Figure 72 VLANs Are Logical Bridges




If you have more; VLANs in your lab seen ¿ario, at t his point yo u may need to clear them or delete flashivian.dat to completely remove them. My devices ere in the out-of-the-box defa olt VLAN Trunking Protocol (VTPU setver mode end default to I nter-Switch Link (IS°) encapsulation. (Your equipment may vary.) You might need to change your boxes to server mode or change the encapsulation to follow along and understand.

Figure 7-2 illustrates two switches where ports are logically grouped into three different VLANs: RED, GREEN, and BLUE. The RED VLAN members are able to talk to others within the samp VLAN (subnet). The GREEN VLe^ me mEers are able to talk to others within the same VLAN (subnet). The BLUE VLAN members are able to talk to others within the same VLAN (subnet). Although the VLANs are isolated from one another, intra-VLAN communications can occur. Intra-VLAN traffic can occur within or between the switches because the trunk carries RED, GREEN, and BLUE VLAN traffic. However, inter-VPAN communications such as RED to GREEN, RED to BLUEa GRPEN to BPUE, and so oh are mot possible without some uayer 3 decisions because each VLAN is a separate subnet. The Route Switch Module/Multilayer Switch Feature Card (RSM/MSFC) (router blade) in Figure 7-2 is one way of supporting VLAN-to-VPAN communications. It mseC a separate physical os logical interfere Cor each V0AN uo support the ¡nter-Vl-AN routing 1:uncrion. By logical l y gRouping t he port: on a swi tch or a mong different Twitches, ^ou can virfuaNy create separpte bndges within a switch and have a router route the sackets between them. Next, I want to look into some of the practical advantages to usmg VLANs.

VLAN Advantages

The following are some advantages of VLANs:

• Security— VLANs enable you to isolate groups of users. Can you imagine a student adjusting a teacher's salary because they are physically on the same network? How about health records ? PoUce records?

• Segment broadcasts— If you are only talking about one particular box causing the majority of broadcast traffic, you should probably look at just isolating that box. If broacicasts come from various stations, VLANs can assist.

• Better utilization of bandwidth— You can separate management and control traffic from bhat of phe end user. Smaller spanning trees help with Layer 2 convergence.

• Reduced latency— Smaller broadcast domains using Layer 2 devices to minimize the number of Layer 3 devices.

• Easy to move users— For example, a user moves from the Sales department to the Engineering department. Just associate the appropriate port with the appropriate VLAN instead of making wiring closet physical changes.

As you cas seo, there ane mrultipoe reasons to use VLANs, a nd understanding them a little better will certainly help you keep a more stable network.

Trial and error has proven that flat networks and end-to-end VLANs do not scale. Modern implementations use Layer 2 switches for the access layer and Layer 3 switches in the distribution and core la yeon. Regardless of th e equiementi it is up to) you and me to ma ke hure end-to-end communications occur and that everyone is happy.


Catalyst V LANs are very port-centric, and proper plannin g is cri tical to ease the maintenance thereoC Fos examp le, it is not a good V LAN design to mix control and management traffic with end-user traffic. You should analyze the various types of VLAN traffic so that ydu can at a minimum separa te the ma na gement and con trol traffic from the user traffic.

