310 likes | 551 Views
Module 8: Virtual LANs. CCNA 3 – Version 3.1. Introduction to VLANs. A VLAN (Virtual Local Area Network) is a logical grouping of devices or users devices or users can be grouped by… Function Department Application
E N D
Module 8:Virtual LANs CCNA 3 – Version 3.1
Introduction to VLANs • A VLAN (Virtual Local Area Network) is a logical grouping of devices or users • devices or users can be grouped by… • Function • Department • Application • Devices on a VLAN are restricted to only communicating with devices that are on their own VLAN • Routers provide connectivity between different VLAN segments • Just as routers provide connectivity between different LAN segments
Benefits of VLANs • VLANs increase overall network performance by logically grouping users and resources together • VLANs are used to ensure that a particular set of users are logically grouped regardless of the physical location. • VLANs can enhance scalability, security, and network management • Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management • VLANs simplify tasks when additions, moves, and changes to a network are necessary
Traditional LAN Segmentation vs.VLAN Segmentation A VLAN is a group of network services not restricted to a physical segment or LAN switch.
Intro to VLANs cont’d… • Physically connecting or moving cables and equipment is unnecessary when configuring VLANs. • Configuration or reconfiguration of VLANs is done through software.
Communication within VLANs • VLANs logically segment the network into different broadcast domains • packets are only switched between ports that are designated for the same VLAN • A workstation in a VLAN group is restricted to communicating with file servers or other workstations in the same VLAN group. • VLANs consist of hosts or networking equipment connected by a single bridging domain. • The bridging domain is supported on different networking equipment • LAN switches operate bridging protocols with a separate bridge group for each VLAN.
A Network without VLANs… Uses one router and three switches Three separate broadcast domains
A Network with VLANs… Uses one router andoneswitch Still three separate broadcast domains
Frame Forwarding in VLANs • Implementing VLANs on a switch causes the following to occur: • The switch maintains a separate bridging table for each VLAN • If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1. • When the frame is received, the switch adds the source address to the bridging table if it is currently unknown. • The destination is checked so a forwarding decision can be made. • For learning and forwarding the search is made against the address table for that VLAN only.
VLAN Configuration • Static vs. Dynamic VLAN configuration:
Static VLANs • Static membership VLANs are called port-based and port-centric membership VLANs • As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached
More on Dynamic VLANs… • Dynamic membership VLANs are created through network management software • CiscoWorks 2000 or CiscoWorks for Switched Internetworks • Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port • As a device enters the network, it queries a database within the switch for a VLAN membership
Port-based (Port-centric)VLAN Membership • In port-based or port-centric VLAN membership, the port is assigned to a specific VLAN membership independent of the user or system attached to the port • all users of the same port must be in the same VLAN • A single user, or multiple users, can be attached to a port and never realize that a VLAN exists • This approach is easy to manage because no complex lookup tables are required for VLAN segmentation
Benefits of VLANs • Key benefit of VLANs is the ability to organize a LAN logically, allowing administrators to… • Easily move workstations on the LAN • Easily add workstations to the LAN • Easily change the LAN configuration • Easily control network traffic • Improve security
Establishing VLAN Membership • There are three basic VLAN memberships for determining and controlling how a packet gets assigned: • Port-based VLANs • MAC address based VLANs • Protocol based VLANs • The frame headers are encapsulated or modified to reflect a VLAN ID before the frame is sent over the link between switches. • Before forwarding to the destination device, the frame header is changed back to the original format.
Identifying Frames through Frame Tagging • Frame Tagging (frame identification) uniquely assigns a user-defined ID to each frame • There are two major methods of frame tagging • Inter-Switch Link (ISL) (frame is lengthened) • 802.1Q (header is modified) • ISL used to be the most common, but is now being replaced by 802.1Q frame tagging • A unique identifier is placed in the header of the frame • The ID is removed when frame exits the backbone
VLAN Configuration • VLANs can exist either as end-to-end networks or they can exist inside of geographic boundaries • An end-to-end VLAN network comprises the following characteristics: • Users are grouped into VLANs independent of physical location, but dependent on group or job function. • All users in a VLAN should have the same 80/20 traffic flow patterns (80 percent of the traffic is contained within the VLAN and 20 percent of the traffic crosses the router to the enterprise servers, Internet, or WAN) • As a user moves around the campus, VLAN membership for that user should not change. • Each VLAN has a common set of security requirements for all members.
Geographic VLANs Today, users are required to use many different resources, many of which are no longer in their VLAN Because of this shift in placement and usage of resources, VLANs are now more frequently being created around geographic boundaries rather than commonality boundaries (resulting in a 20/80 traffic pattern)
Static VLAN Configuration • The following guidelines must be followed when configuring VLANs on Cisco 29xx switches: • The maximum number of VLANs is switch dependent. • VLAN 1 is one of the factory-default VLANs. • VLAN 1 is the default Ethernet VLAN. • Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) advertisements are sent on VLAN 1. • The Catalyst 29xx IP address is in the VLAN 1 broadcast domain by default. • The switch must be in VTP server mode to create, add, or delete VLANs.
Static VLAN Configuration • Steps to create the VLAN: (A VLAN name may also be configured) • Switch#vlan databaseSwitch(vlan)#vlan vlan_numberSwitch(vlan)#exit • Upon exiting, the VLAN is applied to the switch. The next step is to assign the VLAN to one or more interfaces: • Switch(config)#interface fastethernet 0/9Switch(config-if)#switchport access vlanvlan_number
Static VLAN Configuration • Verify VLAN configuration by using the show vlan, show vlan brief, or show vlan idid_number commands. • Note: • A created VLAN remains unused until it is mapped to switch ports. • All Ethernet ports are on VLAN 1 by default.
Adding and Deleting VLANs • Commands to assign and new VLAN to a switch port • Commands to delete a VLAN Note: When a VLAN is deleted any ports assigned to that VLAN become inactive. The ports will, however, remain associated with the deleted VLAN until assigned to a new VLAN.
VLAN Troubleshooting We’ll cover Trunking later in Mod 9…
VLAN Troubleshooting –Show Commands • show vlan • displays the VLAN information on the switch • The display shows the VLAN ID, name, status, and assigned ports. • show vlan (keyword options and keyword) • displays information about that VLAN on the router • The show vlan command followed by the VLAN number displays specific information about that VLAN on the router • Output from the command includes the VLAN ID, router subinterface, and protocol information. • show spanning-tree • displays the spanning-tree topology known to the router
VLAN Troubleshooting • The Spanning-Tree Protocol (STP) is considered one of the most important Layer 2 protocols on the Catalyst switches • By preventing logical loops in a bridged network, STP allows Layer 2 redundancy without generating broadcast storms. • Minimize spanning-tree problems by actively developing a baseline study of the network
VLAN Troubleshooting • We’ll cover more troubleshooting techniques next class when we discuss Module 9 – VLAN Trunking…
Module 8:Virtual LANs CCNA 3 – Version 3.1 THE END