VLAN- Virtual Local Area Network
Why we need VLAN--
I am working for a organization a Network Engineer. And I have to provide a connection to all the employee. So what's the big deal. Take a switch and connect all the users right.
Ya that's right but now I want more thing in this network like I want manager can access internet other employee can't and so many things also like this.
So VLAN is used it to create Virtual LAN's and feel like every one have his personal LAN.By default all the ports of Switch are in vlan-1. And by default there are 5 vlan's on switch.
i)1
ii)1002
iii)1003
iv)1004
v)1005
(use show vlan cmd to see this.)
Now if we want to make some more vlan according to my needs. So here are the configuration.
First is old one but useful some time
S#vlan database
S(vlan)#vlan 50 name my
These two command will create a vlan-50 which name is my. But there is a warning also
"% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode."
So I'll recommend you to create vlan from Config Mode.
S(config)#vlan 50
S(config-vlan)#name my
"Note- Name is optional, for easiness I always give"
These two command will create vlan 50 which name is my. So see your vlan use 'show vlan'.
Now vlan is created but still we have all the ports in Vlan-1. So time to make member of vlan.
Now we have 2 option either we go to each port and make it member of vlan or we can select a range of ports and make them member of vlan.
So first we'll go to a port
S(config)#interface fastEthernet 0/1
S(config-if)#switchport access vlan 50
"Here we are making f0/1 to member of vlan-50"
Now i'll select a range.
S(config)#interface range fastEthernet 0/2 - 0/10
S(config-if-range)#switchport access vlan 50
"Here we are making f0/2 to f0/10 member of vlan-50"
So by this way we can create multiple vlan and assign port to vlan.
We can't assign a port in multiple vlans.
Benifites-
1.Security- Mamber of 2 different can't access without admin permission.
2.Traffic Reduce-By default switch broadcast traffic on whole ports of same VLAN so by creating VLAN you can reduce them.
VLANs | Range | Usages | Propogate by VTP
| | |
0, 4095 |Reserved | For system use only you | -
| | can't use or see these |
| | vlans. |
__________________________________________________________________
1 | Normal | Cisco default, you can | Yes
| |use the VLAN but can't |
| |modify. |
__________________________________________________________________
2- 1001 |Normal |For Ethernet VLANs,You can| Yes
| |create,use and delete them|
_________________________________________________________________
1002- | Normal |Cisco default for FDDI and| Yes
1005 | |Token Ring. You can't |
| | these VLANs |
_________________________________________________________________
1006- | Extended|For Ethernet VLAN's only | No
4096
__________________________________________________________________
Why we need VLAN--
I am working for a organization a Network Engineer. And I have to provide a connection to all the employee. So what's the big deal. Take a switch and connect all the users right.
Ya that's right but now I want more thing in this network like I want manager can access internet other employee can't and so many things also like this.
So VLAN is used it to create Virtual LAN's and feel like every one have his personal LAN.By default all the ports of Switch are in vlan-1. And by default there are 5 vlan's on switch.
i)1
ii)1002
iii)1003
iv)1004
v)1005
(use show vlan cmd to see this.)
Now if we want to make some more vlan according to my needs. So here are the configuration.
First is old one but useful some time
S#vlan database
S(vlan)#vlan 50 name my
These two command will create a vlan-50 which name is my. But there is a warning also
"% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode."
So I'll recommend you to create vlan from Config Mode.
S(config)#vlan 50
S(config-vlan)#name my
"Note- Name is optional, for easiness I always give"
These two command will create vlan 50 which name is my. So see your vlan use 'show vlan'.
Now vlan is created but still we have all the ports in Vlan-1. So time to make member of vlan.
Now we have 2 option either we go to each port and make it member of vlan or we can select a range of ports and make them member of vlan.
So first we'll go to a port
S(config)#interface fastEthernet 0/1
S(config-if)#switchport access vlan 50
"Here we are making f0/1 to member of vlan-50"
Now i'll select a range.
S(config)#interface range fastEthernet 0/2 - 0/10
S(config-if-range)#switchport access vlan 50
"Here we are making f0/2 to f0/10 member of vlan-50"
So by this way we can create multiple vlan and assign port to vlan.
We can't assign a port in multiple vlans.
Benifites-
1.Security- Mamber of 2 different can't access without admin permission.
2.Traffic Reduce-By default switch broadcast traffic on whole ports of same VLAN so by creating VLAN you can reduce them.
VLANs | Range | Usages | Propogate by VTP
| | |
0, 4095 |Reserved | For system use only you | -
| | can't use or see these |
| | vlans. |
__________________________________________________________________
1 | Normal | Cisco default, you can | Yes
| |use the VLAN but can't |
| |modify. |
__________________________________________________________________
2- 1001 |Normal |For Ethernet VLANs,You can| Yes
| |create,use and delete them|
_________________________________________________________________
1002- | Normal |Cisco default for FDDI and| Yes
1005 | |Token Ring. You can't |
| | these VLANs |
_________________________________________________________________
1006- | Extended|For Ethernet VLAN's only | No
4096
__________________________________________________________________
No comments:
Post a Comment