c c

VLAN Facts

A virtual LAN (VLAN) can be defined as:

Mc {roadcast domains defined by switch port rather than network address

Mc A grouping of devices based on service need, protocol, or other criteria rather than
physical proximity

Using VLANs lets you assign devices on different switch ports to different logical (or virtual)
LANs. Although each switch can be connected to multiple VLANs, each switch port can be
assigned to only one VLAN at a time. The following graphic shows a single-switch VLAN
configuration.

{e aware of the following facts about VLANs:

Mc ½n the graphic above, FastEthernet ports 0/1 and 0/2 are members of VLAN 1.
FastEthernet ports 0/3 and 0/4 are members of VLAN 2.
Mc ½n the graphic above, workstations in VLAN 1 willc
cbe able to communicate with
workstations in VLAN 2, even though they are connected to the same physical switch.
Mc Œefining VLANs creates additional broadcast domains. The above example has two
broadcast domains, each of which corresponds to one of the VLANs.
Mc {y default, switches come configured with several default VLANs:
’c VLAN 1
’c VLAN 1002
’c VLAN 1003
’c VLAN 1004
’c VLAN 1005
Mc {y default, all ports are members of VLAN 1.
]reating VLANs with switches offers the following administrative benefits.

Mc Vou can create virtual LANs based on criteria other than physical location (such as
workgroup, protocol, or service)
Mc Vou can simplify device moves (devices are moved to new VLANs by modifying the
port assignment)
Mc Vou can control broadcast traffic and create collision domains based on logical criteria
Mc Vou can control security (isolate traffic within a VLAN)
Mc Vou can load-balance network traffic (divide traffic logically rather than physically)

Note: VLANs are commonly used with Voice over ½ (Vo½ ) to distinguish voice traffic from
data traffic. Traffic on the voice VLAN can be given a higher priority to ensure timely delivery.

]reating VLANs with switches offers the following benefits over using routers to create distinct
networks.

Mc witches are easier to administer than routers

Mc witches are less expensive than routers
Mc witches offer higher performance (introduce less latency)

A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor.
Œetails of how VLANs are created and identified can vary from vendor to vendor. ]reating a
VLAN might mean you must use only that vendor's switches throughout the network. When
using multiple vendors in a switched network, be sure each switch supports the 802.1q standards
if you want to implement VLANs.

Œespite advances in switch technology, routers are still needed to:

Mc Filter WAN traffic

Mc §oute traffic between separate networks
Mc §oute packets between VLANs

c c
VLAN Command List

To configure a simple VLAN, first create the VLAN, and then assign ports to that VLAN. The
following table shows common VLAN configuration commands.


c  
c


cc c

c 
c cc
cc c c
c c
c m
’


 

c m
’
 
 



cc c

cc


cc cc c
c c 
c c
c m
’

’ 

c c 
c


c cc
c 


c 
c c
c c
c 
c c c 
c
c c

c c c 
c c

|
ác cccc c cc c  c
c c
! c 
c m
’


m
’
 cc
c

c  c mm 

cc cc cc 
c
c m


m’  
m

m’  

c ccc
c c m

m’  
 

Ô ample
The following commands create VLAN 12 named ½ VLAN, identifies port 0/12 as having only
workstations attached to it, and assigns the port to VLAN 12.

m

’

m
’

 !
m
’
 
 "#$%&'(
m
’
 

  m)!
m
’


m
’ mm !
c c

nking Facts


  is a term used to describe connecting two switches together. Trunking is important

when you configure VLANs that span multiple switches as shown in the diagram.

{e aware of the following facts regarding trunking and VLANs:

Mc ½n the above graphic, each switch has two VLANs. One port on each switch has been
assigned to each VLAN.
Mc Workstations in VLAN 1 can only communicate with workstations in VLAN 1. This
means that the two workstations connected to the same switch cannot communicate with
each other. ]ommunications within the VLAN must pass through the trunk link to the
other switch.
Mc Trunk ports identify which ports are connected to other switches.
Mc Trunk ports can automatically carry traffic for all VLANs defined on the switch. Vou can
prevent traffic from a specific VLAN from being carried on the trunk through a specific
configuration.
Mc Typically, Gigabit Ethernet ports are used for trunk ports, although any port can be a
trunking port.

