cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35196
Views
25
Helpful
15
Replies

End-to-End VLANs vs Local VLANS!

sidpatel4
Level 1
Level 1

I am working on getting my CCNP. The first exam I plan to take is the switching test BCMSN 642-812. Using the 4th Edition Self-Study Guide from Froom, Subraniaman, and Frahim.

In Ch-4 it talks about End-to-End VLANs and Local VLANs. I read that section 4 or 5 times and still did not understand the difference between them two.

I know one spans accross the entire network and the other is local. What do they exactly mean by that?

15 Replies 15

bmcginn
Level 3
Level 3

Mate,

As your book says, an end to end VLAN spans the entire network. Usually using VTP (you would have to designate the VTP server) to advertise that VLAN everywhere, therefore an end to end VLAN is a broadcast domain that spans the entire network. Broadcasts can hurt network when they get out of hand.

A local VLAN is defined on the local switch, not on the VTP server. A local VLAN does not span the entire network, rather it spans a small LAN, each switch seperately configured for VLANs. Therefore there is not a large broadcast domain spanning the network. A local VLAN + layer 3 routing could be used instead of a single layer 2 broadcast domain , or end to end VLAN.

I hope that makes sense!

Good luck with your exam :)

Hi,

Just adding one thing.

Remember 80:20 rule. 80% of the traffic should not cross the LAN and that's the reason it is a good practice to have local VLANs with layer3 routing of the vlans.

--gaurav

Goutam Sanyal
Level 4
Level 4

Hi,

End-to-End VLAN:

----------------

One of the unique properties of VLANs is that they can span multiple switches. The physical boundaries of where people and resources are located are removed. In Figure End-to-End a switched network has three VLANs spread across three switches: Accounting, Information Services, and Marketing.

Figure End-to-End A physical view of computers and a logical representation of VLANs. Note that all the servers are located off of one switch. In traditional networks, resources such as local file servers would usually be located in the same place as the users. Spreading the resources like this makes their management much harder and security harder still. Using VLANs, an administrator can create the illusion that the file server is on the same segment as the users that access it, even though the file server could be on a completely different floor in a completely different building. Figure End-to-End gives a detailed view of both a physical and logical representation of this concept.

End-to-end VLANs have the following characteristics:

----------------

1.Users are grouped into a VLAN based on function, not location.

2.The user belongs to the same VLAN no matter where she plugs her PC into the network (this requires Cisco's VMPS, which is discussed later in this chapter).

3.End-to-end VLANs are typically used for security reasons or for application or resource requirements.

4.End-to-end VLANs are difficult to implement and troubleshoot.

Local VLAN:

----------

The problem with end-to-end VLANs is that they become extremely difficult to maintain as the campus network grows and changes. Because of this, most network administrators of campus environments use local VLANs.

Unlike end-to-end VLANs, local VLANs are very easy to plan and implement. Local VLANs are based on geographic locations by demarcation at a hierarchical boundary (core, distribution, access). Therefore, a local VLAN would never span from an access layer to a core block. Because VLANs are created based on geographic or physical boundaries, it's not uncommon to see much of the traffic leaving the broadcast domain to access a resource. There are two generic rules when dealing with traffic flow: 80/20 and 20/80. The 80/20 rule assumes that 80% of the traffic stays local to a VLAN and 20% leaves a VLAN through a Layer 3 device. Local VLANs assume this premise. Note that with this implementation, VLANs are solely used to solve broadcast problems. With the 20/80 rule, 20% of the traffic stays within the VLAN and 80% leaves it. In this situation, a burden is placed on the Layer 3 device that is used to interconnect VLANs. Although they do introduce a latency issue because of the access of resources outside of the VLAN.

Please find the attachment for more details.

Thanks

Goutam

Pls rate if it works.

From my understanding the purpose of VLANs was to facilitate the common requirements of different departments regardless of their physical location. For example a sales department PC at location A configured for VLAN12 and a sales department PC at location B also in VLAN12, so they can communicate. Is this what is meant by end-to-end. I thought this was the purpose of VLAN, then, why do they prefer local vlans over end-to-end?

Very true.....!

