VIRTUAL LAN

CS 708 Seminar

ARJUN J S (Roll No. 05068)

B. Tech. Computer Science & Engineering

College of Engineering Kottarakkara

Kollam 691 531
Ph: +91.474.2453300
http://www.cet.ihrd.ac.in
cekottarakkara@ihrd.ac.in
 Certificate

This is to certify that this report titled Virtual LAN is a bonafide record of
the CS 708 Seminar work done by Mr.Arjun J S Reg No. 10264004,
Seventh Semester B. Tech. Computer Science & Engineering student, under
our guidance and supervision, in partial fulfillment of the requirements for
the award of the degree, B. Tech. Computer Science and Engineering of
Cochin University of Science & Technology.

December 30, 2008

Guide Coordinator & Dept. Head

Renjith S R Ahammed Siraj K K

Lecturer Asst. Professor
Dept. of Computer Science & Engg. Dept. of Computer Science & Engg.
 Acknowledgments

I hereby take the opportunity to thank Asst Prof.Ahammed Siraj K K,

Head of Department and Ranjith S R of computer science,College of Engi-
neering Kottarakkara, for their valuable points and guidance through out the
course of my seminar. Last but not leaving the one, I would like to thank
my parents for their motivation and my friends who gave me their valuable
contributions regarding my topic and the encouragement through the prepa-
ration of seminar. Above all I would like to thank God for His abundant
blessings without which this wouldnt be possible.
 Abstract
The Virtual LAN configuration is a virtual concept that relates
with Switches which is described in this SEMINAR. The nature and
function of a bridged /switched network is to provide enhanced net-
work services by segmenting the network into multiple collision do-
mains. The fact remains that this network is a still a single broad-
cast domain. It is important to control the broadcast propagation
throughout the network. Routers provide broadcast domain segmen-
tation; similarly Switches also provide the same facility called virtual
LANs (VLANs).A VLAN is defined as a broadcast domain.
Definition: A group of devices on one or more logically segmented
LANs (configured by use of software), enabling devices to communi-
cate as if attached to the same physical medium, when they are actu-
ally located on numerous different LAN segments. VLANs are based
on logical instead of physical connections and thus are tremendously
flexible.
VLANs enable you to group users into common broadcast do-
main regardless of their physical location in the internetwork.VLANs
provides various benefits and improves various factors dealing in the
switched network.

i
Contents
1 Introduction 1

2 Backbone network device 2

3 What is VLAN 4

4 How VLANs Operate? 5

5 Need for vlan 6

6 Different model of VLAN 8

7 VLAN Memberships 11

8 VLAN Identification Method 13

9 VLAN Trunking Protocol (VTP) 15

10 VTP Modes of Operation 16

11 Configuring VLANs 18

12 Advantages of VlANs 19

13 conclusion 22

References 22

ii
1 Introduction
I know I keep telling you this, but Ive got to be sure you never forget
it, so here I go, one last time: By default, switches break up collision
domains and routers break up broadcast domains. Okay, I feel better!
Now we can move on. In contrast to the networks of yesterday that
were based on collapsed backbones, todays network design is charac-
terized by a flatter architecturethanks to switches. So now what? How
do we break up broadcast domains in a pure switched internetwork?
By creating a virtual local area network (VLAN). A VLAN is a logical
grouping of network users and resources connected to administratively
defined ports on a switch. When you create VLANs, youre given the
ability to create smaller broadcast domains within a layer 2 switched
inter- network by assigning different ports on the switch to different
subnetworks. A VLAN is treated like its own subnet or broadcast
domain, meaning that frames broadcast onto the network are only
switched between the ports logically grouped within the same VLAN.
So, does this mean we no longer need routers? Maybe yes; maybe no.
It really depends on what you want or what your needs are. By de-
fault, hosts in a specific VLAN cannot commu- nicate with hosts that
are members of another VLAN, so if you want inter-VLAN communi-
cation, the answer is that you still need a router.

