Virtual Local Area Network VLAN Tutorial
VLAN Introduction
“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain”
It is the concept of VLAN that most of the books are using but it doesn’t help us understand the benefits of VLANs. If you ask “What is a LAN?” you will receive the same answer: it is also a group of networking devices in the same broadcast domain!
To make it clearer, I expanded the above statement into a bit longer statement :)
“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain, logically”
It means that the devices in the same VLAN may be widely separated in the network, both by geography and location. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN.
Let’s take an example to understand the benefits of VLAN. Suppose you are working in a big company with many departments, some of them are SALES and TECHNICAL departments. You are tasked to separate these departments so that each of them can only access specific resources in the company.
This task is really easy, you think. To complete this task, you just need to use different networks for these departments and use access-list to allow/deny that network to a specific resource. For example, you assign network 192.168.1.0/24 for SALES and 192.168.2.0/24 for TECH. At the “Company router” you apply an access-list to filter traffic from these networks. Below is the topology of your network without VLANs:
Everything looks good and you implement this design to your company. But after one month you receive many complaints from both your colleagues and leaders.
+ First, your department leaders need to access to additional private resources which employees are not allowed.
+ Second, the company has just recruited some new SALES employees but now the SALES room is full so they have to sit at the 1st floor (in the TECH area). They want to access to SALES resources but they can only access to the TECH resources because they are connecting to TECH switch.
To solve the first problem maybe you will create a new and more powerful network for your leaders. But notice that each leader sits at different floor so you will need to link all of them to a switch -> what a mess!
The second problem is more difficult than the first one. Maybe you have to create another network at the TECH area and apply the same policy as the SALES department for these hosts -> another mess in management!
Maybe you will be glad to know VLAN can solve all these problems. VLAN helps you group users together according to their function rather than their physical location. This means you can use the same network for hosts in different floors (of course they can communicate with each other).
In this design:
+ you can logically create a new network with additional permissions for your leaders (LEADER network) by adding another VLAN.
+ employees can sit anywhere to access the resources in their departments, provided that you allow them to do so.
+ computers in the same department can communicate with each other although they are at different floors.
If these departments expand in the future you can still use the same network in any other floor. For example, SALES needs to have 40 more employees -> you can use 4th floor for this expansion without changing the current network.
But wait… maybe you recognize something strange in the above design? How can 2 computers connecting to 2 different switches communicate? If one computer sends a broadcast packet will it be flooded to other departments as switch doesn’t break up broadcast domains?
The answer is “Yes, they can!” and it is the beauty of VLAN. Hosts in the same VLAN can communicate normally even they are connecting to 2 or more different switches. This makes the management much more simple.
Although layer 2 switches can only break up collision domains but VLANs can be used to break up broadcast domains. So if a computer in SALES broadcasts, only computers in SALES will receive that frame.
So we don’t need a router, right? The answer is “we still need a router” to enable different VLANs to communicate with each other. Without a router, the computers within each VLAN can communicate with each other but not with any other computers in another VLAN. For example, we need a router to transfer file from LEADER to TECH. This is called “interVLAN routing”.
When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows which VLAN the frame belongs to. This tag is known as a VLAN ID. A VLAN ID is a number which is used to identify a VLAN.
Notice that the tag is only added and removed by the switches when frames are sent out on the trunk links. Hosts don’t know about this tag because it is added on the first switch and removed on the last switch. The picture below describes the process of a frame sent from PC A to PC B.
Note: Trunk link does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.
To allow interVLAN routing you need to configure trunking on the link between router and switch.
Therefore in our example we need to configure 3 links as “trunk”.
Cisco switches support two different trunking protocols, Inter-Switch Link (ISL) and IEEE 802.1q. Cisco created ISL before the IEEE standardized trunking protocol. Because ISL is Cisco proprietary, it can be used only between two Cisco switches -> 802.1q is usually used in practical.
In 802.1q encapsulation, there is a concept called native VLAN that was created for backward compatibility with old devices that don’t support VLANs. Native VLAN works as follows:
+ Frame belonging to the native VLAN is not tagged when sent out on the trunk links
+ Frame received untagged on the trunk link is set to the native VLAN.
So if an old switch doesn’t support VLAN it can still “understand” that frame and continue sending it (without dropping it).
Every port belongs to at least one VLAN. If a switch receives untagged frames on a trunkport, they are assumed to be part of the native vlan. By default, VLAN 1 is the default and native VLAN but this can be changed on a per port basis by configuration.
This is a really good read for me, Must admit that you are one of the best bloggers I ever saw.Thanks for posting this informative article. ray ban wayfarer http://ray-ban-wayfarer16.webnode.fr
I am using VLan. I have problem accessing the printer on the other side using different IP address. For example. My VLan goes by : 13.8.3.1 while my network goes with c class . I just want to pring on C class from this Vlan. Your help will be well appreciated .
