VLANs

Just in case you were looking at CCNP SWITCH material, and were not familiar with how VLAN’s might look on network Topology, there you go 🙂

Just as ports on a switch break up “collision domains,” VLANs break up “broadcast domains,” which is not only required for traffic separation but also broadcast traffic limitation as discussed below.

A LAN which is a single broadcast domain is referred to as a “Flat Network,” not sure if its an exam topic, but real world that is a good phrase to know when speaking networking with someone.

Speaking of Broadcast Domains, that is one of the main purposes for a VLAN

Outside of course of separating traffic (voice / video / data), VLANs limit the scope of broadcasts only to their VLAN, as broadcast traffic going to unnecessary hosts is a waste of LAN resources such as CPU and Bandwidth (which is 80% of network issues in the real world you will ever deal with is the LAN being slow, seriously).

Using the VLAN topology above, if the first PC in the orange VLAN 1 circle sends a broadcast, only the PC in VLAN 1 on the other side of the “Trunk” will receive a copy. If none of those VLANs existed, and those switches were fresh out of the box, a copy of the broadcast frame would be sent out every port except the port it came on in.

This is very important to note, as is that if there were no configured VLANs and those switches were fresh out of the box, all ports would still be in a VLAN by default – VLAN 1.

Another thing that just sounds odd is that the more VLANs you create, the more broadcast domains you are creating, but the less broadcast traffic you will have. It sounds odd or did to me at first because more broadcast domains should mean more of its type of traffic, but because only the hosts in those VLANs are sending / receiving the broadcasts, there are fewer overall being sent to all hosts on the switch.

A quick wag of the finger by Cisco’s best practices

Cisco’s best practices dictate that there should only be VLANs created for every separate subnet only, which in the real world is 99% time not going to be the case integrating all network devices.

Cisco wants you to make 1 Vlan for every 1 subnet, and thats it, but in the real world you will find it is different in every network.

Cisco also recommends that VLANs not reach beyond the “Distribution Layer” of the 3-Layer switch hierarchy of Core / Distribution / Access (Not Layer 3 as in Routing).

Quick word on Static vs Dynamic VLANs

A static VLAN membership for a host is configured on the port / on the switch itself, whereas a Dynamic VLAN membership is derived from the hosts MAC address to determine what VLAN it is in but does not dynamically create the VLAN.

Ultimately, the switch will almost always decide which VLAN traffic is taking, but that is a good distinction to know even though we will first focus on Static VLAN’s.

I am currently working with static VLANs, so lets have a look a config / verification

So I took a look at my VLANs and what’s currently going on, so I added a few interfaces to VLAN 9, and deleted the other 2 that I no longer am working with:

SW1(config)#do sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/3, Fa1/0/5
Fa1/0/6, Fa1/0/7, Fa1/0/8
Fa1/0/9, Fa1/0/10, Fa1/0/11
Fa1/0/12, Fa1/0/13, Fa1/0/14
Fa1/0/15, Fa1/0/16, Fa1/0/17
Fa1/0/18, Fa1/0/19, Fa1/0/20
Fa1/0/21, Fa1/0/22, Fa1/0/23
Fa1/0/24, Gi1/0/1, Gi1/0/2
9 VLAN0009 active Fa1/0/2, Fa1/0/4, Fa1/0/6
10 VLAN0010 active
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

There are 5 total “Default” VLANs along with 3 other VLANs (9, 10, 200) in the output of “sh vlan brief”, though only VLAN 1 is called default, the others are legacy Default VLAN’s as well and for that reason they cannot be deleted as I am about to delete VLAN 10 and 200

The 5 default VLANs and the 3 extra are highlighted in red, while the interfaces I put into VLAN 9 are highlighted in blue to demonstrate the behavior when deleting a VLAN with interfaces in it.

Also, a quick demonstration of the console yelling at you also highlighted in red:

SW1(config)#no vlan 10
SW1(config)#no vlan 200
SW1(config)#no vlan 1002
%Default VLAN 1002 may not be deleted.
SW1(config)#

SW1(config)#do sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/3, Fa1/0/5
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
9 VLAN0009 active Fa1/0/2, Fa1/0/4, Fa1/0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1(config)#

So one non-default remains, and if we delete it let us see what happens with the interfaces in it:

SW1(config)#no vlan 9
SW1(config)#do sh vlan bri

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/3, Fa1/0/5
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1(config)#

They have completely disappeared from the vlan table, not even in Default 1! Now why is that you may ask? Good question!

