You are on page 1of 55

VLAN
• VLAN is a broadcast domain • Grouped based on logical function, department or application • Traffic can be switched between VLANS with a router and traffic between switches (trunks) is tagged (802.1q) or encapsulated (ISL) to identify VLAN membership

VLAN
• VLANs can logically segment users into different subnets (broadcast domains) • Broadcast frames are only switched on the same VLAN ID. • Users can be logically group via software based on:
– – – – port number MAC address protocol being used application being used

LAN VS. VLAN

.

VLAN introduction

• VLANs provide segmentation based on broadcast domains. • VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. • All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

even if they share a common infrastructure with other VLANs. • You can also use a VLAN to to support the growing reliance of companies on home-based workers. • These VLANs allow the network administrator to implement to particular groups of users. you can based on functions.VLAN Overview • A VLAN allows a network administrator to . • Using VLANs. . or project teams. departments.

VLAN • A VLAN is . • VLANs allow multiple IP networks and subnets to exist on the same switched network. . each . • The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. • For computers to communicate on the same VLAN.

VLANs • Divides switch into two or more “virtual” switches with separate broadcast domains • Achieved by manual configuration through the switches’ management interface • Only that switch will be segmented .

Multiple VLANs in One Switch • Multiple VLANs can be defined on the same switch .

Why VLANs? • Lots of broadcast traffic wastes bandwidth – VLANs create separate broadcast domains • • • • • Microsoft Networking Novell Networking NetBEUI IP RIP Multicast (sometimes acts like broadcast) • VLANs can span multiple switches and therefore create separate broadcast domains that span multiple switches .

Virtual LANs (continued) .

Virtual LANs (continued) .

. • Link Multiplexing – slower speed technologies share the high-bandwidth uplink – multiple IP subnets on one physical link with layer 3 switching ..More Reasons.

.And One More Reason. Sensitive accounting data transmitted over the network will only be seen by devices in the accounting VLAN... – Traffic is only seen by who it is intended for • example: Two separate VLANs. one for accounting and one for sales.

– Within the switch. you have VLAN1 and VLAN2. .Router’s Role • Provides connection between different VLANs • For example. users on VLAN1 can email users on VLAN2 but they need a router to do it. users on separate VLANs cannot talk to each other (benefit of a VLAN!) – However.

2.0.1.3.0. • What are the broadcast domains in each? 10. Still.0.2. Switch is configured with the ports on the appropriate VLAN.0. each group is on a different IP network and on a different switch. .0/16 One link per VLAN or a single VLAN Trunk (later) 10. however.0/16 10.0/16 10.Broadcast domains with VLANs and routers .1.3. each group on a different IP network. They are all on the same switch.0/16 10.0.0/16 2) With VLANs 10.0/16 .0.

Reasons For Standardizing VLANs • Old implementations could only be defined in one switch • To connect a VLAN to another network. each VLAN needed a router port • The only multi-switch VLANs were proprietary: – – – – Cisco: ISL Bay: Lattisspan 3Com: VLT Cabletron: SecureFast .

1Q compliant switches .Standards Based VLANs • Includes definition for a new GARP application called GVRP (GARP VLAN Registration Protocol) – Propagate VLAN registration across the net • Associate incoming frames with a VLAN ID • De-associate outgoing frames if necessary • Transmit associated frames between VLAN 802.

Basic VLAN Concepts • Port-based VLANs – Each port on a switch is in one and only one VLAN (except trunk links) • Tagged Frames – VLAN ID and Priority info is inserted (4 bytes) • Trunk Links – Allow for multiple VLANs to cross one link • Access Links – The edge of the network. where legacy devices attach • Hybrid Links – Combo of Trunk and Access Links • VID – VLAN Indentifier .

Tagged Frames • 4 Bytes inserted after Destination and Source Address • Tagged Protocol Identifier (TPID) = 2 Bytes (x8100) – length/type field • Tagged Control Information (TCI) = 2 Bytes – contains VID .

VLAN Trunk . • A VLAN trunk allows you to extend the VLANs across an entire network. • Ethernet trunks carry the traffic of multiple VLANs over a single link. such as a router or a switch. . • Cisco supports for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces.

.carries Tagged frames ONLY.Trunk Link • Attaches two VLAN switches .

and removes Tags when transmitting frames.the VLAN switch adds Tags to received frames.Access Links • Access Links are Untagged for VLAN unaware devices . .

ALL VLAN-unaware devices are in the same VLAN .Hybrid Links • Hybrid Links .

Benefits of VLANs • VLANS provide the following benefits – It is easier to add and move stations on the LAN – It is easier to reconfigure the LAN – There is better traffic control – There is increased security .

Static VLANs • VLANs can be configured dynamically or statically • Static VLANs are configured port-by-port • Dynamic VLAN ports automatically learn their VLAN assignment – Software database of MAC address-to-VLAN mappings .Dynamic vs.

1q • Also known as frame identification • Adds a four-byte field to Ethernet frame – Inter-Switch Link (ISL) protocol • Cisco proprietary frame-tagging method • 26 byte header .VLAN Standardization • Frame filtering – – – – Frames can be separated into VLANs MAC addresses Network-layer protocol type Application type • Frame tagging – IEEE 802.

Creating VLANs • VLAN configuration – – – – – – Rm410HL#vlan database Rm410(vlan)#vtp domain hudlogic Rm410(vlan)#vtp server Rm410(vlan)#vlan 2 name production Rm410(vlan)#vlan 3 name accounting Rm410(vlan)#vlan 4 name marketing .

