Virtual LANs

In preparation of our CCNA exam, we want to make sure we cover the various concepts that we could see on our Cisco CCNA exam. So to assist you, below we provided a CCNA VLan Cliff Notes article. This section will probably be most helpful to review immediately before you take your Cisco CCNA certification exam on test day!

If you have a 24 port Cisco switch and you plug a PC into each port of the Cisco switch, you have all 24 PCs on a single LAN via that Cisco switch. A VLAN is a Virtual LAN. Now if you still connect all 24 of those PCs to the same Cisco switch, but now you configure this managed Cisco switch to behave in a way in which it “virtually” breaks the switch into two separate switches…well, you have just created a VLAN. These two separate VLANs will each have their own subnet and will only broadcast to other PCs on the same VLAN. This way you get to use the Cisco switch to segment broadcast domain which until implementing this concept was only possible with a Cisco router which controlled or contained broadcasts to a particular subnet.

So a VLAN can be defined as a virtual broadcast domain. Instead of segmenting the broadcast domain with a router, you will segment it with a Cisco switch at layer 2. Each VLAN should have its own IP subnet.

VLAN Advantages
Broadcast Control: Broadcasts generated in one VLAN are not propagated to other VLANs. So now to pass traffic between VLANs on the same Cisco switch, you must use a Cisco router.

Security: Control over each port and user which is not possible with hubs.

Flexibility & Scalability: Allow adding or removing users to broadcast domain regardless of their physical location

Two ways to assign VLANs:
Statically: The administrator assigns users to a VLAN. It works well on networks where users' movement is controlled. This is a commonly used method and most secure but has a lot of administrative overhead.

Dynamically: Determines a node's VLAN assignment automatically using software. Initial administration work required to build the database. Cisco's VLAN Management Policy Server (VMPS) is a MAC address-to-VLAN mapping database.
NOTE: Clients (PCs) on VLANs are unaware of their VLAN membership. Cisco routers, Cisco switches and servers can handle and recognize VLANs membership for each frame.

VLAN Links
Access Link: Link that is part of one VLAN, called native VLAN. This is used to connect clients to their associated VLAN.

Trunk Link:

  • Used to propagate multiple VLANs traffic on the same link to other Cisco switches, Cisco routers and servers.
  • Works only on 100 or lOOOMbps point-to-point links between two Cisco switches, Cisco switch and Cisco router, Cisco switch and server. It does not work on 10 Mbps links.
  • A single trunk link can carry up to 1005 VLANs traffic.
  • If there is no trunk link configured between switches, only VLAN1 information will be exchanged between them.
  • By default, all VLANs traffic will pass on a trunk when it is created unless cleared by the administrator.

    Frame Tagging

  • Uniquely assigns a VLAN ID to all passing frames to identify which frame belongs to which VLAN.
  • Frames are tagged when they traverse a trunk link. VLAN tags are removed from the frame before exiting the trunk link.

    VLAN Trunking Protocols(VTP)
    Inter-Switch Link(ISL): Cisco proprietary.

  • Original frame is encapsulated in ISL frame with 26 byte ISL headers and 4 byte FCS trailers. The original frame is not altered.
  • ISL enabled NICs are required to read ISL frames because ISL frame can be up to 1522 bytes while standard Ethernet frames are up to 1518 bytes.

    IEEE 802.1q: It inserts a field into the frame for VLAN identification; original frame is altered, not encapsulated.

    LAN Emulation (LANE): Sends VLAN information over ATM links.

    802.10: Sends VLAN information over FDDI links.

    VLAN Trunk Protocols Operation

  • VTP manages VLANs and propagates administrative configuration changes to all switches.
  • Updates are sent out across trunk links with a revision number. Any time a switch sees a revision number higher than its own, it will over-write its current database with the new update.

    VTP Pruning

  • VTP pruning is used to reduce VLAN traffic on a trunk when a destination VLAN is not present at the end of the trunk.
  • VLANs 2-1005 are pruning-eligible. VLAN 1 is never prune-eligible because it is the administrative VLAN.

    VTP Elements Mode of Operation:
    Server Mode: This is the default mode of operation.

  • Can create, add and delete VLANs in a VTP domain. VTP information change must be done in Server mode.
  • At least one Server is needed in every VTP domain.
  • To exchange VLAN information, all VTP Servers must share the same Domain-Name. A switch can only be in one domain at a time.

    Client Mode: Receives and forwards VLAN updates. Updates its database but cannot make changes. If you want a switch to become a Server, make it a client first so that it receives all the updates then change it to Server.

    Transparent Mode:

  • Only receives and forwards VTP advertisements through trunk links.
  • Can add and delete locally configured VLANs but it will not advertise it.

    I hope you found this article to be of use and it helps you prepare for your Cisco CCNA certification. Achieving your CCNA certification is much more than just memorizing Cisco exam material. It is having the real world knowledge to configure your Cisco equipment and be able to methodically troubleshoot Cisco issues. So I encourage you to continue in your studies for your CCNA exam certification.