loader
Contact Me

What is VLAN? VLAN Access and Trunk Link in detail?

Home / Networking / What is VLAN? VLAN Access and Trunk Link in detail?
By: admin / Networking / Posted on / Comments: 0

What is VLAN? VLAN Access and Trunk Link in detail?

In this blog, we will learn what is VLAN an easy way in detail. Types of VLAN, VLAN access and trunk links, what are practical commands for configuring VLAN, and practical lab with configuration and testing.

All devices reside in the same LAN and are in the same broadcast domain. All devices connected to a Switch normally reside in the same broadcast domain. However, a technology called VLAN. Allows a switch to create multiple broadcast domains. There is often a need for communication to be restricted between hosts in the same network. The best way to do this is by using VLANs.

A Virtual LAN (VLAN) is a broadcast domain created by one or more switches. A switch creates VLANs by assigning its interfaces to different VLANs.

The benefits of implementing VLANs:
(i) Allows logical grouping of users or devices based on their functions or departments Instead of their physical locations.
(ii) Reduces network overhead by limiting the size of each broadcast domain.
(iii) Offers enhanced network security by keeping sensitive devices on a separate VLAN.

You can join our upcoming Complete Switching Live Course

Link: https://sunnwtech.com/courses/complete-switching-course/

VLAN trunking is used when a VLAN span across multiple switches. When a switch receives a
frame from another switch uses the frame tag created by the other switch to identify the VLAN
membership of the frame and forwards it out to ports associated with the corresponding VLAN.

Network Setup for VLAN Trunking

When SW1 receives a broadcast from a device in VLAN 2, it will add a header to the frame and forward it to SW2. SW2 will know which interfaces it should forward to all other members of VLAN 2. The VLAN identifier will be removed when the frame is forwarded out an access link.

Where is VLAN 1? VLAN 1 is the administrative VLAN which is recommended for management purposes only. even though it still can be used for workgroup access purposes.

There are two trunking protocols:

Both protocols utilize a 12-bit VLAN ID field and hence support the same number of VLANs.

Let’s take a look at 802.1Q:

Here’s an example of an 802.1Q Ethernet frame. As you can see it’s the same as a normal Ethernet frame but we have added a tag in the middle (that’s the blue field). In our tag, you will find a “VLAN identifier” which is the VLAN to which this Ethernet frame belongs. This is how switches know to which VLAN our traffic belongs. That’s not too bad, right? There’s also a field called “Priority” which is how we can give a different priority to the different types of Traffic.

VLANs and Trunks. If you are following me so far you understand the basics, very well!
Let’s take a look at the options we have to configure VLANs:

Static VLAN is the most common method, you just configure the VLAN yourself on the
Interface. Dynamic VLAN is where you have a VMPS server (VLAN Management Policy Server) which has a database of MAC address – VLAN information. It will check the MAC address of the computer and assign you the VLAN that it found in its database. Is this a good idea? Probably not since MAC addresses are easy to spoof. The third option is the Voice VLAN which has to be configured separately on a Cisco switch. The link between the Switch and the phone is actually a trunk!

There is a 4th method that is popular nowadays, you can use 802.1X and a RADIUS server to authenticate users and dynamically assign users to a VLAN. This gets even more interesting by adding NAC (Network Admission Control) to it. If your laptop doesn’t have all the latest Windows Updates and Anti-virus definitions you will be assigned to a special Quarantine VLAN where you can only update you’re Machine, once you are updated you will Be moved to the correct VLAN.

Back to our trunks. Every VLAN that goes across the trunk will be tagged using the 802.1Q protocol but there is one exception. The native VLAN is the only VLAN that will not be tagged. That’s right it will be using regular Ethernet frames. So what do we use the native VLAN for?:

•Management protocols like CDP (Cisco Discovery Protocol) use the native VLAN.
•Remote management of your Cisco switch uses the native VLAN.
•The default native VLAN is VLAN 1.

Below shows the Trunking actions for different types of switch port modes:
Switch(config-if)#switchport mode dynamic auto
Default on a lot of Cisco switches but is changing to dynamic desirable on most new switches.

Switch(config-if)#switchport mode dynamic desirable
Makes the interface actively attempt to convert the link to a trunk link.

Switch(config-if)#switchport mode trunk
Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is in access mode.

