VLAN Virtual LAN
Layer 2 security.
Its divides single broadcast domain into multiple broadcast domains.
By default all port of switch are in VLAN 1
This VLAN is known as administrative Vlan or management Vlan
Vlan can be created from 2- 1001
Can be configured on manageable switch only
Creating a Static VLAN
IOS commands to create VLAN 10 and name VLAN 10 as ‘marketing’.
switch1>enable switch1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch1(config)#vlan 10 switch1(config-vlan)#name marketing switch1(config-vlan)#exit switch1(config)#exit switch1#
Below are IOS commands to create another VLAN, VLAN 20 and name VLAN 20 as ‘sales’.
switch1>enable switch1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch1(config)#vlan 20 switch1(config-vlan)#name sales switch1(config-vlan)#exit switch1(config)#exit switch1#
To delete the VLAN
switch1(config)#no vlan 10
To view VLAN configuration information
switch1>enable switch1#show vlan
Types of VLAN and membership
1) Static Vlan
2) Dynamic VLan
1) Static Vlan
Network administrator creates a VLAN and assigns ports to the VLAN.
Are based on port number
Need to manually assign a port on switch to a Vlan.
Also called port based Vlan
Can be member of single Vlan and not multiple Vlan
2) Dynamic VLan
It automatically assign the port to VLAN
Based on MAC address of PC
Each port can be a member of multiple Vlan
For dynamic VLAN configuration a software called VMPS(Vlam membership policy server) is needed.
Types of links switch network
Access link is used to connect PC, and this type of link is only part of is referred to as native VLAN of the port
Trunk link is used to connect switch. Trunk can carry multiple VLAN and originally change their name after the telephone system .Trunk that carry multiple telephone conversation.
Difference between access and trunk links.
Here dotted lines are access links
What is Native VLAN
How to configure and assign a Cisco switch access port to a VLAN?
switch1>enable switch1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch1(config)#interface fa0/1 switch1(config-if)#switchport mode access switch1(config-if)#switchport access vlan 10 switch1(config-if)#exit switch1(config)#interface fa0/10 switch1(config-if)#switchport mode access switch1(config-if)#switchport access vlan 20 switch1(config-if)#exit switch1(config)#exit switch1#
Virtual LAN Trunking Protocol (VTP)
Virtual LAN Trunking Protocol (VTP) is a Cisco proprietary protocol used to share the Vlan configuration with multiple switches.The VLAN Trunking Protocol (VTP) is a very useful protocol to create, manage and maintain a large network with many interconnected switches.
VLAN Trunking Protocol (VTP).
VTP modes
• Server Mode
• Client Mode
• Transparent Mode
1) Server Mode : A switch configure in server mode can Add, Modify and Delete VLAN.VLAN Trunking Protocol (VTP) Server mode is the default VTP mode for all Catalyst switches.
2) Client Mode : A switch configure in the client mode can’t Add, Modify, Delete Vlan Configuration.LAN Trunking Protocol (VTP) client mode switches listen to VTP advertisements from other switches and modify their VLAN configurations accordingly
3) Transparent Mode : Can Add, Modify and Delete Vlan configuration, changed in one transparent switch will not affect other any other machine.
VLAN Trunking Protocol (VTP) Pruning
configure VLAN Trunking Protocol (VTP)
From The below example Switch 1 as VTP server and Switch 2 as VTP client.
we configure the VTP domain as ‘kencorner.com’, VTP mode as ‘Server’ and VTP password as ‘kencorner’.
kencorner.com.sw01>enable kencorner.com.sw01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. kencorner.com.sw01(config)#vtp domain kencorner.com Changing VTP domain name from NULL to kencorner.com kencorner.com.sw01(config)#vtp mode server Device mode already VTP SERVER. kencorner.com.sw01(config)#vtp password kencorner Setting device VLAN database password to kencorner kencorner.com.sw01(config)#exit kencorner.com.sw01#
Open a console connection to Switch 2 and enter the following IOS commands,
we configure the VTP domain as ‘kencorner.com’, VTP mode as ‘Client’ and VTP password as ‘kencorner’.
kencorner.com.sw02>enable kencorner.com.sw02#configure terminal Enter configuration commands, one per line. End with CNTL/Z. kencorner.com.sw02(config)#vtp domain kencorner.com Domain name already set to kencorner.com. kencorner.com.sw02(config)#vtp mode client Setting device to VTP CLIENT mode. kencorner.com.sw02(config)#vtp password kencorner Setting device VLAN database password to kencorner kencorner.com.sw02(config)#exit kencorner.com.sw02#
run the ‘show vlan’ command on Switch 2.
To view VLAN Trunking Protocol (VTP) configuration information on Switch 1
kencorner.com.sw01>enable kencorner.com.sw01#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 255 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : kencorner.com VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x06 0xBA 0x4C 0xA5 0x98 0xCA 0x97 0x44 Configuration last modified by 0.0.0.0 at 3-1-93 01:28:36 Local updater ID is 0.0.0.0 (no valid interface found) kencorner.com.sw01#
To view VLAN Trunking Protocol (VTP) configuration information on Switch 2
kencorner.com.sw02>enable kencorner.com.sw02#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 255 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : kencorner.com VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x06 0xBA 0x4C 0xA5 0x98 0xCA 0x97 0x44 Configuration last modified by 0.0.0.0 at 3-1-93 01:28:36
STP ( Spanning Tree Protocol )
Uses Spanning Tree algorithm to avoid loops of switch in the layer 2 device.
STP works when multiple switches are used with redundant link avoiding broadcast storms, multiple frame copies and database instability.
Note : By default all the port are the member of Vlan 1.