1
2 Backbone network device
In todays networked backbone, there are certain hardware devices that
connect other networks to the backbone. These are special purpose
devices and computers that just transfer messages from one network
to another. Before we look deep into the topic Virtual LANs, let us
see the basic devices used in the network backbone. They are
1. Bridges
2. Switches
3. Routers
4. Gateways
5. Hubs
BRIDGES-Bridges operate at the data link layer. They connect two
LAN segments that use the same data link and network protocol.
They may use the same or different types of cables. Bridges learn
whether to forward packets, and only forward those messages that
need to go to other network segments. If a bridge receives a packet
with a destination address that is not in the address table, it forwards
the packet to all networks or network segments except the one on
which it was received. Bridges are a combination of both hardware
and software, typically a black box that sits between the two networks,
but can also be a computer with two NICs and special software.
SWITCHES-Like bridges, switches operate at the data link layer.
Switches connect two or more computers or network segments that
use the same data link and network protocol. They may connect the
same or different types of cable. The switch is a device that connects
a material coming in with an appropriate outlet. They require more
processing power. Switches operate at the same layers as bridges but
differ from them in two ways: 1. First, most switches enable all ports
to be in use simultaneously, making them faster than bridges. 2. Sec-
ond, unlike bridges, switches dont learn addresses, and need to have
addresses defined. There are two types of switches: 1. Cut-through
switches examine the destination of the incoming packet and imme-
diately connect the port with the incoming message to the correct
outgoing port. It is hardware-based. 2. Store-and-forward switches
copy the incoming packet into memory before processing the destina-
tion address.
ROUTERS-Routers operate at the network layer. Routers connect
two or more LANs that use the same or different data link protocols,

2
but the same network protocol. Routers may be black boxes, comput-
ers with several NICs, or special network modules in computers. In
general they perform more processing on each message than bridges
and therefore operate more slowly. Routers can choose the best route
when compared with bridges .They only process messages specifically
addressed to it. Routers can connect networks using different data link
layer protocols. Therefore, routers are able to change data link layer
packets. Routers may split a message into several smaller messages
for better transmission.
GATEWAYS-Gateways operate at the network layer and use net-
work layer addresses in processing messages. Gateways connect two or
more LANs that use the same or different (usually different) data link
and network protocols. The may connect the same or different kinds
of cable. Gateways process only those messages explicitly addressed to
them. Gateways translate one network protocol into another, translate
data formats, and open sessions between application programs, thus
overcoming both hardware and software incompatibilities. A gateway
may be a stand-alone microcomputer with several NICs and special
software, a FEP connected to a mainframe computer, or even a special
circuit card in the network server. One of the most common uses of
gateways is to enable LANs that use TCP/IP and Ethernet to com-
municate with IBM mainframes that use SNA. The gateway provides
both the basic system interconnection and the necessary translation
between the protocols in both directions. HUBS- Physical layer de-
vices that are really just multiple port repeaters. When an electronic
digital signal is received on a port, the signal is reampli-fied or regen-
erated and forwarded out all segments except the segment from which
the signal was received.

3
3 What is VLAN
In a broadcast environment, a broadcast is sent out by a host on a
single segment would propagate to all segments, saturating the band-
width of the entire network. Also, without forcing some method of
checking at an upper layer, all devices in the broadcast domain would
be able to communicate via Layer 2.This severely limits the amount
of security that could be enforced on the network. Before the intro-
duction of switches and VLANs, networks were divided into multiple
broadcast domains by connectivity through a router .Because routers
do not forward broadcasts, each interface is in a different broadcast
domain. Each segment is an individual IP subnet and regardless of
a workstations function, its subnet is defined by its physical location.
Definition: A group of devices on one or more logically segmented
LANs (configured by use of software), enabling devices to communi-
cate as if attached to the same physical medium, when they are actu-
ally located on numerous different LAN segments. VLANs are based
on logical instead of physical connections and thus are tremendously
flexible. A VLAN is logical broadcast domain that can span multiple
physical LAN segments .A VLAN can be designed to provide indepen-
dent broadcast domains for station logically segmented by functions,
project teams, or applications without regard to the physical location
of users. Each switch port can only be assigned to only one VLAN.
Ports in a VLAN share broadcasts. Ports that do not belong to the
same VLAN do not share broadcasts. This control of broadcast im-
proves the networks overall performance. VLANs enable switches to
create multiple broadcast domains within a switched network. Any
user in this VLAN would receive a broadcast from any other member
of the VLAN; users of other VLANs would not receive these broad-
casts. Each of the users in a given VLAN would also be in the same
IP subnet.

