Hi and welcome to AO, NewDis.
While it's great that you seem eager to contribute to the community's knowledge, some of your post's informations are mistaken:
Originally posted here by NewDis
VTP on the other hand is not so great, it is an aged protocol and is so bad that even Cisco is removing it from its newest routers. There is a replacement for it though, it is IEEE 802.1q.
- VTP continues to be on Cisco's switches;
- 802.1q is not a replacement for VTP: 802.1q is a vlan trunking protocol (defines the tagging headers), while VTP is a vlan configuration protocol (replicates / propagates / prunes the creation of vlan instances on neighboring switches).
- 802.1q is a ieee standardised alternative to cisco's proprietary ISL protocol.
- VTP could be considered complementary to a trunking protocol, dispensing the admin from manual creation of vlans (and trunk / vlan assignment), but with the dangers mentionned in my post.
If you already have a system set-up and it runs fine, leave it alone. But if you are looking to improve security and possibly some overhead you can look into VTP or 802.1q. A properly configured VTP system will allow you to segment your network a lot more!
Same confusion between vtp/802.1q, but true otherwise...
You can make everyone on floor 1 in vlan 10, and everyone on floor 2 on vlan 20, but you will need to get a router with sub-interfacing capabilities. When you make a vlan you are essentially making that VLAN into its own subnet, and a router is required to route between the 2 "subnets"/VLANs. If you do this I would strongly recommend that you look at your server allocations for making the VLAN boundries. If you put a server in VLAN 10 that VLAN 20 uses a lot you are actually making more work! A packet goes through the switch with VLAN 20 (is analyzed to see if it goes here) into the router (the router now has to dencapsulate the packet and then re-encapsulate with the new VLAN number) and back into switch with VLAN 10 to the server; back into switch with VLAN 10 to the router (the router now has to dencapsulate the packet and then re-encapsulate with the new VLAN number, again) to the switch using VLAN 20 then to you computer. This will happen even if the server is in port 10 and the computer on vlan 20 is in port 11 of the same switch, except it will come right back from the router with a new number instead of a different switch.
A valid concern, although this example only describes the situation of a "router-on-a-stick" topology.
Now a days, most networks making use of Vlans will use layer 3 switches (monsters like catalysts 6500's for richer bloods) to reduce the additional router hop and latency incured from the routing, with many layer 3 switches offering near wirespeed routing.
The VLAN propagation issues with misconfig is easy to stop as long as you are watching when you plug in a new switch, just have a ping going continuously before putting the new switch in and then watch if for ~10 minutes to see if it took correctly.
This is illadvised.
Your ping will only tell you that you've messed up big time, and by then it'll be too late.
In much less than those 10 minutes you could have killed all vlans on a network of dozens or hundreds of switches. Have fun runing around fixing those, then explaining to your boss what happened.
True, but there's also more to it when it comes to determining the layer 2/3 boundaries, like redundancy concerns (STP vs routing protocols)...
VLANs are worth it if you can segment your like resources easily, having floor 1 with all of its servers and clients on a single VLAN and connected with only switches in the path will save you a lot of the routers bandwidth, but incorrect server placement or misconfig will kill your network.