| Date post: | 29-Nov-2014 |
| Category: |
Technology |
| Upload: | mohit-kumar |
| View: | 710 times |
| Download: | 0 times |
1
VLAN AND IT’S IMPLEMENTATION
Submitted in
Partial fulfillment of the requirement for the award of
the degree
Bachelor of Computer Application
By
MOHIT KUMAR
Under Guidance of
MR. MOHD. ASAD SIDDIQUI
Centre of Computer Education
Institute of Professional Studies
University Of Allahabad
Allahabad
2013
2
CONTENT
1. Acknowledgement
2. Certificate
3. Certificate of Approval
4. Problem Definition-Defining the problem.
5. Introduction
6. Network and It‘s Types
7. Actual Topic- VLAN
8. VLAN Membership
9. VTP
10. Implementation
11. Conclusion
3
ACKNOWLEDGEMENT
I would like to express my heartfelt gratitude to my project guide ‗Mr. MOHD ASAD
SIDDIQUI‘ department of Computer Science, University Of Allahabad for his guidance,
support and timely advice. I could not have completed this project without his
encouragement and valuable suggestions.
My heartfelt debt and thanks goes to my teachers Mr. AMIT KUMAR SINGH and Mr.
R. K. Pandey , Centre of Computer Education, Institute of Professional Studies,
University of Allahabad for their advice and encouragement during the past years.
4
CERTIFICATE
It is certified that Mr. MOHIT KUMAR of Bachelor of Computer Application, Centre of
Computer Education, Institute of Professional Studies, University of Allahabad has
carried out the project work on ‗VLAN AND IT’S IMPLEMENTATION‘ under my
guidance. The student has tried to understand the involved concepts. To the best of my
knowledge a similar work has not been submitted at any other institution for the award of
any degree or diploma.
MR. MOHD. ASAD SIDDIQUI
Resource Person
Centre of Computer Education
Institute of Professional Studies
University Of Allahabad
5
CERITIFICATE OF APPROVAL
This is to certify that the project entitled ‗VLAN AND IT’S IMPLEMENTATION‘
submitted by:
MOHIT KUMAR
is in the partial fulfillment of the requirement for the award of the degree of Bachelor of
Computer Application awarded by the University of Allahabad, Allahabad.
Internal Examiner External Examiner
Course Coordinator
Centre of Computer Education
Institute of Professional Studies
University Of Allahabad
6
PROBLEM DEFINITION
A station is considered part of a LAN if it physically belongs to that LAN. The
criterion of membership is geographic. What happens if we need a virtual connection
between two stations belonging to two different physical LANs? We can roughly define a
virtual local area network (VLAN) as a local area network configured by software, not by
physical wiring using VTP(VLAN Trunk Protocol).
NOW THE QUESTION OCCURES WHAT IS :
NETWORK
TYPES OF NETWORK
LAN (LOCAL AREA NETWORK)
WAN(WIDE AREA NETWORK)
VLAN
WORKING OF VLAN
CREATION OF VLAN
In this project, you‘re going to learn, in detail, exactly what a VLAN is and how
VLAN is created and how VLAN memberships are used in a switched network. Also,
I‘m going to tell you all about how VLAN Trunk Protocol (VTP) is used with VLAN
information and how trunking is used to send information from all VLANs across a
single link.
7
Introduction
Network: A network consists of two or more computers that are linked in order to
share resources (such as printers and CDs), exchange files, or allow electronic
communications. The computers on a network may be linked through cables,
telephone lines, radio waves, satellites, or infrared light beams.
A computer network can also be defined as: A computer network or data
network is a telecommunications network that allows computers to exchange data.
In computer networks, networked computing devices pass data to each other along
data connections.
TYPES OF NETWORK:
LAN- Local Area Network
WLAN - Wireless Local Area Network
WAN- Wide Area Network
MAN- Metropolitan Area Network
VLAN-VIRTUAL LAN
8
LAN (LOCAL AREA NETWORK): A LAN connects network devices over a
relatively short distance. A networked office building, school, or home usually
contains a single LAN, though sometimes one building will contain a few small
LANs (perhaps one per room), and occasionally a LAN will span a group of
nearby buildings.
