Introduction to VLANs

ReneMolenaar · December 20, 2016, 10:07pm

This topic is to discuss the following lesson:

system · April 4, 2013, 2:50am

I am learning CCNA R&S now and your lesson is very helpful. Thanks.

system · May 17, 2013, 6:11pm

I am CCNP R&S, your lessons help me to refresh all the topics.
Very well explained.

Thanks!

system · December 5, 2013, 4:34pm

Your way of explanation is so nice. I have understood very well about VLAN.

system · January 11, 2014, 6:41pm

thank you verrrrrry much.soooo useful:)

ReneMolenaar · January 14, 2014, 3:43pm

You are welcome!

system · April 7, 2014, 7:45am

Thank you, I use this web site for the first time,
It’s a good lesson, it’s easier to understand it

kirangopinath19 · January 20, 2015, 12:40pm

Hi Reno,

Great and very well explained

asvinster · April 18, 2015, 4:50pm

gr8, well explained

rajmannar · April 22, 2015, 5:42am

Excellent. Very nicely explained, just like the other videos. Keep up the great work. It’s helpful.

sihleh791 · April 25, 2015, 9:32pm

Do u have ccie complete book? Great work

ReneMolenaar · April 26, 2015, 4:39pm

Hi Sihle,

Not at the moment, maybe sometime I will convert a lot of posts here into a book but for now I’ll publish everything that I create online here on networklessons.com.

Rene

hussien.samer · July 24, 2015, 1:38am

Hi Rene,

I learned from http://www.netcontractor.pl/blog/?p=184 that control traffic from Layer 2 protocols like ( DTP, VTP , CDP , PAgP , STP, etc ) use VLAN 1.

And I make sure of that by doing this experience :

- I made a simple topology of connection two switches and making connectivity as trunk.
- I made one switch VTP server and another as VTP client.
- I also setup RSPAN to monitor the packets.
- Results, I saw VTP, CDP traffic marked with VLAN ID 1.
- Then, I made another vlan and disallowed Vlan 1 in the trunk.
- Results still the same.
- I thought it might be that traffic might be sent untagged as native vlan, so then i changed the native vlan on both switches, expecting that either VTP, CDP will fail OR it will be marked as VLAN ID of new native vlan.
- However, to my surprise it was still showing as VLAN ID 1.
- So I’m baffeled and confused on this type of behaviour where Vlan 1 is NOT allowed in trunk and also native vlan has been changed, still VTP and CDP control traffic is shown as sourced from Vlan 1.

After this experience I have only one question ?

As I know that it is work, so my question is not whether should work or not work… But how actually it is working? I mean how does these protocols use VLAN 1 when it’s not allowed in trunk port or even when it’s shutdown ? can you shed some light please and explain how the packet is send on vlan 1 despite it pruning on trunk because I’m very confused ?

ReneMolenaar · July 26, 2015, 6:01pm

Hi Hussein,

First of all, it is indeed confusing. By default VLAN1 is the native VLAN and it’s untagged.

I do believe however that “control” frames like VTP, CDP, DTP, etc. don’t really belong to a VLAN. They are untagged and like you have seen, even when you block VLAN1 then this traffic is still sent and received.

Rene

mclugyar · January 20, 2016, 11:58pm

I must agree with every one else that you are a talented teacher.

Zoh · January 27, 2016, 9:13pm

Brilliant work.

dkirschsieper · January 28, 2016, 9:15pm

Hi Rene, what do you think what is a sensible number of hosts to have in a broadcast domain before splitting up the network into VLANs? Do you have any experience from the field about that? Thanks, Daniel

ReneMolenaar · January 30, 2016, 2:00pm

Hi Daniel,

There’s a “technical” and “practical” aspect to this question

Let’s start with the technical part…a lot of networking people will tell you that you shouldn’t have > 200 hosts in a subnet since there will be too much broadcast traffic and it will slow down your network. This might be true 10 years ago but nowadays, your computers won’t be bothered much with broadcast traffic and it shouldn’t be an issue for your switches. You could probably put ~1000 hosts in a single subnet and not notice any performance issues.

The more important issue (the practical aspect) is that a single subnet/VLAN is one failure domain. Let’s say we put 1000 hosts in a single subnet and one computer has a broken NIC, sending non-stop garbage broadcast frames. This will affect the entire VLAN and your 999 remaining hosts.

By breaking down this big VLAN into four smaller VLANs, a broken NIC would only affect one VLAN…not the other three.

So for practical reasons I think it’s best to stick with /24 subnets. They are easy to work with and you’ll have multiple failure domains.

Rene

jmwalker24 · March 12, 2016, 10:50pm

So if I have a 48 port switch on the 198.168.1.0/24 network…… and all 48 ports are connected to host. All the host have IP addresses on the 198.168.1.0/24 network. And lets say I create 4 VLANs. Help Desk is on VLAN 10 (interface 1-12), MGMT is on VLAN 20 (int 13-24), Accounting is on VLAN 30 (int 25-36), and Supply is on VLAN 40 (int-37-48). OK…. So these 4 VLANs would basically share the same network (198.168.1.0/24) right? VLANS don’t have to be on different networks/subnets?
What if there were some other MGMT host on another router on a 10.10.10.0/24 network…. Could those join the above VLAN 20 as well?

andrew · March 13, 2016, 1:50pm

Jason,
Except in the unusual case of Private VLANs, VLANs are 1:1 with subnets. When you assign ports to VLANs on your switch, you will have to think about what will be the layer 3 device that connects them together. If your switch is a layer 3 switch, the switch itself can route traffic between your VLANs. Otherwise, you will need a separate router to do it.

Your MGMT host could be part of VLAN 20, but you would need to make sure that all the hosts in VLAN 20 share the same 10.10.10.0/24 network as MGMT.