Virtual LAN or VLAN can be defined as a single broadcast domain. If any device sends a layer 2 broadcast all the other devices in that VLAN will received that broadcast. The devices on the other VLAN will not receive this broadcast.
We can create more than one VLAN in a single switch. And one VLAN can belong to two switches if the two switches are connected.
As we can see in the above figure, we have created three VLANS on a single switch VLAN1,VLAN2, VLAN3.Ports f0/1,f0/2,f0/3 and f0/4 belong to VLAN1, switchports f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3.
In the above Fig:2, we are having three switches connected to each other.The ports in the switch f0/1,f0/2,f0/3,f0/4 belong to VLAN1, f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3.Similarly for switch2 and switch3 The ports in the switch f0/1,f0/2,f0/3,f0/4 belong to VLAN1, f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3. The switchports of switch1,switch2 and switch3 which belong to VLAN1 form one single broadcast domain.This means if anyone computer connected to these ports sends a broadcast then all other computers in this VLAN1 will receive that broacast. Same is the case with VLAN2 and VLAN3. The computers connected in one VLAN can communicate normally but two computers which are in different VLAN cannot communicate. Two computers connected in two different VLANs cannot communicate directly. So we need a layer3 device like a router or a layer3 switch to establish communication between them.
By default when we take a new switch it consists of only one VLAN which is VLAN1.
We can create a VLAN from the global configuration mode of a switch.
switch(config)#vlan <number>
The above command creates a vlan with the given number in the number field. Vlan number can be any number in the range of 1 to 1005. VLAN1, VLAN 1002, VLAN 1003, VLAN 1004 and VLAN 1005 are automatically created and are reserved for a special purpose. VLAN 1 is the default vlan and all the ports of the switch belong to VLAN 1 by default. VLAN 1002 to VLAN 1005 are reserved for Token ring and FDDI switching.
Once the vlan is created, we can configure a name to that VLAN using the below command.
switch(config)#vlan <number>
switch(config-vlan)#name <vlan-name>
Vlan name can be up to 32 characters without spaces. Let's say I want to create a vlan 10 and vlan 20 with names account and finance then I have to use the below commands
switch(config)#vlan 10
switch(config-vlan)#name accounts
switch(config)#vlan 20
switch(config-vlan)#name finance
We can assign the switchports to the VLANs using the below commands.
switch(config)# interface <name/number>
switch(config-if)#switchport
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <number>
To verify VLAN configuration we can use the command
" show vlan ".
Alternately we can have one link carry multiple VLAN data. These links which carry multiple vlan data are called as trunk links. Trunk links can be used when connected between two switches or connection between a switch and a router.
As we already understood that frames which belong to different VLANs pass through a trunk link. So these frames of different VLANs should not mix while passing through a trunk and should be identified separately. For this purpose, the switches insert a unique user-defined ID in each frame which passes on a trunk link.This insertion of unique user-defined ID is also called as frame identification or tagging. This tag is placed in the frame header.Whenever a switch receives the frames over the trunk link the tag is examined to find out to which vlan the frame belongs and then the tag is removed.
The switches uses the below two methods for VLAN tagging.
1)Inter-Switch Link(ISL) protocol
2)IEEE 802.1Q protocol.
Inter-Switch Link Protocol is a Cisco proprietary protocol that is used for tagging the VLANs. ISL encapsulates each Layer 2 frame by attaching a header at the beginning of the frame and a trailer at the end of the frame. The length of the header is 26-bytes and the length of the trailer is 4-bytes. A 15-bit VLAN ID field is placed within the header.
In ISL the tagging is done by adding the header at the begining of the frame and a trailer at the end of the frame.But in IEEE 802.1Q Protocol the tagging is added somewhere in the middle of the Layer 2 frame. This is also called as single tagging or internal tagging.
IEEE 802.1Q defines a native vlan. The frames which belong to native vlan are not tagged.
We can create more than one VLAN in a single switch. And one VLAN can belong to two switches if the two switches are connected.
