Introduction
Virtual Local Area Networks or VLANs are one of the latest and coolest network technologies developed in the past few years, though have only recently started to gain recognition. The non-stop growth of Local Area Networks (LANs) and the need to minimize the cost for this expensive equipment, without sacrificing network performance and security, created the necessary soil for the VLAN seed to surface and grow into most modern networks.
The truth is that VLANs are not as simple as most people peceive it to be. Instead they cover extensive material to be a whole study in itself as they contain a mixture of protocols, rules, and guidelines that a network administrator should be well aware of. Unfortunately, most documentation provided by vendors and other sites is inadequate or very shallow. They lightly touch upon the VLAN topic and fail to give the reader a good understanding on how VLANs really work and the wonderful things one can do when implementing them.
Like most topics covered on our site, VLANs have been broken down into a number of pages, each one focusing on specific areas to help the reader build up their knowledge as preparation for designing and building their own VLAN network.
Since VLANs is a topic that requires strong background knowledge of certain areas, as they contain a lot of information at the techincal and protocol level, we believe that the reader should be familiar and comfortable with the following concepts:
- Switches and hubs
- Broadcast and collision domains
- Internet Protocol (IP)
- IP routing
As we cover all the theory behind VLANs and how they are implemented within various network topologies, we will finally demonstrate the configuration of a Cisco powered network utilising VLANs!
Protocols such as Spanning Tree Protocol (STP) are essential when implementing VLANs within a mid to large sized network, so we will briefly touch upon the topic, without thoroughly analysing it in great detail because STP will be covered as a separate topic.
So What's Covered ?
Before we begin our journey into the VLAN world, let's take a look at what we will be covering:
Section 1: The VLAN Concept. This page explains what a VLAN is and how it differs from a normal switched environment. Be sure to find our well known diagrams along with illustrations to help cover your questions. In short, its a great introductory page for the topic.
Section 2: Designing VLANs.
Section 2.1: Designing VLANs - [Subsection 1] A Comparison With Old Networks. This subsection will give you an insight to the different VLAN implemenations: Static and Dynamic VLANs. The subsection begins with an introduction page to help you 'see' the actual difference in the network infrastructure between the old boring networks and VLAN powered networks. This way, you will be able to appreciate the technology much better!
Section 2.2: Designing VLANs - [Subsection 2]: Static VLANs. Definately the most wide spread VLAN implementation. The popular Static VLANs are analysed here. We won't be covering any configuration commands here as this page serves as an introduction to this VLAN implementation. As always, cool 3D diagrams and examples are included to help you understand and process the information.
Section 2.3: Designing VLANs - [Subsection 3]: Dynamic VLANs. Dynamic VLANs are less common to most networks but offer substantial advantages over Static VLANs for certain requirements. Again, this page serves as an introduction to the specific VLAN implementation.
Section 3: VLAN Links: Access Links & Trunk Links. Access links are used to connect hosts, while Trunk links connect to the network backbone. Learn how Access & Trunk links operate, the logic which dictates the type of link and interface used and much more.
Section 4: VLAN Tagging - ISL, 802.1q, LANE and IEEE 802.10. To tag or not to tag! Understand the VLAN tagging process and find out the different tagging methods available, which are the most popular and how they diffirentiate from each other. Neat diagrams and examples are included to ensure no questions are left unanswered!
Section 5: Analysing Popular Tagging Protocols.
Section 5.1: InterSwitch Link Analysis (ISL): Analysis of Cisco's proprietry ISL protocol. We take a look at how it is implemented and all available fields it contains.
Section 5.2: IEEE 802.1q Analysis: IEEE's 802.1q protocol is the most widely spead trunking protocol. Again, we take a look at its implementation with an analysis of all its fields.
Section 6: InterVLAN Routing. A very popular topic, routing between VLANs is very important as it allows VLANs to communicate. We'll examine all possible InterVLAN routing methods and analyse each one's advantages and disadvantages. Needless to say, our cool diagrams also make their appearance here!
Section 7: Virtual Trunk Protocol (VTP)
Section 7.1: Introduction To The VTP Protocol. The introductory page deals with understanding the VTP concept. Why it's required and what are its advantages.
Section 7.2: In-Depth Analysis Of VTP. Diving deeper, this page will analyse the VTP protocol structure. It includes 3d diagrams explaining each VTP message usage and much more.
Section 7.3: Virtual Trunk Protocol Prunning ( VTP Pruning). VTP Prunning is an essential service in any large network to avoid broadcast flooding over trunk links. This page will explain what VTP Prunning does and how it works by reading through our excellent examples. The diagrams used here have been given extra special attention!
Virtual Local Area Networks (VLANs) - The Concept
Introduction
We hear about them everywhere, vendors around the world are constantly trying to push them into every type of network and as a result, the Local Area Network (LAN) we once knew starts to take a different shape. And yet, for some of us, the concept of what VLANs are and how they work might still be a bit blurry.
To help start clearing things up we will define the VLAN concept not only through words, but through the use of our cool diagrams and at the same time, compare VLANs to our standard flat switched network.
We will start by taking a quick look at a normal switched network, pointing out it's main characteristics and then move on to VLANs. So, without any delay, let's get right into this cool stuff!
The Traditional Switched Network
Almost every network today has a switch interconnecting all network nodes, providing a fast and reliable way for the nodes to communicate. Switches today are what hubs were a while back - the most common and necessary equipment in our network, and there is certainly no doubt about that.
While switches might be adequate for most type of networks, they prove inadequate for mid to large sized networks where things are not as simple as plugging a switch into the power outlet and hanging a few Pc's from it!
For those of you who have already read our "switches and bridges" section, you will be well aware that switches are layer 2 devices which create a flat network:
The above network diagram illustrates a switch with 3 workstations connected. These workstations are able to communicate with each other and are part of the same broadcast domain, meaning that if one workstation were to send a broadcast, the rest will receive it.
In a small network multiple broadcast might not be too much of a problem, but as the size of the network increases, so will the broadcasts, up to the point where they start to become a big problem, flooding the network with garbage (most of the times!) and consuming valuable bandwidth.
To visually understand the problem, but also the idea of a large flat network, observe the diagram below:
The problem here starts to become evident as we populate the network with more switches and workstations. Since most workstations tend to be loaded with the Windows operating system, this will result in unavoidable broadcasts being sent occasionaly on the network wire - something we certainly want to avoid.