A local area network (LAN) is a group of computers and associated devices that
share a common communications line or wireless link. Typically, connected
devices share the resources of a single processor or server within a small
geographic area.
The Figure shows a switch connecting three LANs.
9
WLAN(WIRELESS LAN): A LAN based on Wi-Fi wireless network
technology. It inherits all the properties of lan istead of it is not hard wired
connected.
A Wireless Local Area Network (WLAN) links two or more devices using some
wireless distribution method (typically spread-spectrum or OFDMradio), and
usually providing a connection through an access point to the wider Internet. This
gives users the ability to move around within a local coverage area and still be
connected to the network. Most modern WLANs are based on IEEE standards,
marketed under the Wi-Fi brand name.
Wireless LANs have become popular in the home due to ease of installation, and in
commercial complexes offering wireless access to their customers; often for free.
10
The figure shows a Wi-Fi range.
WAN(WIDE AREA NETWORK):
As the term implies, a WAN spans a large physical distance. The Internet is
the largest WAN, spanning the Earth. A WAN is a geographically-dispersed
collection of LANs. A network device called a router connects LANs to a WAN.
In IP networking, the router maintains both a LAN address and a WAN address.
A WAN differs from a LAN in several important ways. Most WANs (like
the Internet) are not owned by any one organization but rather exist under
collective or distributed ownership and management. WANs tend to use
technology like ATM, Frame Relay connectivity over the longer distances.
11
MAN (Metropolitan Area Network):
A network spanning a physical area larger than a LAN but smaller than a
WAN, such as a city. A MAN is typically owned an operated by a single entity
such as a government body or large corporation.
A Metropolitan Area Network (MAN) is a computer network in which
two or more computers or communicating devices or networks which are
geographically separated but in same metropolitan city and are connected to each
other are said to be connected on MAN. Metropolitan limits are determined by
local municipal corporations; the larger the city, the bigger the MAN, the smaller a
metro city, smaller the MAN.
12
The problem here starts to become evident as we populate the network with more
switches and workstations. Since most workstations tend to be loaded with the
Windows operating system, this will result in unavoidable broadcasts being sent
occasionally on the network wire - something we certainly want to avoid.
Another major concern is security. In the above network, all users are able to see
all devices. In a much larger network containing critical file servers, databases and
other confidential information, this would mean that everyone would have network
access to these servers and naturally, they would be more susceptible to an attack.
To effectively protect such systems from your network you would need to restrict
access at the network level by segmenting the existing network or simply placing a
firewall in front of each critical system, but the cost and complexity will surely
make most administrators think twice about it. .
WHAT IS VLAN?
Welcome to the wonderful world of VLANs!
All the above problems, and a lot more, can be forgotten with the creation of
VLANs...well, to some extent at least.
A virtual local area network (VLAN) is a logical group of workstations, servers
and network devices that appear to be on the same LAN despite their geographical
distribution. A VLAN allows a network of computers and users to communicate in
a simulated environment as if they exist in a single LAN and are sharing a single
broadcast and multicast domain.
Higher-end switches allow the functionality and implementation of VLANs. The
purpose of implementing a VLAN is to improve the performance of a network or
apply appropriate security features.
Short for virtual LAN, A network of computers that behave as if they are
connected to the same wire even though they may actually be physically located on
different segments of a LAN. VLANs are configured through software rather
than hardware, which makes them extremely flexible. One of the biggest
advantages of VLANs is that when a computer is physically moved to another
location, it can stay on the same VLAN without any hardware reconfiguration.
In computer networking, a single layer-2 network may be partitioned to create
multiple distinct broadcast domains, which are mutually isolated so that packets
13
can only pass between them via one or more routers; such a domain is referred to
as a Virtual Local Area Network, Virtual LAN or VLAN.
Computer networks can be segmented into local area networks (LAN) and wide
area networks (WAN). Network devices such as switches, hubs, bridges,
workstations and servers connected to each other in the same network at a specific
location are generally known as LANs. A LAN is also considered a broadcast
domain.
