Friday, May 11, 2012

VLANs

Switches by default are great because they create individual collision domains but there is still the problem with broadcast. Broadcast will be seen by all clients on a  LAN segment and at times this will result in the clients themselves sending out broadcast to the point where the switch runs out of resources (broadcast storm) The solution is Virtual Local Area Networks (VLAN) . Cisco's switches out of the box puts all ports into VLAN 1, the default VLAN. All ports in a VLAN are within the same broadcast domain. I will create another VLAN below and put a couple of ports in it. 


Switch#show vlan brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    

Adding ports 5 through 10 to VLAN 51, I used the interface range command , name of command is self explanatory, before I can add a port to a VLAN I made it an access port not a trunk port, trunks are used to pass VLAN traffic to other switches or a router. If an VLAN does not exist before you move a port into it, it will be created automatically. 

Switch(config)#int range fastEthernet 0/5-10
Switch(config-if-range)#switchport mode access 
Switch(config-if-range)#switchport access vlan 51
% Access VLAN does not exist. Creating vlan 51
Switch(config-if-range)#do show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24
51   VLAN0051                         active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active  

Devices on VLAN 51 can't communicate with devices on different VLAN without an router or layer 3 switch. A security benefit for VLANs when grouped by privileges. 



Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)