Hi and welcome to this CertificationKits CCNA training video on switching with VLANs. We are going to be talking about what a virtual LAN is and what it can do for you. How to create VLANs in a single switch environment, trunking with ISL and 802.1q when you have VLANs on multiple switches, what virtual trunking protocol can do for us, and actually creating VLANs that span multiple switches and some CCNA troubleshooting tips.
Now I brought up a CCNA slide that shows a switch. It’s got eight ports on it, by default, Cisco switches have a broadcast domain called VLAN1 and that’s what a virtual LAN is, it’s a broadcast domain. Every interface on the front of the switch is in VLAN1, supports one through eight on VLAN1 that means every computer here, computer one, two, three through eight plugged into these ports are all in the same broadcast domain. So when computer one sends a broadcast message out, everybody else is going to get it that’s in the same VLAN. Now there are multiple reasons you might want to separate broadcast domains. Some is to cut down on traffic. You might have too much traffic running on your network because you might have 300 or 400 computers in one broadcast domain. For security purposes, we might to segment some computers for security purposes and it just gives us a little bit of flexibility with our network.
What’s nice about the VLANs is we get this flexibility without having to buy multiple switches. Without VLANs, if I wanted three broadcast domains, I would have to have one, two, three different switches. That’s not good because I have to buy additional equipment and I might need three broadcast domains but only have 20 machines. One switch can easily have 20 ports on the front of it. So with VLANs, what I can do is I can create three broadcast domains on the switch without buying any additional equipment and what will happen is the computers that are plugged into the different broadcast domains or the different VLANs will act like they are plugged in a totally separate switches with not connectivity in between them so this machine up here cannot send traffic to this machine here. The only way to do it is if we have some sort of router to route in between those broadcast domains.
So what we are going to do is we are going to go in and take a look at creating an additional broadcast domain on this switch and what’s going to happen in that situation. I’ve cleaned up the slide a little bit. What we are going to do is look at what would happen if I created another VLAN, let’s call it VLAN2 and we’ll put ports one through three in VLAN2 so that means port four through eight will be in VLAN1. How I do that is I go to the switch and I basically tell it that there is another VLAN and I’ll show you how to do that in a minute. So I go “Hey… there is another broadcast domain, VLAN2” but just because I create the broadcast domain, it doesn’t mean there is anything in it so what I would do is at that point I would go to each interface and I said “Hey, interface one, you are no longer in VLAN1, I am moving you to VLAN2, broadcast domain 2” and I would do the same thing at interface two and interface three and that’s called static VLAN assignment. What happens once I put these three ports in VLAN2, the computers, computer one, computer two and computer three that are plugged into those ports, they don’t know what a VLAN is by the way, these computers are oblivious to this, all they know is they are trying to send information out.
The switch, now that those three computers or those ports, those computers are plugged into is in a different broadcast domain, it won’t let communication go to these other machines so if this guy sends out a broadcast message, it’s only going to hit computer two and computer three. The layer two switch, layer two of the OSI model, there is no way that computer three can communicate with computer four. I’m going to change colors here and go to red so you can see where the VLANs differ, so if computer three tries to communicate with computer four, not going to be able to do it because what would happen is how would computer three try to communicate with computer four? We might try to send out an ARP request for this guy’s MAC address, maybe his MAC address is AD. What’s an ARP? It’s a broadcast. If computer three sends out a broadcast message, only computer one and computer two are going to get it. The switch will not let communication go between these two ports. The only way to do that if somehow we had a router that had an interface in VLAN1 or interface in VLAN1 over here and an interface in VLAN2.
So let’s go in and take a look at an actual switch and we are going to configure this CCNA scenario right here, there will be few more ports on it where we are going to put some VLANs or some ports in VLAN1, some ports on VLAN2 and we’ll take a look at what happens to this communication of those devices. I’ve brought up my CCNA simulator and I’ve created an environment where I’ve got a 2950 switch, the 2950 switch is the focus of the CCNA test four computers plugged into it PC1 to port one, PC2 port two, three to three, four to four. I’ve set up IP addresses so they can Ping each other, everybody right now is in VLAN1 including Palestra, a switch so I can Ping PC1 which is the IP address of 172.16.1.10, I get a reply back, PC2 is dot 20, get reply, PC3 dot 30, get reply. PC4 is dot 40. If I do a show run and I look at the switch configuration, here is where I set the IP address for the switch, it’s called a VLAN interface, on a 2950 switch, it’s a layer two switch, I can have one VLAN interface up at a time. By default its interface VLAN one but there is no IP address. I’ve set an IP address to allow the switch to Ping all four machines. So ports one through four as well as the switch IP all have IP addresses in interface VLAN1, if I want to check it out, I can use a show and just type in the show VLAN command and this is what I get out of it. Shows made of VLANs, number one is the default. 1002, 1003, 1004 and 1005 are reserved VLANs. Number one is the default. All ports on the front of the switch are in VLAN1. Port 12 is all the way over here. It normally would show up over here if I wasn’t in the CCNA sim so VLAN1 which is broadcast domain one has all the ports so any computer plugged into any of these ports on the front of the switch are going to be in VLAN1 as well as the switch IP is in VLAN1 so everything in VLAN1 as long as they have the right IP address, we’ll be able to communicate without passing through a router, that’s a key thing is without passing through a router to understand from a CCNA perspective.
