Sem 3 Chapt 3 VLAN Use This for Class

8/3/2019 Sem 3 Chapt 3 VLAN Use This for Class

1/36

Chapter 3VLANs

Cisco Networking Academy Program

@TSTC-Waco


2/36

VLAN Overview


3/36

erences e ween sVLANs

VLANs...

work at Layer 2 & 3

control network

broadcastsallow users to be

assigned by net

admin.

provide tighter

network security.

How?


4/36

VLANs

Logical grouping

of devices or users

Configuration

done at switch via

softwareNot standardized

proprietary

software from

vendor


5/36

VLANsLogically segment the physical LAN infrastructureinto different subnets (or broadcast domains forEthernet)


6/36

Differences Between Traditional

Switched LAN and VLANs

VLANs work at Layer

2 and Layer 3 of OSI

Communications

between VLANs is

done by routersVLANs provide a

method of controlling

network broadcasts

Administrators assign

users to VLANs

VLANs increase

network security

defines who cancommunicate with

whom

Group switch ports and

their connected users

into logically defined

workgroups


7/36


8/36

f A A


9/36

Transport of VLANs Across the

Backbone

Ability to transport VLAN informationbetween interconnected switches and routers

that reside on the backbone

Remove physical boundaries between users

Increase configuration flexibilityusers move

Provide mechanism for interoperability between

backbone components


10/36

VLAN transportation

Backbone commonly acts as collection pointfor large volumes of traffic

Carries end user information and ID between

switches, routers and directly attachedservers


11/36

Routers in the VLAN

Traditionally provide firewalls, broadcastmanagement etc.

Provide connected routes between differentVLANs

Cost effectively integrate external routersinto switching architecture by using one ormore high speed backbone connection like:

Fast Ethernet, or ATM connection Increasing the throughput between switches and

routers

Consolidating number of physical router portsrequired fro communication between VLANs


12/36

VLANs Across the BackboneVLAN configuration

needs to support

backbone transport of

data between

interconnected routers

and switches.The backbone is the

area used for inter-

VLAN communication

The backbone shouldbe high-speed links,

typically 100Mbps or

greater


13/36

Routers Role in a VLAN

A router provides connection betweendifferent VLANs

For example, you have VLAN1 and VLAN2.

Within the switch, users on separate VLANscannot talk to each other (benefit of a VLAN!)

However, users on VLAN1 can email users on

VLAN2 but they need a router to do it.


14/36

Frame Use in the VLAN

Switches core component of VLANcommunication

Each switch makes forwarding and filtering

decisions based on the frame

Based on VLAN metrics

Approaches for logically grouping users into

distinct VLANs:

Frame filtering

Frame tagging (identification)


15/36

VLANSwitches make filtering and

forwarding decisions basedon data in the frame.

There are two techniquesused.

Frame Filtering--examines particularinformation about eachframe (MAC address orlayer 3 protocol type)

Frame Tagging--places aunique identifier in theheader of each frame asit is forwardedthroughout the network

backbone.


16/36

Frame Filtering


17/36

Frame Tagging

Uniquely assigns a VLAN ID to each frameVLAN IDs assigned by switch administrator

Chosen by IEEE for its scalability

Gaining recognition as the standard trunkingmechanism

IEEE 802.1q states that Frame Tagging is the

way to implement VLANs


18/36

More on Frame TaggingFrame Tagging...

is specified by IEEE 802.1q whichstates frame tagging is the preferredway to implement VLANs

uniquely assigns a VLAN ID to

each frame before it is forwardedacross the backbone.

is understood by switches prior toany broadcasts or transmission toother switches or routers

places a tag in the frame...thus,frame tagging. So what layer?

