86 lines
2.4 KiB
Markdown
86 lines
2.4 KiB
Markdown
---
|
|
id: 16. VLAN (Part 1)
|
|
aliases: []
|
|
tags: []
|
|
---
|
|
|
|
# VLAN (Part 1)
|
|
|
|
## What is a [[LAN]]?
|
|
|
|
Previously i said that a LAN is a group of devices (PCs, servers, routers, switches) in a single
|
|
location (home office, etc.)
|
|
|
|
A more specific definition: A LAN is a single [[broadcast domain]], including all devices in that
|
|
broadcast domain.
|
|
|
|
## Broadcast domains
|
|
|
|
A broadcast domain is the group of devices which will receive a broadcast frame (destination [[MAC]]
|
|
FFFF.FFFF.FFFF) sent by any one of the members.
|
|
|
|
Perfomance: lots of unnecessary broadcast traffic can reduce network performance
|
|
Security : Even within the same office you want to limit who has access to what. You can apply
|
|
security policies on a [[router]]/[[firewall]]
|
|
|
|
Because this is one LAN, PCs can reach each other directly, without traffic passing through the router
|
|
So even if you configure security policies, they won't have any effect.
|
|
|
|
Although we separated the three departments into three subnets ([[OSI|Layer 3]]), they are still in
|
|
the same broadcast domain ([[OSI|Layer 2]])
|
|
|
|
## What is a [[VLAN]]
|
|
|
|
A [[switch]] will not forward traffic between VLANs, including broadcast/unknown unicast traffic
|
|
|
|
- VLANs are configured on switches on a **per-interface** basis.
|
|
- logically separate end hosts at Layer 2.
|
|
|
|
The switch does not perform inter-Vlan routing. It must send the traffic through the router
|
|
|
|
### VLAN configuration
|
|
|
|
to display all the VLAN's available you can do the command
|
|
|
|
```Cisco
|
|
SW1#show vlan brief
|
|
```
|
|
|
|
By default all interfaces are set to VLAN 1
|
|
|
|
But VLANs1, 10002-1005 exist by default and *cannot be deleted*
|
|
|
|
to assign interfaces to a VLAN
|
|
|
|
```Cisco
|
|
SW1(config)#interface range g1/0 - 3
|
|
SW1(config)#switchport mode access
|
|
SW1(config)#switchport access vlan 10
|
|
% Access VLAN does not exist. Creating vlan 10
|
|
```
|
|
|
|
An access port is a switchport which belongs to asingle VLAN, and usually connects to end hosts
|
|
like PCs
|
|
|
|
Switchports which carry multiple VLANs are called 'trunk ports' (More information on trunks in
|
|
the next lesson)
|
|
|
|
You can change the name of the VLAN with the command :
|
|
|
|
```Cisco
|
|
SW1(config)#vlan 10
|
|
SW1(config-vlan)#name ENGINEERING
|
|
```
|
|
|
|
This Commang creates a VLAN.
|
|
(In this case it was already automatically created when we assigned the interfaces)
|
|
|
|
## Review
|
|
|
|
- What is a (LAN)?
|
|
- Broadcast domains
|
|
- What is a Vlan
|
|
- What is the purpose of VLANs?
|
|
- How to configure VLANs on Cisco switches
|
|
|