Vlan & Switch Basic

7/28/2019 Vlan & Switch Basic

http://slidepdf.com/reader/full/vlan-switch-basic 1/41

3-1CSE: Networking Fundamentals—TCP/IP ©1999, Cisco Systems, Inc.www.cisco.com

© 2002, Cisco Systems, Inc. All righ ts reserved.



©1999, Cisco Systems, Inc.www.cisco.com

Understanding

Virtual LANs

Understanding

Virtual LANs




Virtual LANs

• One broadcast domain

within a switch

• VLANs help managebroadcast domain

• Can be defined onport groups, users, or protocols

• LAN switches andnetwork managementsoftware provide a

mechanism to createVLANs

Server Farm

VLAN 1

VLAN 2

VLAN 3


http://slidepdf.com/reader/full/vlan-switch-basic 4/413-4CSE: Networking Fundamentals—TCP/IP ©1999, Cisco Systems, Inc.www.cisco.com

VLAN DefinitionVLAN Definition

•VLAN is defined as logical grouping

of network resources & User connected to predefined ports on aSwitch, defined by Administrator.



•VLANs are used to create smaller broadcast domain within a switch.

• A Single VLAN is treated as a separatesubnet or broadcast domain.

VLAN



•In layer 2 switched network, broadcast packet transmittedarrives at every device on the network , whether intended or

not for that device



Drawback of Layer 2 Switched

Network.

Drawback of Layer 2 Switched

Network.

• Larger the number of Devices and Users,the more broadcasts and packets are to behandle by each device

• Lack of Security, the only security isassigning passwords on the Servers andother devices.

The Solution is VLAN



Remove the Physical

BoundariesEngineering Marketing Acctg.

Floor 3

Floor 2

Floor 1

• Group users by department, team, or application

• Routers provide communication between VLANs



VLAN Benefits

• Reduced administrative costs

– Simplify moves, adds, and changes

• Efficient bandwidth util ization

– Better control of broadcasts

• Improved network security– Separate VLAN group for high-security users

– Relocate servers into secured locations

• Scalabil ity and performance

– Microsegment with scalabil ity

– Distribute traffic load



Advantages of VLAN Advantages of VLAN

•Broadcast Control: Multimedia applicationsuse broadcasts and multicast heavily,moreover, faulty equipment, inadequate

segmentation and poorly designedFirewalls can be major players for theabove problem.

•Switches forwards broadcasts to allsegments and hence called as Flat Networkbecause it is one Broadcast Domain



Solution :Solution :

• It is the job of the Administrator to properly

do the segmentation of the network toavoid problem from propagatingthroughout the Network.

• Devices in a particular VLAN are membersof same Broadcast Domain and so theyreceive all broadcast .

Note: Routers are used along with Switchesto provide connection between VLANswhich stops broadcast from propagatingthroughout the entire internetwork.




Security : can be implemented by connecting

hubs and Switches along with routers.But,

Security : can be implemented by connecting

hubs and Switches along with routers.But,

• Anyone connecting to the Physicalnetwork can gain access to the networkresources.

• Plugging a network Analyzer could havedisplayed entire traffic of that network toan intruder.

• Joining a workgroup was as easy asplugging the intruder’s workstation intoexisting Hub.




Solution :Solution :

• Creation of VLANs and multiple broadcastgroups, empowers the Administrator tohave control over each port and user.

• Groups are created based on usersrequirement for network resources.

• If configured, unauthorized access of thenetwork resources will be reported to thenetwork management station by Switches.




Contd..

•In case of Inter-VLAN communication,restriction are implemented on the router.

•Restriction can also be placed on the

Hardware address, Protocols and Application




Flexibility and ScalabilityFlexibility and Scalability

• Layer 2 Switches only read Frames for filtering,

which causes it to forward all Broadcasts.So, creating VLAN, means creating more

Broadcast Domains.

• Assigning Switch ports or users to VLAN groupson a switch or switch fabric, you have the option toadd selected users in the broadcast domain.