SW1(config)#vlan 9
SW1(config-vlan)#exit

SW1(config)#do sh vlan bri

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/3, Fa1/0/5
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
9 VLAN0009 active Fa1/0/2, Fa1/0/4, Fa1/0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1(config)#

They were still in  VLAN 9 as we had them configured for! Now this has already veered waaaay off my course I’m watching right now, but if you notice a stray port move it to either the default VLAN 1 and “shut” it for Security reasons.

One last thing, since we obviously hard coded VLAN 9 on the port, we must move them to default 1 to get them back in with the rest of our ports:

SW1(config)#int fa1/0/2
SW1(config-if)#switchport access vlan 1
SW1(config-if)#int fa1/0/4
SW1(config-if)#switchport access vlan 1
SW1(config-if)#int fa1/0/6
SW1(config-if)#switchport access vlan 1
SW1(config-if)#exit
SW1(config)#no vlan 9

SW1(config)#do sh vlan bri

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1(config)#

There is another reason ports may be missing from that VLAN table, especially if they are part if they are a Trunk port, but there will be plenty of that later 🙂

The above example, is really how you begin to troubleshoot simple VLAN issues

Starting with “sh vlan brief” will give you a lot of information, in terms of VLANs that are hopefully marked intuitively and what ports are members, but also what ports are missing as we saw above.

If you are missing ports without knowing if there were pre-existing VLANs that were deleted or modified, the best place to start with missing ports is with a show run, as that will list the port membership which I actually again need to prove here to myself to respect myself as a CCNP.

I also wanted to demonstrate the full “sh vlan” command instead of just brief, so get ready for some output:

Creating and placing port interfaces into VLANs

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 10
SW1(config-vlan)#exit
SW1(config)#vlan 20
SW1(config-vlan)#exit
SW1(config)#vlan 30
SW1(config-vlan)#exit
SW1(config)#int fa1/0/10
SW1(config-if)#switchport access vlan 10
SW1(config-if)#int fa1/0/20
SW1(config-if)#switchport access vlan 20
SW1(config-if)#int fa1/0/15
SW1(config-if)#switchport access vlan 40
% Access VLAN does not exist. Creating vlan 40
SW1(config-if)#

I wanted to demonstrate you can either create VLAN’s with “vlan #” from global config, and then get on an interface configuration line and configure “switchport access vlan #”, or the VLAN will create itself if it does not exist when configuring on an interface.

  • Note that you can also use “int vlan #” to create a VLAN, but that is more for layer 3 routing use (which I’m sure we will get to), whereas “vlan #” creates a Layer 2 VLAN like a management IP / VLAN for the switch that you can “shut” / “no shut” the entire VLAN

Now here is the Big Lebowski output of “sh vlan”:

SW1#sh vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/16, Fa1/0/17
Fa1/0/18, Fa1/0/19, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
10 VLAN0010 active Fa1/0/10
20 VLAN0020 active Fa1/0/20
30 VLAN0030 active
40 VLAN0040 active Fa1/0/15
1002 fddi-default act/unsup
1003 token-ring
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 – – – – – 0 0
–More– ed state to administrati n
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
10 enet 100010 1500 – – – – – 0 0
20 enet 100020 1500 – – – – – 0 0
30 enet 100030 1500 – – – – – 0 0
40 enet 100040 1500 – – – – – 0 0
1002 fddi 101002 1500 – – – – – 0 0
1003 tr 101003 1500 – – – – – 0 0
1004 fdnet 101004 1500 – – – ieee – 0 0
1005 trnet 101005 1500 – – – ibm – 0 0

Remote SPAN VLANs
——————————————————————————

 

Primary Secondary Type Ports
——- ——— —————– ——————————————

SW1#

Which let’s compare quick to its brief counterpart:

SW1#sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/16, Fa1/0/17
Fa1/0/18, Fa1/0/19, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
10 VLAN0010 active Fa1/0/10
20 VLAN0020 active Fa1/0/20
30 VLAN0030 active
40 VLAN0040 active Fa1/0/15
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1#

All of that red stuff is completely unneeded at least at this point in the studies, so there is no point in really running “sh vlan”, as it has a the brief portion at the top, and a lot of things that are not tested on (yet) in CCNP SWITCH studies, and probably in most real life scenarios.

I completely went off the rails from what I am studying in this article, I think I skipped ahead a lot in behaviors of ports and such, so future articles may be redundant in topics covered here. You’re welcome for that 🙂 Gotta bang that stuff into your brain until you dream in binary!

The big highlights:

  • All ports are in a VLAN, VLAN 1 by default
  • There are 5 default VLANs, 4 legacy, none of which can be deleted
  • You can create multiple ways demonstrated above
  • When a port is statically set to a VLAN, it stays in that VLAN even if it gets deleted!
  • If ports are not in “sh vlan brief”, they can be found int “sh trunk” or “sh run”

That is all I got, until next time!