In Ethernet networks, a set of devices that receive a broadcast from any one of the other devices in the same network is said to be in the same broadcast domain. Switches that have no been configured for VLANs forward all broadcast frames received out all switch ports except the individual switch port the frame was originally received on. In this way, all of the interfaces on a switch are in the same broadcast domain. If the same switch is then connected to a hub or other simple switches, those devices would also forward the broadcast frame out all of their ports – further increasing the size of the same broadcast domain.
VLANs allow an administrator to logically separate a single physical switch into multiple broadcast domains. Each individual switch port that is assigned to the same VLAN share a broadcast domain. Ports grouped into VLANS can be extended to interconnected switches to extend the logical layer two broadcast domains across floors or even campuses.
By creating multiple VLANs, separate and contained broadcast segments are created; one per VLAN. Broadcasts will be received by other devices in the same VLAN, but not by devices in other VLANs.
Cisco recommends defining a one-to-one relationship between VLANs and IP subnets. That means the every device connected to a single VLAN should be using the same IP subnet information. For example, all devices in VLAN 100 might fall within the 192.168.100.0/24 subnet.While it is recommended to use only a single subnet within each VLAN, it is possible to use multiple subnets per VLAN. You could even assign a secondary IP to the VLAN interface to route between the VLAN’s subnets. Keep in mind that one of the goals of VLANs is to reduce to amount of broadcast traffic in a layer two segment. Reducing the chatter in a LAN can be beneficial for performance reasons, so sticking with a single VLAN subnet will help in that effort. For the purposes of the CCNP exam, we will assume a one-to-one relationship between VLANs and IP subnets.
Finally, it is important to understand that layer two switches only forward frames between devices in the same VLAN. They will not forward frames between two devices in different VLANs. To do that, a router or layer three switch is required.
VLANs are primarily identified by a numerical ID. While it is possible to add names to VLANs, they act more as a description than for management or configuration purposes with the switch.
VLANs can only be in one of two states – active (the default) or suspended. A suspended VLAN is defined within the switch but is not operational and frames are not forwarded on its member ports. It is a way of administratively shutting down VLAN communication. When a suspended VLAN is set to be active again, all ports restart normal communication.
Configuring VLANs on Cisco switches requires only two steps:
Step 1. Create the VLAN (and optionally assigning it a name and state).
Step 2. Configure switch ports to participate in the VLAN.
All recent Cisco IOS-based switches support the configuration mode method of creating VLANs. This is the recommended approach on platforms that support it and is the only way to configure extended range and private VLANs. The actual configuration is performed in the vlan vlan-id mode from global configuration mode. Configuration changes apply only after leaving the plan configuration mode, so be careful.
Creating VLANs in Configuration Mode
In the example below, we will be creating two VLANs in configuration mode. VLAN 40 did not exist before the switchport access interface configuration was applied. Using this method, the switch both created the VLAN and assigned interface Gi4/0/20 to it.
VLAN 41 was created using the more traditional method within global configuration mode. After VLAN 41 is defined, a name is applied.
Configuring VLAN Operational States
A VLAN can only be in one of two states – “active” or “suspended”. An active VLAN is one that is administratively up and has member ports in the active state.
VLANs can be administratively suspended either locally or globally. The distinction is important. VLANs that are locally suspended, using the shutdown command within the VLAN configuration context under global configuration mode, will disable the VLAN only on the local switch. They do not change the VLAN’s VTP status on other switches.
Applying the shutdown command to the VLAN itself under global configuration mode is very different than issuing the shutdown command to a VLAN interface or SVI. The latter simply disables the VLANS’s layer three interface but does not affect the underlying layer two VLAN’s state.
The state suspended command under VLAN configuration mode will globally suspend the VLAN throughout the entire VTP domain. Issuing the state active command will unsuspend the VLAN, returning it to the active state.
The local and global VLAN states can be configured independent of each other, but both must be enabled for the VLAN to be active. Administratively suspending the VLAN state from active to suspended is a useful tool for managing VLANs on a local switch and throughout a production VTP domain. Make sure you understand the risks involved with the state changes and the potential disruptions to networked hosts.