You are on page 1of 55

VLAN
• VLAN is a broadcast domain • Grouped based on logical function, department or application • Traffic can be switched between VLANS with a router and traffic between switches (trunks) is tagged (802.1q) or encapsulated (ISL) to identify VLAN membership

VLAN
• VLANs can logically segment users into different subnets (broadcast domains) • Broadcast frames are only switched on the same VLAN ID. • Users can be logically group via software based on:
– – – – port number MAC address protocol being used application being used

LAN VS. VLAN

.

VLAN introduction

• VLANs provide segmentation based on broadcast domains. • VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. • All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

even if they share a common infrastructure with other VLANs. departments. . or project teams.VLAN Overview • A VLAN allows a network administrator to . • Using VLANs. • These VLANs allow the network administrator to implement to particular groups of users. • You can also use a VLAN to to support the growing reliance of companies on home-based workers. you can based on functions.

• For computers to communicate on the same VLAN. each . . • The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. • VLANs allow multiple IP networks and subnets to exist on the same switched network.VLAN • A VLAN is .

VLANs • Divides switch into two or more “virtual” switches with separate broadcast domains • Achieved by manual configuration through the switches’ management interface • Only that switch will be segmented .

Multiple VLANs in One Switch • Multiple VLANs can be defined on the same switch .

Why VLANs? • Lots of broadcast traffic wastes bandwidth – VLANs create separate broadcast domains • • • • • Microsoft Networking Novell Networking NetBEUI IP RIP Multicast (sometimes acts like broadcast) • VLANs can span multiple switches and therefore create separate broadcast domains that span multiple switches .

Virtual LANs (continued) .

Virtual LANs (continued) .

• Link Multiplexing – slower speed technologies share the high-bandwidth uplink – multiple IP subnets on one physical link with layer 3 switching ..More Reasons..

. .And One More Reason. Sensitive accounting data transmitted over the network will only be seen by devices in the accounting VLAN.. one for accounting and one for sales. – Traffic is only seen by who it is intended for • example: Two separate VLANs.

Router’s Role • Provides connection between different VLANs • For example. users on VLAN1 can email users on VLAN2 but they need a router to do it. . – Within the switch. you have VLAN1 and VLAN2. users on separate VLANs cannot talk to each other (benefit of a VLAN!) – However.

each group is on a different IP network and on a different switch.0.0/16 2) With VLANs 10. • What are the broadcast domains in each? 10. . Switch is configured with the ports on the appropriate VLAN. They are all on the same switch.0.0.Broadcast domains with VLANs and routers .1.0.0/16 10.0/16 . each group on a different IP network.3.2.0. however. Still.0/16 10.2.0/16 One link per VLAN or a single VLAN Trunk (later) 10.1.3.0.0/16 10.

Reasons For Standardizing VLANs • Old implementations could only be defined in one switch • To connect a VLAN to another network. each VLAN needed a router port • The only multi-switch VLANs were proprietary: – – – – Cisco: ISL Bay: Lattisspan 3Com: VLT Cabletron: SecureFast .

Standards Based VLANs • Includes definition for a new GARP application called GVRP (GARP VLAN Registration Protocol) – Propagate VLAN registration across the net • Associate incoming frames with a VLAN ID • De-associate outgoing frames if necessary • Transmit associated frames between VLAN 802.1Q compliant switches .

where legacy devices attach • Hybrid Links – Combo of Trunk and Access Links • VID – VLAN Indentifier .Basic VLAN Concepts • Port-based VLANs – Each port on a switch is in one and only one VLAN (except trunk links) • Tagged Frames – VLAN ID and Priority info is inserted (4 bytes) • Trunk Links – Allow for multiple VLANs to cross one link • Access Links – The edge of the network.

Tagged Frames • 4 Bytes inserted after Destination and Source Address • Tagged Protocol Identifier (TPID) = 2 Bytes (x8100) – length/type field • Tagged Control Information (TCI) = 2 Bytes – contains VID .

VLAN Trunk . • Cisco supports for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces. . • A VLAN trunk allows you to extend the VLANs across an entire network. such as a router or a switch. • Ethernet trunks carry the traffic of multiple VLANs over a single link.

.Trunk Link • Attaches two VLAN switches .carries Tagged frames ONLY.

and removes Tags when transmitting frames. .Access Links • Access Links are Untagged for VLAN unaware devices .the VLAN switch adds Tags to received frames.

ALL VLAN-unaware devices are in the same VLAN .Hybrid Links • Hybrid Links .

Benefits of VLANs • VLANS provide the following benefits – It is easier to add and move stations on the LAN – It is easier to reconfigure the LAN – There is better traffic control – There is increased security .

Dynamic vs. Static VLANs • VLANs can be configured dynamically or statically • Static VLANs are configured port-by-port • Dynamic VLAN ports automatically learn their VLAN assignment – Software database of MAC address-to-VLAN mappings .

1q • Also known as frame identification • Adds a four-byte field to Ethernet frame – Inter-Switch Link (ISL) protocol • Cisco proprietary frame-tagging method • 26 byte header .VLAN Standardization • Frame filtering – – – – Frames can be separated into VLANs MAC addresses Network-layer protocol type Application type • Frame tagging – IEEE 802.

Creating VLANs • VLAN configuration – – – – – – Rm410HL#vlan database Rm410(vlan)#vtp domain hudlogic Rm410(vlan)#vtp server Rm410(vlan)#vlan 2 name production Rm410(vlan)#vlan 3 name accounting Rm410(vlan)#vlan 4 name marketing .

