1 / 28

Understanding Virtual LANs

Understanding Virtual LANs. Agenda. What Is a VLAN? How Does it Work? VLAN Technologies. Constraints of Shared LANs. Users are physically bound Subnets are tied to hubs Users are grouped by location No security on segment Addressing is constrained Moves require address changes

paxton
Download Presentation

Understanding Virtual LANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Understanding Virtual LANs

  2. Agenda • What Is a VLAN? • How Does it Work? • VLAN Technologies

  3. Constraints of Shared LANs • Users are physically bound • Subnets are tied to hubs • Users are grouped by location • No security on segment • Addressing is constrained • Moves require address changes • Router ports are expensive

  4. Virtual LANs VLAN 1 VLAN 2 VLAN 3 • One broadcast domain within a switch • VLANs help manage broadcast domain • Can be defined on port groups, users, or protocols • LAN switches and network management software provide a mechanism to create VLANs Server Farm

  5. Remove the Physical Boundaries Engineering Marketing Acctg. • Group users by department, team, or application • Routers provide communication between VLANs Floor 3 Floor 2 Floor 1

  6. VLAN Benefits • Reduced administrative costs • Simplify moves, adds, and changes • Efficient bandwidth utilization • Better control of broadcasts • Improved network security • Separate VLAN group for high-security users • Relocate servers into secured locations • Scalability and performance • Microsegment with scalability • Distribute traffic load

  7. Port-Based VLAN 1 Layer 3-Based VLAN 2 VLAN 3 MAC-Based Subnet 198.21.xx Subnet 198.22.xx VLAN 1 VLAN 2 MACAddresses MACAddresses VLAN 1 VLAN 2 Establishing VLAN Membership Approaches Can Vary Performance • Port driven • MAC address driven • Network address driven • Application type driven

  8. Hub Hub Multiple VLANs per Port Does This Make Sense in Switched/Shared LANs? Mac 1 Mac 7 Mac 2 Mac 8 • Requested when multiple clients are attached • Requires address lookups • Cannot filter broadcasts on shared segment • Results in lots of administration, little return Mac 3 Mac 9 Broadcast Outgoing Broadcast Incoming Mac 12 Mac 6 Mac 11 Mac 5 Mac 10 Mac 4

  9. Communicating Between VLANs Two Physical Topology Approaches • Layer 3 links VLANs together • Adds additional security and management • Logical links conserve physical ports • Multimode, depending on protocol • Controls access by VLAN • Up to 255 VLANs per router Logical Communication VLANs 1, 2, 3 Cisco Internetworking Software Physical Link per VLAN VLAN 3 VLAN 2 VLAN 1

  10. VLAN Technologies

  11. 802.10 • ISL • 802.1Q • LANE Inter-Switch Link • Interconnects multiple switches and maintains VLAN information as traffic goes between switches • Establishes membership through ASICs • Labels each packet as received (“packet tagging”) • Eliminates lookups and tables • Transports multiple VLANs across links • Protocol, endstation-independent • Easily managed Inter-Switch Link (ISL) Carries VLAN Identifier VLAN Tag Added at Incoming Port VLAN Tag Stripped by Forwarding Port

  12. VLAN Standardization Packet Tagging as Common VLAN Exchange • Wide vendor endorsement for 802.1Q tagging standard • Cisco supports across Fast Ethernet, Gigabit uplinks • Cisco maps ISL to 802.1Q dynamically with VTP Level-1 Explicit Tagging DES SRC FCS DES SRC FCS DES SRC FCS SRC DES Data VLAN ID

  13. Si Si VLAN Standard Implementation Typical Environment Cisco Domain Vendor X Domain • Cisco environment uses ISL • Vendor environment uses an existing, yet different packet tagging method • Interdomain communication based on 802.1Q standard 802.1Q ISL ? Company ABC

  14. Virtual Trunk Protocol (VTP) • VLAN administration and configuration protocol • Reduces VLAN setup and administration • Eliminates configuration errors • Decreases network manager’s time adding and managing VLANs • Maintains security between VLANs

  15. 1900 Series (1) (config)#hostname uniti_1900 uniti_1900(config)#vlan 2 name sales uniti_1900(config)#vlan 3 name marketing uniti_1900(config)#exit uniti_1900#sh vlan VLAN Name Status Ports -------------------------------------- 1 default Enabled 1-12, AUI, A, B 2 sales Enabled 3 marketing Enabled 1002 fddi-default Suspended 1003 token-ring-defau Suspended 1004 fddinet-default Suspended 1005 trnet-default Suspended -------------------------------------- [ output cut]

  16. 1900 Series (2) uniti_1900(config)#int e0/2 uniti_1900(config-if)#vlan-membership ? dynamic Set VLAN membership type as dynamic static Set VLAN membership type as static uniti_1900(config-if)#vlan-membership static ? <1-1005> ISL VLAN index uniti_1900(config-if)#vlan-membership static 2 uniti_1900(config-if)#int e0/3 uniti_1900(config-if)#vlan-membership static 3 uniti_1900(config-if)# uniti_1900 #sh vlan VLAN Name Status Ports -------------------------------------- 1 default Enabled 1, 4-12, AUI, A, B 2 sales Enabled 2 3 marketing Enabled 3 1002 fddi-default Suspended [output cut]