is removed by the switch afterframe exits the backbone and before

frame is forwarded to the endstation


19/36

Frame Tagging Continued

Places a unique identifier in the header ofeach frame as it is forwarded throughout the

network

When the frame exits the network backbone

switch removes the identifier before the

frame is transmitted to its target

Frame identification functions at Layer 2 and

requires little administrative overhead


20/36

Ports, VLANs and Broadcasts

VLANs make up a switched networklogically segmented

Ports assigned to the same VLAN share

broadcasts

Two VLAN implementation

Static

Dynamic


21/36

Static VLANs

Ports on switch that is statically assigned to aVLAN

Require administrator to make changes

SecureEasy to configure

Straightforward to monitor

Works well in which moves are controlledand managed


22/36

Static VLANsDefined

Static VLANs arewhen ports on aswitch areadministratively

assigned to a VLANBenefits

can be assigned byport, address, orprotocol type

secure, easy toconfigure and monitor

works well innetworks where

moves are controlled


23/36

STATIC VLANs


24/36

Dynamic VLANs

Ports on switch automatically determine theirVLAN assignments

Based on MAC addresses, logical addressingor protocol type of data packet

Less administration with in the wiring closetwhen a user moves or new one added

Centralized notification when an

unrecognized user is added to the networkMore administration is required to initiallyset up database within the VLANmanagement software (VMPS)


25/36

Dynamic VLANs

Defined Switch ports can automaticallydetermine a users VLANassignment based on either/or: MAC

logical address

When a station is initially

connected to an unassigned port, theswitch checks an entry in the tableand dynamically configures the portwith the right VLAN

Benefits less administration (more upfront)

when users are added or move

centralized notification ofunauthorized user


26/36

Dynamic VLANs


27/36

VLAN Additions, Moves and Changes

Companies continually reorganizingThese moves/changes are network managers

biggest headaches and one of the largest

expenses related to managing a network

VLANs provide effective measures for

controlling changes and reducing costs

Users in a VLAN can share the same network

address space i.e. IP subnet

VLANs require less rewiring, configuration

and debugging


28/36

Movement of Users

VLANs Help Control Broadcast


29/36

VLANs Help Control Broadcast

Activity

Most effective measures is to properly segmentwith firewalls that help prevent problems onsegment from damaging other parts of the network

Firewall segmentation provides reliability andminimizes overhead broadcast traffic

No routers between switches broadcasts (layer 2)are sent to every switched portreferred to as a

FLAT network(one broadcast domain across thewhole network)

Flat Network

Provides low latency & high throughput

Easy to administer

VLANs Controlling Broadcast


30/36

VLANs Controlling Broadcast

Activity

FLAT NetworkDisadvantages

Increases vulnerability to broadcast traffic acrossall switches, ports, backbone links and users

VLANs effectively extend firewalls from

routers to the switch fabric and protectingagainst potentially dangerous broadcastproblems

Creating firewalls

Assign switch ports or users to specific VLANgroups both within single switches and acrossmultiple connected switches


31/36

VLANs and Broadcast Activity


32/36

VLANs Control Broadcasts

Routers provide an

effective firewall

against broadcasts

Adding VLANs can

extend a routersfirewall capabilities to

the switch fabric

The smaller the VLAN,

the smaller the number

of users that are effected

by broadcasts

How do VLANs Improve Network


33/36

How do VLANs Improve Network

Security

Restrict number of users in a VLAN groupPrevent another user from joining without

first receiving approval from the VLAN

network management application

Configure all unused ports to a default low-

service VLAN


34/36

VLANs Improve Security

Shared LANs are easy to penetrate...simply plug

into the shared hub.

VLANs increase security by ...

restricting number of users in a VLAN

preventing user access without authorization configuring all unused ports to the Disabled setting

control access by

addresses

application types

protocol types


35/36

Tightening Network Security


36/36

VLANS Save Money

Connect existing HUBS to switches

Each hub segment connected to a switch can

be assigned only ONE VLAN

Stations that share a hub segment are in thesame VLAN

If a station need to be assigned a new VLAN

that station must move to the new hub withthe appropriate VLAN

Date post:	06-Apr-2018
Category:	Documents
Upload:	bosnazmaj
View:	223 times
Download:	0 times

Sem 3 Chapt 3 VLAN Use This for Class

Documents