Wednesday, September 1, 2010

Virtual LANs

Chapter 08 (Virtual LANs)

Overview
An important feature of Ethernet switching is the ability to create virtual LANs (VLANs). A VLAN is a logical group of network stations and devices. VLANs can be grouped by job functions or departments, regardless of physical location of users. Traffic between VLANs is restricted. Switches and bridges forward unicast, multicast, and broadcast traffic only on LAN segments that serve the VLAN to which the traffic belongs. In other words, devices on a VLAN only communicate with devices that are on the same VLAN. Routers provide connectivity between different VLANs.
VLANs increase overall network performance by logically grouping users and resources together. Businesses often use VLANs as a way of ensuring that a particular set of users are logically grouped regardless of the physical location. Organizations use VLANs to group users in the same department together. For example, users in the Marketing department are placed in the Marketing VLAN, while users in the Engineering Department are placed in the Engineering VLAN.
VLANs can enhance scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.
Properly designed and configured VLANs are powerful tools for network administrators. VLANs simplify tasks when additions, moves, and changes to a network are necessary. VLANs improve network security and help control Layer 3 broadcasts. However, improperly configured VLANs can make a network function poorly or not function at all. Proper VLAN configuration and implementation is critical to the network design process.
Cisco is taking a positive approach toward vendor interoperability, but LANs can consist of intermixed network topologies and device configurations. Each vendor develops its own proprietary VLAN product and may not be entirely compatible with other VLAN products due to differences in VLAN services.


This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.




Students who complete this module should be able to perform the following tasks:
• Define VLANs
• List the benefits of VLANs
• Explain how VLANs are used to create broadcast domains
• Explain how routers are used for communication between VLANs
• List the common VLAN types
• Define ISL and 802.1Q
• Explain the concept of geographic VLANs
• Configure static VLANs on Catalyst 2900 series switches
• Verify and save VLAN configurations
• Delete VLANs from a switch configuration
8.1 VLAN Concepts
8.1.1 VLAN introduction
This page will explain what a VLAN is and how it works.
A VLAN is a logical group of network stations, services, and devices that is not restricted to a physical LAN segment.


VLANs facilitate easy administration of logical groups of stations and servers that can communicate as if they were on the same physical LAN segment. They also facilitate easier administration of moves, adds, and changes in members of these groups.
VLANs logically segment switched networks based on job functions, departments, or project teams, regardless of the physical location of users or physical connections to the network. All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.


Configuration or reconfiguration of VLANs is done through software. Therefore, VLAN configuration does not require network equipment to be physically moved or connected.


A workstation in a VLAN group is restricted to communicating with file servers in the same VLAN group. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are assigned to the same VLAN. VLANs consist of hosts or network equipment connected by a single bridging domain. The bridging domain is supported on different network equipment. LAN switches operate bridging protocols with a separate bridge group for each VLAN.
VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. Switches do not bridge traffic between VLANs, as this violates the integrity of the VLAN broadcast domain. Traffic should only be routed between VLANs.
The next page will discuss broadcast domains.
8.1.2 Broadcast domains with VLANs and routers
This page will explain how packets are routed between different broadcast domains.



A VLAN is a broadcast domain created by one or more switches. The network design in Figures and requires three separate broadcast domains.
Figure shows how three separate switches are used to create three separate broadcast domains. Layer 3 routing allows the router to send packets to the three different broadcast domains.
In Figure , a VLAN is created with one router and one switch. Three separate broadcast domains exist. The router routes traffic between the VLANs using Layer 3 routing. The switch in Figure , forwards frames to the router interfaces if certain circumstances exist:
• If it is a broadcast frame
• If it is en route to one of the MAC addresses on the router


If Workstation 1 on the Engineering VLAN wants to send frames to Workstation 2 on the Sales VLAN, the frames are sent to the Fa0/0 MAC address of the router. Routing occurs through the IP address on the Fa0/0 router interface for the Engineering VLAN.


If Workstation 1 on the Engineering VLAN wants to send a frame to Workstation 2 on the same VLAN, the destination MAC address of the frame is that of Workstation 2.