Creating VLANs (continued) • VLAN configuration (continued) – – – – – – Rm410#configure terminal Rm410(config)#interface f0/1 Rm410(config-if)#switchport mode trunk Rm410(config-if)#exit Rm410(config)#interface f0/2 Rm410(config-if)#switchport access vlan 1 .

Link Types And Configuration • Two types of links • Trunk links – – – – Switch-to-switch links Switch-to-router links 100 Mbps links 1 Gbps links • Access links – Non-VLAN aware devices .

Link Types And Configuration (continued) • Trunk links have five states – – – – – Auto Desirable Non-negotiate Off On • Rm410(config)#interface f0/1 • Rm410(config-if)#switchport mode trunk .

Trunking Protocol • VLAN trunking protocol – Layer 2 messaging protocol – Manages all changes to the VLANs across networks • VTP domains – VTP devices are organized in to domains – Switches can only belong to one domain .

Trunking Protocol (continued) • VTP device modes – Server • Rm410(vlan)# vtp server – Client • Rm410(vlan)# vtp client – Transparent • Rm410(vlan)# vtp transparent • Default to server mode • VTP pruning – Reduces the number of VTP updates on trunk link – Rm410(vlan)# vtp pruning .

Routers and VLANs • • • • Increase security Manage traffic between VLANs Subinterfaces Access-lists .

255.106.2 – Router(config-subif)# ip address 164.255.1 – Router(config-subif)# ip address 164.0 – Router(config-subif)# encapsulation isl 1 – Router(config-if)# exit – Router(config)# interface e0.255.2.255.1 255.1.0 – Router(config-subif)# encapsulation isl 2 .106.1 255.Routers and VLANs (continued) • Enable inter-VLAN communication between VLAN 1 and VLAN 2 – Router(config)# interface e0.

Routers and VLANs (continued) .

COMN B/w SWs .

Comn between SWs .

.

Types of VLANs .

• A data VLAN is sometimes referred to as a .Data VLAN a VLAN that is configured to carry only user-generated traffic. • It is common practice to separate from data traffic.Types of VLANs .

– This allows any device connected to any switch port to communicate with other devices on other switch ports.Types of VLANs. . – The default VLAN for Cisco switches is VLAN 1.Default VLAN • All switch ports become – Having all the switch ports participate in the default VLAN makes them all part of the same broadcast domain. – VLAN 1 has all the features of any VLAN. except that you cannot rename it and you can not delete it.

VLAN 1 traffic is forwarded over the VLAN trunks connecting the S1.this cannot be changed.Types of VLANs. . – It is a security best practice to change the default VLAN to a VLAN other than VLAN 1. this entails configuring all the ports on the switch to be associated with a default VLAN other than VLAN 1. – In the figure.Default VLAN . S2. will always be associated with VLAN 1 . and S3 switches.

1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic).Types of VLANs .1Q trunk port places untagged traffic on the native VLAN.Native VLAN • An 802. • In the figure. . • The 802. the native VLAN is VLAN 99. • Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN.

Types of VLANs . a native VLAN serves as a common identifier on opposing ends of a trunk link. • It is a best practice to use a VLAN other than VLAN 1 as the native VLAN. • For our purposes. .Native VLAN specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios.

Management VLAN is any VLAN you configure to access the management capabilities of a switch. Telnet.Types of VLANs . or SNMP. • You assign the management VLAN an IP address and subnet mask. – VLAN1 would be a bad choice as the management VLAN. – A switch can be managed via HTTP. . • VLAN 1 is normally used as the default VLAN. • VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the . you wouldn't want an arbitrary user connecting to a switch to default to the management VLAN. SSH.

Voice VLAN • It is easy to appreciate why a separate VLAN is needed (VoIP).Types of VLANs . • VoIP traffic requires: – Assured bandwidth to ensure voice quality – Transmission priority over other types of network traffic – Ability to be routed around congested areas on the network – Delay of less than 150 milliseconds (ms) across the network .

.

Benefits of VLAN .

Benefits of VLAN .Cost savings result from less need for expensive network upgrades and more efficient use of existing bandwidth and uplinks. . – Faculty computers are on VLAN 10 and completely separated from student and guest data traffic. . decreasing the chances of confidential information breaches.Groups that have sensitive data are separated from the rest of the network.

Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm.Benefits of VLAN . – In the figure you can see that although there are six computers on this network.Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. and Guest. there are only three broadcast domains: Faculty. Student. . .

VLANs make it easier to manage the network because users with similar network requirements share the same VLAN. for easy identification VLAN 20 could be named "Student". – When you provision a new switch." . all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. – In the figure. – It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name. VLAN 10 could be named "Faculty".Benefits of VLAN . and VLAN 30 "Guest.

– It is also easier to determine the scope of the effects of upgrading network services. an e-learning development platform for faculty. – Having separate functions makes managing a project or working with a specialized application easier. for example. .Benefits of VLAN VLANs aggregate users and network devices to support business or geographic requirements.

Summary • VLANs are separate broadcast domains that are not limited by physical configurations. and changing network configurations easier • VLAN information is communicated to switches using the VLAN trunking protocol (VTP) . adding. instead a VLAN is a logical broadcast domain implemented via one or more switches • Performance benefits associated with VLANs are derived from limiting the amount of broadcast traffic that would naturally pass through a switch without filtration • The enhanced flexibility to assign any port on any switch to a particular VLAN makes moving.