4
4 How VLANs Operate?
A Catalyst Switch operates in your network like a traditional bridge.
Each VLAN configured on the switch implements address learning,
forwarding /filtering decisions and loop avoidance mechanisms as if
it were a separate bridge .This VLAN might include several ports.
Internally , the catalyst switch implements VLANs by restricting data
forwarding to destination ports I the same VLAN as originating ports
.in other words , when a frame arrives on a switch port, the catalyst
must retransmit the frame only to a port that belongs to the same
VLAN . The implication is that a VLAN operating on a Catalyst
switch limits transmission of unicast, multicast and broadcast traffic
.flooded traffic originating from a particular VLAN floods out only
other ports belonging to that VLAN .This means that each VLAN
is an individual broadcast domain. Normally, a port carries traffic
only for the single connection VLAN it belongs too. In order for
a VLAN to span multiple switches on a single connection, a trunk is
required to connect two switches. A trunk port can only be configured
on the Fast Ethernet ports ion the Catalyst 1900 switches. Here we
can see that each figure (triangle, circle, and square) represents a
separate VLAN. These nodes do not communicate with each other
but communication is between those represented by the same figure
.For example here we can see that circle is represents Administrative
section. Therefore network can be divided into Administrative VLAN
(circle), Engineering VLAN (square) and Marketing VLAN (triangle).

5
5 Need for vlan
By the 1980’s, most networks consisted of a simple, hierarchical ar-
rangement in which multiple, shared-media networks were connected
by a router. With their sophisticated packet handling, routers allowed
communication between networks when necessary, while effectively
segmenting traffic so that large shared networks were not swamped by
excessive traffic. Unfortunately, traditional routers were slow, com-
plicated and expensive. As the need for faster networks emerged, a
new solution was needed. Switches spearheaded the next evolution of
network structure. By segmenting the network and providing dedi-

6
cated bandwidth where needed, they greatly increased performance,
while reducing cost and complexity. However, traditional switches
segment only unicast, or node-to-node, traffic. Unlike routers, they
do not limit broadcast traffic (packets that are addressed to all the
nodes within the network) or multicast traffic (packets that are dis-
tributed to a group of nodes). As networks have grown and traffic has
increased, IT managers have been forced to segment their networks
into more and more switched subnets to meet increasing performance
demands. With these changes, broadcast and multicast traffic have
placed a greater burden on network bandwidth. In the worst case
scenario, broadcast traffic can spiral out of control, creating broad-
cast storms that can bring down the network. As switched networks
have become more common, routers have continued to exist within
the network. But they’ve been forced toward the periphery, where
speed is generally less critical. VLANs offer an effective solution to
swamped routers and broadcast storms. By limiting the distribu-
tion of broadcast, multicast and unicast traffic, they can help free
up bandwidth, reduce the need for expensive and complicated rout-
ing between switched networks, and eliminate the danger of broadcast
storms. With these advantages, VLANs revive many of the key ad-
vantages of LAN routing, but with greater flexibility, performance,
simplicity and affordability.

7
6 Different model of VLAN
In general there are three basic models for determining and controlling
how a packet gets assigned to a VLAN. They are:
Port-based VLANs- In this implementation the administrator as-
signs each port of a switch to a VLAN. The switch determines the
VLAN membership of each packet by noting For example, ports 1-3
might be assigned to the Sales VLAN, ports 4-6 to the Engineering
VLAN and ports 7-9 to the Administrative VLAN (see Figure). The
switch determines the VLAN membership of each packet by noting the
port on which it arrives. When a user is moved to a different port of
the switch, the administrator can simply reassign the new port to the
user’s old VLAN. The network change is then completely transparent
to the user, and the administrator saves a trip to the wiring closet.
However, this method has one significant drawback. If a repeater is
attached to a port on the switch, all of the users connected to that
repeater must be members of the same VLAN.

