of
the two or four links between the two
switches.
NetFlow Switching
 NetFlow Switching provides network layer
switching to campus switches at high
forwarding rates.
 The first packet of the “flow” is routed via
the router.
 When a flow is detected, NetFlow switching
establishes a cut-through path for all
remaining packets in the flow.
 These can be switched by the switch and
not routed by the router.
.
VLAN operation
 Each switch port can be assigned to a different VLAN.

 Ports assigned to the same VLAN share broadcasts.
 Ports that do not belong to that VLAN do not share these broadcasts.
.
VLAN operation
 Static membership VLANs are called port-based and port-centric

membership VLANs.
 As a device enters the network, it automatically assumes the VLAN
membership of the port to which it is attached.
 “The default VLAN for every port in the switch is the management VLAN.
The management VLAN is always VLAN 1 and may not be deleted.”
 This statement does not give the whole story. We will examine
Management, Default and other VLANs at the end.
 All other ports on the switch may be reassigned to alternate VLANs.
 More on VLAN 1 later.
.
VLAN S w itc h 1
operation 1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
123456. Port VLAN 2 VLAN 1
121221. VLAN
Tw o VLANs
Important notes on VLANs:
1. VLANs are assigned on the switch port. There is no “VLAN”
assignment done on the host (usually).
2. In order for a host to be a part of that VLAN, it must be
assigned an IP address that belongs to the proper subnet.
Remember: VLAN = Subnet
.
VLAN operation
 Dynamic membership VLANs are created through network

management software. (Not as common as static VLANs)
 CiscoWorks 2000 or CiscoWorks for Switched Internetworks is used to
create Dynamic VLANs.
 Dynamic VLANs allow for membership based on the MAC address of the
device connected to the switch port.
 As a device enters the network, it queries a database within the switch for a
VLAN membership.
Benefits of VLANs
If a hub is connected to VLAN port on
a switch, all devices on that hub must
belong to the same VLAN.
 The key benefit of VLANs is that they permit the network administrator to
organize the LAN logically instead of physically.
 Note: Can be done without VLANs, but VLANs limit the broadcast domains
 This means that an administrator is able to do all of the following:
 Easily move workstations on the LAN.
 Easily add workstations to the LAN.
 Easily change the LAN configuration.
 Easily control network traffic.
 Improve security.
Without VLANs – No Broadcast Control
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
No VLANs
 S a m e a s a s in g le V L A N
• Without VLANs, the ARP Request would be seen by all hosts.

• Again, consuming unnecessary network bandwidth and host processing
cycles.
With VLANs – Broadcast Control
ARP Request
1 7 2 .3 0 .1 .2 1
S w itc h 1
1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0
2 5 5 .2 5 5 .2 5 5 .0
VLAN 1
VLAN 2
1 7 2 .3 0 .2 .1 0 1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0 2 5 5 .2 5 5 .2 5 5 .0
VLAN 2 VLAN 1 123456. Port
121221. VLAN
Tw o VLANs
VLAN Types
.
MAC address Based VLANs
 Rarely implemented.
.
Two Types of VLANs

 End-to-End or Campus-wide VLANs
 Geographic or Local VLANs
.
End-to-End or Campus-wide VLANs

.
Geographic or Local VLANs

.
 End-to-End or Campus-wide VLANs

 Same VLAN/Subnet no matter what the location is on the network
 Trunking at the Core
 Usually not recommended by Cisco or other Vendors
 Adds complexity to network administration
 Does not resolve Layer 2 Spanning Tree issues
 Use to be recommended with routing at the Core was considered to slow.
.
 The core layer router is being used to route between subnets (VLANs).
 The network is engineered, based on traffic flow patterns, to have 80
percent of the traffic contained within a VLAN.
 The remaining 20 percent crosses the router to the enterprise servers and to
the Internet and WAN.
 Note: This is known as the 80/20 rule. With today’s traffic patterns, this
rule is becoming obsolete.
.
 Geographic or Local VLANs

 More common
 Routing at the core
 Different VLAN/Subnet depending upon location
 As many corporate networks have moved to centralize their resources, end-to-

end VLANs have become more difficult to maintain.
 Users are required to use many different resources, many of which are no
longer in their VLAN.
 Because of this shift in placement and usage of resources, VLANs are now
more frequently being created around geographic boundaries rather than
commonality boundaries.
.
 This geographic location can be as large as an entire building or as small as a

single switch inside a wiring closet.
 In a VLAN structure, it is typical to find the new 20/80 rule in effect. 80
percent of the traffic is remote to the user and 20 percent of the traffic is
local to the user.
 Although this topology means that the user must cross a Layer 3 device in order
to reach 80 percent of the resources, this design allows the network to provide
for a deterministic, consistent method of accessing resources.

Virtual LAN

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Virtual LAN

Uploaded by

Copyright:

Available Formats

Virtual LAN

This is fine for small workgroups, but does not

What if the computers were on two different subnets?

 Same issues as before, with more of an impact

 Switches are Layer 2 devices

 Switches are Layer 2 devices

2. The router must still route between subnets, so

 VLANs function at layer 2. Since their purpose is to isolate traffic within

X Switch Port: VLAN ID

 VLANs provide segmentation based on broadcast domains.

 VLANs are created to provide segmentation services traditionally

 A VLAN is a broadcast domain created by one or more switches.

 Lets first see how multiple VLANs are

Instead of using secondary addresses, we

Allows two or four contiguous 100 Mbps ports to

10BaseT Ports (12)

 Each switch port can be assigned to a different VLAN.

 Static membership VLANs are called port-based and port-centric

 Dynamic membership VLANs are created through network

• Without VLANs, the ARP Request would be seen by all hosts.

MAC address Based VLANs

Two Types of VLANs

End-to-End or Campus-wide VLANs

Geographic or Local VLANs

End-to-End or Campus-wide VLANs

 End-to-End or Campus-wide VLANs

End-to-End or Campus-wide VLANs

Geographic or Local VLANs

 Geographic or Local VLANs

 As many corporate networks have moved to centralize their resources, end-to-

Geographic or Local VLANs

 This geographic location can be as large as an entire building or as small as a

You might also like