Sie sind auf Seite 1von 5

VLAN

VLAN plays an important role in computer networks discipline. A virtual local area
network (VLAN) is a logical group of workstations, servers and network devices that seem to be
on the same LAN nevertheless of their geographical dispersal. When in fact they are located on
several different LAN segments. VLANs are based on logical structure in its place of physical
connections, they are tremendously flexible. VLANs (virtual LANs) are logical grouping of devices
in the similar broadcast domain. VLANs are generally configured on switches by placing some
interfaces into one broadcast domain and some interfaces into another. VLANs can be spread
across multiple switches, with each VLAN being treated as its own subnet or broadcast domain.
This means that frames broadcasted onto the network will be switched only between the ports
within the same VLAN. Replicated environment as if they exist in a single LAN and are sharing a
single broadcast and multicast domain. VLANs are implemented to achieve scalability, security
and ease of network management and can rapidly adjust to changes in network necessities and
transfer of workstations and server nodes. VLANs are mostly configured on multilayers switches
or high-end switches. The key reasons for using VLANs is to improved functions of the network
devices and improve their security landscapes. VLANs is a crucial tool for network development,
since it allows networks to be segmented to diverse LANs and WANs, it also permits for different
networks to work as a virtual LAN. In a LAN there is a possibility of latency, but a VLAN eliminates
latency which in turn will save network space and bandwidth for other resources. When using a
VLAN, the network develops less dysfunctional more manageable, and efficient. An important
consideration in defining the size of the switch and the number of VLANs is the IP addressing
scheme. Because a one-to-one correspondence between VLANs and IP subnets is strongly
recommended, there can be no more than 254 devices in any one VLAN. It is further
recommended that VLANs should not extend outside of the Layer 2 domain of the distribution
switch.

VLAN's can be used to create broadcast domains which eliminate the need for expensive
routers. Occasionally, complex data may be broadcast on a network. In such situations, placing
only those clients who can have access to that data on a VLAN can reduce the odds of a stranger
gaining entree to the data. In networks where traffic involves a high ratio of broadcasts and
multicasts, VLAN's can decrease the requirement to send such traffic to unnecessary
destinations. For example, in a broadcast domain consisting of 10 users, if the broadcast traffic
is projected only for 5 of the users, then placing those 5 users on a separate VLAN can diminish
traffic. Compared to switches, routers entail more processing of incoming traffic. As the capacity
of traffic fleeting through the routers increases, so does the latency in the routers, which results
in reduced performance. The use of VLAN's reduces the number of routers required, since VLAN's
create broadcast domains using switches instead of routers. Currently, it is mutual to find cross-
functional invention development teams with members from different departments such as
marketing, sales, accounting, and research. These workgroups are usually formed for a short
period of time. During this period, communication between members of the workgroup will be
high. To comprehend broadcasts and multicasts within the workgroup, a VLAN can be set up for
them. With VLAN's it is simple to place members of a workgroup organized. Without VLAN's, the
only way this would be conceivable is to physically move all the members of the workgroup closer
together.

When a LAN bridge accepts data from a workstation, it tags the data with a VLAN identifier
representing the VLAN from which the data came. This is called explicit tagging. It is also possible
to determine to which VLAN the data received belongs using implicit tagging. In implicit tagging
the data is not tagged, but the VLAN from which the data came is determined based on other
information like the port on which the data inwards. Tagging can be based on the port from which
it came, the source media access control (MAC) field, the source network address, or some other
field or mixture of fields. VLAN's are classified based on the technique used. To be able to do the
tagging of data using any of the approaches, the bridge would have to keep an efficient database
comprising a mapping between VLAN's and any field is used for tagging. For example, if tagging
is by port, the database should indicate which ports belong to which VLAN. This database is called
a filtering database. Bridges would have to be capable to maintain this database and to make
sure that all the bridges on the LAN have the same information in each of their databases. The
bridge determines where the data is to go next based on normal LAN operations. Once the bridge
determines where the data is to go, it now needs to determine whether the VLAN identifier
should be included to the data and sent. If the data is to go to a device that knows about VLAN
implementation the VLAN identifier is added to the data. If it is to go to a device that has no
knowledge of VLAN implementation (VLAN-unaware), the bridge sends the data without the
VLAN identifier. In order to understand how VLAN's work, we need to look at the types of VLAN's,
the types of connections between devices on VLAN's, the filtering database which is used to
transmit traffic to the correct VLAN, and tagging, a process used to identify the VLAN originating
the data.