8
 Figure 1: port based vlan

MAC address-based VLANs- The VLAN membership of a packet

in this case is determined by its source or destination MAC address.
Each switch maintains a table of MAC addresses and their correspond-
ing VLAN memberships. A key advantage of this method is that the
switch doesn’t need to be reconfigured when a user moves to a dif-
ferent port. However, assigning VLAN membership to each MAC
address can be a time consuming task. Also, a single MAC address
cannot easily be a member of multiple VLANs. This can be a signif-
icant limitation, making it difficult to share server resources between
more than one VLAN. (Although a MAC address can theoretically be
assigned to multiple VLANs, this can cause serious problems with ex-
isting bridging and routing, producing confusion in switch forwarding
tables.)

9
 Layer 3 (or protocol)-based VLANs- With this method, the VLAN
membership of a packet is based on protocols (IP, IPX, NetBIOS, etc.)
and Layer 3 addresses. This is the most flexible method and provides
the most logical grouping of users. An IP subnet or an IPX network,
for example, can each be assigned their own VLAN. Additionally,
protocol-based membership allows the administrator to assign non-
routable protocols, such as NetBIOS or DECnet, to larger VLANs
than routable protocols like IPX or IP. This maximizes the efficiency
gains that are possible with VLANs.
Another important distinction between VLAN implementations is
the method used to indicate membership when a packet travels be-
tween switches. Two methods exist: Implicit VLAN membership is
indicated by the MAC address. In this case, all switches that support
a particular VLAN must share a table of member MAC addresses.
Explicit A tag is added to the packet to indicate VLAN member-
ship. Cisco ISL and the IEEE 802.1q VLAN specifications both use
this method. To summarize, when a packet enters its local switch,
the determination of its VLAN membership can be port-based, MAC-
based or protocol-based. When the packet travels to other switches,
the determination of VLAN membership for that packet can be either
implicit (using the MAC address) or explicit (using a tag that was
added by the first switch). Port-based and protocol-based VLANs
use explicit tagging as their preferred indication method. MAC-based
VLANs are almost always implicit. The bottom line is that the IEEE
802.1q specification is going to support port-based membership and
explicit tagging, so these will be the default VLAN model in the fu-
ture.

10
7 VLAN Memberships
Most of the time, VLANs are created by a sys admin who proceeds
to assign switch ports to each VLAN. VLANs of this type are known
as static VLANs. If you dont mind doing a little more work when
you begin this process, assign all the host devices hardware addresses
into a database so your switches can be configured to assign VLANs
dynamically any time you plug a host into a switch. I hate saying
things like obviously, but obviously, this type of VLAN is known as
a dynamic VLAN. Ill be covering both static and dynamic VLANs in
the next couple of sections.
1. Static VLANs
Creating static VLANs is the most common way to create a VLAN,
and one of the reasons for that is because static VLANs are the most
secure. This security stems from the fact that any switch port youve
assigned a VLAN association to will always maintain it unless you
change the port assignment manually. Static VLAN configuration
is pretty easy to set up and supervise, and it works really well in a
networking environment where any user movement within the network
needs to be con- trolled. It can be helpful to use network management
software to configure the ports, but you dont have to use it if you dont
want to. In Figure 9.4, each switch port was configured manually with
a VLAN membership based upon which VLAN the host needed to be
a member ofremember, the devices actual physical location doesnt
matter a bit. Which broadcast domain your hosts become members
of is purely up to you. And again, remember that each host also has
to have the correct IP address information. For instance, you must
configure each host in VLAN 2 into the 172.16.20.0/24 network for
them to become members of that VLAN. Its also a good idea to keep
in mind that if you plug a host into a switch, you have to verify the
VLAN membership of that port. If the membership is different than
whats needed for that host, the host wont be able to gain access to
the network services that it needs, such as a workgroup server.
1. Dynamic VLANs
On the other hand, a dynamic VLAN determines a nodes VLAN
assignment automatically. Using intelligent management software,
you can base VLAN assignments on hardware (MAC) addresses, pro-
tocols, or even applications that create dynamic VLANs. For ex-
ample, lets say MAC addresses have been entered into a centralized

