What is covered?
In this topic, we will see what a VLAN is and how it is configured in a CISCO switch
What is VLAN?
VLAN stands for Virtual LAN. By now we have learned that devices connected to a particular switch will be able to communicate with all the other device connected to the same switch. That is because by default all the ports on the switch belong to one VLAN called VLAN1.
Why VLAN?
- VLAN is used to divide a single big broadcast domain into multiple small broadcast domain.
- For example: on a 24 port switch all the ports are assigned to VLAN 1. When One pc sends a frame, it is broadcasted to all the other 23 ports. This takes up the bandwidth.
- With the help of VLAN, the interfaces can be grouped to create a smaller broadcast domain.
- This provides security at layer 2. Members of One VLAN cannot access resources on another VLAN.
FIG 1: VLAN initial Lab setup
Computer Name
|
Port connected
|
IP address
|
SALES-USER-1
|
Fa0/1
|
192.168.1.1
|
SALES-USER-2
|
Fa0/2
|
192.168.1.2
|
SALES-USER-3
|
Fa0/3
|
192.168.1.3
|
SALES-USER-4
|
Fa0/4
|
192.168.1.4
|
SALES-USER-5
|
Fa0/5
|
192.168.1.5
|
HR-USER-1
|
Fa0/6
|
192.168.1.6
|
HR-USER-2
|
Fa0/7
|
192.168.1.7
|
HR-USER-3
|
Fa0/8
|
192.168.1.8
|
HR-USER-4
|
Fa0/9
|
192.168.1.9
|
HR-SERVER
|
Fa0/10
|
192.168.1.10
|
Table 1 : Lab setup - Ip configuration
Verify the current VLAN:
Switch>enable
Switch#show vlan brief
VLAN
|
Name
|
Status
|
Ports
|
1
|
default
|
active
|
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
|
1002
|
fddi-default
|
active
|
|
1003
|
token-ring-default
|
active
|
|
1004
|
fddinet-default
|
active
|
|
1005
|
trnet-default
|
active
|
Switch#
Verify Pinging the HR-Server from the SALES-USER-1
Fig 2: PINGING HR-Server from the SALES-USER-1 (Before Vlan Implementation)
How to stop the SALES user from accessing the HR-SERVER?
- We can create two VLANs and then assign SALES team to one VLAN and the HR team to another VLAN.
- In total there can be 1006 VLANS. But as a user, we can create VLAN from 2-1001.
- All the VLAN information are stored in the flash memory under the file name vlan.dat
How to use VLAN?
Before we start to use the VLANs, we need to create them.
The following are the syntax to create them
Syntax:
Switch(config) # vlan <vlan number>
Switch(config-vlan) # name <name>
Switch(config-vlan) # exit
Example:
Switch(config) # vlan 10
Switch(config-vlan) # name SALES
Switch(config-vlan) # exit
VERIFY that the VLANs are created successfully:
Switch#show vlan brief
VLAN
|
Name
|
Status
|
Ports
|
1
|
default
|
active
|
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
|
10
|
SALES
|
active
|
|
20
|
HR
|
active
|
|
1002
|
fddi-default
|
active
|
|
1003
|
token-ring-default
|
active
|
|
1004
|
fddinet-default
|
active
|
|
1005
|
trnet-default
|
active
|
Switch#
Now that the VLANS are created, we need to assign the port to the VLANs. In order to assign ports to a particular VLAN, first the port needs to be in the access mode and then we can assign the VLAN. The following is the syntax to convert a port to access mode and then to assign the VLAN
Syntax:
Switch(config) # interface <interface type> <interface no>
Switch(config-if) #switchport mode access
Switch(config-if) # switchport access vlan <Vlan ID>
Switch(config) # exit
Example :
Switch(config) # interface fastethernet 0/1
Switch(config-if) #switchport mode access
Switch(config-if) # switchport access vlan 10
Switch(config) # exit
Note: The above command will assign the port fastethernet 0/1 to VLAN 10
To assign a group of ports to a particular command, we can use the interface range command
Example:
Switch(config)#interface range fastEthernet 0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Note : Now configure the VLAN 20 for the Fastethernet ports 0/6 -10
Verify the VLAN configuration
Switch#show vlan brief
VLAN
|
Name
|
Status
|
Ports
|
1
|
default
|
active
|
Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
|
10
|
SALES
|
active
|
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5
|
20
|
HR
|
active
|
Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10
|
1002
|
fddi-default
|
active
|
|
1003
|
token-ring-default
|
active
|
|
1004
|
fddinet-default
|
active
|
|
1005
|
trnet-default
|
active
|
Switch#
Now the configuration has been completed. If the users from one VLAN try to access resources from another VLAN they will not be able to access it. This can be verified by pinging the HR-SERVER from SALES-USER-1 PC.
Fig 3: PINGING HR-Server from the SALES-USER-1 (After Vlan Implementation)
According to the current configuration, the HR-SERVER and SALES-USER-1 pc are in different VLAN and hence they cannot ping each other.
Note: Communication between two VLANs can be enabled. This we will see in later chapters.
Commands for troubleshooting or Verifying:
There are times when the configuration does not work as expected. This is not the time to panic but instead, embrace the challenge and identify the issue
To check if your VLAN is configured, use the following command
Switch# show vlan
To check the configuration of a particular port
Switch# sh interfaces fastEthernet 0/1 switchport
Example:
Switch# show interfaces fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (SALES)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch#
the article is very nice to study and really enjoying that.its help me to improve my knowledge and skills also.im really satisfied in this session.
ReplyDeleteccna certification
ccna course
ccna Training Institute in Bangalore
ccna course in madurai
You have a great future as a content writer. Keep writing
ReplyDeleteRPA Training in Chennai
Spoken English Classes in Chennai
Java Training in Chennai
AngularJS Course in Chennai
AngularJS Training Institute in Chennai
AngularJS Training in Chennai
It has been simply incredibly generous with you to provide openly what exactly many individuals wouldíve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.
ReplyDeleteCCNA Training | ccna training in chennai |
ccna certification in chennai | ccna course in chennai |best ccna training institute in chennai
Thanks for sharing this wonderful and fantastic information with us.
ReplyDeleteAngularJS training in chennai | AngularJS training in anna nagar | AngularJS training in omr | AngularJS training in porur | AngularJS training in tambaram | AngularJS training in velachery
pendik beko klima servisi
ReplyDeletemaltepe samsung klima servisi
kadıköy samsung klima servisi
maltepe mitsubishi klima servisi
kadıköy mitsubishi klima servisi
kartal vestel klima servisi
kartal arçelik klima servisi
ümraniye arçelik klima servisi
beykoz samsung klima servisi
en son çıkan perde modelleri
ReplyDeletenft nasıl alınır
özel ambulans
minecraft premium
en son çıkan perde modelleri
yurtdışı kargo
uc satın al
lisans satın al
Great article.thanks for posting.
ReplyDeleteCCNA classes in Pune