VLAN Concept
amb1s1
Member Posts: 408
in CCNA & CCENT
I don't know if Vlan is going over my head, but I can't understand the concept of it. I already read the Cisco pres (INTRO) book and the Sybex CCNA INTRO. I'm only couple of subjects that I have to understand (Not Memorize) and VLAN is one of them. Can any one explain it to me in a simple way?
Comments
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□I'm assuming you understand how a layer 2 network operates.If a pc wants to communicate vi ip to another pc on the layer 2 network, it has its ip address but it cant create the datagram because its missing the layer 2 mac address information.The pc will send a broadcast arp to discover the mac address that corresponds to the destination ip address.
Now if you have a huge layer 2 network consisting of hundreds of switches, and thousands of pc's, just imagine the quantity of traffic generated for arp requests that is flooded throughout your whole network.
Vlans give you a way to segment the huge layer 2 network into multiple smaller layer 2 networks.Each of the smaller layer 2 networks is isolated from the other and must use a layer 3 device i.e. a router to intercommunicate.The switch uses the vlan tag to divide the internal mac table into multiple mac table instances, switch ports are assigned to a vlan, which means all ports that share the same vlan id will share a common mac table.A trunk port can belong to multiple vlans and hence can belong to multiple mac tables.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
ilcram19 Inactive Imported Users Posts: 206vlan is a broadcast domain inside a switch (think of it a swicth inside a switch)...they separate broadcasts, vlan cannot comunicate with each other without a router and vlan encapsulation
isl and dot1q, isl encapsulate the whole frame...dot1q doesnt encapsulate all frames just the ones that dont belong to the native vlan, vlan help to separate groups of computers in diferent deparments, preventing data to be spread to all groups; only the host that are in the same vlan will hear a broadcast made by a host on da same vlan (unless forwarded by a router which it shouln unless u tell it to)...is like instead of having just one broadcast domain in a switch u have many...they incrase performace by reducing the size of the broadcast domain and increase security
remember isl and 801.1q vlan trunkingIf you stop getting better, you cease being good -
EdTheLad Member Posts: 2,111 ■■■■□□□□□□ilcram19 wrote:vlan is a broadcast domain inside a switch (think of it a swicth inside a switch)...they separate broadcasts, vlan cannot comunicate with each other without a router and vlan encapsulation
isl and dot1q, isl encapsulate the whole frame...dot1q doesnt encapsulate all frames just the ones that dont belong to the native vlan, vlan help to separate groups of computers in diferent deparments, preventing data to be spread to all groups; only the host that are in the same vlan will hear a broadcast made by a host on da same vlan (unless forwarded by a router which it shouln unless u tell it to)...is like instead of having just one broadcast domain in a switch u have many...they incrase performace by reducing the size of the broadcast domain and increase security
remember isl and 801.1q vlan trunking
He asked for a simple way, "broadcast domain" "isl" "dot1q" "native vlan" "broadcasts forwarded by routers" "vlan trunking", my head is spinning already! , this is how i explain to project managers who hassle me for deadlines.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
amb1s1 Member Posts: 408Ok let see if I got. The switch is acting in some way like a router (Creating different Broadcast) but does not forward a packet from one VLAN into another one right? Each VLAN used Logical address ok. What about inside the VLAN. If I have a Router_1 and I have 2 100 port switch (switch_A and Switch_B) each port has two VLAN. VLAN1 and VLAN2 on switch_A and VLAN3 and VLAN4 on Switch_B. If I want to send data from VLAN1 to VLAN2, the packet goes from VLAN to Router_1 and come back to VLAN2 right? OK when the data is inside the VLAN2 how it locates the host (Via Mac address or logical Address). If I send a packet from VLAN1 to VLAN4, it does the same as sending from VLAN1 to VLAN2.
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□In reality how this works is as follows, each vlan should be viewed as a seperate ip subnet.If i have a switch with three vlans, vlan 1, vlan 2 and vlan 3. Vlan 1 has 2 ports fa0/1,fa0/2 , vlan 2 has 3 ports fa0/3,fa0/4,fa0/5 and vlan 3 has 2 ports fa0/6,fa0/7. I have two pcs connected to vlan 1, i assign them each an ip address 192.168.1.1/24 and 192.168.1.2/24 respectfully.I have 3 pcs connected to vlan 2 with ip addresses 192.168.2.1/24,192.168.2.2/24,192.168.2.3/24 respectfully.My last vlan 3 has 2 pcs 192.168.3.1/24 and 192.168.3.2/24.
Now all the pc's in the same vlan can communicate at layer 2 due to being in the same vlan and at layer 3 as they share the same ip subnet.A pc in vlan 1 cannot communicate with a pc in vlan 3 because it is on a different subnet and there is no router available to work as a default gateway.
