Chapter 3

Virtual Local Area Networks

(VLANs)

CCNA3-1

Chapter 3-1

Virtual Local Area Networks

Introducing VLANs

CCNA3-2

Chapter 3-1

Defining VLANs
In traditional switched LANs,
the physical topology is
closely related to the logical
topology.
Generally, workstations must
be grouped by their physical
proximity to a switch.
To communicate among
LANs, each segment must
have a separate port on the
backbone device or a
connection to a common
backbone.
CCNA3-3

Separate Broadcast
Domains

Chapter 3-1

Defining VLANs
VLANs provide segmentation
based on broadcast domains.
VLANs logically segment
switched networks based on
the functions, project teams,
or applications of the
organization regardless of the
physical location or
connections to the network.
Communication among
VLANs still require a router.
BUT, only one physical
connection will handle all
routing.
CCNA3-4

Separate Broadcast
Domains

Chapter 3-1

Defining VLANs
VLANs are created to provide segmentation services
traditionally provided by physical routers in LAN
configurations.
They address:
Scalability
Security
Network Management
Broadcast Filtering
Traffic Flow Management
Switches may not forward any traffic between VLANs, as this
would violate the integrity of the VLAN broadcast domain.
Traffic must be routed between VLANs.
CCNA3-5

Chapter 3-1

What Does This Mean?

With routers:
Requirements:
- Different department on
each floor.
- Three different LANs per floor.
- Separate networks

CCNA3-6

Expen$ive!
- 4 Ports each
- 3 hubs / floor
- 10 Broadcast domains
- Inefficient traffic flow

Chapter 3-1

What Does This Mean?

With switches:

- More scalable
- Easier to manage
- 1 Router
- 3 Broadcast Domains
- Efficient traffic flow

CCNA3-7

Chapter 3-1

Defining VLANs

A VLAN, then, is a broadcast domain (IP Subnet) created by

one or more switches.
CCNA3-8

Chapter 3-1

Defining VLANs

The above design shows 3 separate broadcast domains

created using one router with 3 ports and 3 switches.
The router filters the broadcasts for each LAN.
CCNA3-9

Chapter 3-1

Defining VLANs
One Physical
Link

A better design still creates the 3 separate broadcast

domains but only requires 1 switch.
The router provides broadcast filtering over a single link.
CCNA3-10

Chapter 3-1

Defining VLANs
A VLAN allows:
Creation of groups of logically networked devices.
The devices to act as if they are on their own
independent network.
The devices can share a common infrastructure.
Each VLAN is a separate broadcast domain.
Broadcast traffic is controlled.
Each VLAN is a separate IP subnet.
To communicate among VLANs, you must use a
router (MUCH more later).

CCNA3-11

Chapter 3-1

Benefits of VLANs
Security:
Groups with specific security needs are isolated from the
rest of the network.
Cost Reduction:
Need for expensive hardware upgrades is reduced.
Better use of existing bandwidth and links.
Higher Performance:
Dividing large, flat Layer 2 networks into separate
broadcast domains reduces unnecessary traffic on each
new subnet.

CCNA3-12

Chapter 3-1

Benefits of VLANs
Broadcast Storm Mitigation:
Dividing a network into VLANs prevents a broadcast
storm from propagating to the whole network.
Improved IT Staff Efficiency:
Easier to manage the network because users with similar
network requirements share the same VLAN.
Simpler Project or Application Management:
Having separate functions makes working with a
specialized application easier. For example, an
e-learning development platform for faculty.

CCNA3-13

Chapter 3-1

VLAN ID Ranges
When configured, the number that is assigned to the VLAN
becomes the VLAN ID.
The numbers to be assigned are divided into two different
ranges:
Normal Range:
1 1005
Extended Range: 1006 - 4096
Each range has its own characteristics.

CCNA3-14

Chapter 3-1

VLAN ID Ranges
Normal Range: 1 1005
Used in small- and medium-sized business and
enterprise networks.
IDs 1002 1005: Token Ring and FDDI VLANs.
IDs 1 and 1002 to 1005 are automatically created and
cannot be removed.
Configurations are stored within a VLAN database file,
called vlan.dat, located in the flash memory of the switch.
The VLAN Trunking Protocol (VTP), which helps manage
VLAN configurations between switches, can only learn
normal range VLANs and stores them in the VLAN
database file. (Chapter 4)
CCNA3-15

Chapter 3-1

VLAN ID Ranges
Extended Range: 1006 4096
Enable service providers to extend their infrastructure to
a greater number of customers.
Some global enterprises could be large enough to need
extended range VLAN IDs.
Support fewer VLAN features than normal range VLANs.
Are saved in the running configuration file not the
vlan.dat file.
VTP does not learn extended range VLANs.