A VLAN allows several networks to work virtually as a LAN. One of the most
beneficial elements of a VLAN is that it removes latency in the network, which
saves network resources and increases network efficiency. In addition, VLANs are
created to provide segmentation and assist in issues like security, network
management and scalability. Furthermore, traffic patterns can easily be controlled
by using VLANs.
The original information will need to be resent after waiting for the collision to be
resolved, thereby incurring a significant wastage of time and resources.
To prevent collisions from traveling through all the workstations in the
network, a bridge or a switch can be used. These devices will not forward
collisions, but will allow broadcasts and multicasts to pass through.
A router may be used to prevent broadcasts and multicasts from traveling
through the network.
The workstations, hubs, and repeaters together form a LAN segment.
A LAN segment is also known as a collision domain since collisions remain
within the segment.
The area within which broadcasts and multicasts are confined is called a
broadcast domain or LAN. To define broadcast and collision domains in a LAN
depends on how the workstations, hubs, switches,
and routers are physically connected together by LAN that is located in the same
area.
14
15
The figure shows a switch using VLAN software.
16
NEED OF VLAN(VIRTUAL LAN):
These are few reasons why we should use VLANs –
1. To create more flexible designs that group users by department, or by groups
that work together instead of by physical location.
2. To segment devices into smaller LANs (Broadcast Domains) to reduce
overhead caused to each host in the LAN.
3. To reduce the workload for the Spanning Tree Protocol (STP) by limiting a
VLAN to a single access switch.
4. To ensure better security by keeping hosts that work with sensitive data on a
separate VLAN.
5. To separate traffic sent by a IP phone from traffic sent by PCs connected to
the phones.
6. A proper VLAN design can ensure that only devices that have that VLAN
defined on it will receive and forward packets intended as source or
destination of the network flow.
7. VLAN's can be used to create broadcast domains which eliminate the need
for expensive routers.
8. We can break apart our network as needed without having to go and move
cables around; if we used different switches for each group then we would
have many more switches and much more cabling in place to support them.
9. VLANs allow QoS measures to be taken on devices normally fighting for
shared bandwidth.
17
TYPES OF VLAN
STATIC VLAN
DYNAMIC VLAN
STATIC VLAN: Creating static VLANs is the most common way to create a VLAN, and one of the
reasons for that is because static VLANs are the most secure. This security stems
from the fact that any switch port you‘ve assigned a VLAN association to will
always maintain it unless you change the port assignment manually.
Static VLAN configuration is pretty easy to set up and supervise, and it works
really well in a networking environment where any user movement within the
network needs to be controlled. It can be helpful to use network management
software to configure the ports, but you don‘t have to use it if you don‘t want to.
DYNAMIC VLAN: A dynamic VLAN determines a node‘s VLAN assignment automatically.
Using intelligent management software, you can enable hardware (Media Access
Control [MAC]) addresses, protocols, or even applications to create dynamic
VLANs; it‘s up to you.
For example, suppose MAC addresses have been entered into a centralized VLAN
management application. If a node is then attached to an unassigned switch port,
the VLAN management database can
look up the hardware address and assign and configure the switch port to the
correct VLAN.
This is very cool—it makes management and configuration easier because if a user
moves, the
switch will assign them to the correct VLAN automatically.
18
Other VLAN classification criteria
Up until now, we have been thinking just of port-based VLANs. However, there
are other ways of defining VLAN membership. In this section, we will consider
two examples of these other types of VLAN:
Protocol-based VLANs
Subnet-based VLANs
Protocol-based VLANs With this method, different protocol types are assigned to different VLANs. For
example, IP defines one VLAN; IPX defines another VLAN, Netbeui yet another
VLAN, etc.
Subnet-based VLANs With this method, the VLAN membership is defined by the subnet to which a
workstation's IP address belongs.
19
Advantages of VLAN
There are several advantages to using VLANs.
Performance In networks where traffic consists of a high percentage of broadcasts and
multicasts, VLAN's can reduce the need to send such traffic to unnecessary
destinations.
