Virtual Local Area Network (VLAN)

At work recently, there has been a lot of new deployments and I have had the opportunity to look at a lot of network diagrams. I've understood the OSI model Layer 2 with ease, and most of  Layer 3 information made sense to me with the exception of VLANs. Here's a summary of what I understood about VLANs and what I learned in my pursuit to understand the networking diagrams.

UPDATE: VLANs come under Layer 2 -> Why? Glad you asked.

At Layer 2, we have no way of securing traffic, if anybody snoops the traffic, they get the frames with all our data encapsulated, so the best way to secure our traffic is to prevent the 'snoopers' from seeing our traffic in the first place. One way to do this is to restrict the 'broadcast domains' but this does not scale well so an alternative option (not a replacement, just an alternative) is to use VLANs. 

VLANs segment traffic into separate broadcast domains.

There are two types of ports that are using on a Switch for working with VLANs:

1. Access mode Switchport

In an access mode port, the switch removes the VLAN tag on frames exiting the Switchport and adds a native VLAN tag on the frames entering the Switchport. This is the type of port used between a Switch and an end point device such as a PC/Laptop.

2. Trunk mode Switchport (aka tagging port)

 In a tagging port, the switch adds VLAN ID information to the outgoing frame's header. This is the type of Switchport used between 2 switches or between a switch and a router. There are 2 tagging standards used by the Cisco switches 802.1q and ISL (Inter-Switch Link). The former is now used predominantly.

* Native VLAN -> 802.1q normally adds a 4-byte header to frames but for frames in the native VLAN, 802.1q does not add the header.


Switchports might be in Access, Trunk, dynamic auto, & dynamic desirable modes. Think of desirable auto as a Passive mode, if you have a link between 2 ports in dynamic auto mode, then they will remain in Access mode and not auto-negotiate to Trunk mode.

---

Setting VLAN on a switch port connected to a server

> enable

# configure terminal

# interface port gig0/0

# switchport mode access

# switchport access vlan 10

(optional step to speed up the network)

# spanning-tree portfast

Setting VLAN on a switch port connected to another switch

> enable

# configure terminal

# interface port gig0/1

(on older switches)

# switchport trunk encapsulation dot1q

# switchport mode trunk

(note allowed vlans override any previous settings)

# switchport allowed vlan 1,10,20

# spanning-tree portfast

Setting VLAN on a router connected to a switch (Router on a stick)

> enable

# configure terminal

(sub-interface 10)

# interface port gig0/1.10

# encapsulation dot1Q 10

# ip address 10.0.10.1 255.255.255.0

---

Appendix:

In a normal scenario, say you have 5 PCs connected in a subnet to a switch and concurrently connected to a router, in case of a broadcast from anyone for the PCs, the frame would be repeated to all the hosts.


* The port connecting the host must be configured as Access Port.

* When using VLANs in a network with multiple interconnected switches, you need to use VLAN trunking. The trunk link does not belong to a specific VLAN. It is like a conduit between switches and routers. To allow inter-VLAN routing, you need to configure trunking on the link between the router and the switch. 

* Cisco -> ISL (inter-switch link) is a trunking mode & is specific to Cisco switches

* Native VLAN -> For working w/ old devices. Frames belonging to the native VLAN are not tagged when sent out of the trunk links. The frame received untagged on the trunk link is set to the native VLAN.

* All ports in a switch by default are on VLAN 1.

* Create a VLAN -> # vlan <number>

* A given port on the switch can allow multiple VLANs but can only have one default VLAN. The default VLAN is the VLAN in that the port tags the traffic within the case of a frame without a tag.

Comments

Post a Comment

Popular posts from this blog

Playing around with Dell R520 server

Image
After I got my first major tech job, I learned that a major part of the job would be working with Dell servers, setting up ESXi hosts, vCenter installation, etc. so I thought it would be a good idea to practice this at home in my own lab environment so I went and bought a Dell R520 server from the Facebook marketplace for around 300 CAD$. Let me explain how I set up the server. We'll go over the installation of ESXi in detail in another post. For now, let's assume that our server comes with ESXi pre-installed. Let's start by ensuring that the server is plugged in. Most servers come with 2 different PSUs (Power Supply Units). These are meant to go on different Power Strips for power outage redundancy. Once the server is plugged in, try to get your hands on an old monitor with a VGA cable, should cost about 20 CAD$ used. We also need a keyboard. In my case, ESXi was pre-installed so all I had to do was set up the hostname and IP address. Since the internal IP address in my ne
Read more

Experience Interviewing for an Infrastructure Engineer - Continuous Delivery position

Been a while since I got to write to this blog. Recently, I had the pleasure of interviewing for an Infrastructure Engineer - Continuous Delivery position for a company based in Dallas, Texas. I wanted to pen down my experience while the memory is fresh and possibly help others in the same pursuits. The first round was the typical HR round where the interviewer requested to know more about my experience in the DevOps / Infrastructure engineering field and gauge my interest in the position / learn about my background. It included a lot of open-ended questions such as can you please explain your role in your current position. The next round was considerably more interesting and included more pointed questions about my experience in particular tools and working platforms. The interviewer also took the time to explain the role and the need for this position.  After passing this round, I received a take-home exam, the exam question is as follows: Hi Srikar, We're excited to continue our
Read more

2023 Summer Reading List Summary

Image
This blogpost is going to be quite different from my regular posts. I would like to write something down by myself instead of just being a proxy for chatGPT like I did in the past few posts. Books I've read this summer: Thinking in Systems by Donella Meadows Extreme Ownership by Jockco Wilink and Leif Basin Financial Intelligence by Karen Berman Zero to One by Peter Thiel Stillness Is The Key by Ryan Holiday Let's talk about my takeaways book by book: Thinking In Systems , after reading this book, I try to think of everything happening around me in terms of a simple flow chart, on the one side is a 'source', then the other side is the 'output', & in the middle is a box that is an effect which acts on the source to produce the output. Here's an example from the book: Most systems along with having a 'source' and an output, also have feedback loops, they can broadly be classified into 2 types. One is a corrective loop, e.g. a thermostat on a an Air
Read more