Creating VLANs (continued) • VLAN configuration (continued) – – – – – – Rm410#configure terminal Rm410(config)#interface f0/1 Rm410(config-if)#switchport mode trunk Rm410(config-if)#exit Rm410(config)#interface f0/2 Rm410(config-if)#switchport access vlan 1 .

Link Types And Configuration • Two types of links • Trunk links – – – – Switch-to-switch links Switch-to-router links 100 Mbps links 1 Gbps links • Access links – Non-VLAN aware devices .

Link Types And Configuration (continued) • Trunk links have five states – – – – – Auto Desirable Non-negotiate Off On • Rm410(config)#interface f0/1 • Rm410(config-if)#switchport mode trunk .

Trunking Protocol • VLAN trunking protocol – Layer 2 messaging protocol – Manages all changes to the VLANs across networks • VTP domains – VTP devices are organized in to domains – Switches can only belong to one domain .

Trunking Protocol (continued) • VTP device modes – Server • Rm410(vlan)# vtp server – Client • Rm410(vlan)# vtp client – Transparent • Rm410(vlan)# vtp transparent • Default to server mode • VTP pruning – Reduces the number of VTP updates on trunk link – Rm410(vlan)# vtp pruning .

Routers and VLANs • • • • Increase security Manage traffic between VLANs Subinterfaces Access-lists .

0 – Router(config-subif)# encapsulation isl 1 – Router(config-if)# exit – Router(config)# interface e0.1 255.255.1 255.1 – Router(config-subif)# ip address 164.2.255.106.2 – Router(config-subif)# ip address 164.Routers and VLANs (continued) • Enable inter-VLAN communication between VLAN 1 and VLAN 2 – Router(config)# interface e0.255.0 – Router(config-subif)# encapsulation isl 2 .1.106.255.

Routers and VLANs (continued) .

COMN B/w SWs .

Comn between SWs .

.

Types of VLANs .

Types of VLANs .Data VLAN a VLAN that is configured to carry only user-generated traffic. • It is common practice to separate from data traffic. • A data VLAN is sometimes referred to as a .

Default VLAN • All switch ports become – Having all the switch ports participate in the default VLAN makes them all part of the same broadcast domain. . – The default VLAN for Cisco switches is VLAN 1. – This allows any device connected to any switch port to communicate with other devices on other switch ports.Types of VLANs. – VLAN 1 has all the features of any VLAN. except that you cannot rename it and you can not delete it.

and S3 switches. will always be associated with VLAN 1 . this entails configuring all the ports on the switch to be associated with a default VLAN other than VLAN 1. – It is a security best practice to change the default VLAN to a VLAN other than VLAN 1.this cannot be changed.Types of VLANs. S2. .Default VLAN . VLAN 1 traffic is forwarded over the VLAN trunks connecting the S1. – In the figure.

• The 802.Native VLAN • An 802. the native VLAN is VLAN 99.Types of VLANs . . • In the figure.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). • Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN.1Q trunk port places untagged traffic on the native VLAN.

• It is a best practice to use a VLAN other than VLAN 1 as the native VLAN. a native VLAN serves as a common identifier on opposing ends of a trunk link.Types of VLANs . .Native VLAN specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. • For our purposes.

SSH. • VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the . • You assign the management VLAN an IP address and subnet mask. Telnet. or SNMP. • VLAN 1 is normally used as the default VLAN. – A switch can be managed via HTTP.Management VLAN is any VLAN you configure to access the management capabilities of a switch.Types of VLANs . . – VLAN1 would be a bad choice as the management VLAN. you wouldn't want an arbitrary user connecting to a switch to default to the management VLAN.

Types of VLANs .Voice VLAN • It is easy to appreciate why a separate VLAN is needed (VoIP). • VoIP traffic requires: – Assured bandwidth to ensure voice quality – Transmission priority over other types of network traffic – Ability to be routed around congested areas on the network – Delay of less than 150 milliseconds (ms) across the network .

.

Benefits of VLAN .

– Faculty computers are on VLAN 10 and completely separated from student and guest data traffic. .Groups that have sensitive data are separated from the rest of the network. . decreasing the chances of confidential information breaches.Benefits of VLAN .Cost savings result from less need for expensive network upgrades and more efficient use of existing bandwidth and uplinks.

– In the figure you can see that although there are six computers on this network.Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm. and Guest. there are only three broadcast domains: Faculty. Student. . .Benefits of VLAN .Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance.

" . – In the figure. for easy identification VLAN 20 could be named "Student".VLANs make it easier to manage the network because users with similar network requirements share the same VLAN. all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. VLAN 10 could be named "Faculty". – It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name. and VLAN 30 "Guest.Benefits of VLAN . – When you provision a new switch.

an e-learning development platform for faculty. . for example. – It is also easier to determine the scope of the effects of upgrading network services.Benefits of VLAN VLANs aggregate users and network devices to support business or geographic requirements. – Having separate functions makes managing a project or working with a specialized application easier.

Summary • VLANs are separate broadcast domains that are not limited by physical configurations. adding. instead a VLAN is a logical broadcast domain implemented via one or more switches • Performance benefits associated with VLANs are derived from limiting the amount of broadcast traffic that would naturally pass through a switch without filtration • The enhanced flexibility to assign any port on any switch to a particular VLAN makes moving. and changing network configurations easier • VLAN information is communicated to switches using the VLAN trunking protocol (VTP) .