Example: In a broadcast domain consisting of 10 users, if the broadcast traffic is
intended only for 5 of the users, then placing those 5 users on a separate VLAN
can reduce traffic.
Compared to switches, routers require more processing of incoming traffic. As the
volume of traffic passing through the routers increases, so does the latency in the
routers, which results in reduced performance.
The use of VLAN's reduces the number of routers needed, since VLAN's create
broadcast domains using switches instead of routers.
Simplified Administration 70% network costs are a result of adds, moves, and changes of users in the
network. Every time a user is moved in a LAN, new station addressing, and
reconfiguration of hubs and routers becomes necessary.
Some of these tasks can be simplified with the use of VLAN's. If a user is moved
within a VLAN, reconfiguration of routers is unnecessary. In addition, depending
on the type of VLAN, other administrative work can be reduced or eliminated.
VLAN's is a tool that created which can allow network managers to drag and
drop users into different VLAN's or to set up aliases.
Cost and Time Reduction VLANs can reduce the migration cost of stations going from one group to another.
Physical reconfiguration takes time and is costly. Instead of physically moving one
station to another segment or even to another switch, it is much easier and quicker
to move it by using software.
20
Broadcast Control Broadcasts are required for the normal function of a network. Many protocols and
applications depend on broadcast communication to function properly. A layer 2
switched network is in a single broadcast domain and the broadcasts can reach the
network segments which are so far where a particular broadcast has no scope and
consume available network bandwidth. A layer 3 device (typically a Router) is
used to segment a broadcast domain.
Creating Virtual Work Groups VLANs can be used to create virtual work groups. For example, in a campus
environment, professors working on the same project can send broadcast messages
to one another without the necessity of belonging to the same department. This can
reduce traffic if the multicasting capability of IP was previously used.
Security VLANs provide an extra measure of security. People belonging to the same group
can send broadcast messages with the guaranteed assurance that users in other
groups will not receive these messages.
Physical Layer Transparency VLANs are transparent on the physical topology and medium over which the
network is connected.
21
How VLANs work
When a LAN bridge receives data from a workstation, it tags the data with a
VLAN identifier indicating the VLAN from which the data came. This is called
explicit tagging.
It is also possible to determine to which VLAN the data received belongs using
implicit tagging. In implicit tagging the data is not tagged, but the VLAN from
which the data came is determined based on other information like the port on
which the data arrived.
Tagging can be based on the port from which it came, the source Media Access
Control (MAC) field, the source network address, or some other field or
combination of fields.
VLAN's are classified based on the method used. To be able to do the tagging
of data using any of the methods, the bridge would have to keep an updated
database containing a mapping between VLAN's and whichever field is used for
tagging.
Example: If tagging is by port, the database should indicate which ports belong to
which VLAN. This database is called a filtering database. Bridges would have to
be able to maintain this database and also to make sure that all the bridges on the
LAN have the same information in each of their databases. The bridge determines
where the data is to go next based on normal LAN operations. Once the bridge
determines where the data is to go, it now needs to determine whether the VLAN
identifier should be added to the data and sent.
If the data is to go to a device that knows about VLAN implementation
(VLAN-aware), the VLAN identifier is added to the data.
If it is to go to a device that has no knowledge of VLAN implementation
(VLAN-unaware), the bridge sends the data without the VLAN identifier.
In order to understand how VLAN's work, we need to look at the types of VLAN's,
the types of connections between devices on VLAN's, the filtering database which
is used to send traffic to the correct VLAN, and tagging, a process used to identify
the VLAN originating the data.
22
Types of Connections
Devices on a VLAN can be connected in three ways based on whether the
connected devices are VLAN-aware or VLAN-unaware. VLAN-aware device is
one which understands VLAN memberships (i.e. which users belong to a VLAN)
and VLAN formats.
1) Trunk Link
All the devices connected to a trunk link, including workstations, must be
VLAN-aware. All frames on a trunk link must have a special header attached.
These special frames are called tagged frames.
Trunk link between two VLAN-aware bridges.
