Greg reviews some of the fundamentals of VLANs, touching on why they are utilized and how they can improve network function. Discover how VLAN assignments are made. Observe which VLAN numbers are available, and what mechanisms are in place to allow extended ranges. Greg explains how to create VLANs and the proper way to identify them.
- [Instructor] Virtual LANs are what every modern enterprise network is built on, and is one of the core concepts covered in the CCMP's switching exam. VLANs breakup flat network topologies by logically separating the network at layer two. This is fundamental for segregating networks segments for security, as well as performance reasons. A VLAN consists of a single broadcast domain, so only members of that same VLAN will hear them. Members can exist on the same switch or be spanned across multiple switches, so long as they are a member of the same VLAN.
VLAN membership can be assigned in one of two ways, either statically or dynamically. Dynamic is beyond the scope of this test, but in short the switch will query a database using the hosts MAC address and alocate the VLAN based on the response. Static configuration is done per port, so when a host connects to a VLAN assigned port, there is no negotiation necessary. It will be communicating on that VLAN. In fact, the in host will be completely ignorant of the VLANS existence, as it doesn't change it's communications.
In most switches, this port to VLAN mapping is done via hardware asics, so is not to experience any performance penalties from the process. VLANs and Catalyst switches are generally assigned a VLAN number ranging form one to 1001. VLANs one, 10002 to 1005 are special. One is on every port by default, and best practice is to disable this VLAN and use alternates. VLANs 1002 to 1005 are set aside for legacy applications related to token ring and FDDI.
The 802.1Q standard allows for VLAN IDs from one to 4094, and IDs from 1006 to 4094 are supported as extended VLAN IDs in Catalyst switches. These extended IDs are only available when the switch is put into VTP mode transparent. To create a VLAN and add it to the VLAN database on the switch, issue a global config command VLAN ID where ID as your desired VLAN number.
Again, I prefer verbose in my configurations. So, in VLAN config mode, I'll add the name command. This gives me the ability to use a meaningful name for each VLAN as in name data. The VLAN name can be up to 32 characters long with no spaces. I generally use dashes in place of spaces. Once a VLAN is configured in the Switch Database, it can be assigned to an interface. Technically, assigning a VLAN to a port will create the VLAN. The best practice is to manually add it and name it.
Once in interface configuration mode, the port should be configured with a layer two interface with the Switchport command. The mode should then be set to access with Switchport mode access. Last, the designated VLAN should be assigned to the interface with Switchport access VLAN ID. If I wanted to assign VLAN 10 to the interface, the command would be Switchport access VLAN 10. Once VLANs have been created and or assigned to interfaces, I can enter the show VLAN command to see which exists and which ports have been configured as members.
Creating VLANs and assigning access ports is a very common day to day task for a network admin. While it seems basic, mastering this is paramount to every admin's career.
- Switch design and basic port configuration
- VLAN operation and configuration
- VLAN creation and access ports
- VTP operation and advanced configuration
- STP operation and configuration
- EtherChannel operation and configuration
- Multilayer Switching
- SPAN and RSPAN operation and configuration
- Exploring high availability