CCNA3-16

Chapter 3-1

Types of VLANs
Traditionally, two methods of implementing VLANs:
Static or Port-Based:
Ports on a switch are assigned to a specific VLAN.
Dynamic:
VLANs created by accessing a Network Management
server. The MAC address/VLAN ID mapping is set up
by the Network Administrator and the server assigns a
VLAN ID when the device contacts it.

Today, there is essentially one method of implementing

VLANs: Port-Based.

CCNA3-17

Chapter 3-1

Types of Port-Based VLANs

Defined by the type of traffic they support or by the functions
they perform.
Data VLAN.
Default VLAN.
Native VLAN.
Management VLAN.
Voice VLAN.

CCNA3-18

Chapter 3-1

Types of Port-Based VLANs

Data VLAN:
Configured to carry only user-generated traffic.
A switch could carry voice-based traffic or traffic used to
manage the switch, but this traffic would not be part of a
data VLAN.
A Data VLAN is sometimes referred to as a User VLAN.

CCNA3-19

Chapter 3-1

Types of Port-Based VLANs

Default VLAN:
The default VLAN for Cisco switches is VLAN 1.
VLAN 1 has all the features of any VLAN, except that you
cannot rename it and you can not delete it.
By default, Layer 2 control traffic (CDP and STP) is
associated with VLAN 1.
It is a security best practice to change the default VLAN
to a VLAN other than VLAN 1 (e.g. VLAN 99).
VLAN Trunk:
Carries data or control information (VLAN 1 data) for
all VLANs from switch-to-switch or switch-to-router.

CCNA3-20

Chapter 3-1

Types of Port-Based VLANs

Native VLAN:
An 802.1Q trunk port supports traffic coming from VLANs
(tagged traffic) as well as traffic that does not come from
a VLAN (untagged traffic).
The 802.1Q trunk port places untagged traffic on the
native VLAN.
Native VLANs are set out in the IEEE 802.1Q
specification to maintain backward compatibility with
untagged traffic common to legacy LAN scenarios.
It is a best practice to use a VLAN other than VLAN 1 as
the native VLAN.

CCNA3-21

Chapter 3-1

Types of Port-Based VLANs

Management VLAN:
A management VLAN is any VLAN you configure to
access the management capabilities of a switch.
You assign the management VLAN an IP address and
subnet mask.
A new switch has all ports assigned to VLAN 1.
Using VLAN 1 as the management VLAN means that
anyone connecting to the switch will be in the
management VLAN.
That assumes that all ports have not been assigned to
another VLAN.

CCNA3-22

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:
Voice-over-IP (VoIP) traffic requires:
Assured bandwidth to ensure voice quality.
Transmission priority over other types of network
traffic.
Ability to be routed around congested areas on the
network.
Delay of less than 150 milliseconds (ms) across the
network.
The details of how to configure a network to support VoIP
are beyond the scope of the course, but it is useful to
summarize how a voice VLAN works between a switch, a
Cisco IP phone, and a computer.
CCNA3-23

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:

VLAN 150 is designed

to carry voice traffic.

Connections

CCNA3-24

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:

A Cisco IP Phone is a switch.

Port 2 is an internal
10/100 interface that
carries the phone traffic.

Port 3 connects to a
PC or other device.

Port 1 connects to the

switch or VoIP device.

CCNA3-25

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:

A Cisco IP Phone is a switch.

Sending:
Switch S3 is configured
Phone tags voice traffic with
to carry voice traffic on
VLAN 150 and sends data traffic
VLAN 150 and data
untagged. The switch will tag the
traffic on VLAN 20.
data traffic for VLAN 20.

MORE on the tagging process later

CCNA3-26

Receiving:
Phone acts on voice traffic
and removes the tag for data traffic
destined for the PC.

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:

A Cisco IP Phone is a switch.

Link to the switch acts as a

trunk link to carry both
voice and data traffic.

CDP is used to
communicate
between the switch
and the phone.

