Vlans are a logical grouping of devices, grouped together regardless of physical location. This
limits broadcasts, improves security, stability, and management. To communicate between
VLANs, traffic must pass through a layer 3 device.
Static Vlans are assigned to ports, regardless of what device is plugged into them. Dynamic
Vlans are assigned to a MAC address, so you can actually move the device around without it
Vlan 1 is the default Vlan on Cisco switches
Vlans 2-1001 are for ethernet vlans.
Vlans 1002-1005 are for FDDI
Vlans 1006-1024 are for system use
Vlans 1025-4094 are for ethernet vlans
Private Vlans (pVLANs) are isolated ports within a Vlan while still being on the same subnet.
The primary vlan is the main vlan that encompasses the secondary vlans. Secondary vlans can
have community vlans, which can communicate which other devices within it, or the can be
isolated, which cannot communicate with anything but promiscuous ports. Promiscuous ports
can be reached by community vlans as well, and are usually servers and routers that everyone
needs access to.
Trunking allows VLANs to span multiple switches. ISL is a Cisco proprietary encapsulation
for vlan traffic. 802.1q is an industry standard that tags the traffic with the vlan information.
ISL is being phased out by Cisco.
Native VLANs are a default vlans that 802.1q trunks tag when there is no vlan specified.
Dynamic Trunking Protocol (DTP) is a cisco proprietary protocol that negotiates trunk ports
between switches, and selects the trunking protocol to be used.
Vlan mapping allows to limit vlans across a trunk, and allows you to control what is dropped.
This can improve bandwidth and processor utilization. It also automatically will map
extended 802.1q vlans to ISL vlan numbers if necessary.
802.1q also supports a feature called 802.1q-in-q tunneling. This allows service providers to
transport Vlan traffic across their network, without the vlan information having to be unique.
Vlan Trunking Protocol is used to distribute and synchronize vlan information throughout the
network. When a switch is configured as a Server in a vtp domain, it is able to create, modify
and send vlan information to other switches using the latest information it receives from other
switches. In transparent mode, a switch is able to modify vlan information and forward it, but
it does not synchronize with other switches. When in client mode, a switch will receive and
synchronize with the vtp information it receives, but it will not save them in nvram, and
cannot modify them. When VTP is turned off, it simply drops vtp information.
By default, VTP is flooded every 5 minutes, or whenever a change occurs.
VTP pruning is when a switch determines certain information from the vtp floods does not
need to go out. If a switch does not have any vlans from an advertisement, it will not be
forwarded the unnecessary information.
To secure vtp you can use authenticated passwords inside of vtp advertisements.
To configure a new VLAN use vlan 2 where 2 is the vlan ID to use
You can name the vlan with name department
You need to type exit to save the configs
To assign a device port to a VLAN use switchport access vlan 2
To configure a trunk port, from the interface assign switchport trunk encapsulation dot1q
Then switchport mode trunk
To set the native vlan, switchport trunk native vlan 3
To configure VTP mode to server, use vtp server
To set the domain, use vtp domain myname
For authentication, use vtp password mypass
And vtp pruning to enable pruning
show id vlan 2 – displays information about a vlan
show int fasteth 0/1 switchport – shows detained switchport information
show int eth0/1 trunk – displays trunk information for the port
show vtp status – displays vtp configurations
show vtp counters – displays statistics on the vtp process