w3ch8

VLANs and Network Management

• VLANs (Virtual Local Area Networks) help manage broadcast traffic by forming multiple broadcast domains.
• Breaking up a large network into smaller independent segments reduces the amount of broadcast traffic each network device and network segment has to bear.
• VLANs can logically group networks to decouple users' network location from their physical location.

VLANs and IP Subnets

• VLANs are data link layer (OSI layer 2) constructs, analogous to Internet Protocol (IP) subnets, which are network layer (OSI layer 3) constructs.
• A one-to-one relationship often exists between VLANs and IP subnets, although it is possible to have multiple subnets on one VLAN.

Benefits of VLANs

• VLANs provide flexibility to adapt to changes in network requirements and allow for simplified administration.
• VLANs can be used to partition a local network into several distinctive segments, such as production, voice over IP, network management, storage area network (SAN), guest Internet access, and demilitarized zone (DMZ).

VLANs and Security

• VLANs can provide a measure of security with great flexibility for a comparatively low cost.
• However, VLANs as a security solution should be implemented with great care as they can be defeated unless implemented carefully.

VLANs in Cloud Computing

• In cloud computing, VLANs, IP addresses, and MAC addresses in the cloud are resources that end users can manage.
• Placing cloud-based virtual machines on VLANs may be preferable to placing them directly on the Internet.

Network Technologies with VLAN Capabilities

• Network technologies with VLAN capabilities include Asynchronous Transfer Mode (ATM), Fiber Distributed Data Interface (FDDI), Ethernet, HiperSockets, and InfiniBand.

VLAN Tagging

• IEEE 802.1Q and ISL (Inter-Switch Link) are two methods of VLAN tagging.
• IEEE 802.1Q uses a frame-internal field for tagging, while ISL uses an external tagging process that does not modify the Ethernet frame.

IEEE 802.1Q

• Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
• IEEE 802.1ad extends the number of VLANs supported by adding support for multiple, nested VLAN tags.
• IEEE 802.1aq (Shortest Path Bridging) expands the VLAN limit to 16 million.

Cisco Inter-Switch Link (ISL)

• ISL is a Cisco proprietary protocol used to interconnect switches and maintain VLAN information as traffic travels between switches on trunk links.
• ISL is available only on some Cisco equipment and has been deprecated.

Cisco VLAN Trunking Protocol (VTP)

• VTP is a Cisco proprietary protocol that propagates the definition of VLANs on the whole local area network.
• VTP is available on most of the Cisco Catalyst Family products.

Configuring VLANs

• VLANs can be configured using the vlan command in Cisco switches.
• VLANs can be verified using the show vlan brief command.
• VLANs can be removed using the no vlan command.

Configuring Voice and Data VLANs

• Voice and data VLANs can be configured on ports connected to phones using the switchport mode access and switchport voice vlan commands.
• The switchport access vlan command is used to configure the access VLAN for a port.
• The switchport voice vlan command is used to configure the voice VLAN for a port.

VLAN & Configuration

• A Virtual Local Area Network (VLAN) is a broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
• VLANs work by applying tags to network frames and handling these tags in networking systems, creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks.

VLAN Implementation

• To subdivide a network into VLANs, one configures network equipment, such as simpler equipment that partitions each physical port or more sophisticated devices that mark frames through VLAN tagging.
• VLANs share bandwidth, and a VLAN trunk can use link aggregation, quality-of-service prioritization, or both to route data efficiently.
• VLANs address issues such as scalability, security, and network management, and network architects set up VLANs to provide network segmentation.

VLAN Benefits

• VLANs can help manage broadcast traffic by forming multiple broadcast domains, reducing the amount of broadcast traffic each network device and network segment has to bear.
• VLANs can also help create multiple layer 3 networks on a single physical infrastructure.
• VLANs provide flexibility to adapt to changes in network requirements and allow for simplified administration.

VLAN Types and Applications

• VLANs can be used to partition a local network into several distinctive segments, such as:
  • Production
  • Voice over IP
  • Network management
  • Storage area network (SAN)
  • Guest Internet access
  • Demilitarized zone (DMZ)
• VLANs can be used in cloud computing to manage virtual machines and mitigate security issues.

VLAN History

• Dr. W. David Sincoskie invented VLANs by adding a tag to each Ethernet frame, allowing for the interconnection of multiple Ethernet networks.
• The IEEE 802.1Q-1998 standard described Ethernet VLANs, and IEEE 802.1ad extended this to allow nested VLAN tags.