VLAN implementation on a switch causes certain actions to occur:
• The switch maintains a separate bridging table for each VLAN.
• If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1.
• When the frame is received, the switch adds the source address to the bridging table if it is currently unknown.
• The destination is checked so a forwarding decision can be made.
• For learning and forwarding, the search is made against the address table for that VLAN only.
The next page will discuss different types of VLANs.
8.1.3 VLAN operation
This page will explain the features of different types of VLANs.
A VLAN comprises a switched network that is logically segmented. Each switch port can be assigned to a VLAN. Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts. This improves network performance because unnecessary broadcasts are reduced.
Static membership VLANs are called port-based and port-centric membership VLANs. As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached.



Users attached to the same shared segment, share the bandwidth of that segment. Each additional user attached to the shared medium means less bandwidth and deterioration of network performance. VLANs offer more bandwidth to users than a hub-based Ethernet shared network. The default VLAN for every port in the switch is the management VLAN. The management VLAN is always VLAN 1 and may not be deleted. At least one port must be assigned to VLAN 1 in order to manage the switch. All other ports on the switch may be reassigned to alternate VLANs.
Dynamic membership VLANs are created through network management software. CiscoWorks 2000 or CiscoWorks for Switched Internetworks is used to create Dynamic VLANs. Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, the switch that it is connected to queries a database on the VLAN Configuration Server for VLAN membership.



In port-based or port-centric VLAN membership, the port is assigned to a specific VLAN membership independent of the user or system attached to the port. When using this membership method, all users of the same port must be in the same VLAN. A single user, or multiple users, can be attached to a port and never realize that a VLAN exists. This approach is easy to manage because no complex lookup tables are required for VLAN segmentation.


Network administrators are responsible for configuring VLANs both statically and dynamically.


Bridges filter traffic that does not need to go to segments other than the destination segment. If a frame needs to cross a bridge and the destination MAC address is known, the bridge only forwards the frame to the correct bridge port. If the MAC address is unknown, it floods the frame to all ports in the broadcast domain, or VLAN, except the source port where the frame was received. Switches are considered multiport bridges.




The Interactive Media Activity will help students understand how packets travel between VLANs.
The next page will list the benefits of VLANs.
8.1.4 Benefits of VLANs
This page will discuss the administrative benefits of VLANs.
VLANs allow network administrators to organize LANs logically instead of physically. This is a key benefit. This allows network administrators to perform several tasks:
• Easily move workstations on the LAN
• Easily add workstations to the LAN
• Easily change the LAN configuration
• Easily control network traffic
• Improve security


The next page will describe three basic VLAN types.
8.1.5 VLAN types
This page will describe three basic VLAN types that are used to determine and control VLAN membership assignments: -
• Port-based VLANs
• MAC address based VLANs
• Protocol-based VLANs
The number of VLANs in a switch vary based on several factors:
• Traffic patterns
• Types of applications
• Network management needs
• Group commonality
The IP addressing scheme is another important consideration in defining the number of VLANs in a switch. For example, a network that uses a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet. Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch.





There are two major methods of frame tagging, Inter-Switch Link (ISL) and 802.1Q. ISL is a Cisco proprietary protocol and used to be the most common, but is now being replaced by the IEEE 802.1Q standard frame tagging.









As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address. Upon reaching the destination node the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device. Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications. LAN emulation (LANE) is a way to make an Asynchronous Transfer Mode (ATM) network simulate an Ethernet network. There is no tagging in LANE, but the virtual connection used implies a VLAN ID.


This page concludes this lesson. The next lesson will discuss VLAN configuration. The first page provides an overview of VLAN networks.
8.2 VLAN Configuration
8.2.1 VLAN basics
This page will provide basic information about VLANs and describe the features of an end-to-end VLAN network.
In a switched environment, a workstation only receives traffic addressed to it. Because switches filter network traffic, workstations in a switched environment send and receive data at full, dedicated bandwidth. Unlike a shared-hub system where only one station can transmit at a time, a switched network allows many concurrent transmissions within a broadcast domain. This process does not directly affect other stations inside or outside a broadcast domain. Figure illustrates that communication between pairs A/B, C/D and E/F does not affect the other station pairs.



