Virtual LAN(VLAN) A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch.

When one create VLANs , he is given the ability to create smaller broadcast domains within a layer 2 switched internetwork by assigning different ports on the switch to different subnetworks. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcast onto the network are only switched between the ports logically grouped within the same VLAN. SIMPLIFICATION OF NETWORK MANAGEMENT WITH THE HELP OF VLAN : 1) Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN. 2) A group of users that need an unusually high level of security can be put into its own VLAN so that users outside of the VLAN cant communicate with them. 3) As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations. 4) VLANs greatly enhance network security. 5) VLANs increase the number of broadcast domains while decreasing their size. ADVANTAGES OF VLAN: 1) BROADCAST CONTROL: Broadcasts occur in every protocol, but how often they occur depends upon three things: 1) The type of protocol 2) The application(s) running on the internetwork 3) How these services are used Since switches have become more affordable lately, a lot of companies are replacing their flat hub networks with pure switched network and VLAN environments. All devices within a VLAN are members of the same broadcast domain and receive all broadcasts. By default, these broadcasts are filtered from all ports on a switch that arent members of the same VLAN. This is great because one get all the benefits he would with a switched design without getting hit with all the problems he have if all his users were in the same broadcast domain. 2) SECURITY: A flat internetworks security used to be tackled by connecting hubs and switches together with routers. So it was basically the routers job to maintain security. This arrangement was pretty ineffective for several reasons. First, anyone connecting to the physical network could access the network resources located on that particular physical LAN. Second, all anyone had to do to observe any and all traffic happening in that network was to simply plug a network analyzer into the hub. And similar to that last ugly fact, users could join a workgroup by just plugging their workstations into the existing hub. But thats exactly what makes VLANs so cool. If one build them and create multiple broadcast groups, he has total control over each port and user. So the days when anyone could just plug their workstations into any switch port and gain access to network

resources are history because now he gets to control each port, plus whatever resources that port can access. Moreover VLANs can be created in accordance with the network resources a given user requires, plus switches can be configured to inform a network management station of any unauthorized access to network resources. And if one need inter- VLAN communication, he can implement restrictions on a router to make that happen .He can also place restrictions on hardware addresses, protocols, and applications.

3) FLEXIBILITY AND SCALABILITY: The layer 2 switches only read frames for filteringthey dont look at the Network layer protocol. And by default, switches forward all broadcasts. But if VLANs are implemented ,it has been essentially created smaller broadcast domains at layer 2. What this means is that broadcasts sent out from a node in one VLAN wont be forwarded to ports configured to belong to a different VLAN. So by assigning switch ports or users to VLAN groups on a switch or group of connected switches, one gain the flexibility to add only the users he want into that broadcast domain regardless of their physical location. This setup can also work to block broadcast storms caused by a faulty network interface card (NIC) as well as prevent an intermediate device from propagating broadcast storms throughout the entire internetwork. Those evils can still happen on the VLAN where the problem originated, but the disease will instead be quarantined to that one ailing VLAN. Another advantage is that when a VLAN gets too big , one can create more VLANs to keep the broadcasts from consuming too much bandwidththe fewer users in a VLAN, the fewer users affected by broadcasts. This is all well and good, but he seriously need to keep network services in mind and understand how the users connect to these services when he create he VLAN. Its a good move to try to keep all services, except for the email and Internet access that everyone needs, local to all users whenever possible. TYPES OF VLAN: There are two types of VLAN:STATIC VLAN: Most of the time, VLANs are created by a sys admin who proceeds to assign switch ports to each VLAN. VLANs of this type are known as static VLAN. Advantages :1) static VLANs are the most secure. This security stems from the fact that any switch port youve assigned a VLAN association to will always maintain it unless one change the port assignment manually. 2) Static VLAN configuration is pretty easy to set up and supervise, and it works really well in a networking environment where any user movement within the network needs to be controlled. Disadvantages :1) It can be helpful to use network management software to configure the ports, but one dont have to it If he do not want to.