Another major concern is security. In the above network, all users are able to see all devices. In a much larger network containing critical file servers, databases and other confidential information, this would mean that everyone would have network access to these servers and naturally, they would be more susceptible to an attack.
To effectively protect such systems from your network you would need to restrict access at the network level by segmenting the exisiting network or simply placing a firewall in front of each critical system, but the cost and complexity will surely make most administrators think twice about it. Thankfully there is a solution ..... simply keep reading.
Introducing VLANs
Welcome to the wonderful world of VLANs!
All the above problems, and a lot more, can be forgotten with the creation of VLANs...well, to some extent at least.
As most of you are already aware, in order to create (and work with) VLANs, you need a layer 2 switch that supports them. A lot of people new to the networking field bring the misconception that it's a matter of simply installing additional software on the clients or switch, in order to "enable" VLANs throughout the network - this is totally incorrect!
Because VLANs involve millions of mathematical calculations, they require special hardware which is built into the switch and your switch must therefore support VLANs at the time of purchase, otherwise you will not be able to create VLANs on it!
Each VLAN created on a switch is a separate network. This means that a separate broadcast domain is created for each VLAN that exists. Network broadcasts, by default, are filtered from all ports on a switch that are not members of the same VLAN and this is why VLANs are very common in today's large network as they help isolate network segments between each other.
To help create the visual picture on how VLANs differentiate from switches, consider the following diagram:
What we have here is a small network with 6 workstations attached to a VLAN capable switch. The switch has been programmed with 2 VLANs, VLAN1 and VLAN2 respectfully, and 3 workstations have been assigned to each VLAN.
VLANs = Separate Broadcast Domains
With the creation of our VLANs, we have also created 2 broadcast domains. This mean that if any workstation in either VLAN sends a broadcast, it will propagate out the ports which belong to the same VLAN as the workstation that generated the broadcast:
This is clearly illustrated in the diagram above where Workstation 1, belonging to VLAN1, sends a network broadcast (FF:FF:FF:FF:FF:FF). The switch receives this broadcast and forwards it to Workstation 2 and 3, just as it would happen if these three workstations were connected to a normal switch, while the workstations belonging to VLAN2 are totally unaware of the broadcast sent in VLAN1 as they do not receive any packets flowing in that network.
To help clear any questions or doubts on how the above setup works, the diagram below shows the logical equivalent setup of our example network:
By this stage, you should begin seeing the clear advantages offered by the use of VLANs within your network. Security, cost and network traffic are reduced as more hosts are added to the network and the number of VLANs are increased.
VLANs Help Reduce The Cost
To briefly touch upon the financial side of things, let's take an example to see exactly how we are saving money by using VLANs.
Consider you're the network administrator for a large company and you have been asked to split the existing network infrastructure into 12 seperate networks, but without the possibility of these new networks to communicate between each other. Since the cabling is already in place, we need to simply group the ports of each network we create to one physical switch and for the 12 network, a total of 12 switches will be required.
By using VLANs, the above task would be possible with one or more VLAN capable switches that will cover the number of hosts we need to connect to them, and the cost would surely be a lot less than that compared to 12 switches.
During the implementation of the above task, you would connect all workstations to the switch and then assign the appropriate workstations/nodes to their respectful VLAN, creating a total of 12 VLANs. It is worth noting here that most entry level VLAN switches e.g Cisco 2900 series, are capable of handling up to 64 VLANs, so if we were to use these switches, we would still have plently of room to create more.
Switch Model Maximum VLANs Supported VLAN Trunking Supported Catalyst 2912 XL, Catalyst 2924 XL &
Catalyst 2924C XL
64 yesCatalyst 2900 LRE XL 250 yesCatalyst 2912M and Catalyst 2924M modular 250 yesCatalyst 3500 XL & 3550 250 yesThere are a lot more examples one can use to show how these new generation switches are able to solve complex network designs, security issues and at the same time, keep the budget low. Lastly, the best example is one that is able to solve your own requirements, so take a minute to think about it and you will surely agree.
Summary
This page introduced the concept of VLANs and indicated the differences existing between them and normal switched networks. We also briefly examined their efficiency in terms of cost, security and implementation.
The information here serves as an introduction to the VLAN technology and we will now start diving deeper into the topic, analysing it in greater detail. Having said that, our next page deals with the design of VLANs, showing different logical and physical configurations of VLANs within networks. So, make yourself comfortable and let's continue cause there is still so much to cover!
Designing VLANs - A Comparison With Old Networks
Introduction
Designing and building a network is not a simple job. VLANs are no exception to this rule, in fact they require a more sophisticated approach because of the variety of protocols used to maintain and administer them.
Our aim here is not to tell you how to setup your VLANs and what you should or shouldn't do, this will be covered later on. For now, we would like to show you different physical VLAN layouts to help you recognise the benefits offered when introducing this technology into your network, regardless of its size.
The technology is available and we simply need to figure out how to use it and implement it using the best possible methods, in order to achieve outstanding performance and reliability.
We understand that every network is unique as far as its resources and requirements are concerned, which is another reason why we will take a look at a few different VLAN implementations. However, we will not mention the method used to set them up - this is up to you to decide once you've read the following pages!
Designing your first VLAN
Most common VLAN setups involve grouping departments together regardless of their physical placement through the network. This allows us to centralise the administration for these departments, while also limiting unwanted incidents of unauthorised access to resources of high importance.
As always, we will be using neat examples and diagrams to help you get a visual on what we are talking about.
Let's consider the following company: Packet Industries
Packet Industries is a large scale company with over 40 workstations and 5 servers. The company deals with packet analysis and data recovery and has labs to recover data from different media that require special treatment due to their sensitivity. As with every other company, there are quite a few different departments that deal with different aspects of the business and these are:
- Management/HR Department
- Accounting Department
- Data Recovery & IT Department
These five departments are spread throughout 3 floors in the building the company is situated. Because the IT department takes confidentiality of their own and customer's data seriously, they have decided to redesign their network and also take a look at the VLAN solutions available, to see if they are worth the investment.
We are going to provide two different scenarios here, the first one will not include VLANs, while the second one will. Comparing the two different solutions will help you see the clear advantages of VLANs and also provide an insight to how you can also apply this wonderful technology with other similar networks you might be working with.
Solution 1 - Without VLANs!
The IT department decided that the best way to deal with the security issue would be to divide the existing network by partitioning it. Each department would reside in one broadcast domain and access lists would be placed between each network's boundaries to ensure access to and from them are limited according to the access policies.