Each VLAN must have a unique Layer 3 network or subnet address assigned to it. This enables routers to switch packets between VLANs.
VLANs can exist either as end-to-end networks or they can exist inside of geographic boundaries.
An end-to-end VLAN network has several characteristics:
• VLAN membership for users is based on department or job function, regardless of where the users are located.
• All users in a VLAN should have the same 80/20 traffic flow patterns.
• VLAN membership for users should not change when they relocate within the campus.
• Each VLAN has a common set of security requirements for all members.
Switch ports are provisioned for each user at the access layer. Each color represents a subnet. Because users relocate, each switch can eventually become a member of all VLANs. Frame tagging is used to carry information from multiple VLANs between access layer switches and distribution layer switches.


ISL is a Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers. IEEE 802.1Q is an open-standard (IEEE) VLAN tagging mechanism in switching installations. Catalyst 2950 switches do not support ISL trunking.
Workgroup servers operate in a client/server model. For this reason, users are assigned to the same VLAN as the server they use to maximize the performance of Layer 2 switching and keep traffic localized.
In Figure , a core layer router is used to route between subnets. The network is engineered, based on traffic flow patterns, to have 80 percent of the traffic contained within a VLAN. The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN.
The next page will discuss geographic VLANs.
8.2.2 Geographic VLANs
This page will explain why geographic VLANs have become more common than end-to-end VLANs.
End-to-end VLANs allow devices to be grouped based upon resource usage. This includes such parameters as server usage, project teams, and departments. The goal of end-to-end VLANs is to maintain 80 percent of the traffic on the local VLAN.
As corporate networks move to centralize their resources, end-to-end VLANs become more difficult to maintain. Users are required to use many different resources, many of which are no longer in their VLAN. This shift in placement and usage of resources require VLANs to be created around geographic boundaries rather than commonality boundaries.


This geographic location can be as large as an entire building or as small as a single switch inside a wiring closet. In a geographic VLAN structure, it is typical to find the new 20/80 rule in effect. That means that 20 percent of the traffic remains within the local VLAN and 80 percent of the network traffic travels outside the local VLAN. Although this topology means that 80 percent of the services from resources must travel through a Layer 3 device, this design allows networks to provide a deterministic and consistent method to access resources.
The next page will explain how static VLANs are configured.
8.2.3 Configuring static VLANs
This page will describe the type of network in which a static VLAN can be configured. Students will also learn how to configure a VLAN.
Static VLANs are ports on a switch that are manually assigned to a VLAN. This can be accomplished with a VLAN management application or configured directly into the switch through the CLI. These ports maintain their assigned VLAN configuration until they are changed manually. This type of VLAN works well in networks with specific requirements:
• All moves are controlled and managed.
• There is robust VLAN management software to configure the ports.
• The additional overhead required to maintain end-station MAC addresses and custom filtering tables is not acceptable.


Dynamic VLANs do not rely on ports assigned to a specific VLAN.
To configure VLANs on Cisco 2900 series switches, specific guidelines must be observed:
• The maximum number of VLANs is switch dependent.
• One of the factory-default VLANs is VLAN 1.
• The default Ethernet VLAN is VLAN 1.
• Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) advertisements are sent on VLAN 1 (VTP will be discussed in Module 9).
• The IP address of the switch is in the VLAN 1 broadcast domain by default.
• The switch must be in VTP server mode to create, add, or delete VLANs.
The creation of a VLAN on a switch is a very straightforward and simple task. If an IOS command-based switch is used, the command vlan database can be used in the Privileged EXEC mode to enter into VLAN configuration mode. A VLAN name may also be configured, if necessary:
Switch#vlan database
Switch(vlan)#vlan vlan_number
Switch(vlan)#exit
Upon exiting, the VLAN is applied to the switch. The next step is to assign the VLAN to one or more interfaces:
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan vlan_number
In the Lab Activities, students will create VLANs and verify a basic switch configuration.
The next page will explain how a VLAN configuration can be verified.
8.2.4 Verifying VLAN configuration
This page will explain how to verify VLAN configurations.
The commands show vlan, show vlan brief, or show vlan id id_number can be used to verify VLAN configurations.
The following facts apply to VLANs:
• A created VLAN remains unused until it is mapped to switch ports.
• All Ethernet ports are assigned to VLAN 1 by default.
Figure shows a list of applicable commands.


Figure shows the steps necessary to assign a new VLAN to a port on the Sydney switch.
Figures and list the output of the show vlan and show vlan brief commands.
The Lab Activities will allow students to create and verify a basic switch configuration with two VLANs.











