What Is A Vlan

Published Date: 02 Nov 2017

VLAN (virtual local area network) is a group of logical connected workstations, servers and other network devices. The VLAN works by putting these devices on a single LAN, even if they are in different geographical locations. The reason they are able to appear on the same LAN is because they are logically connected to each other.

VLANs are mostly configured on multilayers switches or high-end switches. The main reasons for using VLANs is to enhanced functions of the network devices, and improve their security features.

VLANs is a very important tool for network development, because it allows networks to be segmented to different LANs and WANs, it also allows for different networks to work as a virtual LAN. In a LAN there is a possibility of latency, but a VLAN removes latency which in turn will save network space and bandwidth for other resources. When using a VLAN, the network becomes less dysfunctional more manageable, and efficient.

Benefits of VLANs

The network becomes more manageable

Applying security features becomes easier because of the segmentation

Latency on the network is reduced, this saves bandwidth and provides better throughput and performance

If the network needs to be expanded or relocated, it becomes easier because a VLAN is virtual connection so the amount of network equipment involved will be reduced considerably

Network devices in different geographical locations can participate in a VLAN, thus centralizing the LAN and creating flexibility

How VLANs Function

A switch inter-connects hosts and server on the same network or LAN, but there are difficulties with these types of connection. A switch works by broadcasting out of all ports which uses more bandwidth when several devices are connected to the switch. The reason for all the broadcast traffic is because every device that is connected to the switch can receives frames from any other device connected to the same switch. All devices connected to same switch are part of the same broadcast domain.

The other option is to get rid of this issue on a network is to put devices in different broadcast domains. To do this you will need to connect several switches to different devices which will cost considerably more than the following option. The best option is to create several VLANs on a switch to separate the different devices into several broadcast domains.

A VLAN will logically separate all ports on the switch by segmenting them into several broadcast domains. This will allow the company to separate the different departments into their own broadcast domain which means, there will be no information overflow into separate departments because of a broadcast.

A VLAN can span more than one switch, which will allow devices connected on separate switches to function in the same VLAN. All devices on a VLAN basically belong to the same LAN, and to exchange information between different VLANs, the traffic needs to go through a layer 3 device such as a switch or a multilayer switch.

When a VLAN is created, the maximum number of VLAN allowed on a switch will depend on the type of switch or IOS. The first VLAN on a switch (VLAN) is the management VLAN.

An administrator can access and configure a switch remotely, when the administrator is configuring a switch remotely, it will have to be configured using the management VLAN IP address. The management VLAN will be used to exchange protocol information with other devices, such as Cisco Discovery Protocol and VLAN Trunking Protocol.

When a VLAN is created, it will be assigned with two unique figures, a number and a name. The number that is assigned will have a maximum range that is allowed by the switch except for VLAN 1 which is automatically assigned as the management VLAN and any name can be given to the VLAN. Some switches will have a VLAN range up to or more than 1000 but the number allowed depends on the type of switch.

As previously stated, all devices connected to the same VLAN can only communicate with other devices on the same VLAN. Once a port is configured to a VLAN the switch associates that port with a VLAN number. When a device is connected to the port and it starts to generate traffic, the traffic is in form of an Ethernet frame. Once the frame enters the port, the switch will attach the frame with a VLAN ID (VID). The VID that is attached to the frame is known as frame tagging. The standard known as 802.1Q or dot1q is the IEEE standard that describes the frame tagging process.

The dot1q standard will insert a 4byte long tag field into the Ethernet frame. The tag field will be located between the source address and the type/length field. An Ethernet frame has a minimum frame size of 64-byte and a maximum size of 1518 byte, but with frame tagging the maximum size becomes 1522 byte.

An Ethernet frame field contains several information that support network devices to successfully deliver the frame. The field contains:

The destination MAC address

Source MAC address

Ethernet Frame length

The payload

The Frame check sequence

Interframe gap

The destination MAC address is the MAC address of the device that the frame is destined to.

The source MAC address is the address of the device that sent the frame. This is the local device.

The Ethernet Frame length is field in the Frame that gives you the number of bytes of data in the frames payload.

The payload is a minimum of 42 octets when using 802.1Q and the maximum is 1500 octets.

The Frame Check sequence (FCS) checks for redundancy repeatedly. This ensures the detection of corrupted data in the whole Frame.

The Interframe gap is the idle time between frames. The idle time is the time spent between frames. When the frame is sent the, it is required to transmit a minimum of 96 bits of idle line before the next frame is sent.

Static and Dynamic VLAN

The company that will be using the VLAN segmentation technique is using it to separate different departments from each other but VLANs can be used to segment devices for several reasons, such as IP address, by application, and Mac address. A VLAN membership can be assigned statically or dynamically.

Static VLAN

On a static VLAN, the ports have to be physically assigned to a specific VLAN. For example, port fa0/2 has been assigned to VLAN 5. This means that any device that is connected to port fa0/2 will inevitably become a member of VLAN 5.

Configuring a VLAN statically can be the most straightforward way but it can have its issues. A statically assigned VLAN will need more administrative support which can be costly, if a device needs to be moved or changed, the switch port will need to be reconfigured.