11
VLAN manage- ment application and you hook up a new node. If
you attached it to an unassigned switch port, the VLAN manage-
ment database can look up the hardware address and both assign and
con- figure the switch port into the correct VLAN. Needless to say,
this makes management and configuration much easier because if a
user moves, the switch will simply assign them to the correct VLAN
automatically. But here again, theres a catch: Youve got to do a lot
more work initially setting up the database. It can be very worthwhile
though! And heres some good news: You can use the VLAN Man-
agement Policy Server (VMPS) service to set up a database of MAC
addresses to be used for the dynamic addressing of your VLANs. The
VMPS database automatically maps MAC addresses to VLANs. A
dynamic-access port can belong to one VLAN (VLAN ID 1 all the
way up to 4094) and, as I said, is dynamically assigned by the VMPS.
The Catalyst 2960 switch can be a VMPS client only. You can have
dynamic-access ports and trunk ports on the same switch, but you
have to connect the dynamic-access port to an end station or hubnot
to another switch!

12
8 VLAN Identification Method
VLAN identification is what switches use to keep track of all those
frames as theyre traversing a switch fabric. Its how switches iden-
tify which frames belong to which VLANs, and theres more than one
trunking method. Inter-Switch Link (ISL) Inter-Switch Link (ISL) is
a way of explicitly tagging VLAN information onto an Ethernet frame.
This tagging information allows VLANs to be multiplexed over a trunk
link through an external encapsulation method (ISL), which allows the
switch to identify the VLAN mem- bership of a frame over the trunked
link. By running ISL, you can interconnect multiple switches and still
maintain VLAN informa- tion as traffic travels between switches on
trunk links. ISL functions at layer 2 by encapsulat- ing a data frame
with a new header and cyclic redundancy check (CRC). Of note is that
this is proprietary to Cisco switches, and its used for Fast Ethernet
and Gigabit Ethernet links only. ISL routing is pretty versatile and
can be used on a switch port, router interfaces, and server interface
cards to trunk a server.

13
 IEEE 802.1Q Created by the IEEE as a standard method of frame
tagging, IEEE 802.1Q actually inserts a field into the frame to identify
the VLAN. If youre trunking between a Cisco switched link and a
different brand of switch, youve got to use 802.1Q for the trunk to
work. It works like this: You first designate each port that is going to
be a trunk with 802.1Q encapsulation. The ports must be assigned a
specific VLAN ID, which makes them the native VLAN, in order for
them to communicate. The ports that populate the same trunk create
a group with this native VLAN, and each port gets tagged with an
identification number reflecting that, again the default being VLAN
1. The native VLAN allows the trunks to carry information that was
received without any VLAN identification or frame tag. The 2960s
support only the IEEE 802.1Q trunking protocol, but the 3560s will
support both the ISL and IEEE methods.

14
9 VLAN Trunking Protocol (VTP)
Cisco created this one too. The basic goals of VLAN Trunking Pro-
tocol (VTP) are to manage all configured VLANs across a switched
internetwork and to maintain consistency throughout that network
VTP allows you to add, delete, and rename VLANsinformation that
is then propagated to all other switches in the VTP domain. Heres a
list of some of the cool features VTP has to offer: Consistent VLAN
configuration across all switches in the network VLAN trunking over
mixed networks, such as Ethernet to ATM LANE or even FDDI Accu-
rate tracking and monitoring of VLANs Dynamic reporting of added
VLANs to all switches in the VTP domain Plug and Play VLAN
adding Very nice, but before you can get VTP to manage your VLANs
across the network, you have to create a VTP server. All servers that
need to share VLAN information must use the same domain name,
and a switch can be in only one domain at a time. So basically, this
means that a switch can only share VTP domain information with
other switches if theyre configured into the same VTP domain. You
can use a VTP domain if you have more than one switch connected in
a network, but if youve got all your switches in only one VLAN, you
just dont need to use VTP. Do keep in mind that VTP information
is sent between switches only via a trunk port. Switches advertise
VTP management domain information as well as a configuration revi-
sion number and all known VLANs with any specific parameters. But
theres also something called VTP transparent mode. In it, you can
configure switches to forward VTP information through trunk ports
but not to accept information updates or update their VTP databases.
If youve got sneaky users adding switches to your VTP domain behind
your back, you can include passwords, but dont forgetevery switch
must be set up with the same password. And as you can imagine,
this little snag can be a real hassle administratively! Switches detect
any added VLANs within a VTP advertisement, then prepare to send
infor- mation on their trunk ports with the newly defined VLAN in
tow. Updates are sent out as revi- sion numbers that consist of the
notification plus 1. Any time a switch sees a higher revision number,
it knows the information its getting is more current, so it will over-
write the existing database with the latest information. You should
know these three requirements for VTP to communicate VLAN in-
formation between switches: The VTP management domain name of
both switches must be set the same. One of the switches has to be