The next page will explain how a switch configuration is saved.
8.2.5 Saving VLAN configuration
This page will teach students how to create a text file of a VLAN configuration and use it for backup.
It is useful to keep a copy of the VLAN configuration as a text file, especially when backups or audits need to be performed.
The switch configuration settings can be backed up to a TFTP server with the copy running-config tftp command. The HyperTerminal text capture feature along with the commands show running-config and show vlan can be used to capture configurations settings.









8.2.6 Deleting VLANs
This page will teach students how to remove a VLAN from a Cisco IOS command based switch interface. This process is similar to the procedure that is used to remove a command from a router.


In Figure , FastEthernet 0/9 was assigned to VLAN 300 with the command switchport access vlan 300. To remove this VLAN from the interface, simply use the no form of the command.



The command below is used to remove a VLAN from a switch:
Switch#vlan database
Switch(vlan)#no vlan 300
When a VLAN is deleted, all ports assigned to that VLAN become inactive. The ports will, however, remain associated with the deleted VLAN until assigned to a new VLAN.



The Lab Activities will show students how to delete VLAN configurations.
This page concludes this lesson. The next lesson will teach students how to troubleshoot VLANs. The first page provides a lesson overview.




8.3 Troubleshooting VLANs
8.3.1 Overview
This page will explain what students will learn from this lesson.
VLANs are now commonplace in campus networks. VLANs give network engineers flexibility in designing and implementing networks. VLANs also enable broadcast containment, security, and geographically disparate communities of interest. However, as with basic LAN switching, problems can occur when VLANs are implemented. This lesson will show some of the more common problems that can occur with VLANs, and it will provide several tools and techniques for troubleshooting.


Students completing this lesson should be able to:
• Utilize a systematic approach to VLAN troubleshooting
• Demonstrate the steps for general troubleshooting in switched networks
• Describe how spanning-tree problems can lead to broadcast storms
• Use show and debug commands to troubleshoot VLANs
The next page will describe the process that is used to troubleshoot VLANs.
8.3.2 VLAN troubleshooting process
This page will help students develop a systematic approach that can be used to troubleshoot switch related problems.
It is important to develop a systematic approach for troubleshooting switch related problems. The following steps can assist in isolating a problem on a switched network:
1. Check the physical indications, such as LED status.
2. Start with a single configuration on a switch and work outward.
3. Check the Layer 1 link.
4. Check the Layer 2 link.
5. Troubleshoot VLANs that span several switches.


When troubleshooting, check to see if the problem is a recurring one rather than an isolated fault. Some recurring problems are due to growth in demand for services by workstation ports outpacing the configuration, trunking, or capacity to access server resources. For example, the use of Web technologies and traditional applications, such as file transfer and e-mail, is causing network traffic growth that enterprise networks must handle.
Many campus LANs face unpredictable network traffic patterns that result from the combination of intranet traffic, fewer centralized campus server locations, and the increasing use of multicast applications. The old 80/20 rule, which stated that only 20 percent of network traffic went over the backbone, is obsolete. Internal Web browsing now enables users to locate and access information anywhere on the corporate intranet. Traffic patterns are dictated by where the servers are located and not by the physical workgroup configurations with which they happen to be grouped.
If a network frequently experiences bottleneck symptoms, like excessive overflows, dropped frames, and retransmissions, there may be too many ports riding on a single trunk or too many requests for global resources and access to intranet servers.
Bottleneck symptoms may also occur because a majority of the traffic is being forced to traverse the backbone. Another cause may be that any-to-any access is common, as users draw upon corporate Web-based resources and multimedia applications. In this case, it may be necessary to consider increasing the network resources to meet the growing demand.
The next page will discuss broadcast storms.





8.3.3 Preventing broadcast storms
This page will teach students how to prevent broadcast storms.
A broadcast storm occurs when a large number of broadcast packets are received on a port. Forwarding these packets can cause the network to slow down or to time out. Storm control is configured for the switch as a whole, but operates on a per-port basis. Storm control is disabled by default.
Prevention of broadcast storms by setting threshold values to high or low discards excessive broadcast, multicast, or unicast MAC traffic. In addition, configuration of values for rising thresholds on a switch will shut the port down.