Since there are three departments, it is important that three new networks had to be created to accommodate their new design. The budget, as in most cases, had to be controlled so it didn't exceed the amount granted by the Accounting Department.
With all the above in mind, here's the proposal the IT department created:
As you can see, each department has been assigned a specific network. Each level has a dedicated switch for every network available. As a result, this will increase the network security since we have separate physical networks and this solution also seems to be the most logical one. These switches are then grouped together via the network backbone which, in its turn, connects to the network's main router.
The router here undertakes the complex role of controlling access and routing between the networks and servers with the use of access lists as they have been created by the IT Department. If needed, the router can also be configured to allow certain IP's to be routed between the three networks, should there be such a requirement.
The above implementation is quite secure as there are physical and logical restrictions placed at every level. However, it is somewhat restrictive as far as expanding and administering the network since there is no point of central control. Lastly, if you even consider adding full redundancy to the above, essentially doubling the amount of equipment required, the cost would clearly be unreasonable...
So let's now take a look at the second way we could implement the above, without blowing the budget, without compromising our required security level and also at the same time create a flexible and easily expandable network backbone.
Solution 2 - With VLANs!
The solution we are about to present here is surely the most preferred and economical. The reasons should be fairly straight forward: We get the same result as the previous solution, at almost half the cost and as a bonus, we get the flexibility and expandability we need for the future growth of our network, which was very limited in our previous example.
By putting the VLAN concept we covered on the previous page into action, you should be able to visualise the new setup:
As you can see, the results in this example are a lot neater and the most apparent change would be the presence of a single switch per level, connecting directly to the network backbone. These switches of course are VLAN capable, and have been configured to support the three separate logical and physical networks. The router from the previous solution has been replaced by what we call a 'layer 3 switch'.
These type of switches are very intelligent and understand layer 3 (IP Layer) traffic. With such a switch, you are able to apply access-lists to restrict access between the networks, just like you normally would on a router, but more importantly, route packets from one logical network to another! In simple terms, layer 3 switches are a combination of a powerful switch, with a built-in router :)
Summary
If the above example was interesting and provided a insight into the field of VLANs, we can assure you - you haven't seen anything yet. When unleashing the power of VLANs, there are amazing solutions given for any problem or need that your network requires.
It's now time to start looking at the VLAN technology in a bit more detail, that is, how it's configured, the postive and negative areas for each type of VLAN configuration and more much.
The next page analyses Static VLANs which are perhaps the most popular implementation of VLANs around the world. Take a quick break for some fresh air if needed, otherwise, gear up and let's move!
Designing VLANs - Static VLANs
Introduction
VLANs are usually created by the network administrator, assigning each port of every switch to a VLAN. Depending on the network infrastructure and security policies, the assignment of VLANs can be implemented using two different methods: Static or Dynamic memberships - these two methods are also known as VLAN memberships.
Each of these methods have their advantages and disadvantages and we will be analysing them in great depth to help you decide which would best suite your network.
Depending on the method used to assign the VLAN membership, the switch may require further configuration, but in most cases it's a pretty straight forward process. This page deals with Static VLANs while Dynamic VLANs are covered next.
Static VLANs
Static VLAN membership is perhaps the most widely used method because of the relatively small administration overhead and security it provides. With Static VLANs, the administrator will assign each port of the switch to one VLAN. Once this is complete, they can simply connect each device or workstation to the appropriate port.
The picture below depicts an illustration of the above, where 4 ports have been configured for 4 different VLANs:
The picture shows a Cisco switch (well, half of it :>) where ports 1, 2, 7 and 10 have been configured and assigned to VLANs 1, 5, 2 and 3 respectively.
At this point, we should remind you that these 4 VLANs are not able to communicate between each other without the use of a router as they are treated as 4 separate physical networks, regardless of the network addressing scheme used on each of them. However, we won't provide further detail on VLAN routing since it's covered later on.
Static VLANs are certainly more secure than traditional switches while also considerably easy to configure and monitor. As one would expect, all nodes belonging to a VLAN must also be part of the same logical network in order to communicate with one another. For example, on our switch above, if we assigned network 192.168.1.0/24 to VLAN 1, then all nodes connecting to ports assigned to VLAN 1 must use the same network address for them to communicate between each other, just as if this was an ordinary switch.
In addition, Static VLANs have another strong point - you are able to control where your users move within a large network. By assigning specific ports on your switches throughout your network, you are able to control access and limit the network resources to which your users are able to use.
A good example would be a large network with multiple departments where any network administrator would want to control where the users can physically connect their workstation or laptop and which servers they are able to access.
The following diagram shows a VLAN powered network where the switches have been configured with Static VLAN support.
The network diagram might look slightly complicated at first, but if you pay close attention to each switch, you will notice that it's quite simple - six switches with 6 VLANs configured- one VLAN per department, as shown. While each VLAN has one logical network assigned to it, the IT department has, in addition, placed one workstation in the following departments for support purposes: Management, R&D, and HR department.
The network administrator has assigned Port 1 (P1) on each department switch to VLAN 5 for the workstation belonging to the IT department, while the rest of the ports are assigned to the appropriate VLAN as shown in the diagram.
This setup allows the administrator to place any employee in the IT department, anywhere on the network, without worrying if the user will be able to connect and access the IT department's resources.
In addition, if a user in any of the above departments e.g the department, decided to get smart by attempting to gain access to the Management.
IT department's network and resources by plugging his workstation to Port 1 of his department's switch. He surely wouldn't get far because his workstation would be configured for the 192.168.1.0 network (VLAN 1), while Port 1 requires him to use a 192.168.5.0 network address (VLAN 5). Logically, he would have to change his IP address to match the network he is trying to gain access to, and in this case this would be network 192.168.5.0.
Summary
To sum up, with Static VLANs, we assign each individual switch port to a VLAN. The network addresses are totally up to us to decide. In our example, the switches do not care what network address is used for each VLAN as they totally ignore this information unless routing is performed (this is covered in the InterVLAN routing page). As far as the switches are concerned, if you have two ports assigned to the same VLAN, then these two ports are able to communicate between each other as it would happen on any normal layer 2 switch.
VLAN Links: Access & Trunk Links
Introduction
By now we should feel comfortable with terms such as 'VLAN', 'Static & Dynamic VLANs', but this is just the beginning in this complex world. On this page, we will start to slowly expand on these terms by introducing new ones!
To begin with, we will take a closer look at the port interfaces on these smart switches and then start moving towards the interfaces connecting to the network backbone where things become slightly more complicated, though do not be alarmed since our detailed and easy to read diagrams are here to ensure the learning process is as enjoyable as possible.
VLAN Links - Interfaces
When inside the world of VLANs there are two types of interfaces, or if you like, links. These links allow us to connect multiple switches together or just simple network devices e.g PC, that will access the VLAN network. Depending on their configuration, they are called Access Links, or Trunk Links.
Access Links
Access Links are the most common type of links on any VLAN switch. All network hosts connect to the switch's Access Links in order to gain access to the local network. These links are your ordinary ports found on every switch, but configured in a special way, so you are able to plug a computer into them and access your network.
Here's a picture of a Cisco Catalyst 3550 series switch, with it's Access Links (ports) marked in the Green circle:
We must note that the 'Access Link' term describes a configured port - this means that the ports above can be configured as the second type of VLAN links - Trunk Links. What we are showing here is what's usually configured as an Access Link port in 95% of all switches. Depending on your needs, you might require to configure the first port (top left corner) as a Trunk Link, in which case, it is obviously not called a Access Link port anymore, but a Trunk Link!
When configuring ports on a switch to act as Access Links, we usually configure only one VLAN per port, that is, the VLAN our device will be allowed to access. If you recall the diagram below which was also present during the introduction of the VLAN concept, you'll see that each PC is assigned to a specific port:
In this case, each of the 6 ports used have been configured for a specific VLAN. Ports 1, 2 and 3 have been assigned to VLAN 1 while ports 4, 5 and 6 to VLAN 2.
In the above diagram, this translates to allowing only VLAN 1 traffic in and out of ports 1, 2 and 3, while ports 4, 5 and 6 will carry VLAN 2 traffic. As you would remember, these two VLANs do not exchange any traffic between each other, unless we are using a layer 3 switch (or router) and we have explicitly configured the switch to route traffic between the two VLANs.
It is equally important to note at this point that any device connected to an Access Link (port) is totally unaware of the VLAN assigned to the port. The device simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.
The following diagram illustrates this to help you get the picture:
As shown, all packets arriving, entering or exiting the port are standard Ethernet II type packets which are understood by the network device connected to the port. There is nothing special about these packets, other than the fact that they belong only to the VLAN the port is configured for.
If, for example, we configured the port shown above for VLAN 1, then any packets entering/exiting this port would be for that VLAN only. In addition, if we decided to use a logical network such as 192.168.0.0 with a default subnet mask of 255.255.255.0 (/24), then all network devices connecting to ports assigned to VLAN 1 must be configured with the appropriate network address so they may communicate with all other hosts in the same VLAN.
Trunk Links
What we've seen so far is a switch port configured to carry only one VLAN, that is, an Access Link port. There is, however, one more type of port configuration which we mentioned in the introductory section on this page - the Trunk Link.
A Trunk Link, or 'Trunk' is a port configured to carry packets for any VLAN. These type of ports are usually found in connections between switches. These links require the ability to carry packets from all available VLANs because VLANs span over multiple switches.
The diagram below shows multiple switches connected throughout a network and the Trunk Links are marked in purple colour to help you identify them:
As you can see in our diagram, our switches connect to the network backbone via the Trunk Links. This allows all VLANs created in our network to propagate throughout the whole network. Now in the unlikely event of Trunk Link failure on one of our switches, the devices connected to that switch's ports would be isolated from the rest of the network, allowing only ports on that switch, belonging to the same VLAN, to communicate with each other.
So now that we have an idea of what Trunk Links are and their purpose, let's take a look at an actual switch to identify a possible Trunk Link:
As we noted with the explanation of Access Link ports, the term 'Trunk Link' describes a configured port. In this case, the Gigabit ports are usually configured as Trunk Links, connecting the switch to the network backbone at the speed of 1 Gigabit, while the Access Link ports connect at 100Mbits.
In addition, we should note that for a port or link to operate as a Trunk Link, it is imperative that it runs at speeds of 100Mbit or greater. A port running at speeds of 10Mbit's cannot operate as a Trunk Link and this is logical because a Trunk Link is always used to connect to the network backbone, which must operate at speeds greater than most Access Links!
Summary
This page introduced the Access and Trunk links. We will be seeing a lot of both links from now on, so it's best you get comfortable with them! Configuration of these links is covered later on, because there is still quite a bit of theory to cover!
Next up is the VLAN Tagging topic where we will see what really runs through those Access and Trunk links!
VLAN Tagging
Introduction
We mentioned that Trunk Links are designed to pass frames (packets) from all VLANs, allowing us to connect multiple switches together and independently configure each port to a specific VLAN. However, we haven't explained how these packets run through the Trunk Links and network backbone, eventually finding their way to the destination port without getting mixed or lost with the rest of the packets flowing through the Trunk Links.
This is process belongs to the world of VLAN Tagging!
VLAN Tagging
VLAN Tagging, also known as Frame Tagging, is a method developed by Cisco to help identify packets travelling through trunk links. When an Ethernet frame traverses a trunk link, a special VLAN tag is added to the frame and sent across the trunk link.
As it arrives at the end of the trunk link the tag is removed and the frame is sent to the correct access link port according to the switch's table, so that the receiving end is unaware of any VLAN information.
The diagram below illustrates the process described above:
Here we see two 3500 series Catalyst switches and one Cisco 3745 router connected via the Trunk Links. The Trunk Links allow frames from all VLANs to travel throughout the network backbone and reach their destination regardless of the VLAN the frame belongs to. On the other side, the workstations are connected directly to Access Links (ports configured for one VLAN membership only), gaining access to the resources required by VLAN's members.
Again, when we call a port 'Access Link' or 'Trunk Link', we are describing it based on the way it has been configured. This is because a port can be configured as an Access Link or Trunk Link (in the case where it's 100Mbits or faster).
This is stressed because a lot of people think that it's the other way around, meaning, a switch's uplink is always a Trunk Link and any normal port where you would usually connect a workstation, is an Access Link port!
VLAN Tagging Protocol
We're now familiar with the term 'Trunk Link' and its purpose, that is, to allow frames from multiple VLANs to run across the network backbone, finding their way to their destination. What you might not have known though is that there is more than one method to 'tag' these frames as they run through the Trunk Links or ... the VLAN Highway as we like to call it.
InterSwitch Link (ISL)
ISL is a Cisco propriety protocol used for FastEthernet and Gigabit Ethernet links only. The protocol can be used in various equipments such as switch ports, router interfaces, server interface cards to create a trunk to a server and much more. You'll find more information on VLAN implementations on our last page of the VLAN topic.
Being a propriety protocol, ISL is available and supported naturally on Cisco products only:) You may also be interested in knowing that ISL is what we call, an 'external tagging process'. This means that the protocol does not alter the Ethernet frame as shown above in our previous diagram - placing the VLAN Tag inside the Ethernet frame, but encapsulating the Ethernet frame with a new 26 byte ISL header and adding an additional 4 byte frame check sequence (FCS) field at the end of frame, as illustrated below:
Despite this extra overhead, ISL is capable of supporting up to 1000 VLANs and does not introduce any delays in data transfers between Trunk Links.
In the above diagram we can see an ISL frame encapsulating an Ethernet II frame. This is the actual frame that runs through a trunk link between two Cisco devices when configured to use ISL as their trunk tagging protocol.
The encapsulation method mentioned above also happens to be the reason why only ISL-aware devices are able to read it, and because of the addition of an and ISL headerFCS field, the frame can end up being 1548 bytes long! For those who can't remember, Ethernet's maximum frame size is 1518 bytes, making an ISL frame of 1548 bytes, what we call a 'giant' or 'jumbo' frame!
Lastly, ISL uses Per VLAN Spanning Tree (PVST) which runs one instance of the Spanning Tree Protocol (STP) per VLAN. This method allows us to optimise the root switch placement for each available VLAN while supporting neat features such as VLAN load balancing between multiple trunks.
Since the ISL's header fields are covered on a separate page, we won't provide further details here.
IEEE 802.1q
The 802.1q standard was created by the IEEE group to address the problem breaking large networks into smaller and manageable ones through the use of VLANs. The 802.1q standard is of course an alternative to Cisco's ISL, and one that all vendors implement on their network equipment to ensure compatibility and seamless integration with the existing network infrastructure.
As with all 'open standards' the IEEE 802.1q tagging method is by far the most popular and commonly used even in Cisco oriented network installations mainly for compatability with other equipment and future upgrades that might tend towards different vendors.
In addition to the compatability issue, there are several more reasons for which most engineers prefer this method of tagging. These include:
- Support of up to 4096 VLANs
- Insertion of a 4-byte VLAN tag with no encapsulation
- Smaller final frame sizes when compared with ISL
Amazingly enough, the 802.1q tagging method supports a whopping 4096 VLANs (as opposed to 1000 VLANs ISL supports), a large amount indeed which is merely impossible to deplet in your local area network.
The 4-byte tag we mentioned is inserted within the existing Ethernet frame, right after the Source MAC Address as illustrated in the diagram below:
Because of the extra 4-byte tag, the minimum Ethernet II frame size increases from 64 bytes to 68 bytes, while the maximum Ethernet II frame size now becomes 1522 bytes. If you require more information on the tag's fields, visit our protocol page where further details are given.
As you may have already concluded yourself, the maximum Ethernet frame is considerably smaller in size (by 26 bytes) when using the IEEE 802.1q tagging method rather than ISL. This difference in size might also be interpreted by many that the IEEE 802.1q tagging method is much faster than ISL, but this is not true. In fact, Cisco recommends you use ISL tagging when in a Cisco native environment, but as outlined earlier, most network engineers and administrators believe that the IEEE802.1q approach is much safer, ensuring maximum compatability.
And because not everything in this world is perfect, no matter how good the 802.1q tagging protocol might seem, it does come with its restrictions:
- In a Cisco powered network, the switch maintains one instance of the Spanning Tree Protocol (STP) per VLAN. This means that if you have 10 VLANs in your network, there will also be 10 instances of STP running amongst the switches. In the case of non-Cisco switches, then only 1 instance of STP is maintained for all VLANs, which is certainly not something a network administrator would want.
- It is imperative that the VLAN for an IEEE 802.1q trunk is the same for both ends of the trunk link, otherwise network loops are likely to occur.
- Cisco always advises that disabling a STP instance on one 802.1q VLAN trunk without disabling it on the rest of the available VLANs, is not a good idea because network loops might be created. It's best to either disable or enable STP on all VLANs.
LAN Emulation (LANE)
LAN Emulation was introduced to solve the need of creating VLANs over WAN links, allowing network managers to define workgroups based on logical function, rather than physical location. With this new technology (so to speak - it's actually been around since 1995!), we are now able to create VLANs between remote offices, regardless of their location and distance.
LANE is not very common and you will most probably never see it implemented in small to mid-sized networks, however, this is no reason to ignore it. Just keep in mind that we won't be looking at it in much depth, but briefly covering it so we can grasp the concept.
LANE has been supported by Cisco since 1995 and Cisco's ISO release 11.0. When implemented between two point-to-point links, the WAN network becomes totally transparent to the end users:
Every LAN or native ATM host, like the switch or router shown in the diagram, connects to the ATM network via a special software interface called 'LAN Emulation Client'. The LANE Client works with the LAN Emulation Server (LES) to handle all messages and packets flowing through the network, ensuring that the end clients are not aware of the WAN network infrastructure and therefore making it transparent.
The LANE specification defines a LAN Emulation Configuration Server (LECS), a service running inside an ATM switch or a physical server connected to the ATM switch, that resides within the ATM network and allows network administrators to control which LANs are combined to form VLANs.
The LAN Emulation Server with the help of the LANE Client, maps MAC addresses to ATM addresses, emulating Layer 2 protocols (DataLink layer) and transporting higher layer protocols such as TCP/IP, IPX/SPX without modification.
802.10 (FDDI)
Tagging VLAN frames on Fiber Distributed Data Interface (FDDI) networks is quite common in large scale networks. This implementation is usually found on Cisco's high-end switch models such as the Catalyst 5000 series where special modules are installed inside the switches, connecting them to an FDDI backbone. This backbone interconnects all major network switches, providing a fully redundant network.
The various modules available for the Cisco Catalyst switches allow the integration of Ethernet into the FDDI network. When intalling the appropriate switch modules and with the use of the 802.10 SAID field, a mapping between the Ethernet VLAN and 802.10 network is created, and as such, all Ethernet VLANs are able to run over the FDDI network.
The diagram above shows two Catalyst switches connected to a FDDI backbone. The links between the switches and the backbone can either be Access type links (meaning one VLAN passes through them) or Trunk links (all VLANs are able to pass through them). At both ends, the switches have an Ethernet port belonging to VLAN 6, and to 'connect' these ports we map each switch's Ethernet module with its FDDI module.
Lastly, the special FDDI modules mentioned above support both single VLANs (non-trunk) and multiple VLANs (trunk).
To provide further detail, the diagram below shows the IEEE 802.10 frame, along with the SAID field in which the VLAN ID is inserted, allowing the frame to transit trunk links as described:
It's okay if your impressed or seem confused with the structure of the above frame, that's normal:) You'll be suprised to find out that the Cisco switch in the previous diagram must process the Ethernet II frame and convert it before placing it on the IEEE 802.10 backbone or trunk.
During this stage, the original Ethernet II frame is converted to an Ethernet SNAP frame and then finally to an IEEE 802.10 frame. This conversion is required to maintain compatability and reliability between the two different topologies. The most important bit to remember here is the SAID field and its purpose.
Summary
This page introduced four popular VLAN tagging methods, providing you with the frame structure and general details of each tagging method. Out of all, the IEEE 802.1q and ISL tagging methods are the most popular, so make sure you understand them quite well.
The next page provides further detail by analysing the two popular tagging methods mentioned above. While some readers might find the details unnecessary and time wasting, we feel that they are required if you want to build a rock solid network library in your head:)
Analysing The InterSwitch Link Protocol
Introduction
Deciding whether to use ISL or IEEE 802.1q to power your trunk links can be quite confusing if you cannot identify the advantages and disadvantages of each protocol within your network.
This page will cover the ISL protocol in great detail, providing an insight to its secrets and capabilities which you probably were unaware of. In turn, this will also help you understand the existence of certain limitations the protocol has, but most importantly allow you to decide if ISL is the tagging process you require within your network.
InterSwitch Link (ISL)
ISL is Cisco's propriety tagging method and supported only on Cisco's equipment through Fast & Gigabit Ethernet links. The size of an ISL frame can be expected to start from 94 bytes and increase up to 1548 bytes due to the overhead (additional fields) the protocol places within the frame it is tagging.
These fields and their length are also shown on the diagram below:
We will be focusing on the two purple coloured 3D blocks, the ISL header and ISL Frame Check Sequence (FCS) respectively. The rest of the Ethernet frame shown is a standard Ethernet II frame as we know it. If you need more information, visit our Ethernet II page.
The ISL Header
The ISL header is 26 byte field containing all the VLAN information required (as one would expect), to allow a frame traverse over a Trunk Link and find its way to its destination.
Here is a closer look at the header and all the fields it contains:
You can see that the ISL header is made out of quite a few fields, perhaps a lot more than what you might have expected, but this shouldn't alarm you as only a handful of these fields are important. As usual, we will start from the left field and work our way to the far right side of the header. First up...... the DA field:
Destination Address (DA) Field
The 'DA' field is a 40 bit destination address field that contains a multicast address usually set to "0x01-00-0C-00-00" or "0x03-00-0C-00-00". This address is used to signal to the receiver that the packet is in ISL format.
Type Field
The 'Type' field is 4 bits long and helps identify the encapsulated original frame. Depending on the frame type, the ISL 'Type' field can take 4 possible values as outlined in the table below:
Type Value Encapsulated Frame
0000 Ethernet 0001 Token-Ring 0010 FDDI 0011 ATM The 4 bits of space assigned to the 'Type Value' field allow a maximum of 2^4=16 different values. Since all combinations are not used, there is plenty of room for future encapsulations that might be developed.
User Defined Field
The 'User' field occupying 4 bits serves as an extension to the previous 'Type' field and is mostly used when the original encapsulated frame is an Ethernet II type frame. When this happens, the first two bits of the 'User' field act as a prioritisation mechanism, allowing the frames to find their way to the destination much faster.
Currently, there are 4 different priorities available, as shown in the table below:
Type Value Frame Priority
XX00 Normal Priority XX01 Priority 1 XX10 Priority 2 XX11 Highest Priority We should also note that the use of priorities is optional and not required.
Source Address (SA) Field
The 'SA' field is the source MAC address of the switch port transmitting the frame. This field is -as expected- 48 bits long. The receiving device can choose to ignore this field. It is worth noting that while the Destination Address field located at the beginning of the header contains a multicast MAC Address, the Source MAC address field we are looking at here contains the MAC address of the sending device - usually a switch.
Length Field
The 'Length' field is 16 bits long and contains the whole ISL frame's length minus the DA, Type, User, SA, LEN and FCS fields. If you're good at mathematics, you can easily calculate the total length of the excluded fields, which is 18 bytes. With this in mind, a quick way to find this field's value is to take the total frame size and subtract 18 bytes :)
Length fields are used in frames to help the receiving end identify where specific portions of the frame exist within the frame received.
AAAA03 (SNAP) Field
The SNAP field is a 24 bit long field with a value of "0xAAAA03".
High bits Source Address (HSA) Field
The 'HSA' field is a 24 bit value. This field represents the upper three bytes of the SA field (the manufacturers ID portion) and must contain the value "0x00-00-0C". Since the SA field is 48 bits long or 6 bytes, the upper 3 bytes of the SA field would translate to 24 bits, hence the length of the HSA field.
VLAN - Destination Virtual LAN ID Field
The 'VLAN' field is the Virtual LAN ID of the frame. This is perhaps the most important field of all as our frame moves between trunk links because it allows all trunk links to identify the VLAN this frame belongs to. The VLAN ID field is 15 bits long and often referred to as the "color" of the frame.
Without this field, there would be no way of identifying which VLAN the frame transitting a trunk link belongs to.
Bridge Protocol Data Unit (BPDU) & Cisco Discovery Protocol (CDP) Indicator
The 'BPDU' field is only 1 bit long but very important as it is set for all BPDU packets encapsulated by the ISL frame. For those unaware, BPDU's are used by the Spanning Tree Protocol (STP) to shut down redundant links and avoid network loops. This field is also used for CDP and Virtual Trunk Protocol (VTP) frames that are encapsulated.
Index Field
The 'Index' field is a 16 bit value and indicates the port index of the source of the packet as it exits the switch. It is used for diagnostic purposes only and may be set to any value by other devices.
