In this section we will try to cover the following questions
- what is Vlan?
- what are the features of vlan?
- what is the range of normal vlan?
- what is the range of extended vlan?
- what are the restriction while configuring an extended vlan?
- How to remove a existing vlan?
VLAN:- (Virtual LANs) are logical grouping of devices in the same broadcast domain. Each VLAN being treated as its own subnet or broadcast domain. This means that frames broadcasted onto the network will be switched only between the ports within the same vlan, in other word we can say
Virtual LAN, i.e something virtual, which in not in real, i.e “VLAN is the method of breaking a single switch to act as a multiple switch”, for example if I create multiple vlan (vlan-1 and vlan-2) and assign some port on each vlan (let port no. 1-to-5 assign in vlan-1 and port no 6 to 10 are assign in vlan-2) then the user connected within vlan-1 could communicate to each other but not with users connected with vlan-2. "communication will happen within the usergroup connected with same vlan "
Features of Vlan
- Virtual vlan is independent vlan
- Vlan can be named on the basis of user group
- It is the method of reducing Broadcast traffic at layer-2
- Grouping of special users, enhance the security of network, how? because of newly connected user could be the part of another vlan.
- Normal VLAN
- Extended VLAN
- Voice VLAN
- Native VLAN
- VLAN 1 is the default vlan and can’t be renamed
- by default all ports are the part of vlan-1
- VLAN 2-1001 can be created and basically used for Ethernet network
- VLAN 1002-1005 are reserved for FDDI/ token ring etc networks
- Default range of VLANs is 1024 (Cisco Catalyst switches supported only upto 1024 VLANs)
- ISL used 10-bit VLAN id (upto 1024 Vlan)
- 802.1Q include a 12-bit Vlan ID field (upto 4096 Vlans)
- Cisco refers to the VLANs between 1025 and 4096 as extended –range VLANs
Restrictions:-1
- · VTP cannot be used for VLAN management (vtp must be configured as transparent or off)
· i.e Extended vlan range will not work if VTP mode is other then transparent mode or off mode, If we tried to create a extended vlan in server mode , we get the message as shown below
Sw1(config)# vtp mode server
Sw1(config)#vlan 3500
Sw1(config)#exit
% fail to create vlan 3500
Extended vlan(s) not allowed in current VTP mode
%failed to commit extended VLANs changes.
so if we are using the extended vlan , we have to use VTP either transparent mode or off mode, so if we create a extended vlan in transparent mode we would be able to create the vlan without any problem.
Sw1(config)# vtp mode transparent
Sw1(config)#vlan 3500
Sw1(config)#management
Sw1(config)#exit
Result can be seen by as :-
Sw1(config)#show vlan
Restrictions:-2
- STP – extended system ID feature has to be enabled, by default it is enabled and can’t be disabled.
- Extended system id is the combination of priority + vlan information, i.e when stp going to select the root bridge it select the priority value and add the vlan no. which is called as extended system id.
It can be verified by
SW1# show spanning-tree summary
Switch#sh spanning-tree sum
Switch is in pvst mode
Root bridge for:
Extended system ID is ----------------- enabled
Portfast Default is -------------------------- disabled
PortFast BPDU Guard Default is ------- disabled
Portfast BPDU Filter Default is ----------disabled
Loopguard Default is -----------------------disabled
EtherChannel misconfig guard is -------disabled
UplinkFast is ----------------------------------disabled
BackboneFast is -----------------------------disabled
Configured Pathcost method used is short
It can’t be removed by command
SW1# no spanning-tree extend system-id--------can’t be removed error message shows
So overall conclusion is for extended vlan is to have a
older method:- vlan could be created in privileged mode
Switch#vlan database
Switch(Vlan)#vlan 2 name Management
now the new vlan with name Management is created, to see name and No. of vlan
Switch(vlan)#exit
Switch#show vlan-----------------vlan trouble shooting command
Note :- this is the older method of creating vlan, may be could't available for new devices a
Newer Method:- vlan created in global configuration mode
- vtp in either on transparent mode or off mode
- the system must have extended system id support
older method:- vlan could be created in privileged mode
Switch#vlan database
Switch(Vlan)#vlan 2 name Management
now the new vlan with name Management is created, to see name and No. of vlan
Switch(vlan)#exit
Switch#show vlan-----------------vlan trouble shooting command
Note :- this is the older method of creating vlan, may be could't available for new devices a
Newer Method:- vlan created in global configuration mode
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z
Switch(config)#vlan 10----------------------------new vlan with vlan ID 10
Switch(config-vlan)#name swan-----------------swan is the name of created vlan-10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Nic---------------- Nic is the name of vlan 20
Assigning port to vlan,
Switch(config-vlan)#in fa 0/23
Switch(config-if)#switchport mode access-----By default all ports are in dynamic mode
Switch(config-if)#switchport access vlan 10----Assigning a port no.fa 0/23 to vlan 10
similarly
Switch(config-if)#interface fa 0/24
Switch(config-if)# switchport mode access
Switch(config-if)#switchport voice vlan 20
Switch(config-if)#show vlan -------------------------vlan troubleshooting
To Remove Vlan:- if by mistake we have created a wrong vlan then following command is used to remove existing vlan,
Switch(config-if)#show vlan -------------------------vlan troubleshooting
To Remove Vlan:- if by mistake we have created a wrong vlan then following command is used to remove existing vlan,
Switch>en
Switch#configure terminal
Switch(config)#No vlan 10----------------------------to delete vlan10
Switch(config-vlan)# do wr me
Note:- if we delete the existing vlan which have some ports , then after deleting vlan all port will be the part of default vlan i.e vlan 1.
In Next section we will cover the voice vlan
No comments:
Post a Comment