The next topic in our serie are VLAN Technologies. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)
1.1.c vi Normal range and extended range VLANs
Whenever we talk about VLANs we must understand that the amount of possible used values are limited. The VLAN Identifier field (VID) offers 12 bit space within a frame to be tagged with a specific VLAN. The maximal amount of values within 12 bit is 4096.
That means that we can choose VLANs between 1 – 4094 Depending of the model used they may be some reserved IDs for internal use within the switch system. Why not 0 and 4095? 0x000 and 0xFFF are reserved for other purposes.
The normal range VLANs are 1-1005. Starting with 1006 and ending in 4094 inclusive, these VLANs are called extended range VLANs. Under Cisco the extended range can only be used, if we enable VTP.
Can I use all of them?
The answer is no, there are some reservations. Depending on the model you are currently using it is possible that there are more VLANs reserved for internal purposes. As an example on a Nexus 9k switch the system reserves a block of 128 VLANs between 3968-4092. The IDs 4093 – 4095 are reserved for other purposes. The block mentioned before can be changed by issuing the command ’system vlan 500 reserve‘, is is gonna reserve vlan 500 – 627 instead of the oters mentioned aboved.
1.1.c v VLAN database
The VLAN database is used to store vlan information, such as the VLAN ID, name and MTU in a file called vlan.dat, located in non-volatile memory.
1.1.c i Access ports
An access port carriers traffic for a specific VLAN. In a normal case all the traffic passing by this port is untagged. We can see in the next figure different cases where different frames arrive to a port configured as an access port within vlan 20.
Untagged frame: When an untagged frame arrives on an access port, the switch will accept the frame, learn the MAC-Address and forward it to to the destination.
Tagged frame: We go here two different cases, the first one is when a tagged frame arrives on an access port, but it is not the same value as configured on the port, then the switch will discard the frame without learning its MAC-address. But if the tagged value is the same as configured, then the switch will accept the frame, learn the MAC-Address and forward it to its destination.
1.1.c vii Voice VLAN
Imaging you have a enterprise network with 800 employees and you want to migrate from common line telephone to Cisco VoIP phones. You would need a lot of new switches for the new phones, you would need 800 additional ports! dozens of new switches and maybe also new aggregation switches! Well, there is also another option. Common VoIP phones got two ethernet ports, one for the connection from the phone to the access switch and the other one from the phone to the PC. The phone just forwarded the unatagged frames received from the PC directly to the switch. The switch will put untagged frames in VLAN 20 and the tagged frames in VLAN 50.
The role of CDP/LLDP within voice VLAN
Based on the configuration shown in the picture above, the IP phone will send frames tagged with VLAN 50. However, if the phone does not know about the VLAN tagged, this information can be gathered by simply enabling a discovery protocol like CDP or LLDP on the access port. The phone will make a query and the switch will answer with the value configured. Anyhow as mentioned before, the IP phone would managed to work without CDP, if the VLAN value is configured manually. However CDP is also be used to tell the phone if the CoS values should be re-write and also to inform the switch how much power the phone needs.
1.1.c ii Trunk ports (802.1Q)
By default a trunk port is able to send and receive traffic from all VLANs over a single link. Normally these ports are found betweenswitches in order to allow communication within the same VLAN but in different locations. We can see this in the next figure, that both VLANs are travelling between switches over a single link.
1.1.c iii Native VLAN
This is a very confusing chapter, but only in theory. When we refer to the native VLAN, we refer to the VLAN that does not use tagging on a switchport. In a trunk port the native VLAN is defined under the statement ’switchport trunk native vlan‘ and on an access port the native VLAN refers to the one configured in the statement ’switchport access vlan 30′. In both cases the frames passing by through this port are always untagged.
1.1.c iv Manual VLAN pruning
In a normal world the switch has to perform several actions in order to keep the network working. As mentioned before by default a trunk port send and receives traffic from all VLANs.
Imaging you have a network with 400 employees and two vlans: 30 and 50. Imaging that 380 of this users are located within VLAN 30. Everytime the switch has to perform a unicast flood, or a broadcast, the switch will spread the frame across the network. But why should a switch not having a client in VLAN 30 be interested to receive and process such traffic.
We can manually restrict which VLANs are accepted on a trunk port by issuing the command ’switchport trunk allowed vlan 50′. This should help to reduce the amount of unnecessairy traffic.
1.1.c viii VTP
VTP or VLAN Trunking Protocol offers the possibility to automatically deploy and remove VLANs across the network through a VTP-Server. In other words VTP offers a management tool for VLANs within the same domain.
Different modes
| Server | Can create VLANs | Can advertise VLANs |
| Client | Cannot create VLANs | Can advertise VLANs |
| Transparent | Creates only local significant VLANs | Just forward other advertisements |
Difference between VTP v2 and v3
- VTP v2 supports VLAN from 1 to 1000 while v3 supports all the VLANs from 1 to 4096 (Extended range).
- VTP version 3 supports VLAN propagation within a domain by configuring a primary and secondary server.
VTP Pruning
There is an option to prune unnecessary VLANs on specific links to reduce unnecessary broadcast over links that dont have any host within this VLAN.
This is exactly the opposite as ’switchport trunk allowed vlan vlanid-list‚.
Good or bad?
The implementation of new VLANs can be easily solved by the use of VTP. It save us the time to log in into all our switches to create the VLAN manually,but on the other hand this expose us to not to have an uniformed network naming. The problems appears if someone accidentally removes a VLAN on a server. This change will be propagated along your infrastructure, which will definetly leads into inoperability in your network for this specific VLAN.
Appendix A – Dynamic Trunking Protocol (DTP)
DTP or Dynamic Trunking Protocol help us to form a desired mode (Access or trunk) on a interface. The interface can be configured with
- switchport mode access
- switchport mode trunk
- switchport mode dynamic auto
- switchport mode dynamic desirable
These are the possible combinations and its results.
| Access | Trunk | Dynamic Auto | Dynamic Desirable | |
| Access | Access | Limited connectivity. Access port remains access and will only transfer frames within its own vlan. Other tagged frames rather the configured value will be discarded. | Access | Access |
| Trunk | Limited connectivity. Access port remains access and will only transfer frames within its own vlan. Other tagged frames rather the configured value will be discarded. | Trunk | Trunk | Trunk |
| Dynamic Auto | Access | Trunk | Access | Trunk |
| Dynamic Desirable | Access | Trunk | Trunk | Trunk |
Wireshark capture of a DTP-Frame.
I bit, therefore I byte 