| Date post: | 14-Apr-2018 |
| Category: |
Documents |
| Upload: | gauravjuneja4 |
| View: | 218 times |
| Download: | 0 times |
of 55
7/27/2019 VLAN CT
1/55
7/27/2019 VLAN CT
2/55
VLAN
VLAN is a broadcast domain
Grouped based on logical function,
department or application
Traffic can be switched between VLANS witha router and traffic between switches (trunks)
is tagged (802.1q) or encapsulated (ISL) to
identify VLAN membership
7/27/2019 VLAN CT
3/55
7/27/2019 VLAN CT
4/55
7/27/2019 VLAN CT
5/55
7/27/2019 VLAN CT
6/55
VLAN Overview
A VLAN allows a network administrator to
, even if they share acommon infrastructure with other VLANs.
Using VLANs, you can
based on functions, departments, or projectteams.
You can also use a VLAN to
to support the growing reliance of
companies on home-based workers. These VLANs allow the network administrator to
implement
to particulargroups of users.
7/27/2019 VLAN CT
7/55
7/27/2019 VLAN CT
8/55
VLANs
Divides switch into two ormore virtual switches with
separate broadcast domains
Achieved by manual
configuration through theswitches management
interface
Only that switch will be
segmented
7/27/2019 VLAN CT
9/55
7/27/2019 VLAN CT
10/55
7/27/2019 VLAN CT
11/55
Virtual LANs (continued)
7/27/2019 VLAN CT
12/55
7/27/2019 VLAN CT
13/55
7/27/2019 VLAN CT
14/55
7/27/2019 VLAN CT
15/55
7/27/2019 VLAN CT
16/55
Broadcast domains with VLANs and routers
, eachgroup is on a different IP
network and on a different
switch.
. Switch is
configured with the ports onthe appropriate VLAN. Still,
each group on a different IP
network; however, They are
all on the same switch.
What are the broadcastdomains in each?
One link per VLAN or a single VLAN
Trunk (later)
2) With
VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
7/27/2019 VLAN CT
17/55
Reasons For Standardizing VLANs
Old implementations could only be defined in
one switch
To connect a VLAN to another network,
each VLAN needed a router port
The only multi-switch VLANs were
proprietary:
Cisco: ISL Bay: Lattisspan
3Com: VLT
Cabletron: SecureFast
7/27/2019 VLAN CT
18/55
Standards Based VLANs
Includes definition for a new GARP application
called GVRP (GARP VLAN Registration
Protocol)
Propagate VLAN registration across the net
Associate incoming frames with a VLAN ID
De-associate outgoing frames if necessary
Transmit associated frames between VLAN802.1Q compliant switches
7/27/2019 VLAN CT
19/55
Basic VLAN Concepts
Port-based VLANs
Each port on a switch is in one and only one VLAN
(except trunk links)
Tagged Frames
VLAN ID and Priority info is inserted (4 bytes)
Trunk Links
Allow for multiple VLANs to cross one link
Access Links
The edge of the network, where legacy devices attach
Hybrid Links
Combo of Trunk and Access Links
VID
VLAN Indentifier
7/27/2019 VLAN CT
20/55
Tagged Frames
4 Bytes inserted afterDestination and
Source Address
Tagged Protocol
Identifier (TPID) = 2Bytes (x8100)
length/type field
Tagged Control
Information (TCI) = 2Bytes
contains VID
7/27/2019 VLAN CT
21/55
VLAN Trunk
, such as a router or a switch.
Ethernet trunks carry the traffic of multiple VLANsover a single link.
A VLAN trunk allows you to extend the VLANs
across an entire network.
Cisco supports for coordinatingtrunks on Fast Ethernet and Gigabit Ethernet
interfaces.
7/27/2019 VLAN CT
22/55
Trunk Link
Attaches two VLAN switches - carriesTagged frames ONLY.
7/27/2019 VLAN CT
23/55
7/27/2019 VLAN CT
24/55
Hybrid Links
Hybrid Links - ALL VLAN-unaware
devices are in the same VLAN
7/27/2019 VLAN CT
25/55
7/27/2019 VLAN CT
26/55
Dynamic vs. Static VLANs
VLANs can be configured dynamically orstatically
Static VLANs are configured port-by-port
Dynamic VLAN ports automatically learn theirVLAN assignment
Software database of MAC address-to-VLAN
mappings
7/27/2019 VLAN CT
27/55
VLAN Standardization
Frame filtering Frames can be separated into VLANs
MAC addresses
Network-layer protocol type
Application type Frame tagging IEEE 802.1q
Also known as frame identification
Adds a four-byte field to Ethernet frame
Inter-Switch Link (ISL) protocol Cisco proprietary frame-tagging method
26 byte header
7/27/2019 VLAN CT
28/55
7/27/2019 VLAN CT
29/55
Creating VLANs (continued)
VLAN configuration (continued) Rm410#configure terminal
Rm410(config)#interface f0/1
Rm410(config-if)#switchport mode trunk
Rm410(config-if)#exit
Rm410(config)#interface f0/2
Rm410(config-if)#switchport access vlan 1
7/27/2019 VLAN CT
30/55
Li k T A d C fi ti
7/27/2019 VLAN CT
31/55
Link Types And Configuration
(continued)
Trunk links have five states Auto
Desirable
Non-negotiate
Off
On
Rm410(config)#interface f0/1
Rm410(config-if)#switchport mode trunk
7/27/2019 VLAN CT
32/55
Trunking Protocol
VLAN trunking protocol Layer 2 messaging protocol
Manages all changes to the VLANs acrossnetworks
VTP domains VTP devices are organized in to domains
Switches can only belong to one domain
7/27/2019 VLAN CT
33/55
Trunking Protocol (continued)
VTP device modes Server
Rm410(vlan)# vtp server
Client
Rm410(vlan)# vtp client Transparent
Rm410(vlan)# vtp transparent
Default to server mode
VTP pruning Reduces the number of VTP updates on trunk
link
Rm410(vlan)# vtp pruning
7/27/2019 VLAN CT
34/55
Routers and VLANs
Increase security
Manage traffic between VLANs
Subinterfaces
Access-lists
7/27/2019 VLAN CT
35/55
Routers and VLANs (continued)
Enable inter-VLAN communication betweenVLAN 1 and VLAN 2 Router(config)# interface e0.1
Router(config-subif)# ip address 164.106.1.1
255.255.255.0 Router(config-subif)# encapsulation isl 1
Router(config-if)# exit
Router(config)# interface e0.2
Router(config-subif)# ip address 164.106.2.1255.255.255.0
Router(config-subif)# encapsulation isl 2
7/27/2019 VLAN CT
36/55
7/27/2019 VLAN CT
37/55
COMN B/w SWs
7/27/2019 VLAN CT
38/55
7/27/2019 VLAN CT
39/55
7/27/2019 VLAN CT
40/55
7/27/2019 VLAN CT
41/55
7/27/2019 VLAN CT
42/55
Types of VLANs- Default VLAN
All switch ports become
Having all the switch ports participate in the default
VLAN makes them all part of the same broadcast
domain.