This stops Broadcast Storms caused by faultyNetwork Interface Card (NIC) or applications.

• VLAN can be kept on multiplying in order to

efficiently util ize the bandwidth.




Functioning of VLANsFunctioning of VLANs

•Scenario: A collapsed Backbone.




Contd..

•With reference to the figure, each networkis attached to the router having its own

logical network number.

•Each node attached to a particular network

must match that network number in order tocommunicate on the internetwork.







Contd..

•With reference to the figure, Switchesremoves the physical boundaries,

creating greater flexibility andscalability than router.

•You can group users intocommunities, which are known asVLAN Organization.




•With reference to the figure there are four

VLANs or broadcast domain. Node withina particular VLAN can communicate witheach other, but not with any other VLAN

or node in other VLAN.

So, communication between VLAN is

only possible through a Layer 3 device.

Contd..




VLAN MembershipVLAN Membership

• Administrator are responsible for

creating VLANs, which are further assigned to Switch ports.

Vlan Membership can beconfigured as Static or Dynamic.




Static VLANStatic VLAN

•This is the basic and most secure type for creating VLAN.

•Port assignment associated with a VLAN ismaintained until and unless modified by the Administrator.

•This type of VLAN configuration is easy toSetup and Monitor.




Dynamic VLANDynamic VLAN

• Using intelligent management software,you can enable MAC address, Protocols or

even Application to create DynamicVLANs.

• For e.g. MAC address might be fed into acentralized VLAN management application,Now if a node is attached to an unassignedport, the VLAN management database will

lookup the MAC address and assign andconfigure the Switch port to correct VLAN. Again, if the user moves, the Switch will

automatically assign them to correctVLAN.




VLAN IdentificationVLAN Identification

•VLAN can span multiple connectedswitches.

•Switches must keep a track of Frames andwhich VLAN, these Frame belong to.

Frame Tagging performs this function.

Establishing VLANEstablishing VLAN




Establishing VLAN

Membership

Establishing VLAN

Membership Approaches Can Vary Performance

Port-Based

VLAN 1

VLAN 2

VLAN 3

Layer 3-Based

Subnet

198.22.xx

VLAN 1 VLAN 2

Subnet

198.21.xx

VLAN 2

MAC-Based

VLAN 1

MAC

Addresses

MAC

Addresses

•Port driven

•

MAC address driven•Network address

driven

• Application typedriven




Membership by Port

VLAN 2VLAN 1

VLAN 3

Maximizes Forwarding Performance

• Users assigned by portassociation

• Requires no lookup if

done in ASICs• Easily administered via GUIs

• Maximizes security between

VLANs

• Packets do not “ leak” intoother domains

• Easily controlled across network

Communicating Between




Two Physical Topology Approaches

Communicating Between

VLANs

• Layer 3 linksVLANs together

• Adds additional security

and management• Logical links conserve

physical ports

• Multimode, dependingon protocol

• Controls access by VLAN

• Up to 255 VLANs per router

VLAN 2

VLAN 3

VLAN 1

Cisco InternetworkingSoftware

VLANs 1, 2, 3

LogicalCommunication

Physical Linkper VLAN



©1999, Cisco Systems, Inc.www.cisco.comwww.cisco.com©1999, Cisco Systems, Inc.

VLAN TechnologiesVLAN Technologies

I t S it h Li k




Inter-Switch Link

VLAN Tag Addedat Incoming Port

VLAN Tag Strippedby Forwarding Port

Inter-Switch Link(ISL) Carries

VLAN Identifier

• Interconnects multipleswitches and maintains VLAN

information as traffic goesbetween switches

• Establishes membershipthrough ASICs

• Labels each packet asreceived (“ packet tagging” )

