Cisco also recommends a one−to−one ratio between VLANs and subnets. This means that you must
understand how users are broken up by subnets. If you have 1,000 users in a building and 100 users are in
each subnet, then you should have 10 VLANs.
VLAN Trunking
There are two types of VLAN links: a trunk link and an access link. An access link is part of only one VLAN,
referred to as the native VLAN of the port. All the devices are attached to an access link, which connects your
physical workstation to the network. Access link devices are totally unaware of a VLAN membership, or that
a switched network exists at all. The devices only know that they are part of a broadcast domain. They have
no understanding of the network they are attached to and don’t need to know this information.
Tip Remember, an access link device cannot communicate with devices outside of its VLAN or subnet
without the use of a router or internal route processor.
Trunk links, on the other hand, can carry multiple VLANs. A trunk link is a link that carries all the VLANs in
a network and tags each frame as it enters the trunk link and spans the network. You probably have heard this
term used in telephone systems. The trunk link of a telephone system carries multiple telephone conversation
and lines on a single cable. Trunk links that connect switches and carry VLANs to other switches, routers, or
servers use the same theory.
When an administrator assigns a port to a VLAN, that port can be a member of only one VLAN. In order for
VLANs to span multiple connected switches, a trunk link must be used. This link cannot be used to connect to
the average Network Interface Card (NIC) found on the back of the PC.
Frame tagging is used when a frame travels between two devices that support a trunked link. Each switch that
the frame reaches must be able to identify the VLAN the frame is a member of based on the tagging
information, in order to determine what to do with the frame and how to apply it to the filtering table.
Because the trunk link uses frame tagging to identify which VLAN a frame belongs to, each device
connecting to the trunk link must be able to interpret and read this VLAN tag. Intel has created some NICs for
servers that understand the frame tagging involved with a trunk link. However, in most situations, this trunk
link tagging is removed at the Access layer switch, and the destination address never knows that the frame it
received was tagged with information to allow it to span the switch fabric.
What happens if the frame reaches a switch or router that has another trunk link? The device will simply
forward the frame out of the proper trunk link port. Once the frame reaches a switch at the Access layer, the
switch will remove the frame tagging. It does this because the end device needs to receive the frames without
having to understand the VLAN tagging. Remember, the end device (such as a workstation) does not
understand this frame tagging identification.
If you are using NetFlow switching hardware (discussed in Chapter 6) on your Cisco switches, it will allow
devices on different VLANs to communicate after taking just the first packet through the router. The router
will then send the correct routing information back to the NetFlow device. This process allows the router to be
contacted only once to let VLAN frames be routed from port to port on a switch, rather than from port to
router and back to the port for each frame.
Trunk Types
Trunk links are point−to−point, high−speed links from 100 to 1000Mbps. These trunked links between two
switches, a switch and a router, or a switch and a server carry the traffic of up to 1,005 VLANs at any given
time.
Four different methods or protocols allow you to track VLAN frames as they traverse the switch fabric:
94
Summary of Contents for Catalyst 1900 Series
Page 1: ......