Module 8 VLANs (Virtual Local Area Network).pdf
Document Details
Tags
Full Transcript
VLANs (Virtual Local Area Network) What is a LAN? a LAN is a single broadcast domain, including all devices that broadcast domain. A broadcast domain is the group of devices which will receive a broadcast frame ( destination MAC FFFF.FFFF.FFFF) sent by any one of the members (devic...
VLANs (Virtual Local Area Network) What is a LAN? a LAN is a single broadcast domain, including all devices that broadcast domain. A broadcast domain is the group of devices which will receive a broadcast frame ( destination MAC FFFF.FFFF.FFFF) sent by any one of the members (devices). LANs/Broadcast Domains How many broadcast domain you can identify in this network? What is VLAN? Performance Lots of unnecessary broadcast traffic can reduce network performance. Security Limit the access Apply security policies on a router/firewall What is VLAN? VLANs are configured on switches on per-interface basis Logically separate end hosts at layer 2 Switches do not forward traffic directly between host in different VLANs. VLAN Configuration VLAN 1, 1002-1005 exist by default and cannot be deleted. VLAN Configuration Access port – is a switchport which belongs to a single VLAN, and usually connects to end hosts like PCS. Trunk port – switchports which carry multiple VLANs. VLAN Configuration VLAN Configuration Trunk Port In a small network with few VLANs, it is possible to use a separate interface for each VLAN when connecting switches to switches, and switches to routers. When the number of VLANs increases, this is not viable. It will result in wasted interfaces, and often routers won’t have enough interfaces for each VLAN. In this case you can use trunk port to carry traffic from multiple VLANs over a single interface. Trunk Port Switches will “tag” all frames that they send over a trunk link. This allow the receiving switches to know which VLAN the frame belongs to. Trunk ports is also known as tagged ports Access ports is also known as untagged ports VLAN Tagging Two main trunking protocols 1. ISL ( Inter-Switch Link)- old Cisco proprietary protocol 2. IEEE 802.1Q usually called dot1q – industry standard protocol Ethernet Header tag is 4 bytes (32bits ) in length Consist of two main fields 1. Tag Protocol Identifier (TPID) 2. Tag Control Information (TCI) – consists of three sub-fields. 802.1Q Tag – TPID ( Tag Protocol Identifier) 16 bits (2 bytes) in length Always set to a value of 0x8100 ( indicate that the frame is 802.1Q tagged) 802.1Q Tag – PCP (Priority Code Point) 3 bits in length Used for Class of Service (CoS), which prioritizes important traffic in congested networks. 802.1Q Tag – DEI (Drop Eligible Indicator) 1 bit in length Used to indicate frames that can be dropped if the network is congested. 802.1Q Tag – VID (VLAN ID) 12 bits in length Identifies the VLAN frame belongs to. 4096 total VLAN, range of 0-4095 VLANs 0 and 4095 are reserved and can’t be used, so the actual VLAN is 1-4094 VLAN Range VLAN range is divided into two section 1. Normal VLANs : 1-1005 2. Extended VLANs:1006-4094 Native VLAN 802.1Q has a feature called the native VLAN. The native VLAN is VLAN 1 by default on all trunk ports and can be manually configures on each trunk port. The switch does not add an 802.1Q tag to frames in the native VLAN. When a switch receives an untagged frame on a trunk port, it assumes the frames belongs to the native VLAN. It is very important that the native VLAN matches. Trunk Configuration Trunk Configuration Trunk Configuration VLAN Configuration VLAN Configuration Trunk Configuration Trunk Configuration Trunk Configuration Trunk Configuration Thank you…
