What Is a VLAN?
A virtual LAN (VLAN) is a logical LAN, or a logical subnet. It defines a broadcast domain. A physical subnet is a group of devices that shares the same physical wire. A logical subnet is a group of switch ports assigned to the same VLAN, regardless of their physical location in a switched network.
Two types of VLANs are:
- End-to-end VLAN—VLAN members are assigned by function and can reside on different switches. They are used when hosts are assigned to VLANs based on functions or workgroups, rather than physical location. VLANs should not extend past the Building Distribution submodule. Figure 2-1 shows end-to-end VLANs.
- Local VLAN—Hosts are assigned to VLANs based on their location, such as a floor in a building. A router accomplishes sharing of resources between VLANs. This type is typically found in the Building Access submodule. Figure 2-2 shows an example of local VLANs.
End-To-End VlanS
Local VLANS
VLAN membership can be assigned either statically by port or dynamically by MAC address using a VLAN Membership Policy Server (VMPS).
Creating a VLAN in Global Config Mode:
VLANs must be created before they may be used. VLANs may be created in global configuration mode or in VLAN database mode. Creating VLANs in global configuration is easy—just identify the VLAN number and name it!
(config)#vlan 12
(config-vlan)#name MYVLAN
Creating a VLAN in Database Mode
Creating a VLAN in VLAN database mode is very similar to global configuration. There are no advantages to either method. Either method creates an entry in a VLAN.DAT file. Remember that copying the configuration, by itself, does not move the VLAN information! To do that you must move the VLAN.DAT file.
#vlan database
(vlan)#vlan 12 name MYVLAN
Delete a VLAN by using the same command with no in front of it. There is no need to include the name when deleting.
Assigning Ports to VLANs
When statically assigning ports to VLANs, first make it an access port, and then assign the port to a VLAN. At the interface configuration prompt:
(config-if)#switchport mode access
(config-if)#switchport access vlan 12
The commands are similar when using dynamic VLAN assignment. At interface configuration mode:
(config-if)#switchport mode access
(config-if)#switchport access vlan dynamic
If you use dynamic, you must also enter the IP address of the VMPS server at global configuration mode:
(config-if)#vmps server ip address
Verifying VLAN Configuration
To see a list of all the VLANs and the ports assigned to them, use the command show vlan. To narrow down the information displayed, you can use these keywords after the command: brief, id, vlan-number, or name vlan-name:
Other verification commands include:show running-config interface interface no.—Use the following to verify the VLAN membership of the port:
show mac address-table interface interface no. vlan vlan no.— Use the following to view MAC addresses learned through that port for the specified VLAN:
show interfaces interface no. switchport—Use the following to see detailed information about the port configuration, such as entries in the Administrative Mode and Access Mode VLAN fields:
Troubleshooting VLAN Issues
The following are three steps in troubleshooting VLAN problems:
- Check the physical connectivity—Make sure the cable, the network adapter, and switch port are good. Check the port’s link LED.
- Check the switch configuration—If you see FCS errors or late collisions, suspect a duplex mismatch. Also check configured speed on both ends of the link. Increasing collisions can mean an overloaded link, such as with a broadcast storm.
- Check the VLAN configuration—If two hosts cannot communicate, make sure they are both in the same VLAN. If a host cannot connect to a switch, make sure the host and the switch are in the same VLAN.
No comments:
Post a Comment