CCNA 3 Module 8

1
CCNA 3 Module 8

• Virtual LANs
• Modified by Joanne Wagner
• CCNA, CCNP, CCAI

2
Outcomes

• After completion of this module you will be able
  to
• Define VLANs
• List the benefits of VLANs
• Explain how VLANs are used to create broadcast
  domains
• Explain how routers are used for communication
  between VLANs
• List the common VLAN types
• Define ISL and 802.1Q encapsulation
• Explain the concept of geographic VLANs
• Configure static VLANs on 29xx series Catalyst
  switches
• Verify and save VLAN configurations
• Delete VLANs from a switch configuration

3
VLANs

• VLANs are logically segmented switched networks
  based on
• functions, project teams, or applications of the
  organization
• regardless of the physical location or
  connections to the network.
• All workstations and servers used by a particular
  workgroup share the same VLAN, regardless of the
  physical connection or location.

4
LAN Segmentation
5
An Introduction to VLANs

• A workstation in a VLAN group is restricted to
  communicating within the same VLAN group.
• VLANs function by logically segmenting the
  network into different broadcast domains so that
  packets are only switched between ports that are
  designated for the same VLAN.
• VLANs are created to provide segmentation
  services traditionally provided by physical
  routers in LAN configurations.
• Routers in VLAN topologies provide broadcast
  filtering, security, and traffic flow management.
• Switches do not bridge any traffic between VLANs.
• Traffic needs to be routed between VLANs.

6
(No Transcript)
7
(No Transcript)
8
Static or Port Centric VLANs

• Static membership VLANs are called port-based and
  port-centric membership VLANs.
• As a device enters the network, it automatically
  assumes the VLAN membership of the port to which
  it is attached.

9
Static VLANs
10
Dynamic VLANs

• Dynamic membership VLANs are created through
  network management software.
• CiscoWorks 2000 or CiscoWorks for Switched
  Internetworks is used to create Dynamic VLANs.
  Dynamic VLANs allow for membership based on the
  MAC address of the device connected to the switch
  port.
• As a device enters the network, it queries a
  database within the switch for a VLAN membership.
• Very complex and difficult to maintain, hardly
  implemented

11
Dynamic VLANs VLAN Management Policy Server

• When VMPS is enabled, a MAC address-to-VLAN
  mapping database downloads from a Trivial File
  Transfer Protocol (TFTP) server and VMPS begins
  to accept client requests.
• VMPS opens a User Datagram Protocol (UDP) socket
  to communicate and listen to client requests.
• When the VMPS server receives a valid request
  from a client, it searches its database for a MAC
  address-to-VLAN mapping.

12
Dynamic VLANs
13
VLAN Type Summary
14
VLAN Benefits

• The key benefit of VLANs is that they permit the
  network administrator to organize the LAN
  logically instead of physically.
• This means that an administrator is able to do
  all of the following
• Easily move workstations on the LAN.
• Easily add workstations to the LAN.
• Easily change the LAN configuration.
• Easily control network traffic.
• Improve security.

15
VLAN Benefits

• By creating VLANs, system and network
  administrators can control traffic patterns,
  react quickly to relocations, and keep up with
  constant changes in the network due to moving
  requirements and node relocation.
• VLANs provide the flexibility to carry out these
  actions. The network administrator simply changes
  the VLAN member list in the switch configuration.
  
• The administrator can add, remove, or move
  devices or make other changes to the network
  configuration using software.

16
VLANs - Definition

• A VLAN is a group of hosts with a common set of
  requirements that communicate as if they were
  attached to the same wire, regardless of their
  physical location.
• A VLAN has the same attributes as a physical LAN,
  but it allows for end stations to be grouped
  together even if they are not located on the same
  LAN segment.

17
End-to-End VLANs

• Networks that use the campus-wide or end-to-end
  VLANs logically segment a switched network based
  on the functions of an organization, project
  teams, or applications rather than on a physical
  or geographical basis.
• For example, all workstations and servers used by
  a particular workgroup can be connected to the
  same VLAN, regardless of their physical network
  connections or interaction with other workgroups.
• The same VLAN can be spread out over different
  buildings on campus

18
Local or Geographic VLANs

• Cisco recommends the use of local or geographic
  VLANs that segment the network based on IP
  subnets.
• Typically in the same building
• Each wiring closet switch is on its own VLAN or
  subnet and traffic between each switch is routed
  by the router.

19
Local and Campus-wide VLANs

• With both the Local VLAN and Campus-wide VLAN
  model, VLANs have many advantages over
  traditional switched networks, including
  segmentation of broadcast domains.

20
Trunking
21
VLAN ID in Ethernet Frame

• A trunk supports more than one VLAN
• How does the switch know which VLAN to forward
  frames to?

????????
VLAN 1
VLAN 2
Trunk
SW B
SW A
Frame
VLAN 1
VLAN 2
22
Trunk Links

• a trunk link does not belong to a specific VLAN.
• acts as a conduit for VLANs between switches and
  routers.
• The trunk link can be configured to transport all
  VLANs or to transport a limited number of VLANs.

23
Multiplexing VLAN traffic

• Special protocols exist that encapsulate or tag
  the frames so that the receiving device can
  determine the frames VLAN membership.
• The Cisco proprietary Inter-Switch Link (ISL)
  protocol lets Cisco devices multiplex VLANs
  between Cisco devices.
• In multi-vendor environments, switches use IEEE
  802.1Q,an industry standard protocol that permits
  multiplexing of VLANs over trunk links.

24
Trunking Encapsulation
802.10
25
VLAN Identification

• ISL - This protocol is a Cisco proprietary
  encapsulation protocol for interconnecting
  multiple switches.
• Released before the IEEE finalized the standard
  for trunking

26
VLAN Identification

• IEEE 802.1Q (Standard for Virtual Bridged Local
  Area Network)
• This protocol is an IEEE standard method for
  identifying VLANs by inserting a VLAN identifier
  into the frame header.
• This process is referred to as frame tagging.
• Note In practice, both ISL and dot1q are called
  frame tagging

27
ISL

• An Ethernet frame is encapsulated with an ISL
  header that transports VLAN IDs
• Adds overhead to the packet as a 26-byte header
  containing a 10-bit VLAN ID.
• In addition, a 4-byte cyclic redundancy check
  (CRC) is appended to the end of each frame.
• This CRC is in addition to any frame checking
  that the Ethernet frame requires.

28
ISL (Frame Encapsulation)
29
802.1q

• Significantly less overhead than the ISL
• As opposed to the 30 bytes added by ISL, 802.1Q
  inserts only an additional 4 bytes into the
  Ethernet frame

30
802.1q
NIC cards and networking devices can understand
this baby giant frame (1522 bytes). However, a
Cisco switch must remove this encapsulation
before sending the frame out on an access link.
SA and DA MACs
SA and DA MACs
802.1q Tag
Type/Length Field
Data (max 1500 bytes)
CRC
NewCRC
Tag Protocol Identifier Tag Control Info
(includes VLAN ID)
31
Trunk and Access Links
32
Trunk and Access Links

• A trunk is a point-to-point link that supports
  several VLANs.
• A trunk saves ports when creating a link between
  two devices implementing VLANs.
• An access link is a link that supports only one
  VLAN, connecting hosts to the switch.

33
Transmissions in Switched Environment

• The switched network allows many concurrent
  transmissions within a broadcast domain. The
  switched network does this without directly
  affecting other stations inside or outside of the
  broadcast domain.
• A VLAN is a broadcast domain.

34
Concurrent Transmissions in a Switch
35
Configuring Static VLANs

• Create the VLAN
• Switchvlan databaseSwitch(vlan)vlan
  vlan_numberSwitch(vlan)exit
• Assign ports to the VLAN
• Switch(config)interface fastethernet
  0/9Switch(config-if)switchport access vlan
  vlan_number

36
Verifying VLANs

• show vlan,
• show vlan brief
• show vlan id id_number

37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
After Break

• Module 9
• Trunking with ISL and Dot 1q
• VLAN Trunking Protocol (VTP)
• Inter VLAN Routing

43
Hands on Lab Exercises

• 8.2.3 Configuring Static VLANs
• 8.2.4 Verifying VLAN Configurations
• 8.2.6 Deleting VLAN Configurations
• E-Labs matching the hands on labs