Let’s take a look at what happens when I put computers three and computers four that are plugged into ports three and four into a different VLAN. So the first thing I’m going to have to do is create that VLAN. To create a VLAN, I have to go in and enter the VLAN database. All the information about VLANs contained in a database file on a switch so what I have to do is I have to enter the VLAN database mode by typing in VLAN database. Now I can go in and create the VLAN, I just go VLAN or call it VLAN2. I can give it a name, VLAN2, get real creative there. So I go VLAN2 named VLAN2, you don’t have to put the name, that’s optional the switch will assign it a name if I don’t put one. Now if I do a show VLAN, I can see that there is a VLAN2 now, take a look at it right up here, VLAN3 but there aren’t any ports in it so default VLAN, VLAN1 still has all the ports, VLAN2 does not have any ports in it so there’s nothing actually in VLAN2. Next step is go ahead and put some interfaces in the VLAN2 and the computers that are plugged into those interfaces will be in VLAN2. I’m going to put VLAN or interfaces three and four in VLAN2 so I have to go to the interface, interface FA0/3 and the command for this is switch port access VLAN and then the number of the VLAN, VLAN3, access VLAN does not exist creating VLAN3, oh I’m supposed to be putting the port in the VLAN three and not creating VLAN3. So port three goes in VLAN2, my mistake.
What’s nice about this though, something you can see is if VLAN3 does not exist, it automatically creates it so I must set up on purpose so you can see what happens when you specify a VLAN that does not exist. I’m going to change that now, I’m going to put it back to VLAN2, so now I have switch port three in VLAN2, I’m going to call up my previous commands, go to FA04, enter and switch port access VLAN2 so I want the long way about this but I put interface three and interface four in the VLAN2, now when I do a show VLAN, I can take a look at it and I see that all the ports are in VLAN1 still except for ports three and ports four so anything plugged in these two ports will be isolated from the rest of the broadcast domains.
So let’s take a look at what that means from a CCNA perspective. Now remember the switch IP is in VLAN1 so I should be able to Ping the IP addresses of the computers that are still on VLAN1, that’s computer one, and that’s computer two, who know that the IPR address is for one and two dot 20 and dot 10. Now the IP address for the switch Is not in VLAN2 so I should not be able to Ping computer three which I cannot, notice I get an error, it does not allow me to Ping and I cannot Ping computer four. Again the switch is IP exist in VLAN1 since it’s in a different broadcast domain in cannot Ping those machines. If I go to the machines themselves, it’s station one, I can try Pinging, so I’ll Ping machine two, 172.16.1.20, I get a reply back, all successful but if I tried to Ping dot 30 which is machine three I can’t hit it and if I try to Ping dot 40 which is machine four, you can’t hit that. Let me go to machine three on my sim here it is station three and I go in and I can Ping computer four, that’s the IP address for computer four, I can Ping computer four but I cannot Ping computer one which has IP address of 10 or computer two which has an IP address of 20.
Let me recap what I’ve just done. I brought up the CCNA slide here and we’ve got the switch that I’ve shown and there are actually 12 ports on that switch. So what we did was in VLAN1, there are ports one and two and then five through 12 in VLAN1. I took interfaces three and interfaces four and put them in a different broadcast domain which is VLAN2 so I’ve got computer one and computer two and then computer three and computer four. These two ports I sectioned out and put into VLAN2, so those ports are in VLAN2. In my scenario, only… there are only four computers, one through four so what happens when I try to Ping, the IP addresses all match the first three… 172.16.1.X, this IP is dot 10, this IP is 20, this IP is 30, this is IP is 40. Since these two are in a different broadcast domain when I try for machine one and I try to Ping, 172 is 16.1.30 let’s say, what happens is my machine looks at that IP address and goes “Okay, that is a local IP” that’s in the same broadcast… the IP is anyway let me do an ARP request, it does an ARP request. An ARP request is a broadcast message requesting a MAC address from a known IP. The switch sees this broadcast and only forwards it out other ports that are in VLAN1.
So if there were other computers plugged into the other switches, they would all receive it. However, the computer is plugged into ports three and four are not a part of VLAN1 so they do not get that broadcast message. If three tries to Ping four though, he sends out an ARP request before he gets it and response back. So there is actually no connectivity between computers on and two or three and four. Again the only way we would be able to do that is we have a router plugged in here and that’s in another video in the VLAN routing. So again this can be for security purposes if I want to section these two machine off, it might be counting machines, one might have the printer hooked up to it that’s got the checks on it, you might be cutting you know instead of this representing two machines, it might represent a couple of hundred machines to cut down on a broadcast traffic in a domain. Whatever the reason, the flexibility of the VLAN is unsurpassed because again if I want to do that the old way, if I didn’t have VLANs, what I’d have to do is I’d actually but two different switches, plug computers three and four into one switch and one and two into another to get the same functionality.