When trunking is used, frames that are sent over a trunk port are tagged with the VLAN ½Œ
number so that the receiving switch knows to which VLAN the frame belongs.

Mc Tags are appended by the first switch in the path, and removed by the last.
Mc Only VLAN-capable devices understand the frame tag.
Mc Tags must be removed before a frame is forwarded to a non-VLAN-capable device.
The trunking protocol describes the format that switches use for tagging frames with the VLAN
½Œ. ]isco devices support two trunking protocols:


nking
Cha acte istics
P otocol
Mc A ]isco-proprietary trunking protocol.
Mc ½L can only be used between ]isco devices.
½nter-witch Link
Mc ½L tags each frame with the VLAN ½Œ.
(½L)
Mc ]atalyst 2960 switches do
csupport ½L.

Mc An ½EEE standard for trunking and therefore supported by a wide

range of devices.
802.1Q Mc With 802.1Q trunking, frames from the default VLAN 1 are not
tagged. Frames from all other VLANs are tagged.

]isco switches have the ability to automatically detect ports that are trunk ports, and to negotiate
the trunking protocol used between devices. witches use the Œynamic Trunking rotocol (ŒT )
to detect and configure trunk ports. For example, when you connect two switches together, they
will automatically recognize each other and select the trunking protocol to use.

c c

nking Command List

The following table lists important commands for configuring and monitoring trunking on a switch.

Command F
nction
Mc Enables trunking on the interface.
#
’


m
’’*+ Mc The port will
cuse ŒT on the interface.

Mc ets the trunking protocol

#
’


m
’*+ m* 
’
’,
Mc {ecause 2960 switches only support 802.1Q, you will not
#
’


m
’*+ m* 
’
m use this command on 2960 switches

Mc Enables automatic trunking discovery and configuration.

#
’


m
’’- 

Mc The switch uses ŒT to configure trunking.
*’

Mc Enables dynamic trunking configuration.

Mc ½f a switch is connected, it will attempt to use the desired
#
’


m
’’- 
 trunking protocol (802.1Q for 2960 switches).
m
  Mc ½f a switch is not connected, it will communicate as a
normal port.

#
’


m
’’ mm Œisables trunking configuration on the port.
hows interface trunking information with the following:

Mc ‰ode
#

m’ 
 *+
#

m’ 
  )*+ Mc Encapsulation
Mc Trunking status
Mc VLAN assignments
Note: Two switches both configured to use desi able dynamic trunking will not trunk. At least
one of the switches must be set to manually trunk or to use a
to dynamic trunking.

VP Facts

The VLAN Trunking rotocol (VT ) simplifies VLAN configuration on a multi-switch network
by propagating configuration changes to other switches. With the VT , switches are placed in
one of the following three configuration modes.

‰ode Cha acte istics

A switch in server mode is used to modify the VLAN configuration. On a server:

Mc ]hanges can be made to the VLAN configuration on the switch.

Mc The switch advertises VT information to other switches in the domain.
erver
Mc The switch updates its VLAN configuration from other switches in the
domain.
Mc The switch saves the VLAN configuration in NV§A‰.

A switch in client mode receives changes from a VT server and passes VT

information to other switches. On a client:

Mc ]hanges cannot be made to the VLAN configuration.

]lient Mc The switch advertises VT information to other switches in the domain.
Mc The switch updates its VLAN configuration from other switches in the
domain.
Mc The switch does
 save the VLAN configuration in NV§A‰.

A switch in transparent mode allows for local configuration of VLANs, but does not
update its configuration based on the configuration of other switches. On a
transparent switch:

Mc ]hanges can be made to the VLAN configuration on the switch.

Mc Local VLAN information is not advertised to other switches.
Transparent Mc VT information received from other switches is passed through the switch.
Note: The transparent switch only relays VT information if it is in the same
VT domain or if it has a null (blank) VT domain.
Mc The switch does not update its VLAN configuration from other switches in
the domain.
Mc The switch saves its VLAN configuration in NV§A‰.

