VLANs Explained | Cisco CCNA 200-301

Hello, what's up guys? Welcome to CertBros! In this video we will see

vlans

, so vlan means virtual local area network. By using

vlans

, we can virtually separate our LANs into smaller parts, but why would we want to do that? Well, there are a few reasons why we might want to use VLANs. One of the main reasons is something we've already talked about and that is streaming traffic. So let's remember the broadcasts. A LAN is a single area of ​​a network, and in this case, we have a single broadcast domain created by our switch. If host A sends a broadcast, all devices will receive it, which is fine for our 4-computer network, but let's imagine that each computer represents a very fast broadcast traffic from across the department can start to slow down our networks and devices. .

So we need a way to manage all this traffic. One way is to add a router. This would create separate broadcast domains per interface, but it is a bit of additional hardware to purchase the installation cable and manage it. Another more radical option is to physically divide the network into separate sections. This would create broadcast domains for each department. Traffic would not be sent from one department to another, which dramatically reduces our transmission overhead. But this option still has the problem of having to purchase and install new equipment and neither of these options is very scalable.

Let's say we want to add a new department, both options would require work to set up and we don't want to do that. This is where VLANs come in. VLANs give us all the benefits of physically separating our network, but with the added advantage of being able to do it virtually. Traffic continues to behave in the same way as if it were physically divided. Traffic is not forwarded to any other department and it is almost like having four miniature switches within our single department. The way this works is by assigning interfaces to specific VLANs. Only interfaces on the same VLAN can communicate with each other.

In this example, Finance is yellow. IT is red. Sales is green and HR is purple. I'm using colors, but in reality you'll probably use numbers like VLAN 10, VLAN 20, etc. If we would like to add a new financial server, then we only need to assign that interface to the financial VLAN and communication will be allowed between those two interfaces. because they are on the same VLAN. If we wanted to add a new marketing department, we simply create that VLAN and assign it to an interface. As you can see, VLANs make it very easy to control broadcast domains.

It is also scalable. We don't need new equipment or rewiring everything every time you want to make a change, so that's the overview. Let's look at how this works in a little more detail. Out of the box, Cisco and most other switches have a default VLAN called VLAN 1. Each interface is assigned the default VLAN. This means that all interfaces can communicate with each other. From here we can start creating our own VLANs and splitting our switch. We may want to make one VLAN called VLAN 10 and another called VLAN 20. You can add up to 4094 VLANs. This is the maximum number supported.

Therefore, now interfaces assigned to VLAN 10 can only communicate with other interfaces assigned to VLAN 10 and it is the same for VLAN 20. VLANs are not restricted to a single switch. We can have the same VLANs on multiple switches. This makes it very versatile and scalable. But this leaves us with a problem. If interfaces can only communicate with other interfaces on the same VLAN, what VLAN do we assign to the link between our two switches? If we leave it as the default VLAN, VLAN 10 and VLAN 20 will not be able to send traffic. If we assign it to one of our new VLANs, only that VLAN can send traffic between the two switches.

The solution is a special type of interface called a trunk. Therefore, there are two types of ports on a switch, an access port and a trunk port. When a port is assigned to a VLAN such as VLAN 10 and VLAN 20 here, this is known as an access port. An access port is designed for end devices to access the network, such as computers and laptops. Now a trunk port can send traffic from different VLANs. They are used to send traffic between network devices. However, this leaves us with another problem. How does the receiving switch know which VLAN the traffic belongs to?

The purpose of a VLAN is to separate traffic. So when a trunk sends data that could be from VLAN 1, VLAN 10, or VLAN 20, it needs a way to identify which VLAN that traffic belongs to. This is done using something called a tag. To understand labels, we must follow a couple of steps. back Now most devices, including computers, don't know what VLANs are. Some devices recognize VLANs, such as IP phones, but most do not. Then a computer generates a frame in the normal way. When that frame arrives at a switch, it is the switch that manages the VLANs. it is then forwarded to the correct destination.

The sending computer and the receiving computer have no idea that VLANs were used. Now, when we have multiple switches connected to a trunk port, there is an additional step. The computer sends the frame as usual, but when the switch sends a frame through the trunk port, it adds new information. This is called an 802.1q tag. 802.1q is the IEEE standard. It can also be called Dot1q. This tag is 4 bytes and contains a few bits of TPID or Tag Protocol Identifier information. This is used to identify the frame as an 802.1q tagged frame. It could also be ISL, but it is rarely used today.

Tag control information or TCI containing three bits of information. The priority DEI or eligibility indicator to discard and most importantly the VLAN identification. This tag field is then read and removed by the receiving switch. So to summarize, the frame is not tagged when it is sent from the computer, it is tagged through the trunk port, then it is sent to the destination computer untagged and our computers again don't notice. The next thing we need to talk about is something called native VLANs. One native VLAN is configured per trunk interface. It is the VLAN in which the switch assumes the frame is up if it arrives on an untagged trunk port.

By default, the native VLAN is VLAN 1. So let's say both of our computers are assigned to the default VLAN 1. As before, the frame is sent untagged to the switch. Now, if a switch sends a frame through a trunk port that belongs to its native VLAN, the frame is not tagged. When a switch receives a frame on its trunk port without a tag, it will assume that frame belongs to its native VLAN, which in this case is VLAN 1. It will then forward that frame to the destination, again untagged. You may be wondering why we use native VLANs.

And there are some reasons why Hubs can't read or write tags. All hubs can do is forward frames. Let's say we have a hub in the middle connected to another host. Using untagged native VLANs means we can send frames to our new host. If we are not using native VLANs and the frame was sent tagged, then the host will simply discard the frame because it does not understand VLAN tags. Therefore, one native VLAN is configured per trunk interface. This can cause problems. For example, let's say we changed one side of our trunk to have the native VLAN of 20 instead of 1.

We now have two switches with different native VLANs. Our computer will forward the frame As before, the first switch will see that the interface is assigned to its native VLAN and will then forward that frame untagged across the trunk. Do you see the problem here? The second switch will assume that the traffic should belong to its native VLAN, VLAN 20, and the frame will not be sent to the destination computer on VLAN 1. Fortunately, in real life you will be alerted to this type of configuration on the switch . You'll probably see a message like this saying "native VLAN mismatch." This video is part of our full CCNA course which can be found in the description.

So feel free to go and check it out. Don't forget to like, comment and subscribe. Your support really helps this channel grow. Other than that, thanks for watching! 👍