A question comes why VLAN is needed to be use? VLAN's offer several advantages over
traditional LAN’s. (performance) in networks where traffic involves a high section of broadcasts
and multicasts, VLAN's can reduce the necessity to send such traffic to unnecessary destinations.
However, virtual workgroups do not come without difficulties. Consider the circumstances where
one user of the workgroup is on the fourth floor of a building, and the other workgroup members
are on the second floor. Resources such as a printer would be located on the second floor, which
would be inconvenient for the fourth-floor user. Another problem with setting up virtual
workgroups is the implementation of centralized server farms, which are essentially collections
of servers and major resources for operating a network at a central location. The advantages here
are numerous, since it is more efficient and cost-effective to deliver improved security,
uninterrupted power supply, consolidated backup, and a proper operating environment in a
single area than if the major resources were dispersed in a building. Centralized server farms can
cause problems when setting up virtual workgroups if servers cannot be placed on more than
one VLAN. In such a case, the server would be placed on a single VLAN and all other VLAN's trying
to access the server would have to go through a router. As the speed of Ethernet became faster
and faster, the bottleneck in LANs moved from cables themselves to backbone switches in
spanning trees; because these switches need to forward every broadcast packet they receive
from the network, the only way to alleviate this scenario was in the use of routers to segment
broadcast but routers at that time were very much expensive. VLANs were created to divide
broadcast domains in a LAN environment; this way there won’t be one spanning tree for the
whole network but multiple spanning trees (with multiple backbone switch) each one
corresponding to a virtual network or VLAN.

The extra choice is to get rid of this matter on a network is to put devices in different
broadcast domains. To do this you will need to connect several switches to different devices
which will cost much more than the following decision. The best option is to form several VLANs
on a switch to separate the different devices into several broadcast domains. A VLAN will logically
isolate all ports on the switch by segmenting them into several broadcast domains. This will
tolerate the vendor to detach the unlike departments into their own broadcast domain which
means, there will be no data overflow into separate departments because of a broadcast. When
a VLAN is created, the maximum number of VLAN allowed on a switch will depend on the type of
switch or IOS. The first VLAN on a switch (VLAN) is the management VLAN. An administrator can
access and configure a switch remotely, when the administrator is configuring a switch remotely,
it will have to be configured using the management VLAN IP address. The management VLAN will
be used to exchange protocol information with other devices, such as cisco discovery protocol
and VLAN trunking protocol. When a VLAN is created, it will be assigned with two unique figures,
a number and a name. The number that is assigned will have a maximum range that is allowed
by the switch except for VLAN 1 which is automatically assigned as the management VLAN and
any name can be given to the VLAN. Some switches will have a VLAN range up to or more than
1000 but the number allowed depends on the type of switch. As previously stated, all devices
connected to the same VLAN can only communicate with other devices on the same VLAN. Once
a port is configured to a VLAN the switch associates that port with a VLAN number. When a device
is connected to the port and it starts to generate traffic, the traffic is in form of an ethernet frame.
Once the frame enters the port, the switch will attach the frame with a VLAN id (VID). The vid
that is attached to the frame is known as frame tagging.

