Home > Virtual Local Area Network VLAN Tutorial

Virtual Local Area Network VLAN Tutorial

July 20th, 2011 Go to comments

VLAN Introduction

“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain”

It is the concept of VLAN that most of the books are using but it doesn’t help us understand the benefits of VLANs. If you ask “What is a LAN?” you will receive the same answer: it is also a group of networking devices in the same broadcast domain!

To make it clearer, I expanded the above statement into a bit longer statement :)

“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain, logically”

It means that the devices in the same VLAN may be widely separated in the network, both by geography and location. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN.

Let’s take an example to understand the benefits of VLAN. Suppose you are working in a big company with many departments, some of them are SALES and TECHNICAL departments. You are tasked to separate these departments so that each of them can only access specific resources in the company.

This task is really easy, you think. To complete this task, you just need to use different networks for these departments and use access-list to allow/deny that network to a specific resource. For example, you assign network 192.168.1.0/24 for SALES and 192.168.2.0/24 for TECH. At the “Company router” you apply an access-list to filter traffic from these networks. Below is the topology of your network without VLANs:

VLAN_need.jpg

Everything looks good and you implement this design to your company. But after one month you receive many complaints from both your colleagues and leaders.

+ First, your department leaders need to access to additional private resources which employees are not allowed.
+ Second, the company has just recruited some new SALES employees but now the SALES room is full so they have to sit at the 1st floor (in the TECH area). They want to access to SALES resources but they can only access to the TECH resources because they are connecting to TECH switch.

To solve the first problem maybe you will create a new and more powerful network for your leaders. But notice that each leader sits at different floor so you will need to link all of them to a switch -> what a mess!

The second problem is more difficult than the first one. Maybe you have to create another network at the TECH area and apply the same policy as the SALES department for these hosts -> another mess in management!

Maybe you will be glad to know VLAN can solve all these problems. VLAN helps you group users together according to their function rather than their physical location. This means you can use the same network for hosts in different floors (of course they can communicate with each other).

VLAN_problem_solved.jpg

In this design:

+ you can logically create a new network with additional permissions for your leaders (LEADER network) by adding another VLAN.
+ employees can sit anywhere to access the resources in their departments, provided that you allow them to do so.
+ computers in the same department can communicate with each other although they are at different floors.

If these departments expand in the future you can still use the same network in any other floor. For example, SALES needs to have 40 more employees -> you can use 4th floor for this expansion without changing the current network.

But wait… maybe you recognize something strange in the above design? How can 2 computers connecting to 2 different switches communicate? If one computer sends a broadcast packet will it be flooded to other departments as switch doesn’t break up broadcast domains?

The answer is “Yes, they can!” and it is the beauty of VLAN. Hosts in the same VLAN can communicate normally even they are connecting to 2 or more different switches. This makes the management much more simple.

Although layer 2 switches can only break up collision domains but VLANs can be used to break up broadcast domains. So if a computer in SALES broadcasts, only computers in SALES will receive that frame.

So we don’t need a router, right? The answer is “we still need a router” to enable different VLANs to communicate with each other. Without a router, the computers within each VLAN can communicate with each other but not with any other computers in another VLAN. For example, we need a router to transfer file from LEADER to TECH. This is called “interVLAN routing”.

When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows which VLAN the frame belongs to. This tag is known as a VLAN ID. A VLAN ID is a number which is used to identify a VLAN.

VLAN_ID.jpg

Notice that the tag is only added and removed by the switches when frames are sent out on the trunk links. Hosts don’t know about this tag because it is added on the first switch and removed on the last switch. The picture below describes the process of a frame sent from PC A to PC B.

VLAN_tag_added_removed.jpg

Note: Trunk link does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.

To allow interVLAN routing you need to configure trunking on the link between router and switch.

Therefore in our example we need to configure 3 links as “trunk”.

VLAN_problem_trunking.jpg

Cisco switches support two different trunking protocols, Inter-Switch Link (ISL) and IEEE 802.1q. Cisco created ISL before the IEEE standardized trunking protocol. Because ISL is Cisco proprietary, it can be used only between two Cisco switches -> 802.1q is usually used in practical.