CDP

CCNA3-27

Chapter 3-1

Types of Port-Based VLANs

Voice VLANs:

Should make more sense now..

CCNA3-28

Chapter 3-1

Network Traffic Types

Management Traffic

CDP
SNMP
Rmon

CCNA3-29

Chapter 3-1

Network Traffic Types

IP Telephony Traffic

Signaling
Data Packets

CCNA3-30

Chapter 3-1

Network Traffic Types

IP Multicast Traffic

VLAN Configuration
Router Configuration

CCNA3-31

IP/TV Broadcasts

Sent from a particular source address to a

multicast group that is identified by a single
IP and MAC destination-group address pair.

Chapter 3-1

Network Traffic Types

Normal Data Traffic

File Sharing
Printing
Database Access
Email
Shared Applications

CCNA3-32

Chapter 3-1

Network Traffic Types

Scavenger Class Traffic

Less than best-effort services.

Typically entertainment oriented.
Peer-to-Peer Media Sharing
(KaZaa, Napster),
Gaming.

CCNA3-33

Chapter 3-1

Switch Port Membership Modes

Switch Ports:
Layer 2-only interfaces associated with a physical port.
Used for managing the physical interface and associated
Layer 2 protocols.
Do not handle routing or bridging.
Can belong to one or more VLANs.
Configuring VLANs:
Must assign a VLAN number.
Can configure a port specifying:
The type of traffic.
The VLANs to which it belongs.
CCNA3-34

Chapter 3-1

Switch Port Membership Modes

Static VLAN:
Ports on a switch are manually assigned to a VLAN.
Static VLANs are configured using the Cisco CLI or a GUI
Management application (e.g. Cisco Network Assistant).

CCNA3-35

Chapter 3-1

Switch Port Membership Modes

Dynamic VLAN:
Configured using a special server called a VLAN
Membership Policy Server (VMPS).
Assign switch ports to VLANs based on the source MAC
address of the device connected to the port.
Benefit is that moving
a user to a different
port on a switch or to
a new switch, the
user is assigned to
the proper VLAN
dynamically.
Not widely used.
CCNA3-36

Chapter 3-1

Switch Port Membership Modes

Voice VLAN:
A port is configured to be in voice mode so that it can
support an IP phone.
Before you configure a voice VLAN on the port, you first
configure a VLAN for voice and a VLAN for data.

CCNA3-37

Chapter 3-1

Switch Port Membership Modes

Voice VLAN:
Ensures that voice traffic is
identified as priority traffic.

Voice VLAN
Data VLAN

Remember that the entire network must be set up to prioritize

voice traffic. You cannot just configure the switch port.
CCNA3-38

Chapter 3-1

Controlling Broadcast Domains with VLANs

Network without VLANs:
Sends a Broadcast

CCNA3-39

Chapter 3-1

Controlling Broadcast Domains with VLANs

Network with VLANs:
Sends a Broadcast

Sends a Broadcast

CCNA3-40

Chapter 3-1

Controlling Broadcast Domains with VLANs

Intra-VLAN Communications:

CCNA3-41

Chapter 3-1

Controlling Broadcast Domains with VLANs

Intra-VLAN Communications:

CCNA3-42

Chapter 3-1

Controlling Broadcast Domains with VLANs

Intra-VLAN Communications:

CCNA3-43

Chapter 3-1

Controlling Broadcast Domains with VLANs

Intra-VLAN Communications:

CCNA3-44

Chapter 3-1

Layer 3 Switch Forwarding

Layer 3 Switch:
A Layer 3 switch has the ability to route transmissions
between VLANs.
The procedure is the same as described for the interVLAN communication using a separate router.
Switch Virtual interface (SVI):
A logical interface (SVI) is configured for each VLAN
configured on the switch.

CCNA3-45

Chapter 3-1

Layer 3 Switch Forwarding

Layer 3 Switch:

SVI 10 knows about

SVI 20 (the location
of VLAN 20).

CCNA3-46

Contains the SVI 20

informationNOT SVI 10

Chapter 3-1

Virtual Local Area Networks

VLAN Trunking

CCNA3-47

Chapter 3-1

VLAN Trunking

The concept of trunking began with the telephone industry.

