In modern networking, the concept of Virtual LANs (VLANs) has become indispensable for efficient network management and security. VLANs essentially segment a single physical network into multiple logical networks, each operating as its own broadcast domain. This segmentation allows for better organization, security, and resource allocation within a network infrastructure.
Why need a VLAN?
Imagine an organization where various departments, such as IT, Civil, and Electrical & Computer Engineering, share the same physical network infrastructure. Without VLANs, all devices within these departments would be part of the same broadcast domain, leading to potential security risks and inefficient resource utilization. For instance, broadcast traffic from one department could flood the entire network, causing congestion and unnecessary strain on network resources.
When a switch receives the broadcast frame it can be flooding to other ports on the switch. take scenario given below image. In this picture PC, 1 can flooding frame on the switch so it can share on other ports and this frame to receive switch 2 that also flooding frame into all ports so it can cause traffic and more CPU utilization.
Solution:
VLANs can create individual broadcast domains, ensuring that only ports assigned to the respective VLAN can communicate with each other within that VLAN.
In this scenario PC 1-4 in IT, PC 2-5 in Civil and PC 3-6 in EC Department. so, if PC 1 creates a broadcast frame it can go only PC 4 via Switch 2 in trunk link. Using VLAN reduces CPU utilization and easy troubleshooting.
Native VLAN
When devices communicate with a switch, the switch tags the frames with VLAN IDs to indicate their respective VLAN memberships. Frames that are not tagged are considered untagged frames and are forwarded to the switch's native VLAN. By default, most switches have VLAN 1 configured as the native VLAN, but this can be customized based on specific requirements.
VLAN Configuration
Configuring VLANs involves assigning ports to specific VLANs based on organizational needs. For instance, in our example organization, we could assign sw1 e0/1 & sw2 e0/1 to VLAN 10 (IT), sw1 e0/2 & sw2 e0/2 to VLAN 20 (Civil), and sw1 e0/3 & sw2 e0/3 to VLAN 30 (Electrical & Computer Engineering). This segmentation ensures that devices within each department can communicate effectively while maintaining isolation from other departments.
By default all port in VLAN 1 that show in blow image.
Configure Switch 1:
1. Create VLANs
Switch-1#configure terminal
Switch-1(config)#vlan 10
Switch-1(config-vlan)#name IT
Switch-1(config-vlan)#exit
Switch-1(config)#vlan 20
Switch-1(config-vlan)#name Civil
Switch-1(config-vlan)#exit
Switch-1(config)#vlan 30
Switch-1(config-vlan)#name CSE
Switch-1(config-vlan)#exit
2. Assign trunk port
Switch-1(config)#interface e0/0
Switch-1(config-if)#switchport trunk encapsulation dot1q
Switch-1(config-if)#switchport mode trunk
Switch-1(config-if)#exit
3. Assign access port
Switch-1(config)#interface e0/1
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 10
Switch-1(config-if)#exit
Switch-1(config)#interface e0/2
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 20
Switch-1(config-if)#exit
Switch-1(config)#interface e0/3
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 30
Switch-1(config-if)#exit
Configure Switch 2:
- All Configuration is same as switch 1.
- You can check configuration is apply or not using following command:
check assigning access port
Switch-1#show vlan brief
check assigning trunk port:
Switch-1#show interfaces trunk
Comentários