To understand what is a Vlan and the rich features that it provides follow the link (also provided at the end). This article discusses how to setup and configure VLAN on Cisco devices. Suppose we have the following scenario and network topology.
We will assign the switch's physical port a special VLAN id. A switch will forward requests only if the destination belongs to the physical port having the same VLAN id. Consequently, devices connected to the same VLAN will be able to communicate.This fragments a single broadcast domain as discussed in VLAN Part 1. But there are a few points to ponder:
Cisco switches implement VLAN by attaching a small header to the Ethernet frame which contains VLAN id and other additional info. If the destination host resides locally it the outgoing interface will remove this tag and the host will receive the packet, unaware of the tagging and untagging done in the background. Even during broadcasts only those ports will receive the packet which belong to the same Vlan set.
Two switches communicate their respective VLAN information over 'trunk' lines. A trunk line is a special link designated to carry traffic belonging to all the VLANs. Trunk lines do not belong to any Vlan which is quite obvious since they will be carrying traffic of all the Vlans.
The protocols used to configure and manage VLANs are collectively known as IEEE 802.1q.
This explains the first two questions. By implementing trunk lines and Vlan tagging we can achieve our objective of designing a secure and efficient network. But the flexibility is lost since two host in different VLan groups cannot communicate with each other at all.
Since switches cannot solve the problem we move onto the the next device we can work with-a Router!
But there is yet another problem. Routers are essentially layer -3 devices and tagging is being done at layer-2. When a packet meant for a different VLAN reaches the switch it will eventually get discarded ( due to lack of ARP responses). For packets to reach a router either there must be some redirection mechanism or the host should directly send its request to the router. Redirection is out of question since switches cannot operate at layer-3 or above.
We are left with only one option- whenever a host needs to communicate with a host on another VLAN it should send its request to a designated router. Again hosts have no knowledge of VLANs but it can be overcome if each VLAN is given a separate address space, basically assigned a unique subnetwork. In such a scenario the router will act as a default gateway and whenever there is a need for inter-VLAN communication the packet will be sent to this designated router.
The final step is to make the designated router aware of VLAN. An interesting topology known as "Router on a stick" ( illustration below) appears when a router routes traffic for many (sub)networks over a single link. (More on how to configure such topologies in some later post). I have also put up the basic commands required to set up vlan with useful comments. I have also provided a link to download this file
Wiki on Vlan
Sample Vlan configuration file
We will assign the switch's physical port a special VLAN id. A switch will forward requests only if the destination belongs to the physical port having the same VLAN id. Consequently, devices connected to the same VLAN will be able to communicate.This fragments a single broadcast domain as discussed in VLAN Part 1. But there are a few points to ponder:
- How do 2 switches communicate with each other?
- How to make physically distant devices belong to the same VLAN?
- Is there any way at all to make inter-VLAN communication possible?
VLAN in Detail and intro to Trunk lines:
Cisco switches implement VLAN by attaching a small header to the Ethernet frame which contains VLAN id and other additional info. If the destination host resides locally it the outgoing interface will remove this tag and the host will receive the packet, unaware of the tagging and untagging done in the background. Even during broadcasts only those ports will receive the packet which belong to the same Vlan set.
Two switches communicate their respective VLAN information over 'trunk' lines. A trunk line is a special link designated to carry traffic belonging to all the VLANs. Trunk lines do not belong to any Vlan which is quite obvious since they will be carrying traffic of all the Vlans.
The protocols used to configure and manage VLANs are collectively known as IEEE 802.1q.
This explains the first two questions. By implementing trunk lines and Vlan tagging we can achieve our objective of designing a secure and efficient network. But the flexibility is lost since two host in different VLan groups cannot communicate with each other at all.
Inter-VLAN connectivity with the help of a router
Since switches cannot solve the problem we move onto the the next device we can work with-a Router!
But there is yet another problem. Routers are essentially layer -3 devices and tagging is being done at layer-2. When a packet meant for a different VLAN reaches the switch it will eventually get discarded ( due to lack of ARP responses). For packets to reach a router either there must be some redirection mechanism or the host should directly send its request to the router. Redirection is out of question since switches cannot operate at layer-3 or above.
We are left with only one option- whenever a host needs to communicate with a host on another VLAN it should send its request to a designated router. Again hosts have no knowledge of VLANs but it can be overcome if each VLAN is given a separate address space, basically assigned a unique subnetwork. In such a scenario the router will act as a default gateway and whenever there is a need for inter-VLAN communication the packet will be sent to this designated router.
The final step is to make the designated router aware of VLAN. An interesting topology known as "Router on a stick" ( illustration below) appears when a router routes traffic for many (sub)networks over a single link. (More on how to configure such topologies in some later post). I have also put up the basic commands required to set up vlan with useful comments. I have also provided a link to download this file
 |
| Router on a stick |
en configure terminal vlan 2 //create vlan with id 2 name account //give it an identifier exit vlan 3 //create vlan with id 3 name admin exit interface range fa0/1,fa0/2... //select all the physical ports that // you need to assign to some vlan switchport access vlan 2 //assign all these ports to vlan 2 //here access tells it to make it an access port // (ports which can belong to a single vlan exit interface range fa0/3,fa0/4 ... //select all ports to assign to //vlan 3 switchport access vlan 3 exit interface fa0/5 //select the port that acts as the trunk port //a trunk port is a port which carries all the vlan information from one // switch to another. switchport mode trunk //make the port a trunking port exit
Useful Links :
CCNA tutorial: Introduction to Vlans PART 1Wiki on Vlan
Sample Vlan configuration file
No comments:
Post a Comment