VLAN in this paper I will present a PLAN on how a VLAN could be implemented so that
bandwidth is not consumed. My PLAN will ensure that the network is not flooded with packets,
and that members of the same VLAN can be in different buildings or cities. The type of switch to be
used, layer 2 or layer 3, and why you would choose it over the other. There is the need to break
larger network segments down to four smaller ones. Switches will operate at the data link layer. A
bridge works only with layer 2 protocols and layer 2 mac addresses. What type of VLAN
membership and the value of that choice over other options? I will use a port based VLAN
membership to facilitate the ease of any reorganization of the physical layout of the network. This
will be essential for group users and administrators in the event there would be a need for any
relocations of office space). VLANs facilitate easy administration of logical groups of stations that
can communicate as if they were on the same LAN. They also facilitate easier administration in
members of these groups. Traffic between VLANs is restricted. Bridges forward traffic only on
individual LANs that serve the VLAN to which the traffic belongs. A dynamic VLAN configuration
and membership will need a VLAN management policy server (VMPS). A VMPS server contains a
database that maps the mac addresses on a network. If a device is connected to a switch port on
a dynamically configured VLAN, the VMPS will search its database for mac addresses that match
that device and dynamically assign it to an appropriate VLAN temporarily. A dynamical VLAN
membership is more difficult to configure than a static VLAN but it will create a more structured
and organized VLAN membership system. In a dynamic VLAN, when devices need to be added,
moved or change, it will be easier because it is automated, and it does not need to be configured
by an administrator. This type of VLAN assignment is costs less because it has less administrative
issues. A dynamical VLAN membership is more difficult to configure than a static VLAN but it will
create a more structured and organized VLAN membership system. In a dynamic VLAN, when
devices need to be added, moved or change, it will be easier because it is automated, and it does
not need to be configured by an administrator. This type of VLAN assignment is costs less because
it has less administrative issues. (access port), an access port on a switch can only be used by on
VLAN. Devices like pc’s, hubs and servers are connected to access ports. If another device such
as a repeater, hub or another switch is connected to this port all devices connected to them will
still be in the same VLAN. (trunk port), a trunk port can be a link between the switch and another
device. Any port carrying traffic of more than on VLAN is a trunk port. The trunk port when
configured is what allows a VLAN to expand to more than one switch and communicate with
other VLANs. A network with more than one VLAN needs to be connect to an external network,
the port that connects the last switch to the router will be a trunk port. On the other side, all
catalyst switches usually send out summary adverts every 5 minutes and every time there is a
change in the VLAN database. The advertisement itself encloses the VTP domain name and the
configuration revision number. When there is a change to the VLAN database, such as a deletion,
addition and configuration changes, the configuration number will be incremented, and a new
summary advertisement will be sent out. When a switch in a VLAN domain receives a summary
advertisement, the switch will compare its own VTP domain name to the summary advertisement
domain name, if the VTP domain name matches, the switch then compares its configuration
revision number with the advertisement configuration revision number. If the configuration
revision number is lower or equal to the advertisement revision number, the switch ignores the
advertisement. In event of the advertisement revision number being higher than the switch
revision number, the switch will send out an advertisement request.

Network administrators are responsible for configuring VLANs both manually and
statically. VLANs also let network administrators to move, add, remove, and reassign
workstations without making any hard wire changes. Instead, the changes are made via a
software interface. VLANs are transforming the nature of network administration, making it
possible for administrators to monitor and manage networks from remote or centralized location
no matter how geographically disjointed the system is. Network administrators use VLAN
software to assign identification profiles to end user terminals. Those profiles determine VLAN
membership and can be switched easily. VLANs are an actual means of dividing a bigger LAN into
controllable subsets. VLANs limit the broadcast domain, expand performance and security and
are perfect for isolating business automation systems from IT systems while retaining the plant’s
structural wiring. Network performance can be a factor in an organization's productivity and its
reputation for delivering as promised. One of the contributing technologies to excellent network
performance is the separation of large broadcast domains into smaller ones with VLANs. Smaller
broadcast domains limit the number of devices participating in broadcasts and allow devices to
be separated into functional groupings, such as database services for an accounting department
and high-speed data transfer for an engineering department.