Transcript VLANs - Lansing School District

Chapter 3 - VLANs
VLANs
Logical grouping of
devices or users
Configuration done at
switch via software
Not standardized –
proprietary software from
vendor
VLANs
Logically segment the
physical LAN
infrastructure into
different subnets (or
broadcast domains for
Ethernet)
Differences Between Traditional
Switched LAN and VLANs
VLANs work at Layer 2
and Layer 3 of OSI
Communications
between VLANs is done
by routers
VLANs provide a method
of controlling network
broadcasts
Administrators assign
users to VLANs
VLANs increase network
security – defines who
can communicate with
whom
Group switch ports and
their connected users
into logically defined
workgroups
Transport of VLANs Across the
Backbone
Ability to transport VLAN information between
interconnected switches and routers that reside
on the backbone
– Remove physical boundaries between users
– Increase configuration flexibility – users move
– Provide mechanism for interoperability between
backbone components
VLAN transportation
Backbone commonly acts as collection point for
large volumes of traffic
Carries end user information and ID between
switches, routers and directly attached servers
Routers in the VLAN
Traditionally provide firewalls, broadcast management
etc.
Provide connected routes between different VLANs
Cost effectively integrate external routers into switching
architecture by using one or more high speed backbone
connection like:
– Fast Ethernet, or ATM connection
• Increasing the throughput between switches and routers
• Consolidating number of physical router ports required fro
communication between VLANs
Frame Use in the VLAN
Switches core component of VLAN communication
Each switch makes forwarding and filtering decisions
based on the frame
– Based on VLAN metrics
Approaches for logically grouping users into distinct
VLANs:
– Frame filtering
– Frame tagging (identification)
Frame Filtering
Frame Tagging
Uniquely assigns a VLAN ID to each frame
VLAN IDs assigned by switch administrator
Chosen by IEEE for its scalability
Gaining recognition as the standard trunking
mechanism
IEEE 802.1q states that Frame Tagging is the
way to implement VLANs
Frame Tagging Continued
Places a unique identifier in the header of each
frame as it is forwarded throughout the network
When the frame exits the network backbone –
switch removes the identifier before the frame is
transmitted to its target
Frame identification functions at Layer 2 and
requires little administrative overhead
Ports, VLANs and Broadcasts
VLANs make up a switched network – logically
segmented
Ports assigned to the same VLAN share
broadcasts
Three VLAN implementation
– Port-centric
– Static
– Dynamic
Port-Centric
All nodes connected to ports in the same VLAN
are assigned same VLAN ID
VLAN Membership by port make administrator’s
job easier and more efficient because:
•
•
•
•
Users assigned by port
VLANs easily administered
Increased security
Packets do not LEAK into other domains
Port-Centric VLANs
Static VLANs
Ports on switch that is statically assigned to a
VLAN
Require administrator to make changes
Secure
Easy to configure
Straightforward to monitor
Works well in which moves are controlled and
managed
STATIC VLANs
Dynamic VLANs
Ports on switch automatically determine their VLAN
assignments
Based on MAC addresses, logical addressing or
protocol type of data packet
Less administration with in the wiring closet when a
user moves or new one added
Centralized notification when an unrecognized user is
added to the network
More administration is required to initially set up
database within the VLAN management software
Dynamic VLANs
VLAN Additions, Moves and
Changes
Companies continually reorganizing
– These moves/changes are network manager’s biggest
headaches and one of the largest expenses related to
managing a network
VLANs provide effective measures for controlling
changes and reducing costs
Users in a VLAN can share the same network address
space i.e. IP subnet
VLANs require less rewiring, configuration and
debugging
Movement of Users
VLANs Help Control Broadcast
Activity
Most effective measures is to properly segment with
firewalls that help prevent problems on segment from
damaging other parts of the network
Firewall segmentation provides reliability and minimizes
overhead broadcast traffic
No routers between switches broadcasts (layer 2) are
sent to every switched port – referred to as a FLAT
network(one broadcast domain across the whole
network)
Flat Network
– Provides low latency & high throughput
– Easy to administer
VLANs Controlling Broadcast Activity
FLAT Network – Disadvantages
– Increases vulnerability to broadcast traffic across all switches,
ports, backbone links and users
VLANs effectively extend firewalls from routers to the
switch fabric and protecting against potentially
dangerous broadcast problems
Creating firewalls
– Assign switch ports or users to specific VLAN groups both
within single switches and across multiple connected
switches
VLANs and Broadcast Activity
How do VLANs Improve Network
Security
Restrict number of users in a VLAN group
Prevent another user from joining without first
receiving approval from the VLAN network
management application
Configure all unused ports to a default lowservice VLAN
Tightening Network Security
VLANS Save Money
Connect existing HUBS to switches
Each hub segment connected to a switch can be
assigned only ONE VLAN
Stations that share a hub segment are in the
same VLAN
If a station need to be assigned a new VLAN that
station must move to the new hub with the
appropriate VLAN
Using Existing Hubs
Summary
Switch is designed to physically segment a LAN
into individual domains
LAN typically configured according to the
physical infrastructure it connects
LANs that use LAN switching devices - VLAN
technology is cost effective and an efficient way
of grouping network users into virtual
workgroups regardless of their physical placment
Summary Continued
VLANs work at Layer 2 and Layer 3 of the OSI
VLAN architecture must allow transportation of
VLAN information between interconnected
switches and routers on the corporate backbone
Most common approach for logically grouping
users into distinct VLANS are frame filtering,
frame tagging, and frame identfication
Summary Continued
Types of VLANS
– Port-centric
– Static
– Dynamic
VLANs provide benefits
–
–
–
–
Reduce administration costs – moves, additions changes
Controlled broadcast activity
Workgroup and network security
Save money by using existing hubs
QUIZ
QUIZ
QUIZ
QUIZ
QUIZ
QUIZ
QUIZ
THE END!!!