23
2) Access Link
An access link connects a VLAN-unaware device to the port of a VLAN-aware
bridge. All frames on access links must be implicitly tagged (untagged). The
VLAN-unaware device can be a LAN segment with VLAN-unaware workstations
or it can be a number of LAN segments containing VLAN-unaware
devices.
Access link between a VLAN-aware bridge and a VLAN-unaware device.
24
3) Hybrid Link
This is a combination of the previous two links. This is a link where both
VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have
both tagged and untagged frames, but all the frames for a specific VLAN must be
either tagged or untagged.
Hybrid link containing both VLAN-aware and VLAN-unaware devices.
It must also be noted that the network can have a combination of all three types
of links.
25
Here’s a short list of ways VLANs simplify network management:
Network adds, moves, and changes are achieved with ease by just
configuring a port into the appropriate VLAN.
A group of users that need an unusually high level of security can be put into
its own VLAN so that users outside of the VLAN can‘t communicate with
them.
As a logical grouping of users by function, VLANs can be considered
independent from their physical or geographic locations.
VLANs greatly enhance network security.
VLANs increase the number of broadcast domains while decreasing their
size.
26
Identifying VLANs
Know that switch ports are layer 2–only interfaces that are associated with a
physical port. A switch port can belong to only one VLAN if it is an access port or
all VLANs if it is a trunk port. You can manually configure a port as an access or
trunk port, or you can let the Dynamic Trunking Protocol (DTP) operate on a per-
port basis to set the switchport mode. DTP does this by negotiating with the port
on the other end of the link.
Switches are definitely pretty busy devices. As frames are switched throughout the
network, they‘ve got to be able to keep track of all the different types plus
understand what to do with them depending on the hardware address. And
remember—frames are handled differently according to the type of link they‘re
traversing.
There are two different types of links in a switched environment:
Access ports An access port belongs to and carries the traffic of only one
VLAN. Traffic is both received and sent in native formats with no VLAN tagging
whatsoever. Anything arriving on an access port is simply assumed to belong to
the VLAN assigned to the port. So, what do you think will happen if an access port
receives a tagged packet, like IEEE 802.1Q tagged? Right— that packet would
simply be dropped. But why? Well, because an access port doesn‘t look at the
source address, so tagged traffic can be forwarded and received only on trunk
ports.
Trunk Ports An access link, this can be referred to as the configured VLAN of the
port. Any device attached to an access link is unaware of a VLAN membership—
the device just assumes it‘s part of the same broadcast domain, but it doesn‘t have
the big picture, so it doesn‘t understand the physical network topology at all.
Inter-Switch Link (ISL)
Inter-Switch Link (ISL) is a way of explicitly tagging VLAN information onto an
Ethernet frame. This tagging information allows VLANs to be multiplexed over a
trunk link through an external encapsulation method (ISL), which allows the
switch to identify the VLAN membership of a frame over the trunked link.
27
Membership
What characteristic can be used to group stations in a VLAN? Vendors use
different characteristics such as port numbers, MAC addresses, IP addresses, IP
multicast addresses, or a combination of two or more of these.
Port Numbers Some VLAN vendors use switch port numbers as a membership characteristic. For
example, the administrator can define that stations connecting to ports 1, 2, 3, and
7 belong to VLAN 1; stations connecting to ports 4, 10, and 12 belong to VLAN 2;
and so on.
MAC Addresses Some VLAN vendors use the 48-bit MAC address as a membership characteristic.
For
example, the administrator can stipulate that stations having MAC addresses
E21342A12334
and F2A123BCD341belong to VLAN 1.
IP Addresses Some VLAN vendors use the 32-bit IP address (see Chapter 19) as a membership
characteristic.
For example, the administrator can stipulate that stations having IP addresses
181.34.23.67, 181.34.23.72, 181.34.23.98, and 181.34.23.112 belong to VLAN 1.
Multicast IP Addresses Some VLAN vendors use the multicast IP address (see Chapter 19) as a
membership characteristic. Multicasting at the IP layer is now translated to
multicasting at the data link layer.