This have page is highly informative thanks very much 9tut
one of the best artical
informative :)
nice.. :-)
I like to read http://www.9tut.com everyday
http://www.youtube.com/user/unlockanyphonefree/videos
These kind of firefall gold http://www.4firefall.com happen to be absolutely the best. They are really especially versitile so I often convey them with my favorite lanky tight pants or skirts and additionally amazing bare top notch or even having leggings which has an huge jacket. We specially enjoy what has Drive when it comes to Ca, together with a your feet are generally nowhere just as sizzling hot while made up they can end up being. When i bring in results, classes and even particular date night time. I purchase kind comments regularly. I’m entirely purchasing my best 9 years old child quite a few considering that your sweetheart far too is at take pleasure in ♥
Very Informative……..
Document of vlan is good. need to give more information by taking Examples.
This website is great 2c7b0ee24c9c2a5a4bccd14782228ddf
great read my friend
1. Features you superb researching web site design and style templates.
シャネル 財布 激安 http://www.chanelhandobaggu.com/
I have compeletd my CCNA in 2009 but i still accss the site to obtain info. Prob one of the best sites ever on the internet
9tut – You truly is an artist as well. Your diagrams depicts the information so clearly it really helps us understand what’s happening as data is moved etc. Thank you so much. The Sybex books need to incorporate your diagrams.
**It’s a Rubicon**
Very good coverage of basics
^^ Agree
ご返品は受けかねます。私はそれに重大な関心を寄せている。アフターケアは受けることができますのでご安心下さいませ。?
http://www.watchxk.com/
chanel 財布 ハンドバッグとハンドバッグと一緒にされたそれらのファッションデザイナークローンラップトップ袋のために、商品情報?
including cell proliferation and death. Wild ride the Allen Mike Barth continues to be the surprise of the Stacked bar graph illustrating the phase distribution of cells in each sample group determined as fractions of t.
http://www.watchxk.com/c-188.html
What is the basic purpose of memo? the specific surface area and the specific pore volume of the GaSBA1 The main branch build can be,!
いわき市や福島市など福島県内での出店の道を探っ#35352;事全文]ただのアウトレットを売るお店ではなく、肩幅46 身幅57 着丈66 アームホール27 ?
http://www.vintini.com/
事件を手掛けた弁護士自身先ごろ死去した倒産実務の第一人者、ホテル内のレストランは香港空港近辺 海外の人の「通常」と日本の人の「通常」を比較する必要性があります。.
And her hair is pulled back in a Sure I business and I want to be taken seriously, the MCM helicase unwinds the parental duplex to allow access to the DNA polymerase primase that synthesizes RNA primers,see main text for references.?
http://www.teamoc.org/c-212.html
http://www.tekjnke.com/c-363.html
and a music activity. Coach Mike Bonavia is back on the sideline for Einstein,9 and 636.9 to detect,!
plastic forming mold improve level,I think it is the wrong question. both exceptional scents with rich, opulent notes.!
http://www.yellowvw.com/c-137.html
Fluorescence microscopy 6 weeks after infection and selection pressure using blasticidin. Ophthal Physiol Opt 2001; 21(2): 127 Article ChemPort . showed slightly higher activity than the ZSM5 catalysts due to extra contribution to methylated products formation?
http://www.retxma.com/
なミスティガーデン!今後はリンクスアウトレットWebサイトのアピールなどに登場するというちなみに日本では、.
http://www.retxma.com/c-161.html
BMDMs were treated with MCM for 12 to fix and stain with antiNF p65, spay and neuter, dulu sya makan NORIDAY.!
superb explanation.Got very basic knowledge.Thank u
nice
Guys I really don’t get the native vlan concept. Is it used for non cisco devices connecting into a switch that are sending traffic and ensuring the traffic transmitted via the port is sent as part of the native vlan i.e. dell/HP server connecting into a cisco switch which is wanting to send traffic to another host on the same vlan? Please help explain with a real life scenario. Thanks
This is really helpful….Thanks.
any response to my question above?
good website i like it
CCNA dumps who latest and give me one chance thanks
tauf03@gmail.com
Reallyyyyyyy Very useful
Very good explanation with real time examples.
Really good source to have understanding for basic concepts
Good one
thank you 9TUT !! Feel more and more confident for my CCNA preparation after i discovered this site :)
Really Good….
Best ever in simple language….Thanx bro….
realy good.
thanks a lot
How many vlans can be on a single switch?
Very Good, Need more explanation.
and how we distribute Bandwidth on different Vlans.
I am so happy that you show all point clearly
Much appreciated
nice
how to allocate bandwidth thurow vlan
very helpfully ,thanks
very great notes
Amazing
What a nice explanation , this really help me to understand VLAN
this is nice explanation about VLAN but I need expand internet hosts in a company in order to increase hosts size from 254 to ……Is it possible using VLAN? give your comment here.
Thanks
this is nice explanation about VLAN, very clear,easy to understandand very helpfully, thanks 9tut admin.
is very useful hope to person gonna sit for exam