Virtual LANs
Consider a arrangement architecture that consists of Band 2 accessories only. For example, this architecture could
be a distinct Ethernet segment, an Ethernet about-face with abounding ports, or a arrangement with several
interconnected Ethernet switches. A absolutely Band 2 switched arrangement is referred to as a flat
network topology. A collapsed arrangement is a distinct advertisement domain, such that every affiliated device
sees every advertisement packet that is transmitted. As the cardinal of stations on the network
increases, so does the cardinal of broadcasts.
Due to the Band 2 foundation, collapsed networks cannot accommodate bombastic paths for amount balancing
or accountability tolerance. The acumen for this is explained in Affiliate 5, “Redundant About-face Links.” To
gain any advantage from added paths to a destination, Band 3 acquisition functions charge be
introduced.
A switched ambiance offers the technology to affected collapsed arrangement limitations. Switched
networks can be subdivided into basic LANs (VLANs). By definition, a VLAN is a single
broadcast domain. All accessories affiliated to the VLAN accept broadcasts from added VLAN
members. However, accessories affiliated to a altered VLAN will not accept those same
broadcasts.
A VLAN is fabricated up of authentic associates communicating as a analytic arrangement segment. In
contrast, a concrete articulation consists of accessories that charge be affiliated to a concrete cable
segment. A VLAN can accept affiliated associates amid anywhere in the campus network, as
long as VLAN connectivity is provided amid all members. Band 2 switches are configured
with a VLAN mapping and accommodate the analytic connectivity amid the VLAN members.
Figure 4-2 shows how a VLAN can accommodate analytic connectivity amid about-face ports.
Two workstations on the larboard Catalyst about-face are assigned to VLAN 1, while a third workstation
is assigned to VLAN 100. In this example, there can be no advice amid VLAN 1
and VLAN 100. Both ends of the articulation amid the Catalysts are assigned to VLAN 1. One
workstation on the appropriate Catalyst is additionally assigned to VLAN 1. Because there is end-to-end
connectivity of VLAN 1, any of the workstations on VLAN 1 can acquaint as if they were
connected to a concrete arrangement segment.
Virtual LANs 103
Figure 4-2 VLAN Functionality
VLAN Membership
When a VLAN is provided at an admission band switch, an end user charge accept some agency to gain
membership to it. Two associates methods abide on Cisco Catalyst switches: changeless VLANs
and activating VLANs.
Static VLANs
Static VLANs action port-based membership, area about-face ports are assigned to specific
VLANs. End user accessories become associates in a VLAN based on which concrete about-face port
they are affiliated to. No handshaking or altered VLAN associates agreement is bare for the
end devices; they automatically accept VLAN connectivity back they affix to a port.
Normally, the end accessory is not alike acquainted that the VLAN exists. The about-face anchorage and its VLAN
are artlessly beheld and acclimated as any added arrangement segment, with added “locally attached”
members on the wire.
Switch ports are assigned to VLANs by the chiral action of the arrangement administrator,
hence the changeless nature. The ports on a distinct about-face can be assigned and aggregate into many
VLANs. Alike admitting two accessories are affiliated to the aforementioned switch, cartage will not pass
between them if they are affiliated to ports on altered VLANs. To accomplish this function,
either a Band 3 accessory could be acclimated to avenue packets or an alien Band 2 accessory could be
used to arch packets amid the two VLANs.
VLAN 1
VLAN 200
VLAN 1
VLAN 1
VLAN 1
VLAN 100
VLAN 1
connectivity
104 Affiliate 4: VLANs and Trunking
The changeless port-to-VLAN associates is commonly handled in accouterments with applicationspecific
integrated circuits (ASICs) in the switch. This associates provides acceptable performance
because all anchorage mappings are done at the accouterments akin with no circuitous table lookups needed.
Configuring Changeless VLANs
This area describes the about-face commands bare to configure changeless VLANs. By default, all
switch ports are assigned to VLAN 1, are set to be a VLAN blazon of Ethernet, accept a maximum
transmission assemblage (MTU) admeasurement of 1500 bytes, and accept a Security Association Identifier (SAID)
of 100,000 additional the VLAN number.
First, the VLAN charge be created on the switch, if it doesn’t already exist. Then the VLAN must
be assigned to specific about-face ports.
NOTE To actualize a new VLAN, several prerequisites apropos to VTP charge be met. The about-face charge be
assigned to a VTP area and be configured for either server or cellophane VTP mode. VTP
is covered in the “VLAN Trunking Protocol” area of this chapter.
To configure changeless VLANs on an IOS-based switch, you would admission the afterward commands
in accredit mode:
Switch# vlan database
Switch(vlan)# vlan vlan-num name vlan-name
Switch(vlan)# exit
Switch# configure terminal
Switch(config)# interface interface module/number
Switch(config-if)# switchport approach access
Switch(config-if)# switchport admission vlan vlan-num
Switch(config-if)# end
The VLAN is created and stored in a database, forth with its cardinal and name. To accredit a
switch anchorage to the VLAN, you would use the switchport admission vlan interface configuration
command. The switchport approach admission command configures the anchorage for changeless VLAN
membership.
To configure changeless VLANs on a CLI-based switch, you would admission the afterward commands
in accredit mode:
Switch(enable) set vlan vlan-num [name name]
Switch(enable) set vlan vlan-num mod-num/port-list
The aboriginal command creates the VLAN numbered vlan-num on the about-face and assigns a
descriptive name to it. Note that a VLAN and its cardinal are cogent alone on the bounded switch,
unless some anatomy of VLAN trunking is acclimated to acquaint with added switches. If the name
field is not specified, the about-face will actualize a name based on the VLAN number, in the anatomy of
Virtual LANs 105
VLAN0002 for VLAN 2 for example. The additional command assigns VLAN vlan-num to one
or added about-face ports, articular with the about-face bore cardinal and the account of anchorage numbers.
For example, the command set vlan 101 3/1,3-7 would accredit ports 3/1, 3/3, 3/4, 3/5, 3/6, and
3/7 to VLAN 101.
To verify VLAN configuration, application the appearance vlan command will achievement a account of all VLANs
defined in the switch, in accession to the ports assigned to anniversary VLAN.
Dynamic VLANs
Dynamic VLANs are acclimated to accommodate associates based on the MAC abode of an end user
device. Back a accessory is affiliated to a about-face port, the about-face charge concern a database to
establish VLAN membership. A arrangement ambassador charge accredit the user’s MAC abode to
a VLAN in the database of a VLAN Associates Policy Server (VMPS).
With Cisco switches, activating VLANs are created and managed through the use of network
management accoutrement like CiscoWorks 2000 or CiscoWorks for Switched Internetworks (CWSI).
Dynamic VLANs acquiesce a abundant accord of adaptability and advancement for end users, but crave more
administrative overhead.
NOTE Activating VLANs are not covered in this text. For added information, accredit to the afterward Cisco
resources:
• CLI-based switches: “Configuring Activating Anchorage VLAN Associates with VMPS” at
www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_5/sw_cfg/vmps.htm
• IOS-based switches: “How VMPS Works” at www.cisco.com/univercd/cc/td/doc/
product/lan/c2900xl/29_35xu/scg/kivlan.htm#xtocid2442355