vlans semester 3, chapter 3 allan johnson website: rosli/wres2108/index.htm
Post on 21-Dec-2015
215 views
TRANSCRIPT
VLANs
Semester 3, Chapter 3Allan Johnson
Website: http://perdana.fsktm.um.edu.my/~rosli/WRES2108/index.htm
Table of Contents
Virtual LANs (VLANs)
Segmentation with Switching Architecture
VLAN Implementation
Benefits of VLANs
Go There!
Go There!
Go There!
Go There!
Virtual LANs(VLANs)
Table of Contents
Existing Shared LAN Configurations
In a typical shared LAN... Users are grouped physically based on the hub they are
plugged into Routers segment the LAN and provide broadcast firewalls
In VLANs... you can group users logically by function, department or
application in use configuration is done through proprietary software
Segmentation with Switching Architecture
Table of Contents
Grouping Users
VLANs can logically segment users into different subnets (broadcast domains)
Broadcast frames are only switched between ports on the switch or switches with the same VLAN ID.
Users can be logically group via software based on:port numberMAC addressprotocol being usedapplication being used
Differences between LANs & VLANs
VLANs... work at Layer 2 & 3 control network
broadcasts allow users to be
assigned by net admin. provide tighter network
security. How?
VLANs Across the Backbone
VLAN configuration needs to support backbone transport of data between interconnected routers and switches.
The backbone is the area used for inter-VLAN communication
The backbone should be high-speed links, typically 100Mbps or greater
Router’s Role in a VLAN
A router provides connection between different VLANsFor example, you have VLAN1 and VLAN2. Within the switch, users on separate VLANs cannot talk to
each other (benefit of a VLAN!) However, users on VLAN1 can email users on VLAN2 but
they need a router to do it.
How Frames are Used in a VLAN
Switches make filtering and forwarding decisions based on data in the frame.There are two techniques used. Frame Filtering--examines
particular information about each frame (MAC address or layer 3 protocol type)
Frame Tagging--places a unique identifier in the header of each frame as it is forwarded throughout the network backbone.
More on Frame Tagging
Frame Tagging... is specified by IEEE 802.1q which states
frame tagging is the preferred way to implement VLANs
uniquely assigns a VLAN ID to each frame before it is forwarded across the backbone.
is understood by switches prior to any broadcasts or transmission to other switches or routers
places a tag in the frame...thus, frame tagging. So what layer?
is removed by the switch after frame exits the backbone and before frame is forwarded to the end station
VLAN Implementation
Table of Contents
Ports, VLANs, and Broadcasts
Three methods for implementing VLANs Port-Centric Static Dynamic
Each switched port can be assigned to a VLAN. This... ensures ports that do not share the same VLAN do not
share broadcasts. ensures ports that do share the same VLAN will share
broadcasts.
Benefits of Port-Centric VLANs
All nodes in the same VLAN are attached to the same router interface.
(Note: curriculum says “switched port”)
Makes management easier because...Users are assigned by
router portVLANs are easy to admin.provides increased securitypackets do not “leak” into
other domains
3 Port-Centric VLANs
Static VLANs
Defined Static VLANs are when
ports on a switch are administratively assigned to a VLAN
Benefits can be assigned by port,
address, or protocol type secure, easy to configure
and monitor works well in networks
where moves are controlled
Dynamic VLANs
DefinedSwitch ports can automatically determine a
user’s VLAN assignment based on either/or: MAC logical address protocol type
When a station is initially connected to an unassigned port, the switch checks an entry in the table and dynamically configures the port with the right VLAN
Benefits less administration (more upfront) when users
are added or movecentralized notification of unauthorized user
Benefits of VLANs
Table of Contents
VLANs Make Changes Easier
Traveling Users 20% to 40% of work force moves every year
net admin’s biggest headachelargest expense in managing networks. Moves may require...
recabling readdressing and reconfiguration
VLANs provide a way to control these costs. As long as the user still belongs to the same VLAN...simply configure the new switch port to that VLANrouter configuration remains intact
VLANs Control Broadcasts
Routers provide an effective firewall against broadcasts
Adding VLANs can extend a router’s firewall capabilities to the “switch fabric”
The smaller the VLAN, the smaller the number of users that are effected by broadcasts
VLANs Improve Security
Shared LANs are easy to penetrate...simply plug into the shared hub.
VLANs increase security by ...restricting number of users in a VLANpreventing user access without authorizationconfiguring all unused ports to the “Disabled” settingcontrol access by
addresses application types protocol types
VLANs Save Money
Hub Replacement & Segmentation The ports on a non-intelligent
hub can only be assigned one VLAN.
Replacing hubs with switches is relatively cheap compared to the benefit gained.
In the graphic, replacing the core hub in an extended star topology with a VLAN capable switch effectively microsegments one shared LAN into six.
Required Labs for this Chapter
Spend your lab time completing three of the four labs in this Chapter Lab 3.3.4.1--Creating VLANs Lab 3.3.4.2--Switch Management VLANs Lab 3.4.4.2--Multi-Switch VLANs
Recommendation: DO NOT TAKE THE TEST UNTIL YOU’VE COMPLETED
THE LABS!!
Table of Contents
End Slide Show