Multiple calls were moved between customers and central
offices or between the offices themselves over a single
physical connection.
CCNA3-48

Chapter 3-1

VLAN Trunking
24 Channel T1 Line
with Data and Voice

The same principle was applied to data communications to

make better use of the communication line.
Additional advantages and cost savings were gained by
using the same line for voice communications.
CCNA3-49

Chapter 3-1

VLAN Trunking
No trunk

Trunk

The same principle of trunking is applied to network switching

technologies.
A trunk is a physical and logical connection between two
switches across which network traffic travels.
CCNA3-50

Chapter 3-1

VLAN Trunking
It is also important to
realize that a trunk link
does not belong to a
specific VLAN.
The responsibility of a
trunk link is to act as a
conduit for VLANs.
Between switches and
routers.
Between switches
and switches.

CCNA3-51

Chapter 3-1

VLAN Trunks
What problem does it solve?
Network 172.17.10.0/24
Network 172.17.20.0/24
Network 172.17.30.0/24
Network 172.17.99.0/24

CCNA3-52

Chapter 3-1

IEEE 802.1Q Frame Tagging

Remember that switches are Layer 2 devices.
Only use the Ethernet frame header information.
Frame header does not contain information about VLAN
membership.
VLAN membership (i.e. VLAN ID or VLAN Number) must be
identified for each frame that is transferred over the trunk.
The process is called 802.1Q VLAN Tagging.

CCNA3-53

Chapter 3-1

IEEE 802.1Q Frame Tagging

Length 1518 Bytes
6

1500

Destination
Address

Source
Address

Type /
Length

Data
Max of 1500 Bytes

FCS

Length 1522 Bytes

6

Destination
Address

Source
Address

CCNA3-54

802.1Q Tag
8100

Tag

1500

Type/
Length

Data
Max of 1500 Bytes

New
FCS

Chapter 3-1

IEEE 802.1Q Frame Tagging

Length 1522 Bytes
6

Destination
Address

Source
Address

Ethernet
Type

802.1Q Tag
8100

Tag

1500

Type/
Length

Data
Max of 1500 Bytes

New
FCS

3 Bits

1 Bit

12 Bits

User
Priority

CFI

VLAN ID

Canonical Format Identifier

CCNA3-55

Chapter 3-1

IEEE 802.1Q Frame Tagging

Type - A 2-byte value called the tag protocol ID (TPID) value.
For Ethernet, it is set to hexadecimal 0x8100.
User priority - A 3-bit value that supports level or service
implementation.
Canonical Format Identifier (CFI) - A 1-bit identifier that
enables Token Ring frames to be carried across Ethernet
links.

CCNA3-56

Chapter 3-1

Native VLANs
Tagged Frames on the native VLAN.
Some devices that support trunking tag native VLAN
traffic as a default behavior.
Control traffic sent on the native VLAN should be
untagged.
If an 802.1Q trunk port receives a tagged frame on the
NATIVE VLAN ONLY, it drops the frame.
When configuring a switch port on a Cisco switch, you
need to identify these devices and configure them so
that they do not send tagged frames on the native
VLAN.
Devices from other vendors that support tagged
frames on the native VLAN include IP phones,
servers, routers, and switches.
CCNA3-57

Chapter 3-1

Native VLANs
Un-Tagged Frames on the native VLAN.
When a Cisco switch trunk port receives untagged frames
it forwards those frames to the native VLAN.
Default native VLAN is VLAN 1.
When you configure an 802.1Q trunk port, a
default Port VLAN ID (PVID) is assigned the value of the
native VLAN.
All untagged traffic coming in or out of the 802.1Q port is
forwarded based on the PVID value.

CCNA3-58

Chapter 3-1

Native VLANs
Configure the trunk to default to native VLAN 1.

Configure the trunk for native VLAN 99.

CCNA3-59

Chapter 3-1

Native VLANs
Verify the configuration.
VLAN 50 is a voice VLAN.

CCNA3-60

Chapter 3-1

Trunking Operation

PC1 and PC3

send a broadcast.

The tagged frames are sent

across the trunk links between
S2 and S1 and S1 and S3.

10

10

20

20

30

30

S2 receives the frames and

tags them with the VLAN ID.
CCNA3-61

S3 strips the tags and

forwards to the destination.
Chapter 3-1

Trunking Modes
A Cisco switch can be configured to support two types of
trunk ports:
IEEE 802.1Q
ISL (Inter-Switch Link)

Today only 802.1Q is used.

Legacy networks may still use ISL.

