ccna3 3.0-08 VLAN -jp
Download
Report
Transcript ccna3 3.0-08 VLAN -jp
Chapter 8
Cisco 3 - LAN
The
VLAN
Perrine / Brierley
4/5/2016
Page 1
Chapter 8
Cisco 3 - LAN
VLAN
VLAN:
• is a logical grouping
• grouped by:
• function
• department
• application
VLAN configuration is done by software.
Perrine / Brierley
4/5/2016
Page 2
Chapter 8
Cisco 3 - LAN
Typically in LAN configuration, users are grouped based on their
location in relation to the HUB they are connected to.
¾
M a c intos h SE
HUB
¾
M a c intos h SE
Sales
¾
¾
M a c intos h SE
M a c intos h SE
¾
M a c intos h SE
¾
M a c intos h SE
¾
M a c intos h SE
HUB
Design
Perrine / Brierley
4/5/2016
Page 3
Chapter 8
Cisco 3 - LAN
VLAN implementations offered a port-mapping that establishes a
broadcast domain between default group of devices.
¾
M a c intos h SE
Switch
¾
¾
M a c intos h SE
M a c intos h SE
2nd floor
¾
M a c intos h SE
1st floor
Switch
¾
M a c intos h SE
¾
Admin
Perrine / Brierley
4/5/2016
Students
M a c intos h SE
Instructors
Page 4
Chapter 8
Cisco 3 - LAN
Traditionally, the role of a router is to provide
• firewall
• broadcast management
• route processing & distribution
Routers are used to properly communicate between different VLANs. Use
the routers as your backbone to transmit information at high bandwidth
among your VLAN switches.
Routers in VLAN topologies provide
• broadcast filtering
• security
• traffic flow management
Perrine / Brierley
4/5/2016
Page 5
Chapter 8
Cisco 3 - LAN
Properties of VLANs:
• VLANs work at layer 2 & 3 of OSI model
• Communications between VLANs is by layer 3 routing
• VLANs provide a method of controlling network broadcast
• Network administrator assigns users to VLAN
• VLANs can increase network security by defining which network nodes
can communicate with each other
A VLAN is a broadcast domain that one or more switches create.
Perrine / Brierley
4/5/2016
Page 6
Chapter 8
Cisco 3 - LAN
VLAN implementations offered a port-mapping that establishes a
broadcast domain between default group of devices.
¾
M a c intos h SE
Switch
¾
¾
M a c intos h SE
M a c intos h SE
2nd floor
¾
M a c intos h SE
1st floor
Switch
¾
M a c intos h SE
¾
Perrine / Brierley
Broadcast
domain
Broadcast
domain
Admin
Students
4/5/2016
M a c intos h SE
Broadcast
domain
Instructors
Page 7
Chapter 8
Cisco 3 - LAN
VLAN Operation
Ports that are assigned to the same VLAN share broadcasts.
Ports that do not belong to that VLAN do not share these broadcast.
There are two (2) methods in which to create VLANs:
1.
Static VLANs –
This method is also referred to a port-based membership. As a device
is connected to the network, it automatically assumes the VLAN of
that port
2.
Dynamic VLANs –
Dynamic VLANs are created through the use of software packages
such as CiscoWorks 2000. With a VLAN Management Policy Server
(VMPS), you can assign switch ports to VLANs dynamically based on
the source MAC address of the device that is connected to the port.
Perrine / Brierley
4/5/2016
Page 8
Chapter 8
Cisco 3 - LAN
Static VLAN
The default VLAN for every port in the switch is VLAN1, or the
management VLAN.
The management VLAN cannot be deleted; however, additional VLANs
can be created and ports can be reassigned to these alternate VLANs.
A router is used to switch between different VLANs. Hence, each VLAN
should have a unique Layer 3 network or subnet address assigned.
Perrine / Brierley
4/5/2016
Page 9
Chapter 8
Cisco 3 - LAN
Advantages of VLANs:
• reduce administration costs related to solving problems associated with
moves, additions & changes
• 20%-40% of the workforce physically moves each year
• one can move the node to a new location without changing its’ IP /
subnet address by plugging the node into port for that VLAN
• controls broadcast activity
• provide workgroup & network security
• save money by keeping their HUBs and connecting them to switches i.e.
don’t’ have to ‘throw away’ the HUBs.
The goal of the end-to-end VLANs, is to maintain the 80/20 traffic flow rule –
80% of the traffic on the local VLAN, and 20% on a remote VLAN.
Perrine / Brierley
4/5/2016
Page 10
Chapter 8
Cisco 3 - LAN
Broadcast:
Switches (not talking about VLANs here) create ‘smaller collision’ domains,
but they do not create smaller broadcast domains. Hence use routers which
don’t propagate broadcasts.
Though by setting up the different VLANs on a switch, one can control the
broadcast messaging from one VLAN to another.
Security:
• restrict the number of users in a VLAN group
• prevent another user from joining without first receiving approval from
the VLAN network administrator
• configure all unused ports to a default low-service VLAN
• adding access list in the router
Perrine / Brierley
4/5/2016
Page 11
Chapter 8
Cisco 3 - LAN
Using Hubs with VLANs
Each hub segment that is connected to a switch port can be assigned to
only one VLAN.
All stations that share a hub segment become members of the same VLAN
group.
Perrine / Brierley
4/5/2016
Page 12
Chapter 8
Cisco 3 - LAN
VLAN Types
Port-based VLANs (static):
• nodes connected to ports in the same VLAN have same VLAN ID.