15
configured as a VTP server. No router is necessary. Now that youve
got that down, were going to delve deeper in the world of VTP with
VTP modes and VTP pruning.

10 VTP Modes of Operation

VTP Modes of Operation Figure 9.6 shows you all three different
modes of operation within a VTP domain: Server This is the default
mode for all Catalyst switches. You need at least one server in your
VTP domain to propagate VLAN information throughout that do-
main. Also important: The switch must be in server mode to be able
to create, add, and delete VLANs in a VTP domain. VTP information
has to be changed in server mode, and any change made to a switch
in server mode will be advertised to the entire VTP domain. In VTP
server mode, VLAN configurations are saved in NVRAM. Client In
client mode, switches receive information from VTP servers, but they
also send and receive updates, so in this way, they behave like VTP
servers. The difference is that they cant create, change, or delete
VLANs. Plus, none of the ports on a client switch can be added to
a new VLAN before the VTP server notifies the client switch of the
new VLAN. Also good to know is that VLAN information sent from
a VTP server isnt stored in NVRAM, which is important because it
means that if the switch is reset or reloaded, the VLAN information
will be deleted. Heres a hint: If you want a switch to become a server,
first make it a client so it receives all the correct VLAN information,
then change it to a serverso much easier! So basically, a switch in VTP
client mode will forward VTP summary advertisements and pro- cess
them. This switch will learn about but wont save the VTP configu-
ration in the running configuration, and it wont save it in NVRAM.
Switches that are in VTP client mode will only learn about and pass
along VTP informationthats it! Transparent Switches in transpar-
ent mode dont participate in the VTP domain or share its VLAN
database, but theyll still forward VTP advertisements through any
configured trunk links. They can create, modify, and delete VLANs
because they keep their own databaseone they keep secret from the
other switches. Despite being kept in NVRAM, the VLAN database
in transparent mode is actually only locally significant. The whole
purpose of transparent mode is to allow remote switches to receive
the VLAN database from a VTP server-configured switch through a

16
switch that is not participating in the same VLAN assignments. VTP
only learns about normal-range VLANs, with VLAN IDs 1 to 1005;
VLANs with IDs greater than 1005 are called extended-range VLANs
and theyre not stored in the VLAN data- base. The switch must be
in VTP transparent mode when you create VLAN IDs from 1006 to
4094, so it would be pretty rare that youd ever use these VLANs. One
other thing: VLAN IDs 1 and 1002 to 1005 are automatically created
on all switches and cant be removed.

17
11 Configuring VLANs
It may come as a surprise to you, but configuring VLANs is actually
pretty easy. Figuring out which users you want in each VLAN is
not; its extremely time consuming. But once youve decided on the
number of VLANs you want to create and established which users
you want to belong to each one, its time to bring your first VLAN
into the world. To configure VLANs on a Cisco Catalyst switch, use
the global config vlan command. In the following example, Im going
to demonstrate how to configure VLANs on the S1 switch by creating
three VLANs for three different departmentsagain, remember that
VLAN 1 is the native and administrative VLAN by default. From

