Basic Vlan Concepts

1.  Vlan Benefit

·To reduce CPU overhead on each device by reducing the number of devices that receive each broadcast frame

• To reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood (broadcasts, multicasts, and unknown unicasts)

• To improve security for hosts that send sensitive data by keeping those hosts on a separate VLAN

• To create more flexible designs that group users by department, or by groups that work together, instead of by physical location

• To solve problems more quickly, because the failure domain for many problems is the same set of devices as those in the same broadcast domain

• To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch

2.  Vlan Tagging Concepts

 

 

3.  802.1Q Vlan Trunking Protocol

 

802.1Q inserts an extra 4-byte 802.1Q Vlan header into the original frame’s Ethernet header. 12-bit Vlan ID supports 4096 (2¹²) Vlans.

ISL : Cisco not even supporting ISL (Inter-Switch Link) in its newer models.

Vlan ID range : Cisco switches break the range of VLAN IDs (1–4094) into two ranges: the normal range and the extended range. All switches can use normal-range VLANs with values from 1 to 1005. Only some switches can use extended-range VLANs with VLAN IDs from 1005 to 4094. The rules for which switches can use extended-range VLANs depend on the configuration of the VLAN Trunking Protocol (VTP).

native Vlan : 802.1Q also defines one special VLAN ID on each trunk as the native VLAN (defaulting to use VLAN 1). By definition, 802.1Q simply does not add an 802.1Q header to frames in the native VLAN. When the switch on the other side of the trunk receives a frame that does not have an 802.1Q header, the receiving switch knows that the frame is part of the native VLAN. Note that because of this behavior,both switches must agree on which VLAN is the native VLAN.

     The 802.1Q native VLAN provides some interesting functions, mainly to support connections to devices that do not understand trunking. For example, a Cisco switch could be cabled to a switch that does not understand 802.1Q trunking. The Cisco switch could send frames in the native VLAN—meaning that the frame has no trunking header—so that the other switch would understand the frame. The native VLAN concept gives switches the capability of at least passing traffic in one VLAN (the native VLAN), which can allow some basic functions, like reachability to telnet into a switch.