1 / 23

VLANs

VLANs. Website: http://perdana.fsktm.um.edu.my/~rosli/WRES2108/index.htm. Semester 3, Chapter 3 Allan Johnson. Table of Contents. Virtual LANs (VLANs). Go There!. Segmentation with Switching Architecture. Go There!. VLAN Implementation. Go There!. Benefits of VLANs. Go There!.

monte
Download Presentation

VLANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VLANs Website: http://perdana.fsktm.um.edu.my/~rosli/WRES2108/index.htm Semester 3, Chapter 3 Allan Johnson

  2. Table of Contents • Virtual LANs (VLANs) Go There! • Segmentation with Switching Architecture Go There! • VLAN Implementation Go There! • Benefits of VLANs Go There!

  3. Virtual LANs(VLANs) Table of Contents

  4. Existing Shared LAN Configurations • In a typical shared LAN... • Users are grouped physically based on the hub they are plugged into • Routers segment the LAN and provide broadcast firewalls • In VLANs... • you can group users logically by function, department or application in use • configuration is done through proprietary software

  5. Segmentation with Switching Architecture Table of Contents

  6. Grouping Users • VLANs can logically segment users into different subnets (broadcast domains) • Broadcast frames are only switched between ports on the switch or switches with the same VLAN ID. • Users can be logically group via software based on: • port number • MAC address • protocol being used • application being used

  7. Differences between LANs & VLANs • VLANs... • work at Layer 2 & 3 • control network broadcasts • allow users to be assigned by net admin. • provide tighter network security. How?

  8. VLANs Across the Backbone • VLAN configuration needs to support backbone transport of data between interconnected routers and switches. • The backbone is the area used for inter-VLAN communication • The backbone should be high-speed links, typically 100Mbps or greater

  9. Router’s Role in a VLAN • A router provides connection between different VLANs • For example, you have VLAN1 and VLAN2. • Within the switch, users on separate VLANs cannot talk to each other (benefit of a VLAN!) • However, users on VLAN1 can email users on VLAN2 but they need a router to do it.

  10. How Frames are Used in a VLAN • Switches make filtering and forwarding decisions based on data in the frame. • There are two techniques used. • Frame Filtering--examines particular information about each frame (MAC address or layer 3 protocol type) • Frame Tagging--places a unique identifier in the header of each frame as it is forwarded throughout the network backbone.

  11. More on Frame Tagging • Frame Tagging... • is specified by IEEE 802.1q which states frame tagging is the preferred way to implement VLANs • uniquely assigns a VLAN ID to each frame before it is forwarded across the backbone. • is understood by switches prior to any broadcasts or transmission to other switches or routers • places a tag in the frame...thus, frame tagging. So what layer? • is removed by the switch after frame exits the backbone and before frame is forwarded to the end station

  12. VLAN Implementation Table of Contents

  13. Ports, VLANs, and Broadcasts • Three methods for implementing VLANs • Port-Centric • Static • Dynamic • Each switched port can be assigned to a VLAN. This... • ensures ports that do not share the same VLAN do not share broadcasts. • ensures ports that do share the same VLAN will share broadcasts.

  14. 3 Port-Centric VLANs Benefits of Port-Centric VLANs • All nodes in the same VLAN are attached to the same router interface. (Note: curriculum says “switched port”) • Makes management easier because... • Users are assigned by router port • VLANs are easy to admin. • provides increased security • packets do not “leak” into other domains

  15. Static VLANs • Defined • Static VLANs are when ports on a switch are administratively assigned to a VLAN • Benefits • can be assigned by port, address, or protocol type • secure, easy to configure and monitor • works well in networks where moves are controlled

  16. Dynamic VLANs • Defined • Switch ports can automatically determine a user’s VLAN assignment based on either/or: • MAC • logical address • protocol type • When a station is initially connected to an unassigned port, the switch checks an entry in the table and dynamically configures the port with the right VLAN • Benefits • less administration (more upfront) when users are added or move • centralized notification of unauthorized user

  17. Benefits of VLANs Table of Contents

  18. VLANs Make Changes Easier • Traveling Users • 20% to 40% of work force moves every year • net admin’s biggest headache • largest expense in managing networks. Moves may require... • recabling • readdressing and reconfiguration • VLANs provide a way to control these costs. As long as the user still belongs to the same VLAN... • simply configure the new switch port to that VLAN • router configuration remains intact

  19. VLANs Control Broadcasts • Routers provide an effective firewall against broadcasts • Adding VLANs can extend a router’s firewall capabilities to the “switch fabric” • The smaller the VLAN, the smaller the number of users that are effected by broadcasts

  20. VLANs Improve Security • Shared LANs are easy to penetrate...simply plug into the shared hub. • VLANs increase security by ... • restricting number of users in a VLAN • preventing user access without authorization • configuring all unused ports to the “Disabled” setting • control access by • addresses • application types • protocol types

  21. VLANs Save Money • Hub Replacement & Segmentation • The ports on a non-intelligent hub can only be assigned one VLAN. • Replacing hubs with switches is relatively cheap compared to the benefit gained. • In the graphic, replacing the core hub in an extended star topology with a VLAN capable switch effectively microsegments one shared LAN into six.

  22. Required Labs for this Chapter • Spend your lab time completing three of the four labs in this Chapter • Lab 3.3.4.1--Creating VLANs • Lab 3.3.4.2--Switch Management VLANs • Lab 3.4.4.2--Multi-Switch VLANs • Recommendation: • DO NOT TAKE THE TEST UNTIL YOU’VE COMPLETED THE LABS!!

  23. Table of Contents End Slide Show

More Related