It depends on location A and B. Is your location A's sales person's traffic crossing the layer3 boundries i.e. router.firewall. meaning is : sales guy at office 'new york' (location A) when try to communicate with sales guy at office 'Dallas' (Location B), the traffic is bound to cross through WAN links (through routers and not switches). It means vlan12 has to be layer3 entitlement in order to communicate on WAN links. This is end to ens vlan.

Now think of a different situation that location A is floor X at office in 'new york' and location B is floor Y at same office. here the traffic between locatio A PC and location B pc is not crossing routers/layer3 or is not crossing the building at all. It is local vlan, local to building. This vlan has no significance in office B 'Dallas'.

--gaurav

Hi sidpatel4,

I think Gaurav's post is pretty clear to clarify your idea.

Any help don't hesitate to post it again.

Thanks

Goutam

Pls rate if it works

Hi sidpatel4,

I think Gaurav's post is pretty clear to clarify your idea.

Any help don't hesitate to post it again.

Thanks

Goutam

Pls rate if it works

This makes it a little clear. So for example, in terms of local vlan, at location A there are three floors: 1, 2 & 3. Each floor has sales and accounting dept/people. So the switches in these floors would each have a Vlan configured for sales, for example VLAN 2 on all switches, and a Vlan for accounting, for example VLAN 3 on all switches?

This is in refernece to Ch-4 of BSMSN 4th edition self-study guide, page 154. The paragraph above Figure 4-3. The following line is what confused me in the paragraph:

"A typical VLAN organization configures the minimum number of VLANs on a single access switch within a wiring closet, rather than having VLANS from multiple departments configured on the same switch"

What is meant by this in reference to my example above?

Also, why are there separate VLANs on EACH Switch in Figure 4-3. Shouldnt each switch in the first column have VLAN1, VLAN10 and same for the switch below instead of VLAN3 and VLAN30?

Hi All, G'day,

correct me if I'm wrong because not sure with the concept still. The End-to-End vlan means the VLAN which spans around the network the entire Switch block so the users are not restricted to access the network based on the Physical location they can be a member of their VLAN group through any switch they connect to with help of VMPS.

Local-Vlan means where a particular vlan is configured for a particular switch, floor or a location and the Vlan member will not be able to connect to the group if he is not connected to that particular switch.

Please suggest

Hello,

The End-to-End vlan means the VLAN which spans around the network the  entire Switch block so the users are not restricted to access the  network based on the Physical location they can be a member of their  VLAN group through any switch they connect to with help of VMPS.

Yes, this would be correct. In general, in end-to-end VLANs, you want to keep all stations of the same type in the same VLAN. Because they can be spread through the entire campus, you disrespect the boundaries between access, distribution and core layer in your network, and basically span the VLAN wherever you need it. The usage of VMPS is possible but not necessary.

Local-Vlan means where a particular vlan is configured for a particular  switch, floor or a location and the Vlan member will not be able to  connect to the group if he is not connected to that particular switch.

Yes, this is basically correct as well. With local VLANs, you do create different VLANs for different groups of stations, but you make sure that the VLANs are bounded by the access and distribution layer and never span through the distribution layer to a different distribution block or to the core.

Best regards,

Peter

Thank you Peter,

Thanks for the diagrams. But, I really could not spot the difference. In the End-To-End Diagram seems like each switch is configured for VLANS for each department, and in the Local Vlans diagram, also each switch is configured for each department. Meaning Vlan 2, 3 and 4 configured on all switches in both diagrams?

Working on CCNP Switch at the moment

I am confused.....

Looking at the third post by Sanyal. The definitions kinda make sense. However, after looking at those pictures I am now more confused. Each picture depicts 3 switches.

1. Each Switch has 3 ports

2. Each port of the 3 switches is on a different VLAN? (I feel this assumption is where I became confused)

3. So if each port is on a different vlan in both pics how are they different?

4. What does the CLOUD with sharp edges represent....that is the only difference I see.

If that has a deeper meaning other than to show the VTP Server function cross network please let me in on this secret

My assumption is instead of using VTP server you instead use transparent?

Abzal
Level 7
Level 7

Hi,

With local VLAN you don't need to much worry about STP. Local Vlan limited within building, location or floor. These access switches connected distribution where svi are created. Also broadcasts reduces because there is L3 links between core and distribution. Also it gives easy troublshooting. Yes, VTP mode will transparent, because it needs trunk links to propagate VLAN info.

Hope it will help.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal
Review Cisco Networking for a $25 gift card