Scribd
Upload
6 views7 pages

Vlan

The document provides an overview of VLANs (Virtual Local Area Networks), detailing their definition, purpose, types, and configuration methods. It explains static and dynamic VLANs, native VLANs, VLAN tagging, and includes a practical Packet Tracer scenario for configuring VLANs on Cisco switches. The scenario demonstrates the setup of two VLANs for different departments and the verification of their configurations.

Uploaded by

dragonlinux42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views7 pages

Vlan

The document provides an overview of VLANs (Virtual Local Area Networks), detailing their definition, purpose, types, and configuration methods. It explains static and dynamic VLANs, native VLANs, VLAN tagging, and includes a practical Packet Tracer scenario for configuring VLANs on Cisco switches. The scenario demonstrates the setup of two VLANs for different departments and the verification of their configurations.

Uploaded by

dragonlinux42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

I.

VLANs (Virtual Local Area Networks)

• Definition: A VLAN is a logically separate broadcast domain within a physical network. VLANs allow
you to segment a network without the need for physical rewiring.

• Purpose:

• Broadcast Domain Segmentation: Reduces broadcast traffic, improving network performance.

• Security: Isolates sensitive data by creating separate network segments.

• Flexibility: Allows network administrators to group devices based on function, department, or


security needs, regardless of physical location.

• Simplified Network Management: Easier to manage and troubleshoot smaller network segments.

• VLAN ID: Each VLAN is identified by a VLAN ID, a number between 1 and 4094. (0 and 4095 are
reserved).

II. Types of VLANs

• Data VLAN (Standard VLAN): Carries user-generated data traffic, such as file transfers, web browsing,
and email. This is the most common type of VLAN.

• Voice VLAN: Designed to carry voice traffic (VoIP). Often given higher priority to ensure quality of
service (QoS).

• Management VLAN: Used for managing network devices (switches, routers). It's a good security
practice to separate the management VLAN from other VLANs.

• Native VLAN: A VLAN assigned to an 802.1Q trunk port for untagged traffic. This is important for
backward compatibility and for devices that don't support VLAN tagging. Should be carefully configured
and is recommended to be changed from the default VLAN1 for security reasons.

• Black Hole VLAN: Any malicious or undesired traffic is dumped into this VLAN. Traffic doesn't traverse
and gets lost and prevents network degradation.

III. Static vs. Dynamic VLANs

• Static VLANs:

• Also known as port-based VLANs.

• A port on a switch is statically assigned to a specific VLAN.


• If you move a device to a different port, you need to reconfigure the VLAN membership on that port.

• Simple to configure and manage.

• Dynamic VLANs:

• VLAN membership is assigned dynamically based on some criteria, such as MAC address, user
authentication, or application type.

• Uses VLAN Management Policy Server (VMPS) to assign VLANs automatically.

• More complex to configure but provide greater flexibility and security.

• Useful for large networks where devices move frequently.

IV. Native VLAN

• Definition: The VLAN assigned to a trunk port for untagged traffic.

• Purpose:

• Handles traffic from devices that don't support VLAN tagging.

• Provides backward compatibility with older devices.

• Importance of Consistent Configuration: It's crucial to configure the native VLAN consistently on all
trunk ports. Mismatched native VLANs can lead to security vulnerabilities and network issues. VLAN 1 is
the default native VLAN on Cisco switches, which should be changed for security reasons.

• Security risks VLAN hopping attacks, where an attacker sends frames tagged with VLAN ID to get
access to network.

V. VLAN Tagging (802.1Q)

• Definition: The process of adding a VLAN tag to a frame as it traverses a trunk link.

• IEEE 802.1Q: The standard that defines VLAN tagging.

• Tag Structure: The 802.1Q tag is a 4-byte field inserted into the Ethernet frame header. It includes:

• TPID (Tag Protocol Identifier): 0x8100 (identifies the frame as an 802.1Q tagged frame).

• Priority Code Point (PCP): 3 bits for priority (QoS).

• Drop Eligible Indicator (DEI): 1 bit to indicate if the frame can be dropped during congestion.

• VLAN ID (VID): 12 bits for the VLAN ID (1-4094).


• How Tagging Works:

• When a frame enters a switch port assigned to a VLAN, the switch adds the appropriate VLAN tag.

• When a frame exits a trunk port, the tag is either kept (if it's not the native VLAN) or

removed (if it's the native VLAN and the switch is configured to remove it).

