I am a UNIX admin and would like to know more about VLAN's from the cisco side of things. As a sysadmin I use VLAN's to put multiple subnets on the same wire.
So my questions are:
1)At the switch port, can each port be configured to belong to multiple VLAN's. I bought a Dell power connect 2716 and it only allows one VLAN in addition to the one standard VLAN per port.
2)Is there any such thing as VLAN to subnet mapping. When a VLAN ID is assigned by the network admin, on what basis is it assigned?
Thanks again, I have read the VLAN wiki but would like to have a practical understanding of how VLAN's work?
Before you go any further in VLAN you need to know and understand that you do not at all require VLAN to put multiple subnets on the same wire.
VLAN is only required when you want to separate those VLANs.
Apparently a quite limited device. When you want more, you may need to buy another switch. (I did not check if your claim is actually true)
When you configure multiple VLANs in a switch or router, you assign multiple IP addresses/subnets to the same port but different VLAN, and the VLAN is selected based on the routing.
The first thing you need to realize is that switches (like hosts) can operate their ports in one of two modes. Access mode, or Trunk mode. There aren't any switches that generally do access-mode with multi-vlan. That would lose most benefits of vlans if that were allowed (although there are some ancient long EOL'd cisco switches that support such a thing on a single switch, no networks of them).
If you are doing multiple VLANs on a port, then you need to be in Trunk mode. Switch to Switch ports or ether-channels need to be in trunk mode as well. Access ports are used for servers that don't do VLAN tagging at all, and just need access to a single VLAN.
Cisco generally has all VLANs in the trunk be "tagged". The standards allows mixing and matching VLANs on a port to be tagged or untagged, and most other switch makers support this model, but Cisco generally is not that flexible.
In practice, I find this totally acceptable, I generally want either everything all tagged VLAN trunked, or a single VLAN access port.
The Dell 2716 is a very low-end switch, but you should be able to put a port into trunk mode and have more VLANs through than 2. IIRC, you create the VLANs on the switch to match your network, and then on the port mark each VLAN as a tagged-Trunk. This is a royal pain to do if there's lots of VLANs (the cisco way is much easier if you are managing a hundred VLANs).
Generally, VLANs map to subnet at the layer-3 router layer. (or routing firewall supporting VLAN trunking). It sounds like you should study up a bit on seperation of layer-2 networking vs. layer-3 networking. Subnets only come into play at layer-3. Everything up until then happens across layer-2.
Yes, but then the packets have to be "tagged" for all the VLANs but the "default VLAN".
Doubtful.
This depends on the special need for the VLAN. The most common use is to put a device into the appropriate VLAN via its MAC-address.
VLAN means virtual LAN. You may think about it as having separate physical networks. There might be a network for the administration with its own wires, one for the guests, again with its own wires. But if both sorts of people share the same building it might not be a clever idea to double the wire infrastructure. Thus, you may create virtual LANs. But these behave like separate LANs as in the example above although they use the identical cabling. It is then a matter of the network components to ensure that packets from VLAN
1 don't reach computers in VLAN 2 and vice versa. This is no problem, as long as there is a dedicated VLAN assignment for each switchport. The problem occurs, when packets of different VLANs run via the network backbone. How does a receiving switch disinguish between these packets? Therefore there is the tagging mechanism that adds some extra bytes to the packet header containing the VLAN information. The receiving component has to remove these tags in order to deliver the packet to the final destination.
Next thing to learn from the example: if you need communication between your VLANS you need some device to do this, usually a router. Regards, Christoph Gartmann
It depends upon the switch. From a Cisco perspective, ports are generally either access ports belonging to a single VLAN, or trunk ports carrying multiple VLANs. When operating as a trunk (which would be required in your earlier scenario when connecting to UNIX hosts and creating multple VLAN interfaces), one VLAN operates as the untagged VLAN (this is known as the native VLAN) and all other VLANs operate as tagged VLANs (meaning that 802.1Q tags are added to identify the VLAN).
(Note that some non-Cisco switches allow ports to be in multiple VLANs at the same time.)
VLAN IDs are arbitrary and do not necessarily have to correspond to an IP subnet. Generally speaking (as in for 99% of the instances), you will map IP subnets to VLANs so that each VLAN corresponds to an IP subnet and vice versa. However, the relationship between the VLAN ID (like, VLAN 100 or VLAN 1000) does not have a 1-to-1 relationship between a subnet address. Good network admins will usually try to create a relationship to ease administration, but it's not required.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.