This presentation is the property of its rightful owner.
Sponsored Links
1 / 64

شبکه هاي کامپيوتري PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

شبکه هاي کامپيوتري. مبحث هفتم: طراحی شبکه بخش دوم: vlan. وحید حقیقت دوست دانشکده فنی و مهندسی دانشگاه شاهد تاثیر سوئيچ در مدیریت ترافیک. همانطور که پیش از این بیان شد، هر پورت سوئیچ یک Collision domain مجزا دارد

Download Presentation

شبکه هاي کامپيوتري

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript



: vlan


  • Collision domain

  • . 20 20 ( ).

  • 5 4 .


Broadcast domain

Broadcast domain

  • collision domain broadcast domain


  • OSI :

  • (1) 2 (Layer 2 Switch)

  • (2) 3 (Layer 3 Switch)

  • (3) 4 (Layer 4 Switch).



  • 2 OSI .

  • (bridge) . MAC .

  • MAC .

  • MAC MAC .



  • 3 .

  • 3 3 .

  • 3 Routing Switch .

  • (IP) .

  • .

  • .



  • 4 OSI . TCP .

  • TCP (Header) Source port Destination port .

  • Telnet 23 FTP 21 .

  • .

  • 4 .

Virtual local area network vlan

Virtual Local Area Network(VLAN)

  • .

  • ( ).

  • . .


  • VLAN . . . VLAN . .





  • VLAN .

  • ( ) . . . collision broadcast domain .


  • . :

  • . . . . broadcast domain . login ( ) .



  • . .

  • broadcast domain VLAN ( ) . VLAN ( broadcast domain ) .


  • VLAN ( VLAN ) VLAN .

  • VLAN . VLAN . VLAN VALN workgroup " . VLAN 1 VLAN 1 .

  • VLAN broadcast domain subnet number .


  • VLAN broadcast domain .


  • .

  • ( VLAN 2 ) .

  • . VLAN .


Vlan introduction

VLAN introduction

  • VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network.

  • All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

Vlan introduction1

VLAN introduction

  • A workstation in a VLAN group is restricted to communicating with file servers in the same VLAN group.

Vlan introduction2

VLAN introduction

  • VLANs function by logically segmenting the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN.

Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.

Vlan introduction3

VLAN introduction

  • VLANs address scalability, security, and network management.

  • Switches may not bridge any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain.

  • Traffic should only be routed between VLANs.

Broadcast domains with vlans and routers

Broadcast domains with VLANs and routers

  • A VLAN is a broadcast domain created by one or more switches.

Broadcast domains with vlans and routers1

Broadcast domains with VLANs and routers

  • Layer 3 routing allows the router to send packets to the three different broadcast domains.

Broadcast domains with vlans and routers2

Broadcast domains with VLANs and routers

  • Implementing VLANs on a switch causes the following to occur:

    • The switch maintains a separate bridging table for each VLAN.

    • If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1.

    • When the frame is received, the switch adds the source address to the bridging table if it is currently unknown.

    • The destination is checked so a forwarding decision can be made.

    • For learning and forwarding the search is made against the address table for that VLAN only.

Vlan operation

VLAN operation

  • Each switch port could be assigned to a different VLAN.

  • Ports assigned to the same VLAN share broadcasts.

  • Ports that do not belong to that VLAN do not share these broadcasts.

Vlan operation1

VLAN operation

  • Users attached to the same shared segment, share the bandwidth of that segment.

  • Each additional user attached to the shared medium means less bandwidth and deterioration of network performance.

  • VLANs offer more bandwidth to users than a shared network.

  • The default VLAN for every port in the switch is the management VLAN.

  • The management VLAN is always VLAN 1 and may not be deleted. All other ports on the switch may be reassigned to alternate VLANs.

Vlan operation2

VLAN operation

  • Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port.

  • As a device enters the network, it queries a database within the switch for a VLAN membership.

Vlan operation3

VLAN operation

  • In port-based or port-centric VLAN membership, the port is assigned to a specific VLAN membership independent of the user or system attached to the port.

All users of the same port must be in the same VLAN.

Vlan operation4

VLAN operation

  • Network administrators are responsible for configuring VLANs both manually and statically.

Benefits of vlans

Benefits of VLANs

  • The key benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically.

Vlan types

VLAN types

  • There are three basic VLAN memberships for determining and controlling how a packet gets assigned: -

    • Port-based VLANs

    • MAC address based

    • Protocol based VLANs

  • The frame headers are encapsulated or modified to reflect a VLAN ID before the frame is sent over the link between switches.

  • Before forwarding to the destination device, the frame header is changed back to the original format.

Vlan types1

VLAN types

  • Port-based VLANs

  • MAC address based VLANs

  • Protocol based VLANs

Membership by port

Membership by Port

Membership by mac addresses

Membership by MAC-Addresses

Access and trunk links

Access and Trunk Links

Access links

Access Links

  • An access link is a link on the switch that is a member of only one VLAN.

  • This VLAN is referred to as the native VLANof the port.

    • Any device that is attached to the port is completely unaware that a VLAN exists.

Trunk links

Trunk Links

  • A trunk link is capable of supporting multiple VLANs.

  • Trunk links are typically used to connect switches to other switches or routers.

  • Switches support trunk links on both Fast Ethernet and Gigabit Ethernet ports.

