VLAN

VLAN is a broadcast domain Grouped based on logical function, department or application Traffic can be switched between VLANS with a router and traffic between switches (trunks) is tagged (802.1q) or encapsulated (ISL) to identify VLAN membership

VLAN
VLANs can logically segment users into different subnets (broadcast domains) Broadcast frames are only switched on the same VLAN ID. Users can be logically group via software based on:
port number MAC address protocol being used application being used

LAN VS. VLAN

VLAN introduction

VLANs provide segmentation based on broadcast domains. VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

VLAN Overview
A VLAN allows a network administrator to , even if they share a common infrastructure with other VLANs. Using VLANs, you can based on functions, departments, or project teams. You can also use a VLAN to to support the growing reliance of companies on home-based workers. These VLANs allow the network administrator to implement to particular groups of users.

VLAN
A VLAN is . VLANs allow multiple IP networks and subnets to exist on the same switched network. For computers to communicate on the same VLAN, each . The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN.

VLANs
Divides switch into two or more virtual switches with separate broadcast domains Achieved by manual configuration through the switches management interface Only that switch will be segmented

Multiple VLANs in One Switch

Multiple VLANs can be defined on the same switch

Why VLANs?
Lots of broadcast traffic wastes bandwidth
VLANs create separate broadcast domains
Microsoft Networking Novell Networking NetBEUI IP RIP Multicast (sometimes acts like broadcast)

VLANs can span multiple switches and therefore create separate broadcast domains that span multiple switches

Virtual LANs (continued)

Virtual LANs (continued)

More Reasons...
Link Multiplexing
slower speed technologies share the high-bandwidth uplink multiple IP subnets on one physical link with layer 3 switching

And One More Reason...

Traffic is only seen by who it is intended for example: Two separate VLANs, one for accounting and one for sales. Sensitive accounting data transmitted over the network will only be seen by devices in the accounting VLAN.

Routers Role
Provides connection between different VLANs For example, you have VLAN1 and VLAN2.
Within the switch, users on separate VLANs cannot talk to each other (benefit of a VLAN!) However, users on VLAN1 can email users on VLAN2 but they need a router to do it.

Broadcast domains with VLANs and routers

, each group is on a different IP network and on a different switch. . Switch is configured with the ports on the appropriate VLAN. Still, each group on a different IP network; however, They are all on the same switch. What are the broadcast domains in each?

10.1.0.0/16

10.2.0.0/16

10.3.0.0/16

One link per VLAN or a single VLAN Trunk (later) 10.1.0.0/16

2) With VLANs
10.2.0.0/16

10.3.0.0/16

Reasons For Standardizing VLANs

Old implementations could only be defined in one switch To connect a VLAN to another network, each VLAN needed a router port The only multi-switch VLANs were proprietary:
Cisco: ISL Bay: Lattisspan 3Com: VLT Cabletron: SecureFast

Standards Based VLANs

Includes definition for a new GARP application called GVRP (GARP VLAN Registration Protocol)
Propagate VLAN registration across the net

Associate incoming frames with a VLAN ID De-associate outgoing frames if necessary Transmit associated frames between VLAN 802.1Q compliant switches

Basic VLAN Concepts

Port-based VLANs Each port on a switch is in one and only one VLAN (except trunk links) Tagged Frames VLAN ID and Priority info is inserted (4 bytes) Trunk Links Allow for multiple VLANs to cross one link Access Links The edge of the network, where legacy devices attach Hybrid Links Combo of Trunk and Access Links VID VLAN Indentifier

Tagged Frames
4 Bytes inserted after Destination and Source Address Tagged Protocol Identifier (TPID) = 2 Bytes (x8100)
length/type field

Tagged Control Information (TCI) = 2 Bytes

contains VID

VLAN Trunk

, such as a router or a switch. Ethernet trunks carry the traffic of multiple VLANs over a single link. A VLAN trunk allows you to extend the VLANs across an entire network. Cisco supports for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces.

Trunk Link

Attaches two VLAN switches - carries Tagged frames ONLY.

Access Links

Access Links are Untagged for VLAN unaware devices - the VLAN switch adds Tags to received frames, and removes Tags when transmitting frames.

Hybrid Links

Hybrid Links - ALL VLAN-unaware devices are in the same VLAN

Benefits of VLANs
VLANS provide the following benefits
It is easier to add and move stations on the LAN It is easier to reconfigure the LAN There is better traffic control There is increased security

Dynamic vs. Static VLANs

VLANs can be configured dynamically or statically Static VLANs are configured port-by-port Dynamic VLAN ports automatically learn their VLAN assignment
Software database of MAC address-to-VLAN mappings

VLAN Standardization
Frame filtering
Frames can be separated into VLANs MAC addresses Network-layer protocol type Application type

Frame tagging
IEEE 802.1q
Also known as frame identification Adds a four-byte field to Ethernet frame

Inter-Switch Link (ISL) protocol

Cisco proprietary frame-tagging method 26 byte header

Creating VLANs
VLAN configuration
Rm410HL#vlan database Rm410(vlan)#vtp domain hudlogic Rm410(vlan)#vtp server Rm410(vlan)#vlan 2 name production Rm410(vlan)#vlan 3 name accounting Rm410(vlan)#vlan 4 name marketing

