Virtual VLANs

 Virtual LANs (VLANs) : In Computer Network, Router purpose is to shirk the Broadcast domains and provides the optimal network communication. The same think can be achieved in the switch by suing virtual LAN. VLANs provides logical segmentation by creating multiple broadcast domains on the same network switch. It also help in higher utilization of switch ports because a port can be associated to the necessary broadcast domain, and multiple broadcast domains can reside on the same switch. Host connected in one VLAN can not communicate with devices in a different VLAN via traditional Layer 2 or broadcast traffic.

VLAN Packet : VLANs are defined in the institute of Electrical and Electronic Engineers (IEEE) 802.1Q standard, which states that 32 bits are added to the packet header in the following fields:

• Tag Protocol identifier (TPID): This 16 bit is fiel set to 0x800 to identify the packet as an 802.1Q packet. 
• Priority code point (PCP): This 3-bit field indicates a class of service as part of Layer 2 quality of service between switches.
• Drop elgible indicator (DEI): This 1-bit fiel indicates whether the packet can be dropped when there is a bandwidth contention.
• VLAN identifier (VLAN ID): This 12bit field specifies the VLAN associated with a network packet.

VLAN ID has only 12 bits, which provides 4094 unique VLANs.

• VLAN0 is reserved for 802.1P traffic and cannot be modified or deleted.
• VLAN1 is the default VLAN and cannot be modified or deleted.
• VLANs 2 to 1001 are normal VLAN range, can be added, deleted, or modified as necessary.
• VLANS 1002 to 1005 are reserved and cannot be deleted.
• VLANs 1006 to 4094 are in the extended VLAN range and can be added, deleted, or modified as necessary.

VLANs are created by using the global configuration command vlan vlan-id. A friendly name (32 characters) is associated with a VLAN through the VLAN submode configuration command name vlanname. The VLAN is not created until the command-line interface (CLI) has been moved back to the global configuration context or a different VLAN identifier.

Catalyst Switch command to configure Vlans

SW1# configure term
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)# vlan 10
SW1(config-vlan)# name PCs
SW1(config-vlan)# vlan 20
SW1(config-vlan)# name Phones
SW1(config-vlan)# vlan 99
SW1(config-vlan)# name Guest

VLANs and their port assignment are verified with the show vlan [{brief | id vlan-id | name vlanname | summary}] command, as demonstrated in Example 1-2. Notice that the output is split into four main sections: VLAN-to-port assignments, system MTU, SPAN sessions, and private VLANs.

The optional show vlan keywords provide the following benefits:

brief: Displays only the relevant port-to-VLAN mappings.

summary: Displays a count of VLANS, VLANs participating in VTP, and VLANs that are in the extended VLAN range.

id vlan-id: Displays all the output from the original command but filtered to only the VLAN number that is specified.

name vlanname: Displays all the output from the original command but filtered to only the VLAN name that is specified.

Access Port :

Access ports are the fundamental building blocks of a managed switch. An access port is assigned to only one VLAN. It carries traffic from the specified VLAN to the device connected to it or from the device to other devices on the same VLAN on that switch. The 802.1Q tags are not included on packets transmitted or received on access ports.

Catalyst switches place switch ports as Layer 2 access ports for VLAN 1 by default. The port can be manually configured as an access port with the command switchport mode access. A specific VLAN is associated to the port with the command switchport access {vlan vlan-id | name vlanname}. The ability to set VLANs to an access port by name was recently added with newer code but is stored in numeric form in the configuration.

Trunk Port :

Trunk ports can carry multiple VLANs. Trunk ports are typically used when multiple VLANs need connectivity between a switch and another switch, router, or firewall and use only one port. Upon receipt of the packet on the remote trunk link, the headers are examined, traffic is associated to the proper VLAN, then the 802.1Q headers are removed, and traffic is forwarded to the next port, based on MAC address for that VLAN.