18
the preceding above, you can see that you can create VLANs from 2
to 4094. This is only mostly true. As I said, VLANs can really only
be created up to 1005, and you cant use, change, rename, or delete
VLANs 1 and 1002 through 1005 because theyre reserved. The VLAN
numbers above that are called extended VLANs and wont be saved in
the database unless your switch is set to VTP transparent mode. You
wont see these VLAN numbers used too often in production. Heres
an example of setting my S1 switch to VLAN 4000 when my switch is
set to VTP server mode . Extended VLAN(s) not allowed in current
VTP mode.
After you create the VLANs that you want, you can use the show
vlan command to check them out. But notice that, by default, all
ports on the switch are in VLAN 1. To change the VLAN associated
with a port, you need to go to each interface and tell it which VLAN
to be a part of.
This may seem repetitive, but its important, and I want you to
remember it: You cant change, delete, or rename VLAN 1 because
its the default VLAN and you just cant change thatperiod. Its the
native VLAN of all switches by default, and Cisco recommends that
you use it as your administrative VLAN. Basically, any packets that
arent specifically assigned to a different VLAN will be sent down to
the native VLAN. In the preceding S1 output, you can see that ports
Fa0/3 through Fa0/8 and the Gi0/1 uplink are all in VLAN 1, but
where are ports 1 and 2? Remember that in the previous chapter
I trunked and created an EtherChannel bundle. Any port that is a
trunk port wont show up in the VLAN database. You have to use the
show interface trunk command to see your trunked ports. Now that
we can see the VLANs created, we can assign switch ports to specific
ones. Each port can be part of only one VLAN, with the exception of
our voice access ports. With the trunking we went over earlier, you
can make a port available to traffic from all VLANs. Ill cover that
next.

12 Advantages of VlANs
Flexible Network Segmentation Users and resources that communicate
most frequently with each other can be grouped into common VLANs,
regardless of physical location. Each group’s traffic is largely contained
within the VLAN, reducing extraneous traffic and improving the ef-

19
ficiency of the whole network. Simple Management The addition of
nodes, as well as moves and other changes can be dealt with quickly
and conveniently from the management console rather than the wiring
closet. Increased Performance VLANs free up bandwidth by limiting
node-to-node and broadcast traffic throughout the network. In many
network environments, an increasing number of routers are deployed
to segment traffic into additional broadcast domains. However, as
the router population grows, latency increasingly degrades network
performance. This causes problems not only for legacy applications,
but also for newer multimedia applications. Its also harder to assign
network resources by groups unless each group is physically on the
same LAN, so users can experience poor performance due to a num-
ber of causes. VLANs solve these issues by creating broadcast do-
mains on their switches that ensure traffic from one user group doesnt
impact the traffic from another. Plus, as network resources can be
assigned by user groups, groups get what they need based on business
requirements, and not according to how the users drive the network
at any particular moment. Transferring high priority financial docu-
ments neednt be impacted by lower priority graphic arts file transfers.
Moreover, performance is generally much greater using switches than
it is using routers, so these switches forward traffic at higher rates as
well. Better use of Server Resources With a VLAN-enabled adapter,

20
a server can be a member of multiple VLANs. This reduces the need
to route traffic to and from the server. Reduced Costs Switches, not
routers, typically implement VLANs. By reducing the dependency
on routers, which are much more costly to deploy, organizations can
reduce costs. In addition, the reduction in overhead costs associated
with automated and simplified moves, additions and changes cuts costs
even further. Network Resource Assignment VLAN tagging provides
a new and effective method for grouping users by function, and defin-
ing the bandwidth and network resources that can be used by them.
This allows administrators to dedicate network resources by business
need rather than by some floating, arbitrary means. So, network re-
sources, like bandwidth, can both be assigned and managed on a very
granular level, ensuring that each group or department gets what they
need or pay for. Enhanced Network Security VLANs create virtual
boundaries that can only be crossed through a router. So standard,
router-based security measures can be used to restrict access to each
VLAN as required.

21
13 conclusion
This chapter introduced you to the world of virtual LANs and de-
scribed how Cisco switches can use them. We talked about how
VLANs break up broadcast domains in a switched inter- networka
very important, necessary thing because layer 2 switches only break
up collision domains and, by default, all switches make up one large
broadcast domain. I also described access links to you and we went
over how trunked VLANs work across a Fast Ethernet link.

22