RES Field - Reserved for Token Ring and Fiber Distributed Data Interface (FDDI)
The 'RES' field is a 16 bit value and used when Token Ring or FDDI packets are encapsulated with an ISL frame. In the case of Token Ring frames, the Access Control (AC) and Frame Control (FC) fields are placed here whereas in the case of FDDI, the FC field is placed in the Least Significant Byte (LSB) of this field (as in a FC of "0x12" would have a RES field of "0x0012"). For Ethernet packets, the RES field should be set to all zeros.
Frame Check Sequence (ISL FCS)
Coming to the end of the ISL protocol analysis, we met the 'FCS' field which consists of four bytes. The FCS contains a 32-bit CRC value, which is created by the sending MAC (switch) and is recalculated by the receiving MAC (switch) to check for corrupt frames. In an Ethernet II frame, the FCS is generated using the Destination MAC, Source MAC, Ethertype, and Data fields while ISL's FCS is calculated based on the entire ISL frame and added to the end of it.
Summary
This page analysed all fields of the ISL header and FCS. The next page deals with the popular IEEE 802.1q, an alternative to Cisco's ISL tagging protocol.
If you require, have a quick break to freshen up and when you return, click on the link below to be transported to the wonderful IEEE 802.1q world!
Analysing The IEEE 802.1q Link Protocol
Introduction
Our VLAN Tagging page briefly covered the IEEE 802.1q protocol and we are about to continue its analysis here. As mentioned previously, the IEEE 802.1q tagging method is the most popular as it allows the seemless integration of VLAN capable devices from all vendors who support the protocol.
So, without any more delay, let's get right into the protocol.
IEEE 802.1q Analysis
The IEEE 802.1q tagging mechanism seems quite simple and efficient thanks to its 4-byte overhead squeezed between the Source Address and Type/Length field of our Ethernet II frame:
The process of inserting the 802.1q tag into an Ethernet II frame results in the original Frame Check Sequence (FCS) field to become invalid since we are altering the frame, hence it is essential that a new FCS is recalculated, based on the new frame now containing the IEEE 802.1q field. This process is automatically performed by the switch, right before it sends the frame down a trunk link. Our focus here will be the pink 3D block, labeled as the IEEE 802.1q header.
The IEEE 802.1q Header
As noted, the 802.1q header is only 4 bytes or 32 bits in length while within this space there is all the necessary information required to successfully identify the frame's VLAN and ensure it arrived to the correct destination. The diagram below analyses all fields contained in a 802.1q header:
The structure is quite simple as there are only 4 fields when compared with the 11 ISL has. We will continue by analysing each of these fields in order to discover what the protocol is all about.
TPID - Tag Protocol IDentifier
The TPID field is 16 bit long with a value of 0x8100. It is used to identify the frame as an IEEE 802.1q tagged frame.
Note: The next three fields, Priority, CFI and VLAN ID are also known as the TCI (Tag Control Information) field and are often represented as one single field (TCI Field).
Priority
The Priority field is only 3 bits long but used for prioritisation of the data this frame is carrying.
Data Prioritisation is a whole study in itself but we won't be analysing it here since it's well beyond the scope of our topic. However, for those interested, data prioritisation allows us to give special priority to time-latency sensitive services, such as Voice Over IP (VoIP), over normal data. This means that the specified bandwidth is allocated for these critical services to pass them through the link without any delay.
The IEEE 802.1p priority protocol was developed to provide such services and is utilised by the IEEE 802.1q tagging protocol.
The Priority field is approximately 3 bits long, allowing a total of 2^3=8 different priorities for each frame, that is, level zero (0) to seven (7) inclusive.
CFI - Canonical Format Indicator
The CFI field is only 1 bit long. If set to '1', then it means the MAC Address is in non-canonical format, otherwise '0' means it is canonical format. For Ethernet switches, this field is always set to zero (0). The CFI field is mainly used for compatibility reasons between Ethernet and Token Ring networks.
In the case where a frame arrives to an Ethernet port and the CFI flag is set to one (1), then that frame should not be forwarded as it was received to any untagged port (Access Link port).
VLAN ID - Virtual Local Area Network Identifier
The VLAN ID field is perhaps the most important field out of all because we are able to identify which VLAN the frame belongs to, allowing the receiving switch to decide which ports the frame is allowed to exit depending on the switch configuration.
For those who recall our VLAN Tagging page, we mentioned that the IEEE 802.1q tagging method supports up to 4096 different VLANs. This number derives from the 12 bit VLAN ID field we are analysing right now and here are the calculations to prove this: 2^12=4096, which translates from VLAN 0 to VLAN 4095 inclusive.
Summary
That completes our analysis on the IEEE 802.1q protocol. As a last note, you should remember that this protocol is the most wide spread tagging method used around the world that supports up to 4096 VLANs!
Next up is the popular InterVLAN Routing topic, which is often a misunderstood and confusing subject, but we have managed to make it simple and clear. It's now time for a break - go get some fresh air and we'll see you back in a few moments for the rest of our cool VLAN topic!
InterVLAN Routing
Introduction
Surely most of you network gurus would agree without a doubt that the invention of VLANs for networks are as good, if not better, as the invention of the mouse for computers!
Being able to create new network segments using the existing backbone and without rewiring is, for most administrators, a dream come true! Add the ability to move users or deparments between these networks with a just few keystrokes and you're in paradise.
VLANs have certainly become popular and are very welcomed in every administrator's or engineer's network. However, they also raised several issues which troubled many of us. One major issue concerns routing between existing and newly created VLANs.
The Need For Routing
Each network has it's own needs, though whether it's a large or small network, internal routing, in most cases, is essential - if not critical. The ability to segment your network by creating VLANs, thus reducing network broadcasts and increasing your security, is a tactic used by most engineers. Popular setups include a separate broadcast domain for critical services such as File Servers, Print servers, Domain Controllers e.t.c, serving your users non-stop.
The issue here is how can users from one VLAN (broadcast domain), use services offered by another VLAN?
Thankfully there's an answer to every problem and in this case, its VLAN routing:
The above diagram is a very simple but effective example to help you get the idea. Two VLANs consisting of two servers and workstations of which one workstation has been placed along with the servers in VLAN 1, while the second workstation is placed in VLAN 2.
In this scenario, both workstations require access to the File and Print servers, making it a very simple task for the workstation residing in VLAN 1, but obviously not for our workstation in VLAN 2.
As you might have already guessed, we need to somehow route packets between the two VLANs and the good news is that there is more than one way to achieve this and that's what we'll be covering on this page.
