VLAN Theory

                            Let’s begin our discussion of Vlan’s and VTP and Trunks by reviewing the basics of Vlan’s, that we talk about back in our CCNA Studies, let’s remember what life is like without Vlan’s, instead of having Ethernet Switches we had Ethernet Hubs, and we would go into a building that would be a wiring closure on each floor of building, look like in this example on Picture.

                    Where we have couple of floors and if we wanted to separate departments that co-exists on floor, we would need to give each department their own Hub, here you notice that i got a Switch on floor2 dedicated to sales “S” represent Sales, i got another switch to represent Accounting “A” and same thing on floor1, i got a sales Switch and an Accounting Switch and if i have a 1^st Accounting computer that was to talk to this 2^nd Accounting computer, how traffic will go.

                  Well the traffic is gonna go into that Floor2 Accounting Switch, down to the Floor 1 Accounting Switch, then out to the 2^nd Accounting computer.

                   If i want to talk between an Accounting and Sales, there in different subnets, notice this they going into a different Router Ports, i got a Port going to my Router “S” just for Sales, and other Port just for Accounting “A”. If i want to go from 1^st Accounting computer to this 2^nd Sales computer, how i do that.

                Well my Packet is going to go into the Accounting Switch on the Second Floor, then it would go down to the Accounting Switch on the First floor, then its gonna go out to the Router.

           Because we have to Route between subnets, their Router is gonna then route me to the Sales subnet and it’s gonna go up to the First-Floor Sales Switch, then it gonna go out to the Sales 2^nd Computer on the First Floor.

                And i think it’s obvious that this type of solution doesn’t scale very well, i have only got 2 different departments. What if i had 5 Departments on each Floor, and i had 10 Floors. Suddenly, we have lots of Ethernet Hubs in this building, fortunately we can take Ethernet Switches and group the Ports into different Vlan’s, different Virtual Lan’s, Infect let’s do that with this topology, let’s have a single Switch on Floor2, and the single Switch on Floor1 and simply take the Ports on those individual Switches on Floors, and carved them up into the Separate Vlan’s.

                  Things are already starting to look better to this topology, we don’t have as many Switches on each Floor of Building, we able to support Multiple Subnet or Multiple Vlan’s on a single Switch, this 1^st Accounting computer it’s going into a Switchport, that is part of the Accounting Vlan this 1st Sales computer it’s going into a Port that’s the part of Sales Vlan, and if wanted to send traffic from this 1^st Sales Computer to this 2nd Accounting Computer what we can do.

                     We would go into our Sales Port on the Floor2 Switch, and still we assuming that we have a Port that’s going out for Sales, Port that’s going out for Accounting, we would go out of the Sales Port down to Switch, again we got an outgoing port for Sales, and Port for Accounting, we would go out of the Sales Port down to the Routers, we have Route between Vlan’s between subnets.

              We would go back into the Floor1 Switch, and we would go out to this 2nd Accounting Computer.

And by taking these Switches on each floor and carving the Ports into the separate Vlan’s.

Ø  We getting some Security

Ø  We get Vlan Separation

Ø  We get different Broadcast Domains.

       Infect we can often think of these terms synonymously, a Vlan typically equal a Subnet and equal to Broadcast Domain.

                    A Broadcast seen in the Accounting Vlan, it’s not gonna be seen in the Sales Vlan, and hopefully you can see where the discussion is going based on your CCNA Studies, even though we got Multiple Vlan’s on a Switch which is fantastic, we still have little bit scalability limitation here because we having to dedicate a Switchport to interconnect with another Switch just for the Sales Vlan, and another Port to connect to with another Switch just for the Accounting Vlan.

                         Later on, in this module we talk about the formation of a Trunk, remember what a Trunk does from your CCNA Studies, “a Trunk is going to allows to have a single connection between Switches and that single connection is gonna be able to carry traffic for multiple Vlans”.

                          What we gonna able to do is, replace these two connections with a Single Trunk connection, more on that later though for now, we focused on Vlan’s and, let’s take a look at a Cisco Catalyst 2960 Series Switch, and see how traffic might flow through that Switch, if we carved the Ports up into a couple of different Vlan’s.

                      Let’s say, that we have got PC attached to fastethernet 0/0/2 Port of my Cisco Catalyst 2960 series Switch, and let’s say that we have got a Server attached to fastetherent 0/0/24 Port and we imagine that these devices are in different subnets, we say that this PC is part of the 10.1.1.0/24 Subnet, and Server is part of 192.168.1.0/24 Subnet, we are in different subnet.

                              We have to Route to get between Subnets No Problem, we can attach a Router to this Layer2 Switch, keeping in mind that some of our Cisco Catalyst Switches are Multilayer or Layer 3 Switches they can do Routing internally, but here we imagine that we got this Router attached.

                 And this Router can go into the Switch with a single Trunk Connection, another words, traffic from Multiple Vlan’s can flow over that single connection, this is often time called a “Router on a Stick” or “Router on a Trunk connection”, and it’s going to allows to Route between Ports that belong to different Vlan’s on the Switch, let’s say that these (0/0/1-0/0/12) Layer 2 Ports are part of Vlan 100, and these (0/0/13 – 0/0/24) Ports are part of Vlan 200.

And let’s remember why we might want to have Vlan Separation

Ø  It can help us with performance to breakout Broadcast domains

Ø  It can help us to with Security, that way we don’t have a somebody on our Vlan doing a packet capture of Unknown unicasts, multicasts and Broadcast on our subnet, there are not able to see in capture these packets because they belong to different Vlan and the different Broadcast Domain.

 Those are couple of design reason of Performance and Security that we might want to break thinks up into a different Vlans but let’s ask the question, how does the PC talk to the Server they are in different Subnets, here the way packet flow goes.

                        This PC is gonna send a packet out destined for Server and it’s going to go into the ingress Switchport, it’s gonna flow across the switches Fabric another word, across the Switch backplane over to this Trunk port.

It’s gonna flow down to the Trunk to the Router.

                      The Router gonna realize that this, Packet needs to gonna go to Vlan 200 and it’s gonna send a back up to Trunk, for its once again, going to flow over the Switch backplane and go to the egress Ports, this time and we gonna go out to the Server.

                  That’s the way that even with a Layer 2 Switch, we can have traffic forwarding between different Vlan;s between different Subnets, and now we talked about Vlan Operation and Theory on this topic, in our next topic, let’s review how e Configure and Verify Vlans.

Click Here To Download The PDF File

                   If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.