In 802.1q encapsulation, there is a concept called native VLAN that was created for backward compatibility with old devices that don’t support VLANs. Native VLAN works as follows:

+ Frame belonging to the native VLAN is not tagged when sent out on the trunk links
+ Frame received untagged on the trunk link is set to the native VLAN.

VLAN_native_VLAN.jpg

So if an old switch doesn’t support VLAN it can still “understand” that frame and continue sending it (without dropping it).

Every port belongs to at least one VLAN. If a switch receives untagged frames on a trunkport, they are assumed to be part of the native vlan. By default, VLAN 1 is the default and native VLAN but this can be changed on a per port basis by configuration.

Comments (26) Comments
Comment pages
1 2 3 4 711
  1. Mursal
    August 21st, 2015

    thank u MR MURSALQAISER

  2. SAM
    September 14th, 2015

    Thank you

  3. waleedsabour
    December 27th, 2015

    Hey can you please send me the latest questions please. I am planning on taking my CCNA Cert on March. Please send me the latest and old questions! Thank You!

    {email not allowed}

  4. waleedsabour
    December 27th, 2015

    my contact info is {email not allowed}

  5. Anonymous
    January 16th, 2016

    plse state of vlan

  6. Anonymous
    February 21st, 2016

    tjyukuiljufghjrt

  7. Rohit Jaswal
    March 2nd, 2016

    Thank for Brief #its very simple..

  8. Gladsome
    March 5th, 2016

    This is a nice tutorial. Thank You

  9. salem
    March 19th, 2016

    thanks to all 9tut team for this tutoriel

  10. Sajib
    May 29th, 2016

    This is a nice tutorial. Thank You

  11. buy fifa 17 coins
    June 5th, 2016

    You are looking sharp !
    buy fifa 17 coins https://diigo.com/08l9pe

  12. Ahmad
    June 22nd, 2016

    Thanks,
    i copy your tutorial

    booking onlin http://walanja.com

  13. RAJ
    June 26th, 2016

    THANKS A LOT… PLEASE UPLOAD QUESTIONS TO ALL TOPICS ONLY EXPLAINATIONS ARE THERE !!

  14. man
    July 9th, 2016

    nice explanation.

  15. Anonymous
    August 2nd, 2016

    this is very useful for me….

  16. suresh reddy
    August 2nd, 2016

    this blog is excellent for preparing CCNA

  17. Kelvin
    August 3rd, 2016

    Writing my CCNA on monday next week kindly assist with any new dumps. {email not allowed}

  18. Deju
    August 20th, 2016

    I have a plan to take new CCNA exam on next september kindly assist with any dumps

  19. Anonymous
    September 26th, 2016

    CCNA ( Routing & Switching )

    CCNA Routing and Switching provides comprehensive coverage of network topics from fundamental to advanced applications and services, with opportunities for hands on practical experience and career skills development.

    Prerequisite :
    Basic Knowledge of Computer/ Network

  20. Anonymous
    September 26th, 2016

    CCNA ( Routing & Switching )

    CCNA Routing and Switching provides comprehensive coverage of network topics from fundamental to advanced applications and services, with opportunities for hands on practical experience and career skills development.

    Prerequisite :
    Basic Knowledge of Computer/ Network
    Further details we can discuss on call or whatsapp

    00966592832164

  21. zukko
    December 1st, 2016

    GOOD ARTICLE

  22. fascinator turquoise
    January 2nd, 2017

    Good – I should definitely pronounce, impressed with your web site. I had no trouble navigating through all tabs and related information ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, site theme . a tones way for your client to communicate. Excellent task.

    http://pinkfascinator.com/spruce-up-your-look-with-turquoise-fascinators/

  23. AdjougAlleree
    January 25th, 2017

    asd

  24. Natty
    January 31st, 2017

    Thanks alot.
    Learnt quite much

  25. Anonymous
    February 22nd, 2017

    Good Tutorial

Comment pages
1 2 3 4 711