If i connect a router to fa0/8, configure fa0/8 as a trunk port so it can send frames with different vlan tags to the router.Next i setup subinterfaces on the router to recognise each vlan tag and assign each subinterface an ip address in the planned ip range, so on the router i have 3 subinterfaces f0/0.1,f0/0.2 and f0/0.3 .
fa0/0.1 ip address 192.168.1.254
fa0/0.2 ip address 192.168.2.254
fa0/0.3 ip address 192.168.3.254
Each of the pc's must now be configured with a default gateway corresponding to the routers subinterface. i.e. pcs in vlan 1 will use 192.168.1.254 as their default gateway , vlan 2 will use
192.168.2.254 etc etc
So i hope now you get the picture.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
amb1s1 Member Posts: 408Good, I'm getting there. What I'm going to do now is try to work my knowledge on the Sim to see if I can getit to work. I'm going to used you Topology. Thanks for you help
-
amb1s1 Member Posts: 408Ok I configurated all the pc with you ip address. When I go into the siwtch to do the Vlan I go.
- vlan database
- vlan 1
- vlan 2
- vlan 3
- exit
- config t
- int fa0/1
- switchport mode access
- switchport access vlan 1
- int fa0/2
- switchport mode access
- switchport access vlan 1
- int fa0/3
- switchport mode access
- switchport access vlan 2
- int fa0/4
- switchport mode access
- switchport access vlan 2
- int fa0/5
- switchport mode access
- switchport access vlan 2
- int fa0/6
- switchport mode access
- switchport access vlan 3
- int fa0/7
- switchport mode access
- switchport access vlan 3
Before I created the Vlan I was able to ping from one PC to all of PC, now I'm only able to ping the pc on the same VLAN. good
But now, when I do the SH valan I get the following messages: (If there is a way to copy from Boson please let me know):
Vlan name Statu port
1 default Active Fa0/1, Fa0/2 Fa0/8, Fa0/9
Fa0/10, Fa0/11 Fa0/12
1 Vlan 1 Active Fa0/1, Fa0/2, Fa0/8, Fa0/9
Fa0/10, Fa0/11 Fa0/12
2 Vlan 2 Active Fa0/3, Fa0/4, Fa0/5,
3 Vlan 3 Active Fa0/6, Fa0/7
I will like to know what I did wrong on Vlan1 -
EdTheLad Member Posts: 2,111 ■■■■□□□□□□You did nothing wrong on Vlan1, all ports are assigned to vlan 1 by default, since you havent modified ports 8-12 they are still present in vlan 1.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
-
amb1s1 Member Posts: 408So the best practice is using Vlan 2 as the first Vlan. How can I remove a Vlan.
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□amb1s1 wrote:So the best practice is using Vlan 2 as the first Vlan. How can I remove a Vlan.
To remove a port from a vlan add it back to vlan 1.
To remove a vlan :
3550-TID#vlan database
3550-TID(vlan)#vlan 1000
VLAN 1000 added:
Name: VLAN1000
3550-TID(vlan)#apply
APPLY completed.
3550-TID(vlan)#exit
APPLY completed.
Exiting....
3550-TID#show vlan id 1000
VLAN Name Status Ports
----
1000 VLAN1000 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
----
----
1000 enet 101000 1500 - - - - - 0 0
3550-TID#vlan database
3550-TID(vlan)#no vlan 1000
Deleting VLAN 1000...
3550-TID(vlan)#apply
APPLY completed.
3550-TID(vlan)#exit
APPLY completed.
Exiting....
3550-TID#show vlan id 1000
VLAN id 1000 not found in current VLAN database
3550-TID#Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
ilcram19 Inactive Imported Users Posts: 206I'm assuming you understand how a layer 2 network operates.If a pc wants to communicate vi ip to another pc on the layer 2 network, it has its ip address but it cant create the datagram because its missing the layer 2 mac address information.The pc will send a broadcast arp to discover the mac address that corresponds to the destination ip address
well i suppose that how u explain to pople when u dont want them to understandIf you stop getting better, you cease being good -
Netstudent Member Posts: 1,693 ■■■□□□□□□□There is an ok sim on the cisco.com prep center. It is VLANs and VTP though. The switches in the SIM are layer 3 so it might kinda throw you off. Coulnd't hurt to check it out though.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
-
amb1s1 Member Posts: 408Thanks, by the way you think it's possible to get VLAN Sim question on the INTRO Test.
-
Netstudent Member Posts: 1,693 ■■■□□□□□□□The best answer to that is check the INTRO exam blueprint...
http://www.cisco.com/web/learning/le3/current_exams/640-821.html
From what I read, I would have to say no.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
amb1s1 Member Posts: 408Going by that blueprint, I don't think they should be an Vlan Sim, but still it is good to learn.