Access and trunk links1

Access and Trunk Links

Trunk links1

Trunk Links

Without trunking

With trunking



  • A trunk is a point-to-point link that supports several VLANs

  • A trunk is to saves ports when creating a link between two devices implementing VLANs

  • Trunking covered in more detail in next section

Trunk links2

Trunk Links

  • A trunk link does not belong to a specific VLAN.

    • Acts as a conduit for VLANs between switches and routers.

  • The trunk link can be configured to transport all VLANs or to transport a limited number of VLANs.

  • A trunk link may, however, have a native VLAN.

    • The native VLAN of the trunk is the VLAN that the trunk uses if the trunk link fails for any reason.

Trunk links3

Trunk Links

  • In Ethernet, the switch has two methods of identifying the VLAN that a frame belongs to:

    • ISLInterSwitch Link

      • (Cisco proprietary)

    • IEEE 802.1Q (standards-based)

      • aka, dot1q

Vlan trunking protocol

VLAN Trunking Protocol

  • VTP maintains VLAN configuration consistency across the entire network.

  • VTP is a messaging protocol that uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis.

  • Further, VTP allows you to make centralized changes that are communicated to all other switches in the network.



  • Create VLANs on the VTP Server

  • Those VLANs get sent to other client switches

  • On the client switches, you can now assign ports to those vlans.

  • Cannot create vlans on the client switches like you could previously before configuring the switch to be a VTP client.

Vtp benefits

VTP Benefits



  • All switches in the same management domain share their VLAN information with each other, and a switch can participate in only one VTP management domain.

  • Switches in different domains do not share VTP information.

  • Using VTP, switches advertise:

    • Management domain

    • Configuration revision number

    • Known VLANs and their specific parameters



  • Switches can be configured not to accept VTP information.

  • These switches will forward VTP information on trunk ports in order to ensure that other switches receive the update, but the switches will not modify their database, nor will the switches send out an update indicating a change in VLAN status.

    • This is referred to as transparent mode.



  • By default, management domains are set to a nonsecure mode, meaning that the switches interact without using a password.

  • Adding a password automatically sets the management domain to secure mode.

    • A password must be configured on every switch in the management domain to use secure mode.



  • The VTP database contains a revision number.

  • Each time a change is made, the switch increments the revision number



  • A higher configuration revision number indicates that the VLAN information that is being sent is more current then the stored copy.

  • Any time a switch receives an update that has a higher configuration revision number, the switch will overwrite the stored information with the new information being sent in the VTP update.

Vtp modes

VTP Modes

  • Switches can operate in any one of the following three VTP modes:

    • Server

    • Client

    • Transparent

Vtp modes1

VTP Modes

  • Server - If you configure the switch for server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain.

  • VTP servers:

    • advertise their VLAN configuration to other switches in the same VTP domain

    • synchronize the VLAN configuration with other switches based on advertisements received over trunk links.

    • Recommended you have at least 2 VTP servers in case one goes down

  • This is the default mode on the switch.

Vtp modes2

VTP Modes

  • Client- VTP clients behave the same way as VTP servers. However, you cannot create, change, or delete VLANs on a VTP client.

Vtp modes3

VTP Modes

  • Transparent - VTP transparent switches do not participate in VTP.

  • A VTP transparent switch does not advertise its VLAN configuration, and does not synchronize its VLAN configuration based on received advertisements.

    • However, in VTP Version 2, transparent switches do forward VTP advertisements that the switches receive out their trunk ports.

Configuring vtp

Configuring VTP

Configuring vtp1

Configuring VTP

IOS-Based Switch

Switch# vlan database

Switch(vlan)# vtp domain domain-name

Switch(vlan)# vtp {server | client | transparent}


Switch(vlan)# vtp password password

Switch(vlan)# vtp v2-mode (version2)


ALSwitch# vlan database

ALSwitch(vlan)# vtp domain corp

ALSwitch(vlan)# vtp client

Configuring vtp2

Configuring VTP

Set-Based Switch

Switch(enable) set vtp [domain domain-name] [mode {server | client | transparent}[password password]

Switch(enable) set vtp v2 enable (version 2)


DLSwitch(enable) set vtp domain corp

DLSwitch(enable) set vtp mode server

Vtp pruning

VTP Pruning

  • VTP pruning enhances network bandwidth use by reducing unnecessary flooding of traffic, such as broadcast, multicast, unknown, and flooded unicast packets.

  • VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices.

  • By default, VTP pruning is disabled.

Vtp pruning1

VTP Pruning

Vtp pruning2

VTP Pruning

  • Enabling VTP pruning on a VTP server enables pruning for the entire management domain.

  • VTP pruning takes effect several seconds after you enable it.

  • By default, VLANs 2 through 1000 are pruning eligible.

    • VLAN 1 is always pruning ineligible, so traffic from VLAN 1 cannot be pruned.

    • You have the option to make specific VLANs pruning eligible or pruning ineligible on the device.

Configuring vtp pruning

Configuring VTP Pruning

IOS-Based Switch

Switch# vlan database

Switch(vlan)# vtp pruning

Remove VLANs from being pruned:

Switch(config-if)# switchport trunk pruning vlan remove vlan-list

  • By default, all Vlans pruned in management domain

Configuring vtp pruning1

Configuring VTP Pruning

Set-Based Switch

Switch(enable) set vtp pruning enable


Switch(enable) set vtp pruneeligible vlan-range

Switch(enable) clear vtp pruning vlan-range

  • By default, all Vlans pruned in management domain.

  • Login