Dell EMC Networking Configuring VLAN on Switches

Table of Contents

1. What is a VLAN
2. Why do we need VLAN
3. How to configure VLAN on Dell switches
4. What is a VLAN Layer 3 Interface
5. Configuring VLAN on FTOS based switches
6. Tagged Vs Untagged
7. Points to Remember

Section 1: What is a VLAN

VLAN in default configuration

Virtual Local Area Network (VLAN) is used to create multiple broadcast domains. By default, the switch has a single broadcast domain as all ports are assigned to the default VLAN, VLAN 1.  By default all the ports are assigned to VLAN 1 (represented in blue). Therefore all types of traffic from PC-1 will reach PC-2. A broadcast storm on PC-1 will affect the performance of PC-2 (Figure 1 (English-only)).

Figure 1: Representation of a VLAN in default configuration.

Usage of VLAN to create multiple broadcast domains

The switch is divided in to two VLANs identified as blue VLAN and orange VLAN. PC-1 will not be able to communicate with PC-2 as they are in different VLANs (Figure 2 (English-only)). Therefore broadcast traffic from PC-1 will be reachable to the devices present only in blue VLAN and will not reach the devices present in Orange VLAN. We should implement inter-vlan routing to have traffic from PC-1 reach PC-2, however broadcast traffic will not reach PC-2 because we are routing the traffic between VLAN and routers block broadcast.


Figure 2: Representation of a switch after a VLAN is created

Section 2: Why do we need VLAN

VLAN helps in segmenting the switch into multiple broadcast domains. Because broadcast traffic will have a severe impact on the performance of the network, the VLAN's help in restricting the broadcast domain. VLAN's also help in placing access restrictions. For example, by using a VLAN we can halt network communication between separate departments within your company (i.e. Sales and Production).

A real-life use case for VLAN is described below:

Use Case - 1

VLAN 10 and VLAN 20 are configured on a Dell PC8164. Ports 1 - 10 are assigned to VLAN 10, and ports 11 - 20 are assigned to VLAN 20. A computer in VLAN 10 is infected with a virus and is sending broadcast traffic impacting the performance of the network. Since we have configured the VLANs the broadcast traffic will only be flooded to devices in VLAN 10 and will not be forwarded to devices in VLAN 20.

In the above use case since we have divided the switch into multiple broadcast domains, the devices in VLAN 20 are safeguarded from the broadcast traffic flooding through VLAN 10.

Section 3: How to configure VLAN on Dell switches

VLAN are denoted using VLAN ID's (VLAN Identifiers). The VLAN ID's are numerical values ranging from 1 - 4096 and are classified as below,

• Normal Range ID: 1 - 1005
• Token Ring and FDDI VLANS: 1002 - 1005
• Extended Range ID: 1006 - 4094

Since we have 12 bits assigned for VLAN Identifier field in the 802.1Q VLAN header we cannot extend the VLAN range more than 4096. VLAN ID's 1, 4094, 4095 and 4096 are reserved and cannot be used for forwarding traffic.

Following steps walk through the process of creating a VLAN on the switch

1. Create a VLAN
2. Name the VLAN (optional)
3. Assign ports to the VLAN

By default all ports in VLAN 1, (Figure 3 (English Only)) displays the output of "show vlan" in default state. To create a VLAN we use the command vlan as show in (Figure 4 (English Only)), naming the VLAN is an optional step, if we do not name the VLAN the VLAN will assign a system generated name. If VLAN 10 is created the system will assign the name VLAN0010 to the VLAN. We name the VLAN with a user friendly name to make the identification process easier (Figure 4 (English Only)) shows the process to use the command name  to describe a VLAN. To verify and view the list of VLANS present in the switch we can use the command show vlan as show in (Figure 5 (English Only)).

Figure 3: Output of Show Vlan from a N4032.

Figure 4: Naming VLAN 10 as Sales

Figure 5: Show Vlan output after creating VLAN 10

The final and important step in the creation of VLAN is assigning ports to the VLAN. Ports can be configured to tag or untag VLAN information. (Figure 6 (English Only)) shows the process to assign the port Tengigabitethernet 1/0/1 to VLAN 10. The port is configured as access port which implies that when the traffic is sent out of the port to the workstation the switch will remove the VLAN tag and when traffic is sent from the workstation to the switch the port will insert the VLAN tag of 10.

Figure 6: Assigning port Te1/0/1 to VLAN 10

Section 4: What is a VLAN Layer 3 Interface

Layer 3 (L3) switches are capable of doing routing. Inter-VLAN routing is process of passing traffic between two different VLANS. Since traffic here is routed and not switched broadcast traffic will not be forwarded between VLANS.

L3 interface is a logical interface with the VLAN ID. (Figure 7 (English Only)) displays the configuration of L3 interface for VLAN 10.

Figure 7: Creating VLAN 10 L3 interface

We can use "show ip interface" command to view the L3 interfaces configured as shown in (Figure 8 (English Only)).

Figure 8: Output of show ip interface

Section 5: Configuring VLAN on FTOS based switches

FTOS based systems use the command "interface vlan X" to create VLAN where X is the VLAN ID. The command "untagged switchport X" where X is the port number is used to assign a port to VLAN. (Figure 9 (English Only)) displays the output of a VLAN configuration from a FTOS based system.

Figure 9: Configuration on a L2 VLAN on a FTOS system

Section 6: Tagged Vs Untagged

VLAN information is present inside the 802.1Q cladding of the frame. A frame is said to be tagged with a VLAN ID if the 802.1Q header information is present in the frame. Tagged frames are sent to devices which has the intelligence to understand the VLAN information.

For Example, The link between two switches carry tagged frames as switches can understand tagged frames whereas the frame to a workstation is untagged as workstation do not understand tagged frames.

Untagged frames implies that the VLAN information is removed by the switch before transmitting the frame out of the port and the 802.1Q cladding is not present.

Section 7: Points to Remember

• VLANs present across the network should be present on all the switches in order to converge the spanning-tree network successfully.
• If a VLAN is present in switch A and not present in switch B, switch B will drop the traffic for that particular VLAN causing a black hole of traffic.
• Some PowerConnect switches require the command "ip routing" under the layer 3 interface in order to enable routing on the VLAN interface.
• Each VLAN should be treated as a separate network, therefore it is advisable to use a separate network subnet for each VLAN and not have overlapping subnets.
• A L3 VLAN interface is in operational state only if a port is assigned to the VLAN and is in forwarding state.

Dell Technologies