• Eliminates lookups and tables

• Transports multiple VLANsacross links

• Protocol, endstation-

independent• Easily managed

• 802.10

•• ISLISL• 802.1Q

• LANE

VLAN St d di ti




VLAN Standardization

Packet Tagging as Common VLAN Exchange

Level-1 Explicit Tagging

SRC

DES SRC

Data

DES

DES SRC

FCSFCS

FCS DES SRC FCS

VLAN ID

• Wide vendor endorsement for 802.1Q tagging standard• Cisco supports across Fast Ethernet, Gigabit uplinks

• Cisco maps ISL to 802.1Q dynamically with VTP

VLAN Standard




VLAN StandardImplementation

802.1Q

• Cisco environmentuses ISL

• Vendor environment

uses an existing, yetdifferent packet taggingmethod

• Interdomaincommunication based on802.1Q standard

Si Si

Cisco

Domain

Vendor X

Domain

ISL ?

Company ABC

Typical Environment

Types of Links in SwitchedTypes of Links in Switched




Types of Links in Switchedenvironment

Types of Links in Switchedenvironment

Access Links :

• These are part of only one VLAN and areknown as Native VLAN of the port.

• Device attached to these link are unaware

of VLAN membership.

• VLAN information from the frame areremove before it is set to an access linkdevice.

• Access link devices are not capable of

communicating to device outside the VLANunless the packet is routed thru a router.

T k Li kTr nk Links




Trunk Links :Trunk Links :

•Capable of carrying multiple VLANs

•Used to connect Switches to other

Switches or to Routers or evenServers

•Supported on Fast or Gigabit ether net only.

VLAN identification modesVLAN identification modes




VLAN identification modesVLAN identification modes

•TO identify which frames belongsto which VLAN, VLAN identification

is used.The multiple types of trunking methods are:

Inter Switch Link (ISL)Inter Switch Link (ISL)




Inter-Switch Link (ISL)Inter-Switch Link (ISL)

•Proprietary to Cisco Switches

•Used for Fast Ethernet and Gigabit

ethernet links only

•Used on a Switch port, Router interfaces and Server Interface Cardsto trunk a server.

IEEE 802 1qIEEE 802 1q




IEEE 802.1qIEEE 802.1q

• Created by IEEE as standard method for Frame Tagging.

• It inserts a field into Frame to identify theVLAN.

• When trunking between Cisco Switches

link and different brand of Switch, it ismandatory to use 802.1q for the trunk towork.

Inter Switch Link (ISL) ProtocolInter Switch Link (ISL) Protocol




Inter-Switch Link (ISL) ProtocolInter-Switch Link (ISL) Protocol

•ISL is an external tagging process,which means the original frame is notaltered but encapsulated with a new

26 byte ISL header.

•It also adds a second 4 byte FCS field

at the end of the frame.

DrawBackDrawBack




DrawBackDrawBack

• As the frame is encapsulated withinformation, only ISL devices can read it.

• Also, the frame can be up to 1522 byteslong, devices that receive an ISL frame mayrecord this as giant frame, as it is over the

maximum of 1518 bytes allowed on anethernet segment.

TRUNKINGTRUNKING




TRUNKINGTRUNKING

•Trunk Links are 100-1000 Mbps point-to-point l inks between two Switches, betweena Switch and Router or between Switch andServer.

•Trunk Links carry the traffic of multiple

VLANs, from 1 to 1005 at a time

•Cannot run Trunk Links on 10 Mbps.

Several Facts to remember Several Facts to remember




before configuring VLANbefore configuring VLAN

• The maximum number of VLANs is Switch-dependent.The 2950 switch supports 1005VLANs with a Spanning Tree support.

• VLAN1 is one of the factory default VLANs.

• CDP and VTP advertisements are sent onVLAN1.

• The 2950 switch IP address is in the VLAN1

broadcast domain.

• The Switch must be in VTP server mode or transparent mode to create,add, or deleteVLANs



3-41CSE: Networking Fundamentals—TCP/IP ©1999, Cisco Systems, Inc.www.cisco.com© 2002, Cisco Systems, Inc. All righ ts reserved.

Documents

Vlan & Switch Basic