VLAN Routing Solutions
While the two 2924 Catalyst switches are connected via a trunk link, they are unable to route packets from one VLAN to another. If we wanted the switch to support routing, we would require it to be a layer 3 switch with routing capabilities, a service offered by the popular Catalyst 3550 series and above.
Since there are quite a few ways to enable the communcation between VLANs (InterVLAN Routing being the most popular) there is a good chance that we are able to view all possible solutions. This follows our standard method of presenting all possible solutions, giving you an in-depth view on how VLAN routing can be setup, even if you do not have a layer 3 switch.
Note: The term 'InterVLAN Routing' refers to a specific routing method which we will cover as a last scenario, however it is advised that you read through all given solutions to ensure you have a solid understanding on the VLAN routing topic.
VLAN Routing Solution No.1: Using A Router With 2 Ethernet Interfaces
A few years ago, this was one of the preferred and fastest methods to route packets between VLANs. The setup is quite simple and involves a Cisco router e.g 2500 series with two Ethernet interfaces as shown in the diagram, connecting to both VLANs with an appropriate IP Address assigned to each interface. IP Routing is of course enabled on the router and we also have the option of applying access lists in the case where we need to restrict network access between our VLANs.
In addition, each host (servers and workstations) must either use the router's interface connected to their network as a 'default gateway' or a route entry must be created to ensure they use the router as a gateway to the other VLAN/Network. This scenario is however expensive to implement because we require a dedicated router to router packets between our VLANs, and is also limited from an expandability prospective.
In the case where there are more than two VLANs, additional Ethernet interfaces will be required, so basically, the idea here is that you need one Ethernet interface on your router that will connect to each VLAN.
To finish this scenario, as the network gets bigger and more VLANs are created, it will very quickly get messy and expensive, so this solution will prove inadequate to cover our future growth.
VLAN Routing Solution No.2: Using A Router With One Ethernet (Trunk) Interface
This solution is certainly fancier but requires, as you would have already guessed, a router that supports trunk links. With this kind of setup, the trunk link is created, using of course the same type of encapsulation the switches use (ISL or 802.1q), and enabling IP routing on the router side.
The downside here is that not many engineers will sacrifice a router just for routing between VLANs when there are many cheaper alternatives, as you will soon find out. Nevertheless, despite the high cost and dedicated hardware, it's still a valid and workable solution and depending on your needs and available equipment, it might be just what you're looking for!
Closing this scenario, the router will need to be configured with two virtual interfaces, one for each VLAN, with the appropriate IP Address assigned to each one so routing can be performed.
VLAN Routing Solution No.3: Using A Server With Two Network Cards
We would call this option a "Classic Solution". What we basically do, is configure one of the servers to perform the routing between the two VLANs, reducing the overal cost as no dedicated equipment is required.
In order for the server to perform the routing, it requires two network cards - one for each VLAN and the appropriate IP Addresses assigned, therefore we have configured one with IP Addresses 192.168.1.1 and the other with 192.168.2.1. Once this phase is complete, all we need to do is enable IP routing on the server and we're done.
Lastly, each workstation must use the server as either a gateway, or a route entry should be created so they know how to get to the other network. As you see, there's nothing special about this configuration, it's simple, cheap and it gets the job done.
VLAN Routing Solution No.4: InterVLAN Routing
And at last.... InterVLAN routing! This is without a doubt the best VLAN routing solution out of all of the above. InterVLAN routing makes use of the latest in technology switches ensuring a super fast, reliable, and acceptable cost routing solution.
The Cisco Catalyst 3550 series switches used here are layer 3 switches with built-in routing capabilities, making them the preferred choice at a reasonable cost. Of course, the proposed solution shown here is only a small part of a large scale network where switches such as the Catalyst 3550 are usually placed as core switches, connecting all branch switches together (2924's in this case) via superfast fiber Gigabit or Fast Ethernet links, ensuring a fast and reliable network backbone.
We should also note that InterVLAN routing on the Catalyst 3550 has certain software requirements regarding the IOS image loaded on the switch as outlined on the table below:
Image Type & Version InterVLAN Routing Capability
Enhanced Multilayer Image (EMI) - All Versions YES Standard Multilayer Image (SMI) - prior to 12.1(11)EA1 NO Standard Multilayer Image (SMI) - 12.1(11)EA1 and later YES If you happen to have a 3550 Catalyst in hand, you can issue the 'Show version' to reveal your IOS version and find out if it supports IP routing.
In returning to our example, our 3550 Catalyst will be configured with two virtual interfaces, one for each VLAN, and of course the appropriate IP Address assigned to them to ensure there is a logical interface connected to both networks. Lastly, as you might have guessed, we need to issue the 'IP Routing' command to enable the InterVLAN Routing service!
The diagram above was designed to help you 'visualise' how switches and their interfaces are configured to specific VLAN, making the InterVLAN routing service possible. The switch above has been configured with two VLANs, VLAN 1 and 2. The Ethernet interfaces are then assigned to each VLAN, allowing them to communicate directly with all other interfaces assigned to the same VLAN and the other VLAN, when the internal routing process is present and enabled.
Access Lists & InterVLAN Routing
Another common addition to the InterVLAN routing service is the application of Access Lists (packet filtering) on the routing switch,to restrict access to services or hosts as required.
In modern implementations, central file servers and services are usually placed in their own isolated VLAN, securing them from possible network attacks while controlling access to them. When you take into consideration that most trojans and viruses perform an initial scan of the network before attacking, an administrator can smartly disable ICMP echoes and other protocols used to detect a live host, avoiding possible detection by an attacker host located on a different VLAN.
Summary
InterVLAN is a terrific service and one that you simply can't live without in a large network. The topic is a fairly easy one once you get the idea, and this is our aim here, to help you get that idea, and extend it further by giving you other alternative methods.
The key element to the InterVLAN routing service is that you must have at least one VLAN interface configured with an IP Address on the InterVLAN capable switch, which will also dictate the IP network for that VLAN. All hosts participating in that VLAN must also use the same IP addressing scheme to ensure communication between them. When the above requirements are met, it's then as simple as enabling the IP Routing service on the switch and you have the InterVLAN service activated.
Next in line is the Virtual Trunk Protocol (VTP), a protocol that ensures every administrator's and engineer's life remains nice and easy .... how can this be possible?
Keep reading to find out :)
No comments:
Post a Comment