As we can see in the above figure, we have created three VLANS on a single switch VLAN1,VLAN2, VLAN3.Ports f0/1,f0/2,f0/3 and f0/4 belong to VLAN1, switchports f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3.
In the above Fig:2, we are having three switches connected to each other.The ports in the switch f0/1,f0/2,f0/3,f0/4 belong to VLAN1, f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3.Similarly for switch2 and switch3 The ports in the switch f0/1,f0/2,f0/3,f0/4 belong to VLAN1, f0/5,f0/6,f0/7,f0/8 belong to VLAN2, f0/9,f0/10,f0/11,f0/12 belong to VLAN3. The switchports of switch1,switch2 and switch3 which belong to VLAN1 form one single broadcast domain.This means if anyone computer connected to these ports sends a broadcast then all other computers in this VLAN1 will receive that broacast. Same is the case with VLAN2 and VLAN3. The computers connected in one VLAN can communicate normally but two computers which are in different VLAN cannot communicate. Two computers connected in two different VLANs cannot communicate directly. So we need a layer3 device like a router or a layer3 switch to establish communication between them.
By default when we take a new switch it consists of only one VLAN which is VLAN1.
Creating a VLAN
We can create a VLAN from the global configuration mode of a switch.
switch(config)#vlan <number>
The above command creates a vlan with the given number in the number field. Vlan number can be any number in the range of 1 to 1005. VLAN1, VLAN 1002, VLAN 1003, VLAN 1004 and VLAN 1005 are automatically created and are reserved for a special purpose. VLAN 1 is the default vlan and all the ports of the switch belong to VLAN 1 by default. VLAN 1002 to VLAN 1005 are reserved for Token ring and FDDI switching.
Once the vlan is created, we can configure a name to that VLAN using the below command.
switch(config)#vlan <number>
switch(config-vlan)#name <vlan-name>
Vlan name can be up to 32 characters without spaces. Let's say I want to create a vlan 10 and vlan 20 with names account and finance then I have to use the below commands
switch(config)#vlan 10
switch(config-vlan)#name accounts
switch(config)#vlan 20
switch(config-vlan)#name finance
Assigning switchports to the VLAN
We can assign the switchports to the VLANs using the below commands.
switch(config)# interface <name/number>
switch(config-if)#switchport
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <number>
To verify VLAN configuration we can use the command
" show vlan ".
VLAN Trunks
The access ports which belong to a single vlan carry only one VLAN data.
Alternately we can have one link carry multiple VLAN data. These links which carry multiple vlan data are called as trunk links. Trunk links can be used when connected between two switches or connection between a switch and a router.
Types of Trunk encapsulation
As we already understood that frames which belong to different VLANs pass through a trunk link. So these frames of different VLANs should not mix while passing through a trunk and should be identified separately. For this purpose, the switches insert a unique user-defined ID in each frame which passes on a trunk link.This insertion of unique user-defined ID is also called as frame identification or tagging. This tag is placed in the frame header.Whenever a switch receives the frames over the trunk link the tag is examined to find out to which vlan the frame belongs and then the tag is removed.
The switches uses the below two methods for VLAN tagging.
1)Inter-Switch Link(ISL) protocol
2)IEEE 802.1Q protocol.
Inter-Switch Link Protocol
Inter-Switch Link Protocol is a Cisco proprietary protocol that is used for tagging the VLANs. ISL encapsulates each Layer 2 frame by attaching a header at the beginning of the frame and a trailer at the end of the frame. The length of the header is 26-bytes and the length of the trailer is 4-bytes. A 15-bit VLAN ID field is placed within the header.
IEEE 802.1Q Protocol
In ISL the tagging is done by adding the header at the begining of the frame and a trailer at the end of the frame.But in IEEE 802.1Q Protocol the tagging is added somewhere in the middle of the Layer 2 frame. This is also called as single tagging or internal tagging.
Native VLAN
IEEE 802.1Q defines a native vlan. The frames which belong to native vlan are not tagged.