Dynamic VLAN

A dynamic VLAN configuration and membership will need a VLAN management policy server (VMPS). A VMPS server contains a database that maps the mac addresses on a network. If a device is connected to a switch port on a dynamically configured VLAN, the VMPS will search its database for mac addresses that match that device and dynamically assign it to an appropriate VLAN temporarily.

A dynamical VLAN membership is more difficult to configure than a static VLAN but it will create a more structured and organized VLAN membership system. In a dynamic VLAN, when devices need to be added, moved or change, it will be easier because it is automated and it does not need to be configured by an administrator. This type of VLAN assignment is costs less because it has less administrative issues.

VLAN Ports

When VLANs are configured to extend over several switches, their switch ports have to be configured accordingly.

There are two types of operations switch port can be configured to provide. Each port on the switch is categorized as access port of trunk port.

Access Port

An access port on a switch can only be used by on VLAN. Devices like PC’s, hubs and servers are connected to access ports. If another device such as a repeater, hub or another switch is connected to this port all devices connected to them will still be in the same VLAN.

Trunk Port

A trunk port can be a link between the switch and another device. Any port carrying traffic of more than on VLAN is a trunk port. The trunk port when configured is what allows a VLAN to expand to more than one switch and communicate with other VLANs.

For example: A network with more than one VLAN needs to be connect to an external network, the port that connects the last switch to the router will be a trunk port.

VLAN and Port Image

If several VLAN traffic is passing through the same link, the VLANs traffic will need identification. When using trunk port, it is possible to implement frame tagging with to the VLAN frames. Frame tagging is a process where VLAN information is added to the frame.

VLAN Trunking Protocol

http://www.javvin.com/protocolVTP.html

The network that will be built for the company will be using cisco devices, this includes switches and routers. VLAN trunking protocol is a cisco layer 2 messaging protocol that manages the addition, deletion and renaming of VLANs. VTP is only available on cisco catalyst switches.

The use of VTP helps to administrate VLANs on a switched network. When a VLAN is set up on a VTP server, all information about the VLAN is automatically distributed to all other switches in switched network. When a VLAN is configured on a VTP server, it saves configuration time on other switches because VTP configures the VLAN on every other switch.

VTP will ensure that every switch in its domain are conscious of any changes to VLANs or any newly created VLAN but the downside of VTP is that it creates excessive traffic. All unknown unicast traffic and broadcasts in a VTP domain VLAN will be broadcasted to every switch in the VLA but a switch command known as VTP pruning is used to reduce or remove the traffic that is not needed.

VTP has three different working modes, the server mode, the transparent mode and the client mode but a cisco catalyst switch is always configured as a VTP server by default and any other switch that is connected will most likely be in client mode. When using VTP on a small network, it is ok to use the same switches as VTP servers. When a network grows considerably in size, the VTP servers will need to be dedicated servers because cisco catalyst switches uses it’s NVRAM as the memory for saving VLAN information. The VLAN information in a large network will be distributed to every other switch in that domain, which means the VLAN information on each switch will be considerably more than a smaller VLAN domain. This is why some switches need to be set aside as VTP servers.

There are three different versions of VTP, VTP version 1, 2 and 3. VTP version 1 and 2 works similarly to each other but there are small differences between them. The main difference is that VTP version 2 supports Token ring VLANs and version 1 does not. When using a Token ring VLAN, VTP version 2 will need to be configured, otherwise there isn’t need for VTP version 2.

VTP version 3 is quite different from the previous two versions, because it does not directly work with the VLANs. VTP version 3 is only responsible for the distribution of clouded databases lists in an administrative domain. When VTP version 3 is in use, it provides several improvements to the previous VTP versions.

The improvements are:

It supports the creation and advertisement of private VLANs

It is able to configure on a single port basis

It can support extended VLANs

It prevents unknown databases from mistakenly being introduced into a VTP domain

it improves server authentication

it is able to propagate the VLAN database and other databases

it is able to interact with previous VTP versions

VTP Advertisements

http://www.omnisecu.com/cisco-certified-network-associate-ccna/vlan-trunking-protocol-vtp-advertisement-messages.htm

When VTP advertises its messages, they come in three different ranges. Firstly there is the Summary advertisement, the Subset advertisements and the Advertisement request.

Summary Advertisement

All catalyst switches usually send out summary adverts every 5 minutes and evrytime there is a change in the VLAN database. The advertisement itself encloses the VTP domain name and the configuration revision number.

When there is a change to the VLAN database, such as a deletion, addition and configuration changes, the configuration number will be incremented and a new summary advertisement will be sent out.

When a switch in a VLAN domain receives a summary advertisement, the switch will compare its own VTP domain name to the summary advertisement domain name, if the VTP domain name matches, the switch then compares its configuration revision number with the advertisement configuration revision number. If the configuration revision number is lower or equal to the advertisement revision number, the switch ignores the advertisement. In event of the advertisement revision number being higher than the switch revision number, the switch will send out an advertisement request.

Subset Advertisements

A subset advertisement is the message that is sent to all switches after the summary advertisement. This advertisement holds information about VLANs.

The content of the subset advertisement is based on the summary advertisement and it contains new VLAN information.

Advertisement Request

An advertisement request is used on cisco catalyst switches to demand VLAN information. An advertisement request is only sent when there has been a change, such as a switch being reset or a VTP domain name change. When the advertisement request is sent, the switch will receive a summary advertisement with a configuration revision number higher than its own.