VLAN (VIRTUAL LOCAL AREA NETWORK) – KELLTRON CONSULTING SERVICES

  • Home
  • Blogs
  • VLAN (VIRTUAL LOCAL AREA NETWORK) – KELLTRON CONSULTING SERVICES

DHS Issues Emergency Directive To Prevent Hacking Attack

image

VLAN (Virtual Local Area Network) – Kelltron Consulting Services


VLAN (Virtual Local Area Network)

A VLAN is a group of devices on one or more LANs that are configured to communicate as if they are on the same physical network, regardless of their actual location.
- VLAN is Layer 2 Security.
- Divides a Single Broadcast domain into Multiple Broadcast domains.
- By default, all switches’ ports are in VLAN1. This VLAN1 is known as Administrative VLAN or Management VLAN.
- VLAN can be created from 2 to 1001.
- It can be configured only on a manageable switch.
 

Types of VLAN Configuration
1. Static VLAN:
    - Based on port numbers.
    - Need to manually assign a port on a switch to a VLAN.
    - Also called Port-Based VLANs.
    - A port can be a member of a single VLAN and not multiple VLANs.

Key Features of Static VLAN:
- Manual Configuration: Each port on the switch must be manually assigned to a VLAN.
- Port-Based Membership: The VLAN membership is determined by the physical switch port.
- Simple to Implement: Easy to configure in small or medium networks where the topology doesn’t change frequently.
- Less Flexible: If a device moves to another port, it loses its VLAN membership unless the new port is configured with the same VLAN.

Configuration Example for Static VLAN:
- Create a VLAN:
    Switch> enable
    Switch# configure terminal
    Switch(config)# vlan 10
    Switch(config-vlan)# name Sales
    Switch(config)# vlan 20
    Switch(config-vlan)# name Market
 

2. Dynamic VLAN:
    - Devices are automatically assigned to VLANs based on attributes (MAC address, IP address, etc.).
    - Requires a VMPS (VLAN Membership Policy Server).

Key Features of Dynamic VLAN:
- Automated Assignment: Devices are assigned to VLANs based on pre-configured policies.
- Flexibility: VLAN membership follows the device, not the port.
- Centralized Management: Managed using a VMPS database.

Port Types
1. Access Links:
    - Part of one VLAN; devices attached assume it as part of the broadcast domain.
    - Example Configuration:
        Switch(config)# interface fastEthernet 0/1
        Switch(config-if)# switchport mode access
        Switch(config-if)# switchport access vlan 10

2. Trunk Links:
    - Can carry multiple VLANs.
    - Uses 802.1Q tagging to identify VLANs.

Comparison:
| Feature                 | Access Port             | Trunk Port                |
| Traffic Type         | Single VLAN           | Multiple VLANs       |
| VLAN Tagging     | Untagged frames | Tagged frames         |
| Connection Type| End devices (PCs)| Network devices     |

 Protocols
- ISL: Cisco proprietary protocol, legacy, supports up to 1000 VLANs.
- 802.1Q: IEEE standard, supports up to 4094 VLANs, widely used.

Additional Configuration Examples
- Creating VLANs, assigning ports, enabling trunking, and routing configurations for different network scenarios.
 

Author: Vivek Anishetty

Image
Image