STP problems include broadcast storms, loops, dropped BPDUs and packets. The function of STP is to ensure that no logic loops occur in a network by designating a root bridge. The root bridge is the central point of a spanning-tree configuration that controls how the protocol operates.
The location of the root bridge in the extended router and switch network is necessary for effective troubleshooting. The show commands on both the router and the switch can display root-bridge information. Configuration of root bridge timers set parameters for forwarding delay or maximum age for STP information. Manually configuring a device as a root bridge is another configuration option.
If the extended router and switch network encounters a period of instability, it helps to minimize the STP processes occurring between devices.
If it becomes necessary to reduce BPDU traffic, put the timers on the root bridge at their maximum values. Specifically, set the forward delay parameter to the maximum of 30 seconds, and set the max_age parameter to the maximum of 40 seconds.
A physical port on a router or switch may be part of more than one spanning tree if it is a trunk.



The Spanning-Tree Protocol (STP) is considered one of the most important Layer 2 protocols on the Catalyst switches. By preventing logical loops in a bridged network, STP allows Layer 2 redundancy without generating broadcast storms.


Minimize spanning-tree problems by actively developing a baseline study of the network.
The next page will discuss the show and debug commands.

8.3.4 Troubleshooting VLANs
This page will explain how the show and debug commands can be used to troubleshoot VLANs. Figure illustrates the most common problems found when troubleshooting VLANs.


To troubleshoot the operation of Fast Ethernet router connections to switches, it is necessary to make sure that the router interface configuration is complete and correct. Verify that an IP address is not configured on the Fast Ethernet interface. IP addresses are configured on each subinterface of a VLAN connection. Verify that the duplex configuration on the router matches that on the appropriate port/interface on the switch.
The show vlan command displays the VLAN information on the switch. Figure , displays the output from the show vlan command. The display shows the VLAN ID, name, status, and assigned ports.
The show vlan displays information about that VLAN on the router. The show vlan command followed by the VLAN number displays specific information about that VLAN on the router. Output from the command includes the VLAN ID, router subinterface, and protocol information.
The show spanning-tree command displays the spanning-tree topology known to the router. This command will show the STP settings used by the router for a spanning-tree bridge in the router and switch network.







The first part of the show spanning-tree output lists global spanning-tree configuration parameters, followed by those that are specific to given interfaces.
Bridge Group 1 is executing the IEEE compatible Spanning-Tree Protocol.
The following lines of output show the current operating parameters of the spanning tree:
Bridge Identifier has priority 32768, address 0008.e32e.e600 Configured hello time 2, Max age 20, forward delay 15
The following line of output shows that the router is the root of the spanning tree:
We are the root of the spanning tree.
Key information from the show spanning-tree command creates a map of the STP network.







The debug sw-vlan packets command displays general information about VLAN packets received but not configured to support the router. VLAN packets that the router is configured to route or switch are counted and indicated when using the show vlans command.
The next page will help students learn how to troubleshoot a VLAN.





8.3.5 VLAN troubleshooting scenarios
Network administrators can troubleshoot switched networks proficiently after the techniques are learned and are adapted to the company needs. Experience is the best way to improve these skills.
This page will describe three VLAN troubleshooting scenarios that refer to the most common problems.
Each of these scenarios contains an analysis of the problem to then solving the problem. Using appropriate specific commands and gathering meaningful information from the outputs, the progression of the troubleshooting process can be completed.
When having difficulty with a trunk connection between a switch and a router, be sure to consider the following possible causes:
Scenario 1: A trunk line cannot be established between a switch and a router

Figure illustrates this scenario:
1. Make sure that the port is connected and not receiving any physical-layer, alignment or frame-check-sequence (FCS) errors. This can be done with the show interfaces command on the switch.
2. Verify that the duplex and speed are set properly between the switch and the router. This can be done with the show interface status command on the switch or the show interfaces command on the router.
3. Configure the physical router interface with one subinterface for each VLAN that will route traffic. Verify this with the show interfaces IOS command. Also, make sure that each subinterface on the router has the proper encapsulation type, VLAN number, IP address, and subnet mask configured. This can be done with the show interfaces or show running-config IOS commands.
4. Confirm that the router is running an IOS release that supports trunking. This can be verified with the show version command.

