Content Overview An important feature of Ethernet switching is the virtual local-area network (VLAN). A VLAN is a logical grouping of devices or users. These devices or users can be grouped by function, department, or application despite the physical LAN segment location. Devices on a VLAN are restricted to only communicating with devices that are on their own VLAN. Just as routers provide connectivity between different LAN segments, routers provide connectivity between different VLAN segments. Cisco is taking a positive approach toward vendor interoperability, but each vendor has developed its own proprietary VLAN product and it may not be entirely compatible. VLANs increase overall network performance by logically grouping users and resources together. Businesses often use VLANs as a way of ensuring that a particular set of users are logically grouped regardless of the physical location. Therefore, users in the Marketing department are placed in the Marketing VLAN, while users in the Engineering Department are placed in the Engineering VLAN. VLANs can enhance scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. VLANs are powerful tools for network administrators when properly designed and configured. VLANs simplify tasks when additions, moves, and changes to a network are necessary. VLANs improve network security and help control Layer 3 broadcasts. However, improperly configured VLANs can make a network function poorly or not function at all. Understanding how to implement VLANs on different switches is important when designing a network. Students completing this module should be able to:

Define VLANs
List the benefits of VLANs
Explain how VLANs are used to create broadcast domains
Explain how routers are used for communication between VLANs
List the common VLAN types
Define ISL and 802.1Q
Explain the concept of geographic VLANs
Configure static VLANs on 29xx series Catalyst switches
Verify and save VLAN configurations
Delete VLANs from a switch configuration

Content 8.1 VLAN Concepts 8.1.1 VLAN introduction A VLAN is a group of network services not restricted to a physical segment or LAN switch. VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location. Configuration or reconfiguration of VLANs is done through software. Physically connecting or moving cables and equipment is unnecessary when configuring VLANs. A workstation in a VLAN group is restricted to communicating with file servers in the same VLAN group. VLANs function by logically segmenting the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN. VLANs consist of hosts or networking equipment connected by a single bridging domain. The bridging domain is supported on different networking equipment. LAN switches operate bridging protocols with a separate bridge group for each VLAN. VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. Switches may not bridge any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain. Traffic should only be routed between VLANs. Web Links Virtual LAN http://www.zyxel.com/support/
supportnote/ves1012/app/vlan.htm

Content 8.1 VLAN Concepts 8.1.2 Broadcast domains with VLANs and routers A VLAN is a broadcast domain created by one or more switches. The network design in Figures and requires three separate broadcast domains. Figure shows how three separate broadcast domains are created using three separate switches. Layer 3 routing allows the router to send packets to the three different broadcast domains. In Figure , a VLAN is created using one router and one switch. However, there are three separate broadcast domains. In this scenario there is one router and one switch, but there are still three separate broadcast domains. In Figure , three separate broadcast domains are created. The router routes traffic between the VLANs using Layer 3 routing. The switch in Figure forwards frames to the router interfaces:

If it is a broadcast frame.
If it is in route to one of the MAC addresses on the router.

If Workstation 1 on the Engineering VLAN wants to send frames to Workstation 2 on the Sales VLAN, the frames are sent to the Fa0/0 MAC address of the router. Routing occurs through the IP address on the Fa0/0 router interface for the Engineering VLAN. If Workstation 1 on the Engineering VLAN wants to send a frame to Workstation 2 on the same VLAN, the destination MAC address of the frame is the MAC address for Workstation 2. Implementing VLANs on a switch causes the following to occur:

The switch maintains a separate bridging table for each VLAN.
If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1.
When the frame is received, the switch adds the source address to the bridging table if it is currently unknown.
The destination is checked so a forwarding decision can be made.
For learning and forwarding the search is made against the address table for that VLAN only.

Web Links Overview of Routing between Virtual LANs http://www.cisco.com/univercd/cc/ td/doc/ product/ software/ ios113ed/113ed_cr/ switch_c/xcvlan.htm

Content 8.1 VLAN Concepts 8.1.3 VLAN operation Each switch port could be assigned to a different VLAN. Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts. This improves the overall performance of the network. Static membership VLANs are called port-based and port-centric membership VLANs. As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached. Users attached to the same shared segment, share the bandwidth of that segment. Each additional user attached to the shared medium means less bandwidth and deterioration of network performance. VLANs offer more bandwidth to users than a shared network. The default VLAN for every port in the switch is the management VLAN. The management VLAN is always VLAN 1 and may not be deleted. All other ports on the switch may be reassigned to alternate VLANs. Dynamic membership VLANs are created through network management software. CiscoWorks 2000 or CiscoWorks for Switched Internetworks is used to create Dynamic VLANs. Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, it queries a database within the switch for a VLAN membership. In port-based or port-centric VLAN membership, the port is assigned to a specific VLAN membership independent of the user or system attached to the port. When using this membership method, all users of the same port must be in the same VLAN. A single user, or multiple users, can be attached to a port and never realize that a VLAN exists. This approach is easy to manage because no complex lookup tables are required for VLAN segmentation. Network administrators are responsible for configuring VLANs both manually and statically. Each interface on a switch behaves like a port on a bridge. Bridges filter traffic that does not need to go to segments other than the source segment. If a frame needs to cross the bridge, the bridge forwards the frame to the correct interface and to no others. If the bridge or switch does not know the destination, it floods the frame to all ports in the broadcast domain or VLAN, except the source port. Interactive Media