Jump to content
mashti

Quick understanding of VLANs

Recommended Posts

How many VLANs can you have?

 

There are several VLAN ranges that are in effect. First and foremost there are VLANs 0 and 4095 which are reserved for system use only. Than you have the default VLAN 1, can not be modified or deleted. Important thing to know is that you can change your default VLAN on a switch, so it is not always the case that 1 is default. VLANs 2-1001 are regular VLANs which can be used normaly, 1002-1005 are FDDI and token ring VLANs and cannot be deleted. In the end there are extended VLANs which range from 1006 to 4094 which are normally not available for use.

 

Whats a native VLAN?

 

A native VLAN is a the default VLAN for every port that is not assigned one and a must when configuring a 802.1Q trunk. When you have a trunk link and if you want it to communicate well it is imperative that you have the same native VLAN on both sides of your trunk. In dot1q trunking packets which travel the link untagged (since each packet is tagged with a VLAN number) are understood by switches as native VLAN packets, so you see if two switches understand differently which is native you can have a real mess on your hands with the link not forming.

 

Why are VLANs important, can they be good and bad?

 

VLANs help us separate parts of a network. Every VLAN is a new broadcast domain which helps prevent broadcast storms. Unkown MAC unicast traffic is a problem in large networks where switches who don’t know the receiver flood the packet to all ports. Finding and isolating problems is much easier in a nicely designed VLAN so why not have it

 

How should you divide your VLANs?

 

Depending on your needs you can separate it geographically or by business function, its all up to you and your needs.

 

What is an end-to-end VLAN?

 

This is a term usually associated with a geographically dispersed network where people which are far apart belong to the same VLAN. Another good thing that is characteristic of an end-to-end VLAN is that as a user moves it remains in the same VLAN no matter where he is.

 

What is a local VLAN?

 

A local VLAN is constricted to a single building usually and is always routed away to reach other networks. It does not extend beyond the Building distribution module.

 

Three layers of a hierarchical network?

 

Access – switches connected to users

Distribution – routers connecting parts of the network

Core – fast switching, no routing for best performance

 

VLAN config modes?

 

Logicaly global config mode. Another mode to configure is “vlan database” mode which is great for use with Dynamips/Dynagen simulator if you need switching modification. This mode is getting deprecated and will be kicked out soon from IOSs.

 

Types of ports on a switch?

 

Access port – connecting to a user

Trunk port – connecting two switches, switch and a router or switch and a trunk-capable network card

 

VLAN trunks?

 

A way to push more than one VLAN through a link. Every packet is tagged/encapsulated as it goes through the link.

 

ISL vs dot1q trunking?

 

ISL is Cisco proprietary and does not play with others. Dot1Q is cross-vendor. The first encapsulates frames and second tags them. Tagging a frame in dot1q can lead to “giants” a frame that exceeds the 1518 byte maximum size because it adds another 4 bytes with the tag.

 

VTP domains?

 

VTP management domains are a great way to more easily administer more switches at once. When several switches are in the same domain you can change configuration on the “server” switch and all other will follow through and change also.

 

VTP server/client/transparent status?

 

Three modes connected to management domains are:

server – commands client switches

client – listens to server

transparent – listens to no one but forwards orders from servers

 

VTP pruning?

 

A way to discover whether switches are over using their links and leaking traffic where they should not. When pruning is done every time a flood is going to a particular VLAN, the switch will not flood it to subnets where there is no one using that VLAN.

 

Trunk link negotiation?

 

Several modes of trunk link negotiations exist:

auto – will accept someone trying to establish a trunk

desirable – will attempt to make a trunk

access – will never become a trunk

trunk nonegotiate – no DTP packets will be sent so you must setup the other side as a trunk to get one

  • Like 6
  • Thanks 1

Share this post


Link to post
Share on other sites

Absolutely great...

I am a new and very simple to understand your explanation

Thank You for summary

Share this post


Link to post
Share on other sites

How many VLANs can you have?

 

There are several VLAN ranges that are in effect. First and foremost there are VLANs 0 and 4095 which are reserved for system use only. Than you have the default VLAN 1, can not be modified or deleted. Important thing to know is that you can change your default VLAN on a switch, so it is not always the case that 1 is default. VLANs 2-1001 are regular VLANs which can be used normaly, 1002-1005 are FDDI and token ring VLANs and cannot be deleted. In the end there are extended VLANs which range from 1006 to 4094 which are normally not available for use.

 

Whats a native VLAN?