Scenario 2: Dropped packets and loops
Figure illustrates this scenario:
Spanning-tree bridges use topology change notification Bridge Protocol Data Unit packets (BPDUs) to notify other bridges of a change in the spanning-tree topology of the network. The bridge with the lowest identifier in the network becomes the root. Bridges send these BPDUs any time a port makes a transition to or from a forwarding state, as long as there are other ports in the same bridge group. These BPDUs migrate toward the root bridge.








There can be only one root bridge per bridged network. An election process determines the root bridge. The root determines values for configuration messages, in the BPDUs, and then sets the timers for the other bridges. Other designated bridges determine the shortest path to the root bridge and are responsible for advertising BPDUs to other bridges through designated ports. A bridge should have ports in the blocking state if there is a physical loop.
Problems can arise for internetworks in which both IEEE and DEC spanning-tree algorithms are used by bridging nodes. These problems are caused by differences in the way the bridging nodes handle spanning tree BPDU packets, or hello packets, and in the way they handle data.
In this scenario, Switch A, Switch B, and Switch C are running the IEEE spanning-tree algorithm. Switch D is inadvertently configured to use the DEC spanning-tree algorithm.
Switch A claims to be the IEEE root and Switch D claims to be the DEC root. Switch B and Switch C propagate root information on all interfaces for IEEE spanning tree. However, Switch D drops IEEE spanning-tree information. Similarly, the other routers ignore Router D's claim to be root.
The result is that in none of the bridges believing there is a loop and when a broadcast packet is sent on the network, a broadcast storm results over the entire internetwork. This broadcast storm will include Switches X and Y, and beyond.
To resolve this problem, reconfigure Switch D for IEEE. Although a configuration change is necessary, it might not be sufficient to reestablish connectivity. There will be a reconvergence delay as devices exchange BPDUs and recompute a spanning tree for the network.
This page concludes this lesson. The next page will summarize the main points from this module.
Summary
This page summarizes the topics discussed in this module.


A VLAN is a group of network services not restricted to a physical segment or LAN switch. Configuration or reconfiguration of VLANs is done through software which makes it unnecessary to physically connect or move cables and equipment. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. Traffic should only be routed between VLANs. Switches may not bridge any traffic as this would violate the integrity of the VLAN broadcast domain.
The primary benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically. This includes the ability to move workstations on the LAN, add workstations to the LAN, change the LAN configuration, control network traffic, and improve security.
A VLAN is a broadcast domain created by one or more switches. VLANs are used to create broadcast domains in order to improve the overall performance of the network. Implementing VLANs on a switch causes the switch to maintain a separate bridging table for each VLAN. If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1. When the frame is received, the switch adds the source address to the bridging table if it is currently unknown. The switch then checks the destination so a forwarding decision can be made. For learning and forwarding the search is made against the address table for that VLAN only.
There are three basic VLAN memberships for determining and controlling how a packet gets assigned., They include port-based VLANs, MAC address based VLANs, and protocol based VLANs.
Inter-Switch Link (ISL) is a method of frame tagging that is quickly being replaced by being replaced by 802.1Q frame tagging. Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications.
Each VLAN must have a unique Layer 3 network address assigned. This enables routers to switch packets between VLANs. VLANs can exist either as end-to-end networks or they can exist inside of geographic boundaries.
An end-to-end VLAN network groups users into VLANs based on group or job function. All users in a VLAN should have the same 80/20 traffic flow patterns. VLAN membership does not change for a user as they physically move locations. Each VLAN has a common set of security requirements for all members.
Static VLANs are ports on a switch that are manually assigned to a VLAN by using a VLAN management application or by working directly within the switch. These ports maintain their assigned VLAN configuration until they are changed manually. Dynamic VLANs do not rely on ports assigned to a specific VLAN. Use the show vlan, show vlan brief, or show vlan idid_number commands to verify VLAN configuration.
A systematic approach is used for troubleshooting issues on a VLAN. To isolate a problem, check the physical indications, such as LED status. Start with a single configuration on a switch and work outward. Check the Layer 1 link then check the Layer 2 link. Troubleshoot VLANs that span several switches. Some recurring problems are due to growth in demand for services by workstation ports outpacing the configuration, trunking, or capacity to access server resources.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)