  17. 1900 Series (3) uniti_1900(config)#int f0/26 uniti_1900(config-if)#trunk ? auto Set DISL state to AUTO desirable Set DISL state to DESIRABLE nonegotiate Set DISL state to NONEGOTIATE off Set DISL state to OFF on Set DISL state to ON uniti_1900(config-if)#trunk on uniti_1900(config-if)# uniti_1900 #sh trunk ? A Trunk A B Trunk B uniti_1900 #sh trunk a DISL state: On, Trunking: Off, Encapsulation type: Unknown uniti_1900 #sh trunk b DISL state: Off, Trunking: Off, Encapsulation type: Unknown uniti_1900 #

  18. 1900 Series (4) uniti_1900(config)#vtp ? client VTP client domain Set VTP domain name password Set VTP password pruning VTP pruning server VTP server transparent VTP transparent trap VTP trap uniti_1900(config)#vtp server uniti_1900(config)#vtp domain uniti uniti_1900(config)#vtp password cisco uniti_1900(config)#

  19. 1900 Series (5) uniti_1900 #sh vtp VTP version: 1 Configuration revision: 4 Maximum VLANs supported locally: 1005 Number of existing VLANs: 7 VTP domain name : uniti VTP password : cisco VTP operating mode : Server VTP pruning mode : Disabled VTP traps generation : Enabled Configuration last modified by: 192.168.11.10 at 00-00-0000 00:00:00 uniti_1900 #

  20. 2950 Series (1) uniti_2950#vlan database uniti_2950(vlan)#vlan 1 name sales A default VLAN may not have its name changed. uniti_2950(vlan)#vlan 2 name marketing VLAN 2 added: Name: marketing uniti_2950(vlan)#vlan 3 name accounting VLAN 3 added: Name: accounting uniti_2950(vlan)#apply APPLY completed. uniti_2950(vlan)#

  21. 2950 Series (2) uniti_2950#sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 … , Fa0/22, Fa0/23, Fa0/24 2 marketing active 3 accounting active 10 vlan10 active 20 vlan20 active 30 vlan30 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

  22. 2950 Series (3) uniti_2950#conf t Enter configuration commands, one per line. End with CNTL/Z. uniti_2950(config)#int f0/2 uniti_2950(config-if)#switchport access vlan 2 uniti_2950(config-if)#int f0/3 uniti_2950(config-if)#switchport access vlan 3 uniti_2950(config-if)#^Z

  23. 2950 Series (4) uniti_2950#sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 …, Fa0/23, Fa0/24 2 marketing active Fa0/2 3 accounting active Fa0/3 10 vlan10 active 20 vlan20 active 30 vlan30 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

  24. 2950 Series (5) uniti_2950(config)#int f0/24 uniti_2950(config-if)#switchport mode trunk uniti_2950#sh run [output cut] ! interface FastEthernet0/2 switchport access vlan 2 no ip address … interface FastEthernet0/24 switchport mode trunk no ip address ! [output cut]

  25. 2950 Series (6) uniti_2950(config)#vtp mode ? client Set the device to client mode. server Set the device to server mode. transparent Set the device to transparent mode. uniti_2950(config)#vtp mode server Device mode already VTP SERVER. uniti_2950(config)#vtp domain uniti Changing VTP domain name from NULL to uniti uniti_2950(config)#vtp password cisco Setting device VLAN database password to cisco uniti_2950#sh vtp ? counters VTP statistics password VTP password status VTP domain status

  26. 2950 Series (7) uniti_2950#sh vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 64 Number of existing VLANs : 10 VTP Operating Mode : Server VTP Domain Name : uniti VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x80 0x44 0xF2 0x33 0x2B 0x87 0x56 0x80 Configuration last modified by 0.0.0.0 at 3-1-93 00:10:15 Local updater ID is 0.0.0.0 (no valid interface found) uniti_2950#

  27. Inter-VLAN Routing router(config)#int f0/0.1 router(config-subif)#ip address 192.168.1.1 255.255.255.0 router(config-subif)#encapsulation dot1q vlan# router(config)#int f0/0 router(config-if)#no ip address router(config-if)#no shut router(config-if)#int f0/0.1 router(config-subif)#ip address 192.168.1.1 255.255.255.0 router(config-subif)#encapsulation isl 1 router(config)#int f0/0.2 router(config-subif)#ip address 192.168.2.1 255.255.255.0 router(config-subif)#encapsulation isl 2

  28. Summary • VLANs enable logical (instead of physical) groups of users on a switch • VLANs address the needs for mobility and flexibility • VLANs reduce administrative overhead, improve security, and provide more efficient bandwidth utilization

More Related