VLAN Configuration

• VLANs can be configured using commands such as vlan 10 and switchport mode access to set up VLANs on a switch.
• Verification commands such as show vlan brief and show interface fa0/4 switchport can be used to check VLAN configuration.

Conclusion

• VLANs operate at the data link layer of the OSI model, and are used to divide a single broadcast domain into multiple broadcast domains.

VLAN & Configuration

Introduction to VLANs

• VLAN stands for Virtual Local Area Network.
• VLANs divide a single broadcast domain into multiple broadcast domains.
• VLANs work by applying tags to network frames and handling these tags in networking systems.

VLAN Implementation

• To subdivide a network into VLANs, network equipment is configured.
• VLAN tagging allows multiple VLANs to be transported over a single interconnect (trunk).
• VLANs address issues such as scalability, security, and network management.
• Network architects set up VLANs to provide network segmentation.
• Routers between VLANs filter broadcast traffic, enhance network security, perform address summarization, and mitigate network congestion.

VLAN Trunk

• A VLAN trunk is a network link carrying multiple VLANs, identified by labels (or tags) inserted into their packets.
• Trunks must run between tagged ports of VLAN-aware devices, often switch-to-switch or switch-to-router links.
• A router (Layer 3 device) serves as the backbone for network traffic going across different VLANs.

Protocols and Design

• The protocol most commonly used to support VLANs is IEEE 802.1Q.
• IEEE 802.1Q is a method of multiplexing VLANs that provides multivendor VLAN support.
• Other protocols include Cisco Inter-Switch Link (ISL), 3Com's Virtual LAN Trunk (VLT), and GARP VLAN Registration Protocol (GVRP) or Multiple VLAN Registration Protocol (MVRP).

VLAN Membership

• VLAN membership can be established either statically or dynamically.
• Static VLANs are also referred to as port-based VLANs.
• Dynamic VLANs are created using software or by protocol.
• VLAN Management Policy Server (VMPS) allows administrators to assign switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device.

VLAN Configuration

• VLAN configuration involves creating a VLAN, naming it, and assigning ports to the VLAN.
• VLAN configuration can be verified using the show vlan brief command.

Verifying VLANs

• The show vlan brief command displays information about VLANs, including VLAN name, status, and ports.
• The show interface command displays information about a specific interface, including switchport mode, access mode VLAN, and voice VLAN.

VLANs and their History

• VLANs were invented by Sincoskie to alleviate the bottleneck problem caused by centrally located switches in a fault-tolerant network.
• Sincoskie added a tag to each Ethernet frame, which is now known as the IEEE 802.1Q header or VLAN tag.

VLAN Configuration and Design

• VLANs operate at the data link layer of the OSI model.
• VLANs can be used to separate broadcast domains across one physical medium.
• VLANs can also serve to restrict access to network resources without regard to physical topology.
• Administrators often configure a VLAN to map directly to an IP network or subnet.
• VLANs within the same organization will typically be assigned different non-overlapping network address ranges.
• It is not possible to route data between two networks with overlapping addresses without IP remapping.

VLAN Trunks and Switch Management

• A trunk denotes a network link carrying multiple VLANs, which are identified by labels inserted into their packets.
• Trunks must run between tagged ports of VLAN-aware devices.
• A router (Layer 3 device) serves as the backbone for network traffic going across different VLANs.
• Switches typically have no built-in method to indicate VLAN to port associations to someone working in a wiring closet.

VLAN Protocols and Design

• The protocol most commonly used to support VLANs is IEEE 802.1Q.
• IEEE 802.1Q provides multivendor VLAN support.
• Prior to the introduction of the 802.1Q standard, several proprietary protocols existed, such as Cisco Inter-Switch Link (ISL) and 3Com's Virtual LAN Trunk (VLT).
• IEEE 802.1Q tagging allows for explicit tagging of frames with VLAN information.

IEEE 802.1Q and its Limitations

• Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
• This does not impose the same limit on the number of IP subnets in such a network since a single VLAN can contain multiple IP subnets.
• IEEE 802.1ad extends the number of VLANs supported by adding support for multiple, nested VLAN tags.
• IEEE 802.1aq (Shortest Path Bridging) expands the VLAN limit to 16 million.

Cisco Proprietary Protocols

• Inter-Switch Link (ISL) is a Cisco proprietary protocol used to interconnect switches and maintain VLAN information as traffic travels between switches on trunk links.
• ISL is provided as an alternative to IEEE 802.1Q.
• VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of VLANs on the whole local area network.