Network&Communication(3).pdf

Full Transcript

Computer Network & Communication(3)

By Eng. Ghifar awadalla
 VLANs (Virtual LANs)

What is a VLAN?
VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain VLANs are usually
configured on switches by placing some interfaces into one broadcast domain and some interfaces into
another. Each VLAN acts as a subgroup of the switch ports in an Ethernet LAN.
VLANs can spread across multiple switches, with each VLAN being treated as its own subnet or broadcast
domain. This means that frames broadcasted onto the network will be switched only between the ports within
the same VLAN.

2
Introduction to VLANs:

A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if
they are not connected to the same switch. Here are the main reasons why VLANs are used:
VLANs increase the number of broadcast domains while decreasing their size.
VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches
flood.
you can keep hosts that hold sensitive data on a separate VLAN to improve security.
you can create more flexible network designs that group users by department instead of by physical location.
network changes are achieved with ease by just configuring a port into the appropriate VLAN.

3
VLAN Overview

Segmentation

Flexibility

Security

A VLAN = A Broadcast Domain = Logical Network (Subnet)

4
Introduction to VLANs:
The following topology shows a network with all hosts inside the same VLAN:

5
Introduction to VLANs:

Without VLANs, a broadcast sent from host A would reach all devices on the network. Each device will receive and
process broadcast frames, increasing the CPU overhead on each device and reducing the overall security of the
network.
By placing interfaces on both switches into a separate VLAN, a broadcast from host A would reach only devices
inside the same VLAN, since each VLAN is a separate broadcast domain. Hosts in other VLANs will not even be aware
that the communication took place. This is shown in the picture below:

6
 Introduction to VLANs:
This is shown in the picture below:

By Eng: Zain 7
 How VLANs Simplify Network Management
❑If we need to break the broadcast domain we need to connect a router

❑By using VLAN’s we can divide Broadcast domain at Layer-2

❑A group of users needing high security can be put into a VLAN so that no users outside of the VLAN
can communicate with them.

❑As a logical grouping of users by function, VLANs can be considered independent from their physical
locations.

8
VLAN Memberships
❑VLAN created based on port is known as Static VLAN.

❑VLAN assigned based on hardware addresses into a database, is called
a dynamic VLAN

9
VLAN Membership Modes

10
VLAN Operation

❑VLANs can span across multiple switches.
❑Trunks carry traffic for multiple VLANs.
❑Trunks use special encapsulation to distinguish between
different VLANs.

11
Access and trunk ports:
The following picture illustrates the difference:

In the example network pictured above, the switch ports connected to workstations would be
configured as access ports. The ports that connect switches together would be configured as trunk
ports.

12
Access and trunk ports:

If you intend to use VLANs in your network, you will need to configure some ports on a switch as access ports and
other as trunk ports. Here is a description each port type:
access port – a port that can be assigned to a single VLAN. This type of interface is configured on switch ports
that are connected to end devices such as workstations, printers, or access points.
trunk port – a port that is connected to another switch. This type of interface can carry traffic of multiple
VLANs, thus enabling you to extend VLANs across your entire network. Frames are tagged by assigning a VLAN
ID to each frame as they traverse between switches.

13
Access links

14
Trunk links

15
 Frame Tagging
Can create VLANs to span more than one connected switch
Hosts are unaware of VLAN
When host A Create a data unit and reaches switch, the switch adds a Frame tagging to identify the VLAN
Frame tagging is a method to identify the packet belongs to a particular VLAN
Each switch that the frame reaches must first identify the VLAN ID from the frame tag
It finds out what to do with the frame by looking at the information in the filter table
Once the frame reaches an exit to an access link matching the frame’s VLAN ID, the switch removes the VLAN
identifier

16
 Frame Tagging Methods

❑There are two frame tagging methods
Inter-Switch Link (ISL)
IEEE 802.1Q
❑Inter-Switch Link (ISL)
proprietary to Cisco switches
used for Fast Ethernet and Gigabit Ethernet links only
❑IEEE 802.1Q
Created by the IEEE as a standard method of frame tagging
it actually inserts a field into the frame to identify the VLAN
If you’re trunking between a Cisco switched link and a different brand
of switch, you have to use 802.1Q for the trunk to work.

17
ISL Tagging
ISL trunks enable VLANs across a backbone.

❑Performed with ASIC
❑ISL header not seen by
client
❑Effective between
switches, and between
routers and switches

18
VLAN Configuration on Cisco IOS Switch:

By default, all ports on a switch are in the VLAN 1. We can verify that by typing the show vlan command
from the IOS enable mode of a switch:

19
VLAN Configuration on Cisco IOS Switch:

Let’s start with a simple example. H1 and H2 are connected to SW1.
First we will look at the default VLAN configuration on SW1:

Interesting…VLAN 1 is
the default LAN and
you can see that all
active interfaces are
assigned to VLAN 1.

20
VLAN Configuration on Cisco IOS Switch:

Two steps are required to create a VLAN and assign a switch port to the VLAN:
create a vlan using the vlan NUMBER global mode command
assing a port to the VLAN by using two interface subcommands.
The first command is the switchport mode access command. This command specifies that the
interface is an access interface.
The second command is the switchport access vlan NUMBER command. This command assigns the
interface to a VLAN.

21
VLAN Configuration on Cisco IOS Switch:

Create a VLAN

This is how you create a new VLAN. If you want you can give it a name but this is optional. I’m calling my
VLAN “Computers”.
To verify this, we can again use the show vlan command:

22
VLAN Configuration on Cisco IOS Switch:

Create a VLAN
To verify this, we can again use the show vlan command:

VLAN 50 was created on SW1 and you can see that it’s active. However no ports are currently in VLAN 50.
Let’s see if we can change this…
23
Cisco Certified Network Associate (CCNA 200-301)

VLAN Configuration on Cisco IOS Switch:

Assign a port to the VLAN

First I will configure the switchport in access mode with the switchport mode access command. By
using the switchport access vlan command we can move our interfaces to another VLAN.

24
VLAN Configuration on Cisco IOS Switch:

Assign a port to the VLAN
To verify this, we can again use the show vlan command:

First I will configure the switchport in access mode with the switchport mode access command. By
using the switchport access vlan command we can move our interfaces to another VLAN.
25
VLAN Configuration on Cisco IOS Switch:

NOTE
Interesting…VLAN 1 is the default LAN and you can see that all active interfaces are assigned to VLAN 1.
VLAN information is not saved in the running-config or startup-config but in a separate file called
vlan.dat on your flash memory.
If you want to delete the VLAN information you should delete this file by typing delete flash:vlan.dat. I
configured an IP address on H1 and H2 so they are in the same subnet.

Switch#show flash:
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
26