VLANs and Trunking - N10-008 CompTIA Network+ : 2.3

00:02

Many network administrators like to segment the network

00:05

into different broadcast domains.

00:07

This is sometimes done to allow additional security features

00:10

or we may need to provide separation just

00:13

to keep the network organized.

00:15

One way you could do this is to have

00:17

completely separate switches.

00:18

We would have one switch with one broadcast domain,

00:22

and you can see there are devices

00:23

connected to this red network.

00:25

And we have a completely separate switch

00:27

on a blue broadcast domain, and we have devices

00:30

connecting into that switch.

00:32

Because these are physically separated

00:34

switches there's no way for anyone on the red network

00:37

to communicate to the blue network and vice versa.

00:40

One challenge that we have with separating things out

00:43

into these separate local area networks

00:45

is that there are certainly a lot of wasted interfaces

00:49

on the front of these switches.

00:51

Since we have only a few devices,

00:53

we have a number of interfaces that we've paid for,

00:55

that we are powering, and that we're

00:57

managing but nothing is ever going

00:59

to connect to those interfaces.

01:01

It would make a lot more sense if we

01:03

could combine these switches together, but still

01:06

maintain the separation between the two networks.

01:09

Fortunately, there's a way to accomplish this using Virtual

01:13

Local Area Networks, or VLANs.

01:15

VLANs still provide segmentation within the switch.

01:18

We have some interfaces that are configured for the red VLAN,

01:22

and we have other interfaces that are

01:24

configured for the blue VLAN.

01:26

This still maintains separation of the broadcast domains.

01:29

The red devices can't communicate

01:31

to the blue devices, and vice versa,

01:33

but the separation is now done logically inside

01:36

of the switch rather than physically

01:39

across multiple switches.

01:41

If you were to look at a physical switch configuration,

01:44

here's one where three separate VLANs are configured-- a VLAN

01:48

1, a VLAN 2, and a VLAN 3.

01:51

There are devices connected to each one of these VLANs,

01:54

and the devices on a single VLAN can't

01:57

communicate to any of the other VLANs on the switch.

02:01

In most organizations, of course,

02:03

there will be more than a single switch

02:05

that is connecting the users together.

02:07

In fact, there may be tens or hundreds of switches.

02:10

And we may need to connect devices

02:12

that are on one VLAN on one switch

02:15

to the same VLAN on a separate physical switch.

02:18

In this example we have two switches.

02:21

This ethernet switch on the top has a VLAN 100 and 200.

02:24

And the switch on the bottom also

02:26

has a VLAN 100 and VLAN 200.

02:29

It would be great if we could connect VLAN 100 on one switch

02:33

to VLAN 100 on the other, and VLAN 200 on one

02:37

switch to VLAN 200 on the other.

02:40

One way to accomplish this would be

02:41

to simply extend an ethernet cable from VLAN 100

02:45

on one switch to a VLAN 100 interface on the other switch.

02:49

We could then connect another cable

02:51

from a VLAN 200 interface on one switch

02:54

to a VLAN 200 interface on the other switch.

02:57

Of course, this obviously won't scale very well.

03:00

What if there were 20 VLANs on each of these switches?

03:04

We would need 20 separate ethernet cables going

03:07

between these two switches.

03:08

Although that functionally could be used,

03:11

it certainly adds a lot of additional overhead

03:14

and uses a lot of interfaces on each switch.

03:17

Instead of extending separate ethernet links

03:20

for each individual VLAN, we can extend a single connection

03:25

and communicate all VLANs across that single connection.

03:28

We refer to this as VLAN trunking.

03:31

You might also see this referred to as the IEEE 802.1Q standard

03:36

for ethernet trunking or dot1Q.

03:39

When we have a dot1Q trunk, we can send multiple VLANs

03:42

across that trunk and then break them out

03:45

into the appropriate VLAN on the other side.

03:48

So someone on VLAN 100 on the top switch

03:50

can communicate to someone with VLAN 100 on the bottom switch

03:54

by sending information into the dot1Q trunk.

03:57

That would then be put onto the trunk to the other switch,

04:00

broken out of the trunk, and then placed

04:03

onto the original VLAN 100 network.

04:06

We're still logically segmenting these VLANs,

04:08

we're just sending them over a single link when we're

04:11

communicating between switches.

04:13

The process of adding and removing this frame

04:16

to an 802.1Q trunk is relatively straightforward.

04:19

We have our normal ethernet frame

04:22

that we're sending across.

04:23

When that hits the trunk, we're going

04:25

to add an additional field into this ethernet frame called

04:29

a VLAN header.

04:30

This VLAN header will contain information about which VLAN

04:34

is associated with this data.

04:36

So if we add a VLAN 100 frame into the trunk,

04:40

VLAN 100 will be embedded within this VLAN header.

04:43

And we can have many VLANs extending

04:46

across this dot1Q trunk.

04:48

This VLAN ID is 12 bits long and allows

04:50

us to have 4,094 VLANs inside of that trunk connection.

