Virtual LAN(VLAN) & It’s Concepts
VLAN- Virtual LAN is being used for virtually or logically segregating or separating the local LAN according to the requirement.
Reasons behind the creation of multiple VLANs or what we will achieve by creating different VLANs.
- We can separate the Broadcast domain according to the dept./floor or any other parameter, which will reduce the broadcast propagation to a limited number of users. This will reduce the network and processing overhead of the switching device.
- We can apply security policies i.e access control rules as per each VLAN requirement and have different rules or policies for different VLAN.
- Creating Multiple VLANs will increase the scalability of the network and make the troubleshooting easy.
- Even, we can use different QoS Policies in different VLANs for classification or marking of different VLANs.
How many types of ports are there in a VLAN:
Types of L2 Port:
- Access Port- This can allow only one VLAN and used to connect a Laptop or Desktop.
- Trunk Port(Called as Tagged Port in Non-cisco environment) – This can allow multiple VLANs and generally used to connect a different network device or a Server which hosts VMs from multiple VLANs.
- Voice VLAN Port- This is a type of access port but in this type of port two VLANs can be allowed i.e one access VLAN and one Voice VLAN. These types of ports are being used for the laptops or desktops to be connected via IP Phone.
Types of L3 Port:
- Switch Virtual Interface(SVI) – A virtual L3 Interface associated with a VLAN in a switching device.
- Bridge Virtual Interface(BVI) – A virtual L3 Interface associated with a Bridge Group in a routing device.
How many types of ports are available based on DTP(Dynamic Trunking Protocol):
- Access- No trunking, will not send DTP, only access to a single VLAN
- Trunk- Trunk is On, will still send DTP for negotiation
- Dynamic Auto- Allowed to receive DTP but will not send DTP, If receives DTP then will form trunk otherwise access
- Dynamic Desirable- Will send DTP but negotiation depends on what receives.
- Non-negotiate – does not send DTP, will only form trunk based on Hard coding.
Formation of the trunk can be possible in below way:
- Trunk-Trunk –> will form the trunk
- Trunk-Auto –> will form the trunk
- Trunk-Desirable –> will form the trunk
- Desirable-Desirable –> will form the trunk
- Desirable-Auto –> will form the trunk
- Desirable-Non-Negotiate –> will not form the trunk
- Auto-Non-negotiate –> will not form the trunk
- Trunk-Non-negotiate –> will form the trunk if Non-negotiate end configured as a trunk
- Non-Negotiate-Non-negotiate –> will form the trunk if both Non-negotiate ends configured as a trunk
- Auto-Auto –> will not form the trunk
What is a Native VLAN?
Native VLAN is a concept available in 802.1q. The concept of native VLAN is if a trunk port receives a frame which is not tagged then it will allow that packet to traverse in a specific VLAN, by default VLAN1 is the Native VLAN in Cisco Switches.
Native VLAN can be a security vulnerability if it is not properly configured in your network.
In the case of Access port, frames are always untagged. So, if you connect two Cisco switches over access ports and one end is in one Access VLAN and the other end is in another Access VLAN then you can leak the traffic from one VLAN to another but if your CDP is enabled then you will receive a message of Native VLAN mismatch.
I hope this helps you guys. If you like it then do not forget to hit the like button and share it with your friends and family.
All the best Guys.
Cheers,
Maddy
