Prepared By
Ekin Koskos Evrim Kkodac Yahya Kaptan Glez
11 Aralk 2007
Outline
Introduction Virtual Local Area Network Operation
Introduction
General Description of LAN
Covering a small geographic area
VLAN has the same attributes as a physical LAN VLAN allows grouping to the end stations, services and
devices
VLAN Membership
Broadcast Domains
A switch creates a broadcast domain VLAN helps manage broadcast domains VLANS can be defined on ports groups, users or protocols LAN switches and network management software provide a mechanism to create VLANs
VLAN Operations
VLAN has a switched network that is logically segmented Each switch port can be assigned to a VLAN Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts This improves network performance because unnecessary broadcasts are reduced
Bridge receives data from a workstation, it tags the data with a VLAN identifier (This is called explicit tagging) In implicit tagging the data is not tagged, VLAN determine the port on which the data arrived Tagging can be based on
The port from which it came The source Media Access Control (MAC) field The source network address Or some other field or combination of fields
Types of VLAN
Default VLAN
The default VLAN for every port in the switch is the management VLAN VLAN 1. The management VLAN is always VLAN 1 and may not be deleted. At least one port must be assigned to VLAN 1 in order to manage the switch.
Types of VLAN
Three basic VLAN memberships for determining and controlling how a packet entering a switch gets assigned to a VLAN.
VLAN 1 2 2 1
Disadvantage
VLAN membership must be assigned initially.
In networks with thousands of users. Also, in environments where notebook PC's are used, the MAC address is associated with the docking station and not with the notebook PC. Consequently, when a notebook PC is moved to a different docking station, its VLAN membership must be reconfigured.
26.21.35
Selecting VLANs
The number of VLANs in a switch vary based on several factors Traffic patterns Types of applications Network management needs Group commonality
Selecting VLANs
The IP addressing scheme is another important consideration in defining the number of VLANs in a switch. For example, a network that uses a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet.
VLAN Configuration
VLAN Configuration
VLANs, Allow control of broadcast, multicast, unicast,and unknown unicast within a Layer 2 device.
Defined in VLAN Trunking Protocol (VTP) database. Assigned numbers for identification within and between swithces. Have a configurable parameters.
VLAN Configuration
Each VLAN must have a unique Layer 3 network or subnet address. VLANs can exist either as end to end networks or inside of geographic boundaries.
VLAN membership for users is based on department or job function VLAN membership for users do not change when they relocate within the campus Each VLAN has a common set of security requirements for all members End to end VLANs use the 80/20 rule
80% of traffic inside the VLAN and 20% travels outside This creates difficulties sharing resources if users are spread out
Geographical VLANs
20% of traffic inside the VLAN and 80% travels outside This means that 80 percent of the services from resources must travel through a Layer 3 device However this provides a deterministic and consistent method to access resources
Geographical VLANS
Traffic Rules
A core layer router is used to route between subnets. A network is engineered, based on traffic flow patterns. Typically the rule has been to have 80 percent of the traffic contained within a VLAN. The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN.
Static VLANs are ports on a switch that are manually assigned to a VLAN That can be accomplished with a VLAN management application or configured directly into the switch through the CLI
Static VLAN works well in networks with the following specific requirements:
All moves are controlled and managed. There is a robust management software to configure the ports. The additional overhead required to maintain end-station MAC addresses and custom filtering tables is not acceptable.
The switch configuration settings can be backed up to TFTP server with the copy running-config tftp command. The HyperTerminal text capture feature along with the commands show running-config and show vlan can be used to capture configurations settings.
The following figure shows that capture VLAN Configuration with HyperTerminal
Deleting VLANs
When a VLAN is deleted, all ports assigned to that VLAN become inactive. The ports will remain associated with the deleted VLAN until assigned to a new VLAN.
Deleting VLANs
Deleting VLANs
Steps to assign a switch port to a new VLAN
Deleting VLANs
Troubleshooting VLAN
Troubleshooting VLAN
Switch LEDs CDP Check VLAN membership Check trunking Check spanning tree protocol Bottle necks The old 80/20 rule, which stated that only 20 percent of network traffic went over the backbone, is obsolete.
Troubleshooting VLAN
VLAN Problem Isolation
Troubleshooting VLAN
Problem Isolation in Catalyst Networks
Benefits of VLAN
Benefits of VLAN
Benefits of VLAN
VLANs allow network administrators to organize LANs logically instead of physically. Easily move workstations on the LAN Easily add workstations to the LAN Easily change the LAN configuration Easily control network traffic Improve security
Performance
Network traffic consists of a high percentage of broadcasts and multicasts Reduce the need to send such traffic to unnecessary destinations
Reduces the number of routers needed, Since VLANs create broadcast domains using switches instead of routers.
It is easier to place members of a workgroup together Without VLAN's, the only way this would be possible is to physically move all the members of the workgroup closer together.
Simplified Administration
Seventy percent of network costs are a result of adds, moves, and changes of users in the network If a user is moved within a VLAN, reconfiguration of routers is unnecessary
Every time a user is moved in a LAN, recabling, new station addressing, and reconfiguration of hubs and routers becomes necessary.
Reduced Cost
Security
VLAN can also be used to control broadcast domains Set up firewalls Restrict access Inform the network manager of an intrusion
References
Cisco Networking Academy, https://cisco.netacad.net Wikipedia, http://en.wikipedia.org/wiki/Virtual_LAN UCDAVIS Network21, http://net21.ucdavis.edu/newvlan.htm VLAN, Raj Jain, http://www.cs.wustl.edu/~jain/cis788-97/ftp/virtual_lans/index.htm Cisco Press http://www.ciscopress.com/articles/article.asp?p=29803&rl=1
Questions???
1. 2.
3.
How the VLANs help the network administrator organize the network? A 12 port switch has been configured to support three VLANs named Sales, Marketting and Finance. Each VLAN spans four ports on the switch. The network administrator has deleted the Marketting VLAN from the switch. What is the status of the ports associated with this VLAN? Why network administrators use database to save MAC addresses?
Questions???
4.How many broadcast domain exist in the scenario presented in the graphic?