Switch(config-if)#switchport nonegotiate
Prevents the interface from generating DTP (Dynamic Trunk Protocol, the protocol that negotiates trunking modes) frames. The interface must first be set to either trunk or access.

access + dynamic auto = access
access + dynamic desirable = access
access + trunk = traffic in the native VLAN will cross the link successfully but other VLAN’s traffic will not
dynamic auto + dynamic auto = access
dynamic auto + dynamic desirable = trunk
dynamic auto + trunk = trunk

Note: A trunk link will never be established if the interfaces at both ends of a trunk link were
Configured as the dynamic auto mode!

Below lists the 2 types of links in switched networks:
Access links: Belongs to only one VLAN at a time and only allows a single VLAN to be used across the link (directly connected hosts are communicating in one VLAN only). VLAN information associated with a frame is removed before the frame is forwarded out an access link. Hence hosts are unaware of the usage of VLAN and are just assumed in a broadcast domain. Connecting hosts and hubs.
Trunk links: Can be part of multiple VLANs at a time and able to carry traffic for multiple VLANs when VLANs span across multiple switches. They are point-to-point links between 2 switches, switch-router, or switch-host. They are not shown in the output of the show VLAN EXEC command. The term trunk was inspired by the telephone system trunks which carry multiple conversations at a time.

You can join our upcoming Complete Switching Live Course

Link: https://sunnwtech.com/courses/complete-switching-course/

How to Configure VLAN:

Create a VLAN:
Switch(config)# vlanX

Configure Access/Trunk:
Switch(config)# interface FastEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan X
Switch(config)# interface FastEthernet0/2
Switch(config-if)# switchport mode trunk

Let’s do practical using this Lab Design

 1. Hostname and banner

Switch>enable 
Switch#configure terminal 
Switch(config)#hostname SW1 
SW1(config)#banner motd #Sun Networking Technology#
SW1(config)#exit

Switch>enable 
Switch#configure terminal 
Switch(config)#hostname SW2 
SW2(config)#banner motd #Sun Networking Technology#
SW2(config)#exit

Switch>enable 
Switch#configure terminal 
Switch(config)#hostname SW3 
SW3 (config)#banner motd #Sun Networking Technology#
SW3 (config)#exit

2. Create VLANs

SW1>enable
SW1#configure terminal
SW1(config)# vlan 10
SW1(config)# vlan 20
SW1(config)#exit

SW2>enable
SW2#configure terminal
SW2(config)# vlan 10
SW2(config)# vlan 20
SW2(config)#exit

SW3>enable
SW3#configure terminal
SW3(config)# vlan 10
SW3(config)# vlan 20
SW3 (config)#exit

3. Access VLANs

SW1(config)#interface Gi0/2
SW1(config-if)#switchport mode access 
SW1(config-if)#switchport access vlan 10 
SW1(config-if)#exit 

SW2(config)#interface Gi0/1
SW2(config-if)#switchport mode access 
SW2(config-if)#switchport access vlan 10
SW2(config-if)#exit
SW2(config)#interface Gi1/1
SW2(config-if)#switchport mode access 
SW2(config-if)#switchport access vlan 20
SW2(config-if)#exit

SW3(config)#interface Gi1/1
SW3(config-if)#switchport mode access 
SW3(config-if)#switchport access vlan 10
SW3(config-if)#exit
SW3(config)#interface Gi1/2
SW3(config-if)#switchport mode access 
SW3(config-if)#switchport access vlan 20
SW3(config-if)#exit

4. Trunks

SW1>enable
SW1#configure terminal
SW1(config)#interface GigabitEthernet 0/0 
SW1(config-if)#switchport mode trunk
SW1(config-if)#exit
SW1(config)#interface GigabitEthernet 0/1 
SW1(config-if)#switchport mode trunk

SW2>enable
SW2#configure terminal
SW2(config)#interface GigabitEthernet 0/0 
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit

SW3>enable
SW3#configure terminal
SW3(config)#interface GigabitEthernet 0/1
SW3(config-if)#switchport mode trunk
SW3(config-if)#exit

5. PC IP addresses

Each PC should have an IP address from the following subnet: 192.168.1.0 /24

6. Check the connectivity

Check connectivity from VLAN to VLAN and also different VLANs.

You can join our upcoming Complete Switching Live Course

Link: https://sunnwtech.com/courses/complete-switching-course/

Thank you for your valuable time. I hope you enjoyed my blog. If you have any quires and suggestions don’t forget to email me.
Tages : Complete VLAN configuration Lab Details about VLAN how to configure access port how to configure trunk port How to configure VLAN How to troubleshoot VLAN VLAN configuration full lab practical What is Access port? What is dot1Q? What is encapsulation What is ISL? What is Trunk port? What is VLAN?
Share :

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!