VLANs are virtual LANs that is used to segregate broadcast domains in a layer 2 domain. Logically, VLANs allows you to setup multiple switches in a same physical switch. VLANs are used to isolate different types of traffic in IP networks like voice, data, management, web, and so on. Similarly, VLANs can also be used to separate networks like management, finance, employees, and so on.
Understanding VLANs and Routed VLAN Interface in Cisco Switch
Switches use VLAN IDs to identify the VLANs. VLAN ID can range from 1 to 4094. For example, in layer 2 domain, traffic sent by PC in VLAN 10 can only be received by PCs in the same VLAN. VLANs can be configured using ISL or 802.1Q protocol. ISL (Inter Switch Link) is a Cisco proprietary VLAN tagging protocol whereas 802.1Q is the industry standard protocol. There are mainly two different type of switch ports in switched environment. They are: –
- Access Ports: – Access ports are mostly used for connecting PCs, servers, and other devices in the network. Access port do not accept or forward tagged frames. Any device connected to access port doesn’t really know about VLAN IDs. The device only receives and sends frames without VLAN tags.
- Trunk Port: – Trunk ports are used for connecting other switches, servers and routers. Trunk ports can carry frames of multiple VLANs simultaneously. Trunk ports supports both tagged and untagged frames. The native VLAN in trunk ports is used to accept untagged frames.
Let’s have a look at scenario shown below. Will PC-A be able to communicate with PC-B?
Answer is, Yes. When PC-A pings PC-B, the packet is received by fa0/1 port of switch-A, the switch then tags this frame with VLAN ID 10 and sends out from port fa0/5. While the frame is processed out from port fa0/5 of switch-A the VLAN tag information is removed. So when fa0/5 of Switch-B receives this frame, the frame is normal with no VLAN tags associated with it. So the Switch-B then tags the frame with VLAN 20 and is processed by fa0/1 of the same switch. When the frame is processed outbound from port fa0/1 of Switch-B the VLAN tag is again removed by the access port and the PC-B gets the frame. Note, there is lot of other protocols and steps involved for communication between the PCs. I just focused on VLAN tags.
Communication between VLANs require layer 3 devices like router or layer 3 switch. VLANs can be used for many purpose, logically grouping users, separating types of traffic, access control, security, quality of service and others.
As shown in figure 1, a single Cisco switch is configured with two VLANs, VLAN – 10 and VLAN – 20. In this scenario, PC-A cannot communicate with PC B in VLAN 20. To configure VLANs and assign ports to VLAN in Cisco IOS devices, type following commands:SW1#configure terminal SW1(config)#vlan 10 SW1(config-vlan)#name SALES SW1(config-vlan)#exit SW1(config)#vlan 20 SW1(config-vlan)#name MARKETING SW1(config)#interface fastEthernet 0/1 SW1(config-if)#switchport access vlan 10 SW1(config-if)#exit SW1(config)#interface fastEthernet 0/2 SW1(config-if)#switchport access vlan 20
You can also use traditional commands to create VLANs in Cisco IOS switches. Old style of creating VLANs are,SW1#vlan database SW1(vlan)#vlan 100 name SALES SW1(vlan)#vlan 200 name MARKETING
In Cisco IOS switches, VLAN commands are not stored in running-configuration or startup-configuration. VLANs configured in the Cisco switch are stored in VLAN database called VLAN.dat in flash storage of the device. To view vlan.dat database type show flash.SW1# show flash:
What if we need two PCs on different VLANs to communicate with each other? We have two options, either we replace the layer 2 switch with layer 3 switch or a router. Cost effective solution is to have a router. We can use router to communicate between these two VLANs by using a technique called router on a stick.
Fig 2. Router on a stick
As shown in figure 2, fa0/3 of switch is configured as trunk and allow the VLANs from trunk. Similarly, fa0/0 of router have two new sub interfaces fa0/0.10 and fa0/0.20 which will be used as gateway for the PCs of each VLAN.
Router Configuration:R1(config)#interface fastEthernet 0/0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface fastEthernet 0/0.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 192.168.1.254 255.255.255.0 R1(config)#interface fastEthernet 0/0.20 R1(config-subif)#encapsulation dot1Q 20 R1(config-subif)#ip address 192.168.2.254 255.255.255.0
Switch Configuration:SW1(config)#interface fastEthernet 0/3 SW1(config-if)#switchport mode trunk SW1(config-if)#switchport trunk allowed vlan all
In this way you can configure routing between VLANs.