Keep in mind the following facts about VT :

 Mc {y default, switches are preconfigured in server mode. ½f you do not intend to use VT ,
configure each switch to use transparent mode.
Mc Vou can have multiple VT servers in the same domain on the network. ]hanges made to
any server are propagated to other client and server switches.
Mc To make VLAN changes on a switch, the switch must be in either server or transparent
mode. Vou cannot modify the VLAN configuration if:
’c The switch is in client mode
’c The switch is in server mode and without a configured domain name.
Mc VT uses the following process for communicating updates:
1.c VT summary advertisement packets contain the domain name, ‰Œ5 version of
the password, and the revision number.
2.c When a switch receives a summary packet, it compares the domain name and
password in the packet with its own values. ½f the domain name and password do
not match, the packet is dropped.
3.c ½f the domain name and password match, the switch compares the revision
number in the packet.
4.c ½f the revision number in the packet is lower or equal, the packet is ignored. ½f it is
higher, the switch sends an advertisement request for the latest updates.
5.c When the updates are received, the VLAN configuration and the revision number
is updated.
c ½f you lose your only VT server, the easiest way to recover is to change one of the VT
clients to server mode. VLAN information and revision numbers remain the same.
c witches must meet the following conditions before VT information can be exchanged:
’c The switches must be connected by a trunk link. VT is not used on access ports.
’c witches must be in the same domain. witches in different domains do not share
or forward VT information. Transparent switches must be in the same domain or
have a null domain name to pass VT information to other switches.
’c asswords on each device must match. The password is included in each VT
advertisement. The receiving switch compares the password in the advertisement
with its configured password. ½t will only accept information in the packet if the
passwords match. The password provides a method of authenticating the packet
contents that they came from a trusted source.
c ]onnecting two switches with different VT domains works only if you manually turn
trunking on. VT information is carried in ŒT packets, so only switches in the same domain
can use ŒT for automatic trunking configuration. However, when two switches with different
domains are connected, VT information will not be passed between the switches.
c When you change the VLAN configuration on a server, the revision number is
incremented. The revision number on a transparent switch remains at 0, even when changes are
made to the VLAN configuration.
c All devices in the domain must use the same VT version. {y default, VT version 2 is
disabled. Only enable VT version 2 if all devices support version 2.

c c
VP Config
ation Facts

The following table lists common VT commands.

Use... To...
#
’

’ ]onfigure the VT mode of the switch.
m.
. m  The default mode is se e .
]onfigure VT domain of the switch.
The default domain name is <null> (blank).
All switches must be configured with the same domain
name.
#
’

’
 A new VT client switch (with a blank domain name)
will automatically set its domain name based on the
first VT advertisement it receives.
A switch in transparent mode will
 automatically set
its domain name.
]onfigure VT password of the switch.
When a password is used, all switches in the same
#
’

 mm ’ domain must use the same password.
Vou must manually configure the VT password on
each switch.
§educe broadcast traffic by forwarding the messages
only through switch trunks which belong to a particular
#
’

*
 VLAN ½Œ.
Enabling or disabling VT pruning on a server enables
or disables it on all devices in the domain.
#

m’ m *m View the current VT configuration of the switch.
#

m’  mm ’ View the current VT password of the switch.

{e aware of the following when troubleshooting the VT configuration:

Mc ½f you add a switch to the network with a higher revision number, the VLAN
configuration on that switch will update (modify) the existing VLAN configuration on all
other switches in the domain. This is true 2 2 cc2c 
c

c ccc
2 . ]lient
switches pass their configuration information on to other switches. This information can
be used to update server or client switches with lower revision numbers.
Mc ½f you add a switch to the network with a lower revision number, the switch's
configuration will be modified to match the configuration currently used on the network.
This is true 2 2 cc2c 
c

c ccc2 2 .
Mc To prevent disruptions to the existing configuration when adding new switches, reset the
revision number on all new switches before adding them to the network. The revision
number resets to 0 each time you:
’c ]hange the domain name.
’c ]hange the VT mode to transparent.
 {efore adding a switch back into the network, change the domain name or the mode to
transparent, then change it back to its original setting.

Mc {e sure to place switches in the same domain adjacent to each other through trunk links.
½f you insert a switch with a different domain name between two switches, VT
information will not be passed through the new switch. To correct this problem, use one
of the following solutions:
’c ‰odify the domain name on the new switch to match the existing switches.
’c ‰ove the new switch so that switches in the same domain are connected directly
together.

Note: Once set, you cannot completely remove a domain name. ½n other words, once you
have configured a VT domain name, you can only change the name, you cannot remove
it completely.