Skip to main content

VLANs and Trunks – I

Its the first major topic of our Cisco switch world.

Well to start of let me tell you one secret, if you are using a managed switch, you are using VLANs, so its not that alien of a topic. Yes its true even if you have not came across setting up VLANs while configuring your networks (using managed switches), you are using VLAN, as its default “VLAN 1” every port of a managed switch belongs to VLAN 1 by default.

So what is VLAN, lets start with a brief discussion of what switches do; Well they are the Layer 2 (OSI) device and divide collision domain on per port basis i.e. each port of a switch is a separate collision domain. But by default it does not divide the broadcast domain.

To have separate broadcast domains we need a layer 3 device like a router.

But there is a mechanism to divide broadcast domain at layer 2, and that mechanism is referred as VLANs.

VLANs logically group users by segmenting broadcast domain.

As per Cisco, VLANs = Broadcast Domain = Subnet

End nodes on a given VLAN can only communicate among themselves. And if we want an inter-VLAN communication (like VLAN 10 pcs communicating with VLAN 20 pcs), we need a layer 3 device.

So lets begin configuring one on the switch:

VLANS1

(config)# vlan XXX (Where XXX is a number assigned to vlan)

Usually 1-4094 are valid VLANs numbers, as VLAN 1 is already exist so we can assign between 2-4094. But it really doesn't mean that all switches support 4094. The actual number varies if am not wrong. But its not what we are concern with at this point and for sure we wont be getting any close to that number. The above command creates the VLAN and leaves you in a sub-interface. We can exist straight out but its recommend to assign a ASCII name for our own reference. Below command does exactly that:

(config-vlan)# name SALES

We can verify our work by the following command:

Switch# show vlan brief

image

You can see that all the ports of the switch are listed under VLAN 1.. as described earlier. Our VLANS 10,20 are there but with no ports assigned to them. But before we go into assigning ports into VLANs. First we need to understand how ports behave (I mean what are their different modes), ya even ports have there own behaviour (as there was nothing else in this world to bother about).

Well Cisco did try to do there bit to make it easier by putting them default into “dynamic desirable” (its like auto negotiation) but It turns out to be a security vulnerability (Discuss this aspect later in coming blogs). Following show command

vlan3

Actually switch ports have two main modes:

1) Access Mode: When connected to any user end device.

2) Trunk Mode: When connected to other switch or router.

Follow the below routine to assign a given port (in this case port Fast-Ethernet 10) to a VLAN.

vlan4

Similarly, configure the other ports of the switch on separate VLANs, and if you do not happen to mysteriously find a new loop-hole in Cisco IOS, only pcs connected to ports on the same VLANs should ping each other (even if they happen to be on the same IP subnet).

Remember this VLAN stuff happens to work inside switch so your end device has nothing to do with it, Say if you connect PC1 to a port that is member of SALES VLAN (VLan 10) it can only communicate with other pcs/printer/servers connected to ports that are on SALES VLAN.

If you want to make PC1 a member of ACCOUTS (VLan 20) you can either change the port it is connected to on the switch or by following the above method make that port a member of VLAN 20.

Well that's it you have successfully created VLAN on switch. Now in the next part we will check What TRUCKS are and also how to configure VTP.

Comments

Post a Comment

Popular posts from this blog

Getting Started - I

We can start off our campaign by configuring a small LAN network. We will configure a cisco switch that is connected to end user device and eventually forward traffic to a router with connects our LAN with outside network/ Internet. In our scenario, the configuration will be done on the switch, here we are going to divide the whole process into six stages: 1) Beginning: start up new switch/ wipe out existing configs. 2) Security: passwords & banner. 3) Cosmetics: name & work environment. 4) Management: IP address & gateway. 5) Interfaces: speed, duplex & description. 6) Verify & backup: CDP, TFTP, show interfaces. BEGINNING Very few of us will be born with the silver spoon to have a brand new switch to start off the proceedings, for other not so lucky comrades like me, before we can start any configuration we need to make sure that previous configuration do not effect what we are about to do. At boot up of a brand new switch, it always prompts with a qu...
Post a Comment
Read more