# VLANs, Tagging, Trunking, VxLAN, & Native VLAN ## Метаданные - **Канал:** PowerCert Animated Videos - **YouTube:** https://www.youtube.com/watch?v=MNZa-S4E-To - **Источник:** https://ekstraktznaniy.ru/video/30217 ## Транскрипт ### Segment 1 (00:00 - 05:00) [] Hello everyone. In this video, we're going to be talking about VLANs, trunking, tagging, VXLANs, and native VLANs. Now, VLAN stands for virtual local area network. A VLAN is a local area network where the computers, servers, and other network devices are logically grouped regardless of their physical location. It logically groups devices into separate network segments. And the purpose of VLANs is for improved security, traffic management, and to make a network more simple. So, as an example, let's say that you have a threestory office building. And in this building, you have computers that belong to certain departments that are mixed in with other computers that belong to other departments on the same floor. So the red computers represents the accounting department. The blue computers represents the shipping department and the green computers represent the support department. Now as you can see all these computers from these different departments are all connected to a switch and they are all on one segment on a local area network or LAN. So all the network broadcast traffic from the different departments are mixed in with other departments. So the departments are all seeing each other's network traffic. Now suppose as a network administrator you wanted to separate the network broadcast traffic between these departments from each other so that the accounting department doesn't see any traffic from support shipping and so on. Now, one way to solve this is to physically move the computers that belong to the same department and put them together, such as putting them on the same floor and deploying extra network hardware and cabling. But this could be a hassle and unnecessary work. But there is an easier way to accomplish this and that way is by creating VLANs. By using VLANs on a VLAN capable switch, you can logically create several virtual networks to separate the network broadcast traffic. So in this case, we're going to create three VLANs for three different departments. So we're going to create a VLAN for the accounting department and then create another VLAN for the support one for the shipping department. So now as the VLANs are implemented the traffic between the three departments are isolated. So they won't see any traffic created by the other departments. They only see their own network traffic even though all the computers from the different departments are connected to the same switch. Now, if you wanted to connect VLANs together that are connected to different switches, this is where 802. 1Q tagging comes in. So, for example, on switch one, we have two VLANs which are tagged VLAN 10 and VLAN 20. And on switch two, we also have two VLANs tagged VLAN 10 and VLAN 20. So let's say that we want to give the computers on VLAN 10 from each switch the ability to communicate with each other and also have the computers on VLAN 20 from each switch the ability to communicate with each other. And this is done by using 802. 1Q VLAN trunks. A VLAN trunk allows multiple VLANs the ability to communicate through a single physical cable between the switches. And the cable is connected to a trunk port on each switch. And it's on these trunk ports where the tagging is configured. And then once everything is configured and the cable is connected, the frames coming from the computers are tagged. These tags contain the VLAN ID number which allows each switch to determine which VLAN to send the frame to. So if this computer here on VLAN 10 from switch one sends a frame to this computer on VLAN 10 on switch 2, the frame gets sent to the switch and then the switch will see that it's going to a VLAN 10 device and then it'll tag the frame with the VLAN ID which is VLAN 10. And then once it reaches the trunk port on switch 2, the switch will look at the VLAN ID on the tag and then forward the frame to this computer on VLAN 10. And there's also a native VLAN. A native VLAN is a VLAN where the frames are untagged as opposed to tag frames that we just talked about. And the purpose of a native VLAN is so that older devices that don't support VLAN tagging can communicate over a trunk link. So for ### Segment 2 (05:00 - 09:00) [5:00] example, let's say that we have some older computers that we added to each switch and we want those older computers to be on the same VLAN. So what we have to do is that we have to configure each trunk port on each switch a native VLAN which means any devices that are going to be on the native VLAN the Ethernet frames will be not tagged. So when this computer wants to communicate with this computer here, the computer will send an untagged frame and then once the trunk port on switch one receives the frame, it will notice that it's untagged, which means it's on the native VLAN that we configured. So then it'll send the frame to switch two and switch two will also notice that it's untagged, which means that it's on the native VLAN that we configured. So it'll send the frame to this computer. So as a reviewer here we have the three VLANs, VLAN 10, VLAN 20 and the native VLAN and their broadcast traffic which are frames are separated from the other VLANs. Now just to clear things up, this does not mean that these computers can't communicate with other computers that are on different VLANs because they can. The creation of VLANs just means that their broadcast traffic or frames are kept within their own VLAN. Now, VLANs do have some limitations and one of them is that they only operate at layer 2. So, they are not routable. So, VLANs cannot be created if the networks are in different geographical locations. And another limitation is that they only support a maximum of 4,000 virtual networks. Now, normally this wouldn't be a problem because 4,000 virtual networks is plenty for most organizations. But for large enterprise organizations with data centers that use cloud computing and virtual machines, 4,000 is not enough. So, this is where a VXLAN comes in. VXLAN stands for virtual extensible local area network and a VXLAN can support 16 million virtual networks and it's also routable. So it can create virtual networks if they are in different geographical areas. So for example here we have two data centers in two geographical locations. So let's say that you wanted these two data centers to be on the same virtual network. Now, VXLANs use a VN ID or virtual network identifier, which is a label or tag that is used to identify a specific virtual network. So, since we want these two data centers to be on the same virtual network, we'll tag them both as VNI 100. And then on each switch, we need to create and configure VTEPS or VXLAN tunnel end ports. These end ports are responsible for encapsulating and decapsulating the VXLAN frames that are being sent and received through a VXLAN tunnel. So when this data center here sends a frame, the VTEP will encapsulate that frame in a VXLAN header and in this header it will include the VNI number which in this case will be VNI 100 and then that frame will be sent over the internet where the other switch will decapsulate the frame and send it to the other data center. So in a nutshell, this is how a VXLAN works. the two data centers will act as if they were on the same local network even though they are in different geographical areas. So guys, if you never worked with VLANs before, there's only so much you can learn from a video. And I purchased a small VLAN switch from my home and configured several VLANs as a refresher for this video. It's a great way to learn and see how VLANs work. And if you're interested in getting one, I'll put a link in the description below of the one that I purchased. So, I want to thank you for watching this video. Please subscribe and I will see you in the next one.