DYNAMIC VLAN: One can assign all the host devices hardware addresses into a database so the switches can be configured to assign VLANs dynamically any user plug a host into a switch. This type of VLAN is known as a dynamic VLAN. Advantages:1) A dynamic VLAN determines a nodes VLAN assignment automatically. Using intelligent management software, one can base VLAN assignments on hardware (MAC) addresses, protocols, or even applications that create dynamic VLANs. For example, lets say MAC addresses have been entered into a centralized VLAN management application and one hook up a new node. If he attached it to an unassigned switch port, the VLAN management database can look up the hardware address and both assign and configure the switch port into the correct VLAN. Needless to say, this makes management and configuration much easier because if a user moves, the switch will simply assign them to the correct VLAN automatically. 2) The VLAN Management Policy Server (VMPS) service can be used to set up a database of MAC addresses to be used for the dynamic addressing of his VLANs. The VMPS database automatically maps MAC addresses to VLANs Disadvantages :1) A lot more works have to be done initially to set up the database. IDENTIFYNG VLANS : The switch ports are layer 2only interfaces that are associated with a physical port. A switch port can belong to only one VLAN if it is an access port or all VLANs if it is a trunk port. A port can be manually configured as an access or trunk port, or one can let the Dynamic Trunking Protocol (DTP) operate on a per-port basis to set the switch port mode. DTP does this by negotiating with the port on the other end of the link. Switches are definitely pretty busy devices. As frames are switched throughout the network, theyve got to be able to keep track of all the different types plus understand what to do with them depending on the hardware address. There are two different types of links in a switched environment. Access Ports : An access port belongs to and carries the traffic of only one VLAN. Traffic is both received and sent in native formats with no VLAN tagging whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port. With an access link, this can be referred to as the configured VLAN of the port. Any device attached to an access link is unaware of a VLAN membershipthe device just assumes its part of the same broadcast domain, but it doesnt have the big picture, so it doesnt understand the physical network topology at all. Trunk Ports : A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router, or even between a switch and server, and it carries the traffic of multiple VLANsfrom 1 to 4,094 at a time . Advantages of Trunking :1) Trunking can be a real advantage because with it, one get to make a single port part of a whole

bunch of different VLANs at the same time. This is a great feature because he can actually set ports up to have a server in two separate broadcast domains simultaneously so his users wont have to cross a layer 3 device (router) to log in and access it. 2) Another benefit to trunking comes into play when one is connecting switches. Trunk links can carry various amounts of VLAN information across the link, but by default, if the links between your switches arent trunked, only information from the configured VLAN will be switched across that link. Its good to know that all VLANs send information on a trunked link unless one clear each VLAN by hand. VLAN TRUNKING PROTOCOL (VTP) : The basic goals of VLAN Trunking Protocol (VTP) are to manage all configured VLANs across a switched internetwork and to maintain consistency throughout that network VTP allows administrator to add, delete, and rename VLANsinformation that is then propagated to all other switches in the VTP domain. Heres a list of some of the cool features VTP has to offer: 1) 2) 3) 4) Consistent VLAN configuration across all switches in the network. VLAN trunking over mixed networks, such as Ethernet to ATM LANE or even FDDI. Accurate tracking and monitoring of VLANs. Dynamic reporting of added VLANs to all switches in the VTP domain. Plug and Play VLAN adding.

5)

COMMANDS USED IN VLAN CONFIGURATION: COMMANDS 1> config vlan cisco switch 2> show vlan which are configured 3> show interface trunk 4> interface switch port on a switch to be in a port) 5> switchport mode access to access 6> switchport mode trunk to trunk unconditionally 7> switchport trunk encapsulation dot1q trunk with standard as IEEE 802.1Q COMMENTS 2> To configure VLAN in a 2> To check the vlans 3> To see the trunk ports 4> To configure each port specific VLAN(access 5> To set trunking mode unconditionally 6> To set trunking mode 7> To set the interface to encapsulation