CCNA3-62

Chapter 3-1

Trunking Modes
IEEE 802.1Q:
Assigned a default PVID.
Supports simultaneous tagged and untagged traffic.
Untagged traffic:
Associated with the port default PVID.
Null VLAN ID traffic belongs to the default PVID.
Tagged traffic:
VLAN ID equal to the outgoing port default PVID is
sent untagged.
Null VLAN ID traffic belongs to the default PVID.
All other traffic is sent with a VLAN tag.

CCNA3-63

Chapter 3-1

Trunking Modes
ISL (Inter-Switch Link):
All received packets are expected to be encapsulated
with an ISL header.
All transmitted packets are sent with an ISL header.
Untagged frames received from an ISL trunk port are
dropped.
No longer recommended or supported.
30 bytes of overhead for each frame..

CCNA3-64

Chapter 3-1

Trunking Modes
Dynamic Trunking Protocol (DTP):
Cisco proprietary protocol. Switches from other vendors
do not support DTP.
Automatically enabled on a switch port when certain
trunking modes are configured on the switch port.
DTP manages trunk negotiation only if the port on the
other switch is configured in a trunk mode that supports
DTP.
DTP supports both ISL and 802.1Q trunks.
Some Cisco switches and routers (older versions) do not
support DTP.

CCNA3-65

Chapter 3-1

Trunking Modes
Dynamic Trunking Protocol (DTP):
On (default): (switchport mode trunk)
Periodically sends DTP advertisements, to the remote
port that it is dynamically changing to a trunking state.
Dynamic Auto: (switchport mode dynamic auto)
The switch port periodically sends DTP frames to the
remote port. It advertises to the remote switch port
that it is able to trunk but does not request to go to the
trunking state.
Dynamic Desirable: (switchport mode dynamic desirable)
DTP frames are sent periodically to the remote port. It
advertises to the remote switch port that it is able to trunk
and asks the remote switch port to go to the trunking
state.
CCNA3-66

Chapter 3-1

Trunking Modes
Dynamic Trunking Protocol (DTP):
Turn off DTP: (switchport nonegogiate)
The local port does not send out DTP frames to the
remote port.
The local port is then considered to be in an
unconditional trunking state.
Use this feature when you need to configure a trunk
with a switch from another switch vendor.

CCNA3-67

Chapter 3-1

Virtual Local Area Networks

Configure VLANs and Trunks

CCNA3-68

Chapter 3-1

Configure VLANs and Trunks

Overview:
1. Create the VLANs.
2. Assign switch ports to VLANs statically.
3. Verify VLAN configuration.
4. Enable trunking on the inter-switch connections.
5. Verify trunk configuration.

CCNA3-69

Chapter 3-1

Configure a VLAN
Command Syntax:
S1#configure terminal
S1(config)#vlan vlan id
S1(config-vlan)#name vlan name
S1(config-vlan)#end

CCNA3-70

Chapter 3-1

Configure a VLAN
Configure a VLAN

CCNA3-71

Chapter 3-1

Configure a VLAN
Assign switch ports to a VLAN

CCNA3-72

Chapter 3-1

Configure a VLAN
Verify VLAN configuration

CCNA3-73

Chapter 3-1

Managing VLANs
Other show vlan command options

CCNA3-74

Chapter 3-1

Managing VLANs
show interfaces command

CCNA3-75

Chapter 3-1

Managing VLANs
Manage VLAN Memberships

Remove port VLAN membership.

CCNA3-76

Chapter 3-1

Managing VLANs
Manage VLAN Memberships

Remove port VLAN membership.

Remove a VLAN

If you remove the VLAN before removing the port

membership assignments, the ports become unusable until
you issue the no switchport access vlan command.
CCNA3-77

Chapter 3-1

Managing VLANs
Restoring to Factory Defaults:
To remove all VLAN configuration:

CCNA3-78

VLAN
configuration
stored here.

Chapter 3-1

Configure a Trunk
Command Syntax:
S1#configure terminal
S1(config)#interface interface-id
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk native vlan
vlan-id
S1(config-if)#switchport trunk allowed vlan
add vlan-list
S1(config-vlan)#end
CCNA3-79

Chapter 3-1

Configure a Trunk

CCNA3-80

Chapter 3-1

Configure a Trunk

The native VLAN must

match on both switches.

CCNA3-81

Chapter 3-1

Verify Trunk Configuration

CCNA3-82

Chapter 3-1