 

A native VLAN is a the default VLAN for every port that is not assigned one and a must when configuring a 802.1Q trunk. When you have a trunk link and if you want it to communicate well it is imperative that you have the same native VLAN on both sides of your trunk. In dot1q trunking packets which travel the link untagged (since each packet is tagged with a VLAN number) are understood by switches as native VLAN packets, so you see if two switches understand differently which is native you can have a real mess on your hands with the link not forming.

 

Why are VLANs important, can they be good and bad?

 

VLANs help us separate parts of a network. Every VLAN is a new broadcast domain which helps prevent broadcast storms. Unkown MAC unicast traffic is a problem in large networks where switches who don’t know the receiver flood the packet to all ports. Finding and isolating problems is much easier in a nicely designed VLAN so why not have it

 

How should you divide your VLANs?

 

Depending on your needs you can separate it geographically or by business function, its all up to you and your needs.

 

What is an end-to-end VLAN?

 

This is a term usually associated with a geographically dispersed network where people which are far apart belong to the same VLAN. Another good thing that is characteristic of an end-to-end VLAN is that as a user moves it remains in the same VLAN no matter where he is.

 

What is a local VLAN?

 

A local VLAN is constricted to a single building usually and is always routed away to reach other networks. It does not extend beyond the Building distribution module.

 

Three layers of a hierarchical network?

 

Access – switches connected to users

Distribution – routers connecting parts of the network

Core – fast switching, no routing for best performance

 

VLAN config modes?

 

Logicaly global config mode. Another mode to configure is “vlan database” mode which is great for use with Dynamips/Dynagen simulator if you need switching modification. This mode is getting deprecated and will be kicked out soon from IOSs.

 

Types of ports on a switch?

 

Access port – connecting to a user

Trunk port – connecting two switches, switch and a router or switch and a trunk-capable network card

 

VLAN trunks?

 

A way to push more than one VLAN through a link. Every packet is tagged/encapsulated as it goes through the link.

 

ISL vs dot1q trunking?

 

ISL is Cisco proprietary and does not play with others. Dot1Q is cross-vendor. The first encapsulates frames and second tags them. Tagging a frame in dot1q can lead to “giants” a frame that exceeds the 1518 byte maximum size because it adds another 4 bytes with the tag.

 

VTP domains?

 

VTP management domains are a great way to more easily administer more switches at once. When several switches are in the same domain you can change configuration on the “server” switch and all other will follow through and change also.

 

VTP server/client/transparent status?

 

Three modes connected to management domains are:

server – commands client switches

client – listens to server

transparent – listens to no one but forwards orders from servers

 

VTP pruning?

 

A way to discover whether switches are over using their links and leaking traffic where they should not. When pruning is done every time a flood is going to a particular VLAN, the switch will not flood it to subnets where there is no one using that VLAN.

 

Trunk link negotiation?

 

Several modes of trunk link negotiations exist:

auto – will accept someone trying to establish a trunk

desirable – will attempt to make a trunk

access – will never become a trunk

trunk nonegotiate – no DTP packets will be sent so you must setup the other side as a trunk to get one

great and in simple terms ......

Share this post


Link to post
Share on other sites

Thanks for briefing about VLANs. What is the difference between VLANs and VRF?

 

A VRF provides Layer3 speration. This is done by a creating seperate table per VRF to the global tables.

 

A VLAN provides layer2 seperation. A SVI is a layer3 interface for a VLAN on a given switch.

 

When one switch has two SVI's on the same switch the prefixes of the SVI's would be present in the same routing table. Depending how Gateway/routing was setup, routing (layer3) between the SVI is possible. To illustrate this, trying to configure two SVI with the same IP prefix will produce an error.

 

Where a VRF in the switching world might add benfit in certain designs, is by seperating the layer3 table on the same switch. Considering the above example where one switch has two SVIs configured, and each SVI is configured within its own VRF, The prefixes from the SVI would be contained in SEPERATE routing tables. Routing between the two VRFs (although still possible) is not native enabled. Now since there is Layer3 seperation the same IP prefix could be configured on both SVI's.

 

Lastly another difference between a VRF and a VLAN.

 

A VRF is local to a router/switch, where the membership of a VRF is determine by the input interface.

 

A VLAN is comunicated between device by encapsulating frame leaving the device. A VLAN membership is determined by the information in the encapsulation of the arriving frame.

 

Lastly to address the MPLS side. The VRF functionality operate indepently of MPLS. MPLS protocols leverage of a VRF for the mentioned seperation. VRFs are however mostly used in MPLS network, but not required by MPLS.

 

Try this:

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...