VI. Packet Tracer Scenario: Configuring VLANs

Scenario:

You have a small network with two switches (Switch1 and Switch2) and six PCs. You want to create two
VLANs: VLAN 10 (Marketing) and VLAN 20 (Sales). PCs 1, 2, and 3 belong to VLAN 10, and PCs 4, 5, and 6
belong to VLAN 20. You need to configure the switches to properly segment the network.

Packet Tracer Steps:

1. Add Devices:

• Drag two switches (e.g., 2960 switches) and six PCs onto the Packet Tracer workspace.

2. Connect Devices:

• Connect PCs 1, 2, and 3 to Switch1 using Ethernet cables.

• Connect PCs 4, 5, and 6 to Switch2 using Ethernet cables.

• Connect Switch1 and Switch2 using an Ethernet cable (this will be your trunk link).

Configuration (Switch1):

Switch>enable

Switch#configure terminal

Switch(config)#hostname Switch1
Switch1(config)#vlan 10

Switch1(config-vlan)#name Marketing

Switch1(config-vlan)#exit

Switch1(config)#vlan 20

Switch1(config-vlan)#name Sales

Switch1(config-vlan)#exit

!Configure Access Ports

Switch1(config)#interface FastEthernet0/1 !Assuming PC1 is connected to Fa0/1

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 10

Switch1(config-if)#exit

Switch1(config)#interface FastEthernet0/2 !Assuming PC2 is connected to Fa0/2

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 10

Switch1(config-if)#exit

Switch1(config)#interface FastEthernet0/3 !Assuming PC3 is connected to Fa0/3

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 10

Switch1(config-if)#exit

!Configure Trunk Port (Assuming Switch2 is connected to Fa0/24)

Switch1(config)#interface FastEthernet0/24

Switch1(config-if)#switchport mode trunk

Switch1(config-if)#switchport trunk encapsulation dot1q !May not be needed on newer switches

Switch1(config-if)#switchport trunk allowed vlan 10,20

Switch1(config-if)#exit
Switch1(config)#end

Switch1#copy running-config startup-config !Save configuration

Configuration (Switch2):

Switch>enable

Switch#configure terminal

Switch(config)#hostname Switch2

Switch2(config)#vlan 10

Switch2(config-vlan)#name Marketing

Switch2(config-vlan)#exit

Switch2(config)#vlan 20

Switch2(config-vlan)#name Sales

Switch2(config-vlan)#exit

!Configure Access Ports

Switch2(config)#interface FastEthernet0/1 !Assuming PC4 is connected to Fa0/1

Switch2(config-if)#switchport mode access

Switch2(config-if)#switchport access vlan 20

Switch2(config-if)#exit

Switch2(config)#interface FastEthernet0/2 !Assuming PC5 is connected to Fa0/2

Switch2(config-if)#switchport mode access

Switch2(config-if)#switchport access vlan 20

Switch2(config-if)#exit
Switch2(config)#interface FastEthernet0/3 !Assuming PC6 is connected to Fa0/3

Switch2(config-if)#switchport mode access

Switch2(config-if)#switchport access vlan 20

Switch2(config-if)#exit

!Configure Trunk Port (Assuming Switch1 is connected to Fa0/24)

Switch2(config)#interface FastEthernet0/24

Switch2(config-if)#switchport mode trunk

Switch2(config-if)#switchport trunk encapsulation dot1q !May not be needed on newer switches

Switch2(config-if)#switchport trunk allowed vlan 10,20

Switch2(config-if)#exit

Switch2(config)#end

Switch2#copy running-config startup-config !Save configuration

Verification:

1. Assign IP Addresses: Assign IP addresses to the PCs within the same subnet for each VLAN (e.g.,
192.168.10.x for VLAN 10 and 192.168.20.x for VLAN 20). Make sure that you set the default gateway to
be the IP address of the L3 interface for the related subnet. You may also add default gateway and DNS
server IPs as a setting for your test.

2. Ping: Ping between PCs in the same VLAN. It should work.

3. Ping: Ping between PCs in different VLANs. It should not work (unless you have configured routing
between the VLANs, which is beyond the scope of this basic VLAN configuration).

4. show vlan brief: Use this command on both switches to verify that the VLANs are configured correctly
and that the ports are assigned to the correct VLANs.
This Packet Tracer scenario provides a basic hands-on experience with configuring VLANs on Cisco
switches. You can extend this scenario by adding routers, configuring inter-VLAN routing, and exploring
dynamic VLANs. Remember always to save your work!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy