VLAN

1
VLAN

• VLAN
• is a logical grouping
• grouped by
• function
• department
• application
• VLAN configuration is done by software.

2
Typically in LAN configuration, users are grouped
based on their location in relation to the HUB
they are connected to.
HUB
Sales
HUB
Design
3
VLAN implementations offered a port-mapping that
establishes a broadcast domain between default
group of devices.
Switch
2nd floor
1st floor
Switch
Students
Admin
Instructors
4

• Traditionally, the role of a router is to provide
• firewall
• broadcast management
• route processing distribution
• Routers are used to properly communicate between
  different VLANs. Use the routers as your backbone
  to transmit information at high bandwidth among
  your VLAN switches.
• Routers in VLAN topologies provide
• broadcast filtering
• security
• traffic flow management

5

• Properties of VLANs
• VLANs work at layer 2 3 of OSI model
• Communications between VLANs is by layer 3
  routing
• VLANs provide a method of controlling network
  broadcast
• Network administrator assigns users to VLAN
• VLANs can increase network security by defining
  which network nodes can communicate with each
  other
• A VLAN is a broadcast domain that one or more
  switches create.

6
VLAN implementations offered a port-mapping that
establishes a broadcast domain between default
group of devices.
Switch
2nd floor
1st floor
Switch
Broadcast domain
Broadcast domain
Broadcast domain
Students
Admin
Instructors
7
VLAN Operation

• Ports that are assigned to the same VLAN share
  broadcasts.
• Ports that do not belong to that VLAN do not
  share these broadcast.
• There are two (2) methods in which to create
  VLANs
• Static VLANs
• This method is also referred to a port-based
  membership. As a device is connected to the
  network, it automatically assumes the VLAN of
  that port
• Dynamic VLANs
• Dynamic VLANs are created through the use of
  software packages such as CiscoWorks 2000. With a
  VLAN Management Policy Server (VMPS), you can
  assign switch ports to VLANs dynamically based on
  the source MAC address of the device that is
  connected to the port.

8
Static VLAN
The default VLAN for every port in the switch is
VLAN1, or the management VLAN. The management
VLAN cannot be deleted however, additional VLANs
can be created and ports can be reassigned to
these alternate VLANs. A router is used to switch
between different VLANs. Hence, each VLAN should
have a unique Layer 3 network or subnet address
assigned.
9

• Advantages of VLANs
• reduce administration costs related to solving
  problems associated with moves, additions
  changes
• 20-40 of the workforce physically moves each
  year
• one can move the node to a new location without
  changing its IP / subnet address by plugging the
  node into port for that VLAN
• controls broadcast activity
• provide workgroup network security
• save money by keeping their HUBs and connecting
  them to switches i.e. dont have to throw away
  the HUBs.
• The goal of the end-to-end VLANs, is to maintain
  the 80/20 traffic flow rule 80 of the traffic
  on the local VLAN, and 20 on a remote VLAN.

10

• Broadcast
• Switches (not talking about VLANs here) create
  smaller collision domains, but they do not
  create smaller broadcast domains. Hence use
  routers which dont propagate broadcasts.
• Though by setting up the different VLANs on a
  switch, one can control the broadcast messaging
  from one VLAN to another.
• Security
• restrict the number of users in a VLAN group
• prevent another user from joining without first
  receiving approval from the VLAN network
  administrator
• configure all unused ports to a default
  low-service VLAN
• adding access list in the router

11
Using Hubs with VLANs
Each hub segment that is connected to a switch
port can be assigned to only one VLAN. All
stations that share a hub segment become members
of the same VLAN group.
12
VLAN Types

• Port-based VLANs (static)
• nodes connected to ports in the same VLAN have
  same VLAN ID.
• users are assigned by port
• MAC address-based VLANs (dynamic)
• VLAN Management Policy Server (VMPS)
• are ports on a switch that can automatically
  determine their VLAN assignments
• Protocol-based VLANs (dynamic)
• are ports on a switch that can automatically
  determine their VLAN assignments
• functions are based on
• logical addressing
• protocol type

13
VLAN Frame Identification

• With multiswitch VLANs, the frame headers are
  encapsulated or modified to reflect a VLAN ID
  before the frame is sent onto the link between
  the switches.
• Multiple trunking methodologies include
• IEEE 802.1q
• ISL (Inter-Switch Link Protocol)
• 802.10
• LANE (LAN Emulation)

14

• The most common approach for logically grouping
  users into distinct VLAN
• frame filtering
• filtering table is developed. Can be based on
• MAC
• protocol
• each frame is examined
• depending on the filter table sends the frame
  out the designated port
• frame identification
• unique VLAN ID is assigned to each VLAN in the
  switch
• the tagged frame travels the backbone among
  switches
• when the frame exits the switch on non-backbone,
  the identifier is removed
• this technique is chosen by IEEE (IEEE 802.1q)
• gaining as the standard trunking mechanism
• function at layer 2

15
Packet with VLANID, added by the switch
Switch
VLAN2
2nd floor
Backbone
1st floor
Switch
VLAN2
VLAN2
VLAN1
VLAN3
VLANID is removed by the switch before sending
to the target host.
16
Inter-Switch Link Protocol
ISL is a Cisco proprietary encapsulation protocol
that interconnects multiple switches.
FDDI 802.10
Is a Cisco proprietary method of transporting
VLAN information inside the standard IEEE 802.10
frame for Fiber Distributed Data Interface (FDDI).
17
LAN Emulation (LANE)
LANE is a standard defined by the ATM Forum that
gives two stations attached via ATM the same
capabilities they normally have if they are LANs
such as Ethernet or Token Ring. The function of
the LANE protocol is to emulate a LAN on top of
ATM network. That is, the LANE protocols make an
ATM network look and behave like an Ethernet or
Token Ring LAN.
18

• FACTS
• VLAN makes up a switched network that is
  logically segmented by functions, project teams
  or applications, without regard to the physical
  location of users.
• Each switch port can be assigned to a VLAN.
• Ports assigned to the same VLAN share broadcasts.
• So VLANs are used to create broadcast domains.
• VLAN implementation methods used to assign a
  switch port to a VLAN
• port-centric
• static
• dynamic

19
Switch
2nd floor
1st floor
Switch
Students
Admin
Instructors
Only the devices on the same VLAN contend with
collisions. Hence broadcast traffic within one
VLAN is not transmitted outside the VLAN.
20

• NOTE For configuring static VLANs on Cisco 29xx
  switches
• max number of VLANs is switch dependent is
  limited by the number of ports on the switch.
• VLAN1 is one of the factory-default VLANs
• VLAN1 is the default Ethernet VLAN
• Cisco Discovery Protocol (CDP) VLAN Trunking
  Protocol (VTP) advertisements are sent on VLAN1.
• same encapsulation protocol, such as 802.1q or
  ISL, must be configured on all switch trunks that
  participate in the VLAN.
• commands for configuring VLANs vary by model
  number.
• the catalyst 29xx IP address is in the VLAN1
  broadcast domain.
• switch must be in VTP server mode to create,
  add, or delete VLANs.

21
For non-VLAN configuration, switches makes
smaller collision domain. However, they do not
make smaller broadcast domains. A broadcast
messages is sent to all the devices connected to
the switch.
22
Non-VLAN
Switch A
Router
Switch B
Use routers to reduce the broadcast of messages.
A broadcast on Switch A is broadcast to all of
its users, but is not broadcasted to Switch B
(because the router wont send it onto Switch B!)
23
Local Loop
Demarc