Combination Recently, the software available from some vendors allows all these characteristics
to be combined. The administrator can choose one or more characteristics when
installing the software. In addition, the software can be reconfigured to change the
settings.
28
Configuration How are the stations grouped into different VLANs? Stations are configured in one
of three ways: Manual, Semi-Automatic, and Automatic.
Manual Configuration:
In a manual configuration, the network administrator uses the VLAN software to
manually
assign the stations into different VLANs at setup. Later migration from one
VLAN to another is also done manually. Note that this is not a physical
configuration;
it is a logical configuration. The term manually here means that the administrator
types the port numbers, the IP addresses, or other characteristics, using the VLAN
software.
Automatic Configuration:
In an automatic configuration, the stations are automatically connected or
disconnected from a VLAN using criteria defined by the administrator. For
example, the administrator can define the project number as the criterion for being
a member of a group. When a user changes the project, he or she automatically
migrates to a new VLAN.
Semiautomatic Configuration:
A semiautomatic configuration is somewhere between a manual configuration and
an
automatic configuration. Usually, the initializing is done manually, with migrations
done automatically.
29
USE OF SWITCHES
Generally, In implementation of VLAN one have to use
Switches,because it provides better network services than hubs & also
provides the following advantages:
Broadcast Control-Since switches have become more affordable lately,
a lot of companies are replacing their flat hub networks with pure switched
network and VLAN environments. All devices within a VLAN are members
of the same broadcast domain and receive all broadcasts. By default, these
broadcasts are filtered from all ports on a switch that aren‘t members of the
same VLAN
Security- A flat internetwork‘s security used to be tackled by connecting hubs and switches together with routers. So it was
basically the router‘s job to maintain security.
Flexibility- Layer 2 switches only read frames for filtering—they don‘t
look at the Network layer protocol. And by default, switches forward all
broadcasts. But if you create and implement VLANs, you‘re essentially
creating smaller broadcast domains at layer 2.
Scalability- Another advantage is that when a VLAN gets too big, you
can create more VLANs to keep the broadcasts from consuming too much
bandwidth—the fewer users in a VLAN, the fewer users affected by
broadcasts.
30
Communication Between Switches
In a multiswitched backbone, each switch must know not only which station
belongs to which VLAN, but also the membership of stations connected to other
switches. For example, in Figure 15.17, switch A must know the membership
status of stations connected to switch B, and switch B must know the same about
switch A. Three methods have been devised for this purpose: table maintenance,
frame tagging, and time-division multiplexing.
Table Maintenance
In this method, when a station sends a broadcast frame to its group members, the
switch creates an entry in a table and records station membership. The switches
send their tables to one another periodically for updating.
Frame Tagging
In this method, when a frame is traveling between switches, an extra header is
added to
the MAC frame to define the destination VLAN. The frame tag is used by the
receiving
switches to determine the VLANs to be receiving the broadcast message.
Time-Division Multiplexing (TDM)
In this method, the connection (trunk) between switches is divided into timeshared
channels (see TDM in Chapter 6). For example, if the total number of VLANs in a
backbone is five, each trunk is divided into five channels. The traffic destined for
VLAN 1 travels in channell, the traffic destined for VLAN 2 travels in channel 2,
and so on. The receiving switch determines the destination VLAN by checking the
channel from which the frame arrived.
31
Two switches in a backbone using VLAN software.
32
VLAN TRUNKING PROTOCOL(VTP)
Cisco created this one too. The basic goals of VLAN Trunking Protocol (VTP) are
to manage all configured VLANs across a switched internetwork and to maintain
consistency throughout that network VTP allows you to add, delete, and rename
VLANs—information that is then propagated to all other switches in the VTP
domain.
Here‘s a list of some of the cool features VTP has to offer:
Consistent VLAN configuration across all switches in the network.
VLAN trunking over mixed networks, such as Ethernet to ATM LANE or
even FDDI.
Accurate tracking and monitoring of VLANs
Dynamic reporting of added VLANs to all switches in the VTP domain.
