Week 13 Virtual LAN (VLAN) and Trunk PDF
Document Details
Uploaded by WarmheartedColumbus
Quezon City University
Tags
Summary
This presentation covers week 13's material on virtual LANs (VLANs) and trunking in networking, specifically focusing on the concepts, advantages, and operations related to VLANs in a computer science context. It also includes instructions for configuring VLANs.
Full Transcript
WEEK 13 Virtual Lan (VLAN) and Trunk NET102 – NETWORKING 2 To get familiar with CISCO 2960 series switch. Learn how to create and configure VLAN Understand the commands used in creating and...
WEEK 13 Virtual Lan (VLAN) and Trunk NET102 – NETWORKING 2 To get familiar with CISCO 2960 series switch. Learn how to create and configure VLAN Understand the commands used in creating and configuring VLAN. Understand the VLAN operations Know the types of VLANs Understand why Trunk is needed in VLAN Learn to assign port in VLAN Trunk 2 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk WHAT IS VLAN In simple terms, a VLAN is a set of workstations within a LAN that can communicate with each other as though they were on a single, isolated LAN. The purpose of VLANs The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. 3 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk Using VLANs to segment LANs As LANs became larger, data rates became faster, and users desired greater flexibility, the routers in a network started to become a bottleneck. This is because: routers typically forward data in software, and so are not as fast as switches splitting up a LAN using routers meant that a LAN typically corresponded to a particular physical location. This became limiting when many users had laptops, and wanted to be able to move between buildings, but still have the same network environment wherever they plugged in. So, switch vendors started implementing methods for defining “virtual LANs”—sets of switch ports, usually distributed across multiple switches, that somehow interacted as though they were in a single isolated LAN. This way, workstations could be separated off into separate LANs without being physically divided up by routers. 4 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk Advantages of using VLANs 1. Performance. As mentioned, routers that forward data in software become a bottleneck as LAN data rates increase. Doing away with the routers removes this bottleneck. 2. Formation of virtual workgroups. Because workstations can be moved from one VLAN to another just by changing the configuration on switches, it is relatively easy to put all the people working together on a particular project all into a single VLAN. They can then more easily share files and resources with each other. 3. Greater flexibility. If users move their desks, or just move around the place with their laptops, then, if the VLANs are set up the right way, they can plug their PC in at the new location, and still be within the same VLAN. This is much harder when a network is physically divided up by routers. 4. Ease of partitioning off resources. If there are servers or other equipment to which the network administrator wishes to limit access, then they can be put off into their own VLAN. Then users in other VLANs can be given access selectively. 5 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Operation Network administrators are responsible for configuring VLANs both manually and statically. 6 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Operation Each switch port could be assigned to a different VLAN. Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts. 7 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Operation Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, it queries a database within the switch for a VLAN membership. 8 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Operation In port-based or port-centric VLAN membership, the port is assigned to a specific VLAN membership independent of the user or system attached to the port. All users of the same port must be in the same VLAN. 9 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk Benefits of VLANs The key benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically. 10 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN types There are three basic VLAN memberships for determining and controlling how a packet gets assigned: Port-based VLANs MAC address based Protocol based VLANs 11 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN types Membership by Port 12 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN types Membership by MAC-Addresses 13 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Connections During the configuration of VLAN on port, you need to know what type of connection it has. Switch supports two types of VLAN connection Access link Trunk link Access link Access link connection is the connection where switch port is connected with a device that has a standardized Ethernet NIC. Standard NIC only understand IEEE 802.3 or Ethernet II frames. Access link connection can only be assigned with single VLAN. That means all devices connected to this port will be in same broadcast domain. For example twenty users are connected to a hub, and we connect that hub with an access link port on switch, then all of these users belong to same VLAN. If we want to keep ten users in another VLAN, then we have to purchase another hub. We need to plug in those ten users in that hub and then connect it with another access link port on switch. 