vlan
TRANSCRIPT
VIRTUALVIRTUAL LAN LAN_mynk
What is LAN ?A LAN is a local area network and is defined as all devices in the same broadcast domain.
It works within campus or building of up to 5 km. Its speed is 10mbps to 100mbps.
What is VLAN?What is VLAN?
• A VLAN is a grouping of computers that is logically segmented by functions, project teams, or applications without regard to the physical location of users.
As I said, a VLAN is a virtual LAN.
In technical terms, a VLAN is a broadcast domain
created by switches.
Normally, it is a router creating that broadcast domain.
With VLAN’s, a switch can create the broadcast domain
Broadcast Domain?
A broadcast domain is a network segment in which any network device can transmit data directly to another device without going through a router
A layer 3 device breaks up a broadcast domain
6
Traditional LAN
A traditional LAN would require all users of the same requirements and same IP subnet (broadcast domain) be connected to the same equipment.
7
How can devices on different VLAN’s communicate ? Devices on different VLAN’s can
communicate with a router or a Layer 3 switch.
As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.
How VLANs Work?
VLANs are identified by a number Valid ranges 1-4094
On a VLAN-capable switch, you assign ports with the appropriate VLAN number
The switch then only allows data to be sent between ports with the same VLAN
11
How VLANs Work?
Since almost every network is larger than a single switch, there needs to be a way to have traffic sent between two different switches
One way to do it is to assign a port on each switch with a VLAN and run a cable between the switches
12
How VLANs work?
For example, if there were 6 hosts on each switch on 6 different vlans, you would need 6 ports on each switch to connect the switches together. This would mean that if you had 24 different vlans you could only have 24 hosts on a 48 port switch
13
How VLANs work?
There was a standard develop to make it so that a single connection between two switches could be used to send traffic for all vlans
802.1q – Provides a VLAN tag in front of the Layer 2 frame
14
Benefits of VLANs
15
Benefits of VLANs Geographically separated users on the same IP
subnet (broadcast domain)
Limit the size of broadcast domains and limit broadcast activity
Security benefits by keep hosts separated by VLAN and limiting what devices can talk to those hosts
16
Benefits of VLANs Cost savings as you don’t need additional
hardware and cabling
Operational benefits because changing a user’s IP subnet (Broadcast Domain) is in software
17
Need for VLAN
By the 1980's, most networks consisted of a simple, hierarchical arrangement in which multiple, shared-media networks were connected by a router.
Unfortunately, traditional routers were slow, complicated and expensive.
You need to consider using VLAN’s in any of the following situations:
You have more than 200 devices on your LAN
Groups of users need to be on the same broadcast domain because they are running the same applications.
Or, just to make a single switch into multiple virtual switches.
As the need for faster networks emerged, a new solution was Needed
VLANs: Different Models
Port-based VLANs
In this implementation the administrator assigns each port of a switch to a vLAN .
The switch determines the VLAN membership of each packet by noting the port on which it arrives
When a user is moved to a different port of the switch, the administrator can simply reassign the new port to the user's old
VLAN.
The network change is then completely transparent to the user, and the administrator saves a trip to the wiring closet.
However, this method has one significant drawback.
If a repeater is attached to a port on the switch, all of the users connected to that repeater must be members of the same VLAN.
MAC address-based VLANs-
The VLAN membership of a packet in this caseIs determined by its source or destination MAC
address. Each switch maintains a table of MAC addresses and
their corresponding VLAN memberships. A key advantage of this method is that the switch
doesn't need to be reconfigured when a user moves to a different port
Layer 3 (or protocol)-based Layer 3 (or protocol)-based VLANsVLANsWith this method, the VLAN membership of a
packet is based on protocols (IP, IPX, NetBIOS, etc.) and Layer 3 addresses.
This is the most flexible method and provides the most logical grouping of users.
Additionally, protocol-based membership allows the
administrator to assign non-routable protocols, such as
NetBIOS or DECnet, to larger VLANs than routable
protocols like IPX or IP.
What do VLAN’s offer?What do VLAN’s offer?
VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts.
As the amount of traffic and the number of devices grow, so does the number of broadcast packets.
By using VLAN’s you are containing broadcasts
Advantages of VLANs
Number of devices for a specific network topology reduced.
Managing of physical devices becomes less complex.
Increased security options by separation and specific frame delivery
Disadvantages / Security Issues VLANs rely on switches to do the right thing. Packet leaks from one VLAN to the next. Injected packet meant for an attack. Solved by IPsec