04:55

Some switches will separate these VLANs

04:58

into what's called a normal range and an extended range,

05:02

where the normal range are VLANs between 1 and 1,005

05:06

and the extended range is between 1,006 and 4,094.

05:11

You'll notice that the first and last VLANs are reserved.

05:14

So VLAN 0 and VLAN 4,095 are reserved values

05:19

that you would not normally configure as a separate VLAN.

05:22

Before this 802.1Q standard existed,

05:25

there was another method to trunk information between

05:28

switches called Inter-Switch Link, or ISL.

05:32

You may see a reference to ISL when looking through a switch

05:35

configuration, but practically everyone uses the IEEE standard

05:40

of 802.1Q because that standard is understood and recognized

05:44

by switches from multiple manufacturers.

05:48

Now that we know the process for adding that VLAN information,

05:52

let's see how it would work in a practical form.

05:54

Let's take a device on VLAN 200 and have

05:57

that device communicate with another device on VLAN 200

06:01

that's on a separate ethernet switch.

06:04

This device on VLAN 200 will start

06:06

by sending this information over the network.

06:09

Since this has to go to a device on a separate switch,

06:11

it will be directed towards the 802.1Q trunked interface.

06:15

That interface will add a VLAN header inside

06:19

of that ethernet frame that designates

06:21

that it began on VLAN 200.

06:24

And it sends that information to the other 802.1Q interface

06:28

on the other switch.

06:29

That switch examines the VLAN header,

06:32

sees that it originated on VLAN 200, removes the VLAN header,

06:37

and then places that frame onto the VLAN 200 network.

06:42

On two physical switches, the configuration

06:45

is relatively straightforward.

06:46

This is the original switch we started

06:48

with that has a VLAN 1, VLAN 2, and VLAN 3.

06:52

And you can see there are devices connected

06:53

to each of those VLANs.

06:55

We've added a separate switch B that

06:57

also has VLAN 1, VLAN 2, and VLAN 3,

07:01

but we've added a trunk link between both of those.

07:04

And on that trunk, we're sending information

07:06

that includes data from VLAN 1, VLAN 2, and VLAN 3.

07:12

We've been able to extend this idea of trunking

07:14

to better manage the devices that are currently

07:16

on our desks.

07:17

Specifically, the voice over IP phone and the computer

07:21

that we might have on our desk.

07:23

Traditionally, we would run one ethernet cable

07:25

from the computer that's on our desk

07:27

to a switch that exists in a closet nearby.

07:30

We would then have a completely separate cable

07:32

run for the analog telephone that's

07:34

on our desk that usually connects to a PBX,

07:37

or Private Branch Exchange switch that's inside

07:41

of our organization.

07:42

This means we have two separate cables going

07:45

to every single desk.

07:46

And each one of those cables is using

07:49

a different type of technology.

07:51

Of course, these days we're using voice over IP phones

07:55

which use data connections-- the same data connections

07:58

that we would use for our computer.

08:00

So we would have all devices on our desk connecting ultimately

08:04

to the ethernet switch that's in the closet.

08:07

To simplify this, we now only need one single network cable

08:11

for both the computer on our desk and the phone.

08:14

Physically, this is the way it would connect.

08:17

We would have the computer on our desk.

08:19

We would plug a computer into our phone.

08:21

There would be a separate ethernet connection

08:23

that would run from our phone to the switch that's located

08:26

inside of a closet nearby.

08:29

This means we would only need one cable or one

08:31

run between our desk and the switch that's in the closet.

08:36

If you've ever used a voice over IP phone that's on a computer

08:40

and tried to use the both at the same time,

08:43

you may notice that this is not an optimal configuration.

08:46

Our computers can send a lot of data

08:49

down these network connections, and it's very easy

08:51

to overwhelm the time-sensitive communication used

08:55

for voice over IP.

08:56

One way to resolve this is you would have the computer operate

09:00

on one VLAN, and we would have our phone communicating

09:03

on a completely separate VLAN.

09:05

Since we have a single network link from our desk

09:09

to the switch, we would use 802.1Q trunking to accomplish

09:13

this.

09:14

This is a specialized configuration

09:16

that's available in many switches that recognizes

09:19

that people will be using a phone and a computer

09:22

at the same time from their desk,

09:24

and it designates each switch interface

09:26

as having both a data VLAN and a voice VLAN.

09:30

And since you can configure them separately,

09:33

you can provide additional priority

09:35

for your voice configuration so that none

09:38

of your data communication will ever disrupt your phone calls.

09:41

Functionally, this is the way it would work.

09:44

Our computer would be on one VLAN--

09:46

let's say, VLAN 100--

09:48

and our phone would be on a separate phone VLAN,

09:51

and we'll call that VLAN 200.

09:53

When we send information from our computer,

09:55

it's sent across the ethernet link as a normal access

09:58

ethernet frame without any type of VLAN trunking.

10:01

But if we're ever communicating from our phone,

10:04

we'll tag all of the communication between our phone

10:07

and the switch with an 802.1Q header that designates that it

10:11

came from VLAN 200.

10:12

That allows us to set priorities in the switch

10:15

and assure that the quality of service

10:17

is maintained for all of our voice communication.