• users are assigned by port
MAC address-based VLANs (dynamic):
• VLAN Management Policy Server (VMPS)
• are ports on a switch that can automatically determine their VLAN
assignments
Protocol-based VLANs (dynamic):
• are ports on a switch that can automatically determine their VLAN
assignments
• functions are based on:
• logical addressing
• protocol type
Perrine / Brierley
4/5/2016
Page 13
Chapter 8
Cisco 3 - LAN
VLAN Frame Identification
With multiswitch VLANs, the frame headers are encapsulated or modified
to reflect a VLAN ID before the frame is sent onto the link between the
switches.
Multiple trunking methodologies include:
• IEEE 802.1q
• ISL (Inter-Switch Link Protocol)
• 802.10
• LANE (LAN Emulation)
Perrine / Brierley
4/5/2016
Page 14
Chapter 8
Cisco 3 - LAN
The most common approach for logically grouping users into distinct VLAN:
• frame filtering
• filtering table is developed. Can be based on
• MAC
• protocol
• each frame is examined
• depending on the ‘filter table’ sends the frame out the designated
port
• frame identification
• unique VLAN ID is assigned to each VLAN in the switch
• the tagged frame travels the backbone among switches
• when the frame exits the switch on non-backbone, the identifier is
removed
• this technique is chosen by IEEE (IEEE 802.1q)
• gaining as the standard trunking mechanism
• function at layer 2
Perrine / Brierley
4/5/2016
Page 15
Chapter 8
Cisco 3 - LAN
Packet with VLANID, added by the switch
¾
M a c intos h SE
Switch
VLAN2
¾
¾
M a c intos h SE
M a c intos h SE
2nd floor
Backbone
¾
M a c intos h SE
1st floor
Switch
¾
M a c intos h SE
¾
M a c intos h SE
VLAN2
VLAN1
VLAN2
VLAN3
VLANID is removed by the switch
before sending to the target host.
Perrine / Brierley
4/5/2016
Page 16
Chapter 8
Cisco 3 - LAN
Inter-Switch Link Protocol
ISL is a Cisco proprietary encapsulation protocol that interconnects multiple
switches.
FDDI 802.10
Is a Cisco proprietary method of transporting VLAN information inside the
standard IEEE 802.10 frame for Fiber Distributed Data Interface (FDDI).
Perrine / Brierley
4/5/2016
Page 17
Chapter 8
Cisco 3 - LAN
LAN Emulation (LANE)
LANE is a standard defined by the ATM Forum that gives two stations
attached via ATM the same capabilities they normally have if they are
LANs such as Ethernet or Token Ring.
The function of the LANE protocol is to emulate a LAN on top of ATM
network.
That is, the LANE protocols make an ATM network look and behave like
an Ethernet or Token Ring LAN.
Perrine / Brierley
4/5/2016
Page 18
Chapter 8
Cisco 3 - LAN
FACTS
VLAN makes up a switched network that is logically segmented by
functions, project teams or applications, without regard to the physical
location of users.
Each switch port can be assigned to a VLAN.
Ports assigned to the same VLAN share broadcasts.
So VLANs are used to create broadcast domains.
VLAN implementation methods used to assign a switch port to a VLAN:
• port-centric
• static
• dynamic
Perrine / Brierley
4/5/2016
Page 19
Chapter 8
Cisco 3 - LAN
¾
M a c intos h SE
Switch
¾
¾
M a c intos h SE
M a c intos h SE
2nd floor
¾
M a c intos h SE
1st floor
Switch
¾
M a c intos h SE
¾
Admin
Students
M a c intos h SE
Instructors
Only the devices on the same VLAN contend with collisions. Hence broadcast traffic within
one VLAN is not transmitted outside the VLAN.
Perrine / Brierley
4/5/2016
Page 20
Chapter 8
Cisco 3 - LAN
NOTE: For configuring static VLANs on Cisco 29xx switches:
• max number of VLANs is switch dependent & is limited by the number of
ports on the switch.
• VLAN1 is one of the factory-default VLANs
• VLAN1 is the default Ethernet VLAN
• Cisco Discovery Protocol (CDP) & VLAN Trunking Protocol (VTP)
advertisements are sent on VLAN1.
• same encapsulation protocol, such as 802.1q or ISL, must be configured on
all switch trunks that participate in the VLAN.
• commands for configuring VLANs vary by model number.
• the catalyst 29xx IP address is in the VLAN1 broadcast domain.
• switch must be in VTP server mode to create, add, or delete VLANs.
Perrine / Brierley
4/5/2016
Page 21
Chapter 8
Cisco 3 - LAN
¾
M a c intos h SE
¾
M a c intos h SE
¾
¾
M a c intos h SE
¾
M a c intos h SE
M a c intos h SE
¾
M a c intos h SE
¾
M a c intos h SE
¾
M a c intos h SE
For non-VLAN configuration, switches makes ‘smaller collision’ domain.
However, they do not make ‘smaller broadcast’ domains. A broadcast
messages is sent to all the devices connected to the switch.
Perrine / Brierley
4/5/2016
Page 22
Chapter 8
Cisco 3 - LAN
¾
M a c intos h SE
Non-VLAN
Switch A
¾
M a c intos h SE
¾
¾
M a c intos h SE
M a c intos h SE
Router
¾
M a c intos h SE
¾
M a c intos h SE
¾
M a c intos h SE
Switch B
Use routers to reduce the broadcast of messages. A broadcast on Switch A is
broadcast to all of its users, but is not broadcasted to Switch B (because the
router won’t send it onto Switch B!)
Perrine / Brierley
4/5/2016
Page 23
Chapter 8
Cisco 3 - LAN
PSTN
Local Office
Toll Office
Tandem
Class 5
Class 4
Class 3
Local Office
Tandem Office
Toll Office
Toll Office
Trunk
Line
Local Loop
Demarc
Perrine / Brierley
PSTN (Public Switched Telephone Network)
4/5/2016
Page 24