This allows any device connected to any switch port
to communicate with other devices on other switch
ports.
The default VLAN for Cisco switches is VLAN 1.
VLAN 1 has all the features of any VLAN, except
that you cannot rename it and you can not delete it.
7/27/2019 VLAN CT
43/55
Types of VLANs-Default VLAN
, will always be associated with
VLAN 1 - this cannot be changed.
In the figure, VLAN 1 traffic is forwarded over the
VLAN trunks connecting the S1, S2, and S3switches.
It is a security best practice to change the default
VLAN to a VLAN other than VLAN 1; this entails
configuring all the ports on the switch to beassociated with a default VLAN other than VLAN 1.
7/27/2019 VLAN CT
44/55
Types of VLANs-Native VLAN
An 802.1Q trunk port supports traffic coming frommany VLANs (tagged traffic) as well as traffic that
does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on
the native VLAN.
In the figure, the native VLAN is VLAN 99.
Untagged traffic is generated by a computerattached to a switch port that is configured withthe native VLAN.
7/27/2019 VLAN CT
45/55
Types of VLANs-Native VLAN
specification to maintain backward
compatibility with untagged traffic common to
legacy LAN scenarios.
For our purposes, a native VLAN serves as a
common identifier on opposing ends of a
trunk link.
It is a best practice to use a VLAN other thanVLAN 1 as the native VLAN.
7/27/2019 VLAN CT
46/55
Types of VLANs-Management VLAN
is any VLAN you configure to accessthe management capabilities of a switch.
VLAN 1 would serve as the management VLAN if you didnot proactively define a unique VLAN to serve as the
.
You assign the management VLAN an IP address andsubnet mask.
A switch can be managed via HTTP, Telnet, SSH, or SNMP.
VLAN 1 is normally used as the default VLAN,
VLAN1 would be a bad choice as the management VLAN; youwouldn't want an arbitrary user connecting to a switch todefault to the management VLAN.
7/27/2019 VLAN CT
47/55
Types of VLANs- Voice VLAN
It is easy to appreciate why a separate VLANis needed (VoIP).
VoIP traffic requires: Assured bandwidth to ensure voice quality
Transmission priority over other types ofnetwork traffic
Ability to be routed around congested areas onthe network
Delay of less than 150 milliseconds (ms)across the network
7/27/2019 VLAN CT
48/55
7/27/2019 VLAN CT
49/55
7/27/2019 VLAN CT
50/55
Benefits of VLAN
- Groups that have sensitive data areseparated from the rest of the network,
decreasing the chances of confidential
information breaches.
Faculty computers are on VLAN 10 and completely
separated from student and guest data traffic.
- Cost savings result from less
need for expensive network upgrades and moreefficient use of existing bandwidth and uplinks.
7/27/2019 VLAN CT
51/55
Benefits of VLAN
- Dividing flat Layer 2networks into multiple logical workgroups
(broadcast domains) reduces unnecessary traffic
on the network and boosts performance.
- Dividing a network
into VLANs reduces the number of devices that
may participate in a broadcast storm.
In the figure you can see that although there are sixcomputers on this network, there are only three
broadcast domains: Faculty, Student, and Guest.
7/27/2019 VLAN CT
52/55
Benefits of VLAN
- VLANs make iteasier to manage the network because users withsimilar network requirements share the sameVLAN.
When you provision a new switch, all the policiesand procedures already configured for theparticular VLAN are implemented when the portsare assigned.
It is also easy for the IT staff to identify the functionof a VLAN by giving it an appropriate name.
In the figure, for easy identification VLAN 20 couldbe named "Student", VLAN 10 could be named"Faculty", and VLAN 30 "Guest."
7/27/2019 VLAN CT
53/55
7/27/2019 VLAN CT
54/55
Summary
VLANs are separate broadcast domains that are notlimited by physical configurations, instead a VLAN isa logical broadcast domain implemented via one ormore switches
Performance benefits associated with VLANs are
derived from limiting the amount of broadcast trafficthat would naturally pass through a switch withoutfiltration
The enhanced flexibility to assign any port on anyswitch to a particular VLAN makes moving, adding,and changing network configurations easier
VLAN information is communicated to switches usingthe VLAN trunking protocol (VTP)
7/27/2019 VLAN CT
55/55