Things become a little bit more involved when we have multiple switches communicating with each other. We might have a port 12 on each switch, there’s ports one through 12 here, you just can see five through eleven. So we’ve got ports 12 on each switch and that’s an uplink port between the switches to those communications and we have a computer plugged into port one, computer plugged into port three, one and two, whatever on each switch, we’ve got computers A, B, C, and D. What we want to do is we want to section off maybe B and D into their own VLAN, it seems simple and if it was just in one switch it would be, these switches might be on different floors of the same building. Now we have to have communication between the switches about the VLAN information because if B sends a broadcast message, switch one has to tell switch two which VLAN, that particular broadcast messages is a part of so it only ends up going to computer D so there’s a few things that we’re going to have to do here to get this to function.
The first thing is virtual trunking protocol, you got to talk about that and pick what’s called a VTP mode. Three VTP modes that I typed up here to save you from my handwriting, the first one is serve mode, second one is client mode and the third one is transparent mode, now if it’s a standalone switch, server mode or transparent mode will be the appropriate mode to have the switch in. Server mode and transparent mode are the only two modes in which you can create a VLAN, client mode you don’t really do anything, you just turn on the client, and it pulls all the information from the server. So in this situation we want switch one to be in server mode and switch two to be in client mode. Second thing we have to specify is a VTP domain. All switches are part of the VTP domain will pull information from the server that’s a member of the same domain. So what would happen is on the server we would use a command called VTP, it’s a real tough command to remember, domain, space the name of the VTP domain and that would set the domain so that switches every switch that’s in that VTP domain, we would get information from the server as far as what VLANs are present, so this might be VTP domain Cisco.
So we have a client and we type din VTP client, VTP server on the server by default, the switch would be in server mode and that means again we can create VLANs and then we have the client. What happens is let’s say we have the server and we have the client and that’s a little bit how VTP works and so we’ve got a client switch and that client, it can be a couple of other client switches coming off of it so we have multiple client switches and one server. Let’s say on a server we type in VLAN3, name, and just give it a number three. There’s what’s called a VTP database. Now the VTP database has a number just like other databases do. When a chance is done to the database, that number increments and that’s called a configuration revision number. So the configuration revisions number changes from three to four on the server switch when I create another VLAN, VLAN3 name, three and what happens is virtual trunking protocol takes over. It sends that change out to the client switches. This client switch takes the change, checks its current VLAN database number and notice it’s at a three so it takes a new information and makes it a four and it passes that information along to other switches so all of the other switches in the VTP domain would change their database appropriately meaning add VLAN3 to their database so they knew of another VLAN and change their configuration revision number from three to four. If after a while I decided I didn’t want VLAN3 anymore and I got rid of it on the server, the configuration revision number would change from four to five, virtual trunking protocol would take over, send the information out and all of the switches would go ahead and update their configuration revision numbers to five when they deleted VLAN3 from their database so that’s what VTP is going to do for us.
I’m going to clean up my CCNA slide and we are going to take a look at what transparent mode is going to do and why we actually use transparent mode. So if I have multiple switches, so here is the server, here is a client, here is a switch in transparent mode and then let’s say there is another client coming off of this. What transparent mode does is it allows the switch to be in the environment but it will not listen to anything the server says. So let’s say I’m in this VTP domain, all the switches are in there. Transparent mode basically says “Hey, I don’t want any part of this VTP domain nonsense.” So I’m here, I have a configuration revision number, I have a new VLAN, it changes from three to four, goes to the client, this client sends it out here and sends it out here. This client takes the information, makes the change, this client takes the information and makes a change. This guy, transparent mode is just looking at I have no need for that information. He passes it along to this other client switch but he doesn’t take the information himself and does anything with it so what happens with the transparent mode switch, we could actually create our own VLANs off of that switch and these two computers can be hanging out all by themselves and no one else or no other switches in this VTP domain would know about this VLAN so it allows us to kin of section off a switch and create VLANs on it without having it be part of the VTP domain and you can do that for whatever security purposes or traffic broadcast domain, dissection purposes you want.
Well VTP is just one part of this. Again, VTP allows the server to tell the client there is a new VLAN or the server to tell the client that they got rid of a VLAN, whatever the case, that allows the communication about what VLANs are present exist. Now even though that communications there, we still need something else. We still need to do what’s called trunking and turn on these trunk lines here and what this does is trunking allows the switch to mark the frames and identify those frames to a particular VLAN. Let me explain that a little bit further. Cleared my slide once again as you can see. Now there is something called trunking and there are a couple of trunking protocols you need to know. Again the term protocol just means a set of rules, inner switch linking, and IEEE802.1Q trunking protocol. Both of these do a very similar task. ISL is Cisco’S proprietary trunking protocol, this is the vender neutral trunking protocol developed by IEEE. They both do a very similar job. As the traffic passes between switches, this trunking protocols, let’s say computer B wants to send something to computer D and they are in the same VLAN so computer B sends out this frame and it wants to go all the way over to computer B here. Now it hits the switch and if there was another computer on the same VLAN, maybe has another computer here, computer F and that was in the same VLAN as computer B but the switch would take it, send it right over to computer F and no problem.