Creating VLANs (continued)

VLAN configuration (continued)
Rm410#configure terminal Rm410(config)#interface f0/1 Rm410(config-if)#switchport mode trunk Rm410(config-if)#exit Rm410(config)#interface f0/2 Rm410(config-if)#switchport access vlan 1

Link Types And Configuration

Two types of links Trunk links
Switch-to-switch links Switch-to-router links 100 Mbps links 1 Gbps links

Access links
Non-VLAN aware devices

Link Types And Configuration (continued)

Trunk links have five states
Auto Desirable Non-negotiate Off On

Rm410(config)#interface f0/1 Rm410(config-if)#switchport mode trunk

Trunking Protocol
VLAN trunking protocol
Layer 2 messaging protocol Manages all changes to the VLANs across networks

VTP domains
VTP devices are organized in to domains Switches can only belong to one domain

Trunking Protocol (continued)

VTP device modes
Server
Rm410(vlan)# vtp server

Client
Rm410(vlan)# vtp client

Transparent
Rm410(vlan)# vtp transparent

Default to server mode VTP pruning

Reduces the number of VTP updates on trunk link Rm410(vlan)# vtp pruning

Routers and VLANs

Increase security Manage traffic between VLANs Subinterfaces Access-lists

Routers and VLANs (continued)

Enable inter-VLAN communication between VLAN 1 and VLAN 2
Router(config)# interface e0.1 Router(config-subif)# ip address 164.106.1.1 255.255.255.0 Router(config-subif)# encapsulation isl 1 Router(config-if)# exit Router(config)# interface e0.2 Router(config-subif)# ip address 164.106.2.1 255.255.255.0 Router(config-subif)# encapsulation isl 2

Routers and VLANs (continued)

COMN B/w SWs

Comn between SWs

Types of VLANs

Types of VLANs - Data VLAN

a VLAN that is configured to carry only user-generated traffic. It is common practice to separate from data traffic. A data VLAN is sometimes referred to as a

Types of VLANs- Default VLAN

All switch ports become
Having all the switch ports participate in the default VLAN makes them all part of the same broadcast domain. This allows any device connected to any switch port to communicate with other devices on other switch ports. The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it and you can not delete it.

Types of VLANs- Default VLAN

, will always be associated with VLAN 1 - this cannot be changed. In the figure, VLAN 1 traffic is forwarded over the VLAN trunks connecting the S1, S2, and S3 switches. It is a security best practice to change the default VLAN to a VLAN other than VLAN 1; this entails configuring all the ports on the switch to be associated with a default VLAN other than VLAN 1.

Types of VLANs - Native VLAN

An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. In the figure, the native VLAN is VLAN 99. Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN.

Types of VLANs - Native VLAN

specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. For our purposes, a native VLAN serves as a common identifier on opposing ends of a trunk link. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.

Types of VLANs - Management VLAN

is any VLAN you configure to access the management capabilities of a switch. VLAN 1 would serve as the management VLAN if you did not proactively define a unique VLAN to serve as the . You assign the management VLAN an IP address and subnet mask.
A switch can be managed via HTTP, Telnet, SSH, or SNMP.

VLAN 1 is normally used as the default VLAN,

VLAN1 would be a bad choice as the management VLAN; you wouldn't want an arbitrary user connecting to a switch to default to the management VLAN.

Types of VLANs - Voice VLAN

It is easy to appreciate why a separate VLAN is needed (VoIP). VoIP traffic requires:
Assured bandwidth to ensure voice quality Transmission priority over other types of network traffic Ability to be routed around congested areas on the network Delay of less than 150 milliseconds (ms) across the network

Benefits of VLAN

Benefits of VLAN
- Groups that have sensitive data are separated from the rest of the network, decreasing the chances of confidential information breaches.
Faculty computers are on VLAN 10 and completely separated from student and guest data traffic.

- Cost savings result from less need for expensive network upgrades and more efficient use of existing bandwidth and uplinks.

Benefits of VLAN
- Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. - Dividing a network into VLANs reduces the number of devices that may participate in a broadcast storm.
In the figure you can see that although there are six computers on this network, there are only three broadcast domains: Faculty, Student, and Guest.

Benefits of VLAN
- VLANs make it easier to manage the network because users with similar network requirements share the same VLAN.
When you provision a new switch, all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name. In the figure, for easy identification VLAN 20 could be named "Student", VLAN 10 could be named "Faculty", and VLAN 30 "Guest."

Benefits of VLAN
VLANs aggregate users and network devices to support business or geographic requirements.
Having separate functions makes managing a project or working with a specialized application easier, for example, an e-learning development platform for faculty. It is also easier to determine the scope of the effects of upgrading network services.

Summary
VLANs are separate broadcast domains that are not limited by physical configurations, instead a VLAN is a logical broadcast domain implemented via one or more switches Performance benefits associated with VLANs are derived from limiting the amount of broadcast traffic that would naturally pass through a switch without filtration The enhanced flexibility to assign any port on any switch to a particular VLAN makes moving, adding, and changing network configurations easier VLAN information is communicated to switches using the VLAN trunking protocol (VTP)