Plug and Play VLAN adding
33
Very nice, but before you can get VTP to manage your VLANs across the network,
you have to create a VTP server.
All servers that need to share VLAN information must use the same domain name,
and a switch can be in only one domain at a time.
So basically, this means that a switch can only share VTP domain information
with other switches if they‘re configured into the same VTP domain. You can use a
VTP domain if you have more than one switch connected in a network, but if
you‘ve got all your switches in only one VLAN, you just don‘t need to use
VTP.
Do keep in mind that VTP information is sent between switches only via a trunk
port.
34
ROUTING BETWEEN VLAN
Hosts in a VLAN live in their own broadcast domain and can communicate freely.
VLANs create network partitioning and traffic separation at layer 2 of the OSI, and
as I said when I told you why we still need routers, if you want hosts or any other
IP-addressable device to communicate between VLANs, you just have to have a
layer 3 device—period.
For this, you can use a router that has an interface for each VLAN or a router that
supports ISL or 802.1Q routing. The least expensive router that supports ISL or
802.1Q routing is the 2600 series router. (You‘d have to buy that from a used-
equipment reseller, because they are end of life, or EOL.) The 1600, 1700, and
2500 series don‘t support ISL or 802.1Q routing.
I‘d recommend at least a 2800 as a bare minimum, and that only supports
802.1Q—Cisco is really moving away from ISL, so you probably should only be
using 802.1Q anyway. (Some IOSs on the 2800 may support both ISL and
802.1Q—I just have never seen it supported.)
The figure shows a routers with individual VLAN association.
35
Implementing VLANs
Port-based VLANs
In the previous section, we simply stated that the network is split up into sets of
virtual LANs. It is one thing to say this; it is quite another thing to understand how
this is actually achieved. Fundamentally, the act of creating a VLAN on a switch
involves defining a set of ports, and defining the criteria for VLAN membership
for workstations connected to those ports.
With port-based VLANs, the ports of a switch are simply assigned to VLANs, with
no extra criteria.
All devices connected to a given port automatically become members of the
VLAN to which that port was assigned.
Distributing a single VLAN across multiple switches The ABOVE FIGURE shows an example of a VLAN based network. It shows
some of VLAN A connected to one switch, and some more of VLAN A connected
to another switch. You may be asking ―Are these both part of the same VLAN A,
or separate VLANs that all happen to be called VLAN A?‖ The answer is that
they are all parts of the same VLAN—there is a single VLAN A that is
Spread across two switches.
How is this achieved? How does one switch know that when it receives a broadcast
packet that it associates to VLAN A that it must also forward that broadcast to
other switches?
This can be done in a number of different ways, and in the early days of VLANs,
just about every one of these ways was tried. Some vendors had their switches use
a proprietary protocol to inform each other of their VLAN tables; some vendors
used time-divided multiplexing in which different timeslots were allocated to
different VLANs; other vendors used frame tagging. In the end, frame tagging
became the accepted standard. As we will see, in most respects this is a simple and
elegant solution. However, it initially had one big downside: it required a
fundamental change to format of the Ethernet header. This split the world‘s
Ethernet devices into those that recognized tagged headers and those that did not
recognize tagged headers. In other words, a lot of Ethernet equipment was
rendered obsolete.
36
The key benefits of implementing VLANs includes:
Allow network administrators to apply additional security to network
communication.
Make expansion and relocation of a network or a network device easier.
Provide flexibility because administrators are able to configure in a
centralized environment while the devices might be located in different
geographical locations.
Decrease the latency and traffic load on the network and the network
devices, offering increased performance
37
Conclusion
In computer networking, virtual local area network, virtual LAN or VLAN is a
concept of partitioning a physical network, so that distinct broadcast domains are
created. This is usually achieved on switch or router devices.
The basic reason for splitting a network into VLANs is to reduce congestion on a
large LAN. To understand this problem, we need to look briefly at how LANs have
developed over the years.
Initially LANs were very flat—all the workstations were connected to a single
piece of coaxial cable, or to sets of chained hubs. In a flat LAN, every packet that
any device puts onto the wire gets sent to every other device on the LAN.