14 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Connections Trunk link Trunk link connection is the connection where switch port is connected with a device that is capable to understand multiple VLANs. Usually trunk link connection is used to connect two switches or switch to router. Remember earlier in this article I said that VLAN can span anywhere in network, that is happen due to trunk link connection. Trunking allows us to send or receive VLAN information across the network. To support trunking, original Ethernet frame is modified to carry VLAN information. 15 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk What is a VLAN Trunk? VLAN trunking enables the movement of traffic to different parts of the network configured as a VLAN. A trunk is a point-to-point link between two network devices that carry more than one VLAN. With VLAN trunking, you can extend your configured VLAN across the entire network. Most Cisco switches support the IEEE 802.1Q used to coordinate trunks on FastEthernet and GigabitEthernet. The links between switches SW1 and SW2, SW1, and SW3 are configured as trunk links to enable traffic between VLAN 10, 20 and 30. This network simply could not function without VLAN trunks. 16 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration For example, let’s assume the following scenario: Accounting Department: IP Subnet 192.168.2.0/24 –> VLAN 2 Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3 Engineering Department: IP Subnet 192.168.4.0/24 –> VLAN 4 If you have more than one switch connected and you want the same VLANs to belong across all switches, then a Trunk Port must be configured between the switches. we have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2, therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch 1 to be able to communicate with hosts in VLAN4 in Switch 2. 17 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration The ports of the two switches shall be configured as following: SWITCH 1: Fe0/1 – Fe0/2 –> VLAN 2 (Accounting) Fe0/10 – Fe0/11 –> VLAN 4 (Engineering) Fe0/24 –> Trunk Port SWITCH 2: Fe0/1 – Fe0/2 –> VLAN 3 (Management) Fe0/10 – Fe0/11 –> VLAN 4 (Engineering) Fe0/24 –> Trunk Port 18 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Switch 1 Configuration: 1. Create VLANs 2 and 4 in the switch database using the CLI in Switch1. Switch1# configure terminal 2. Assign Ports Fe0/1 and Fe0/2 in VLAN 2 Switch1(config)# vlan 2 Switch1(config-vlan)# name Accounting Switch1(config)# interface fastethernet0/1 Switch1(config-vlan)# end Switch1(config-if)# switchport mode access Switch1(config)# vlan 4 Switch1(config-if)# switchport access vlan 2 Switch1(config-vlan)# name Engineering Switch1(config-if)# end Switch1(config-vlan)# end Switch1(config)# interface fastethernet0/2 Switch1(config-if)# switchport mode access Switch1(config-if)# switchport access vlan 2 Switch1(config-if)# end 19 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Switch 1 Configuration: 3. Assign Ports Fe0/10 and Fe0/11 in VLAN 4 Switch1(config)# interface fastethernet0/10 Switch1(config-if)# switchport mode access 4. Create Trunk Port Fe0/24 Switch1(config-if)# switchport access vlan 4 Switch1(config-if)# end Switch1(config)# interface fastethernet0/24 Switch1(config)# interface fastethernet0/11 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport mode access Switch1(config-if)# switchport trunk encapsulation dot1q Switch1(config-if)# switchport access vlan 4 Switch1(config-if)# end Switch1(config-if)# end 20 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Switch 2 Configuration: 1. Create VLANs 3 and 4 in the switch database using CLI in Switch2 2. Assign Ports Fe0/1 and Fe0/2 in VLAN 3 Switch2# configure terminal Switch2(config)# vlan 3 Switch2(config)# interface fastethernet0/1 Switch2(config-vlan)# name Management Switch2(config-if)# switchport mode access Switch2(config-vlan)# end Switch2(config-if)# switchport access vlan 3 Switch2(config)# vlan 4 Switch2(config-if)# end Switch2(config-vlan)# name Engineering Switch2(config)# interface fastethernet0/2 Switch2(config-vlan)# end Switch2(config-if)# switchport mode access Switch2(config-if)# switchport access vlan 3 Switch2(config-if)# end 21 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Switch 2 Configuration: 3. Assign Ports Fe0/10 and Fe0/11 in VLAN 4 Switch2(config)# interface fastethernet0/10 Switch2(config-if)# switchport mode access 4. Create Trunk Port Fe0/24 Switch2(config-if)# switchport access vlan 4 Switch2(config-if)# end Switch2(config)# interface fastethernet0/24 Switch2(config)# interface fastethernet0/11 Switch2(config-if)# switchport mode trunk Switch2(config-if)# switchport mode access Switch2(config-if)# switchport trunk encapsulation dot1q Switch2(config-if)# switchport access vlan 4 Switch2(config-if)# end Switch2(config-if)# end 22 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Verification If you want to verify that the physical interfaces are assigned properly to each VLAN, then run the following show commands: SWITCH1#show vlan 23 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk VLAN Configuration Verification SWITCH2#show vlan 24 NET102 – NETWORKING 2 WEEK 13 Virtual Lan (VLAN) and Trunk Communication Between VLANs after separating the network into different VLANs, this means that we have created separate broadcast domains (one for each VLAN) and now hosts within the same VLAN can freely communicate between them (provided they belong also in the same Layer 3 subnet). On the other hand, hosts that belong in different VLANs can’t communicate between them. e.g hosts in VLAN 3 are not allowed to communicate with hosts in VLAN 4. If you want to provide communication between hosts in different VLANs, then there must be a Layer 3 engine in the network (either a router or Layer 3 switch). 25 NET102 – NETWORKING 2 26
