Skip to main content

VLANs and Trunks – I

Its the first major topic of our Cisco switch world.

Well to start of let me tell you one secret, if you are using a managed switch, you are using VLANs, so its not that alien of a topic. Yes its true even if you have not came across setting up VLANs while configuring your networks (using managed switches), you are using VLAN, as its default “VLAN 1” every port of a managed switch belongs to VLAN 1 by default.

So what is VLAN, lets start with a brief discussion of what switches do; Well they are the Layer 2 (OSI) device and divide collision domain on per port basis i.e. each port of a switch is a separate collision domain. But by default it does not divide the broadcast domain.

To have separate broadcast domains we need a layer 3 device like a router.

But there is a mechanism to divide broadcast domain at layer 2, and that mechanism is referred as VLANs.

VLANs logically group users by segmenting broadcast domain.

As per Cisco, VLANs = Broadcast Domain = Subnet

End nodes on a given VLAN can only communicate among themselves. And if we want an inter-VLAN communication (like VLAN 10 pcs communicating with VLAN 20 pcs), we need a layer 3 device.

So lets begin configuring one on the switch:

VLANS1

(config)# vlan XXX (Where XXX is a number assigned to vlan)

Usually 1-4094 are valid VLANs numbers, as VLAN 1 is already exist so we can assign between 2-4094. But it really doesn't mean that all switches support 4094. The actual number varies if am not wrong. But its not what we are concern with at this point and for sure we wont be getting any close to that number. The above command creates the VLAN and leaves you in a sub-interface. We can exist straight out but its recommend to assign a ASCII name for our own reference. Below command does exactly that:

(config-vlan)# name SALES

We can verify our work by the following command:

Switch# show vlan brief

image

You can see that all the ports of the switch are listed under VLAN 1.. as described earlier. Our VLANS 10,20 are there but with no ports assigned to them. But before we go into assigning ports into VLANs. First we need to understand how ports behave (I mean what are their different modes), ya even ports have there own behaviour (as there was nothing else in this world to bother about).

Well Cisco did try to do there bit to make it easier by putting them default into “dynamic desirable” (its like auto negotiation) but It turns out to be a security vulnerability (Discuss this aspect later in coming blogs). Following show command

vlan3

Actually switch ports have two main modes:

1) Access Mode: When connected to any user end device.

2) Trunk Mode: When connected to other switch or router.

Follow the below routine to assign a given port (in this case port Fast-Ethernet 10) to a VLAN.

vlan4

Similarly, configure the other ports of the switch on separate VLANs, and if you do not happen to mysteriously find a new loop-hole in Cisco IOS, only pcs connected to ports on the same VLANs should ping each other (even if they happen to be on the same IP subnet).

Remember this VLAN stuff happens to work inside switch so your end device has nothing to do with it, Say if you connect PC1 to a port that is member of SALES VLAN (VLan 10) it can only communicate with other pcs/printer/servers connected to ports that are on SALES VLAN.

If you want to make PC1 a member of ACCOUTS (VLan 20) you can either change the port it is connected to on the switch or by following the above method make that port a member of VLAN 20.

Well that's it you have successfully created VLAN on switch. Now in the next part we will check What TRUCKS are and also how to configure VTP.

Comments

Post a Comment

Popular posts from this blog

Cisco: Resetting Forgotten Password

I was actually made to write this blog after I end up buying a password protected Cisco 2500 router from Ebay. My room mate collected it and straight away tried to connect it to HyperTerminal as he wanted to test his newly learnt skills from CCNA classes. But more to his disappointment, the router was password protected and it was not until evening when I returned home after work. If you do end up in a similar situation, before you start have your snacks, roll up your sleeves and be prepared for a good 3-4 hrs of command line drill. Alright.. my bad.. it won’t take this long, it’s actually easier than it looks and can only take a max of 2 minutes if you got all the right stuffs with you. And here is how we do it in easy steps: 1) Connect to your router via console. 2) Power reset the Router. 3) When the router boots again, Press "Ctrl + Break” or “Ctrl +Pause”(Hyper-terminal/Putty). Pause/Break is actually the same key. And make sure to do this with in within 60 sec. And if ...
Post a Comment
Read more

What is this mystical network!

There is a lot written about networks but most of the times when it comes to Basic questions like "What is a network?"(in regards to information technology), most of us will end up saying "A group of different devices that can intercommunicate in an intelligent manner (of-course you may find some that can only give you a shrug,like me)". When I asked myself all I got were random images of pcs and boxes connected via lines, bolts and clouds. Actually what we should concentrate on is what the network does instead of what the network really is? I still remember asking my high school teacher about this cloud. All I was told was that it's Internet: network of networks. Most of us will be pretty satisfied with the above definition of network but read it again, it tells us about what network is made of, and not what network exactly is. Let's take an example from the latest movie I watched, Shrek: the far away kingdom, where King stamps a letter and give ...
Post a Comment
Read more

Virtualization

The word "Virtualization" on its own, is too wide to discuss. But to cut it short, its a process of making one thing look like another. For our purposes we are referring to the ability of a computer to be split into multiple parts where the parts are (relatively) indistinguishable from the whole. For example, running different Linux environment on a single machine. Virtualization is often posed as a tool to over ride accustomed practice to having dedicated environments for each application, due to this one application per server deployment model, the majority of systems are grossly under-utilised like CPU utilization below 10% is normal. By virtualizing the physical hardware so that many “servers” can run simultaneously on the same physical machine we can drive utilisation much higher, to 50% or more. Hope it help!
Post a Comment
Read more