Virtual Lans
Download
Report
Transcript Virtual Lans
Virtual LANS
Dwight Reifsnyder
Session #: 706
1
What’s the Point? Why Bother?
“IEEE 802.1Q tagging (VLAN) is a useful
method of managing VoIP traffic in your
LAN.
Avaya recommends that you establish a
voice VLAN, set L2QVLAN to that VLAN
and provide voice traffic with priority over
other traffic.”
IP Phones LAN Admin Guide, Feb 2007
Session #: 706
EYAWTK – Session Overview
• Provide a basic understanding of VLANS
• Discuss IP phone VLAN implementation
• We might accidentally learn some other
useful information if we are not careful
Session #: 706
3
Broadway Suites
• Service Provider for downtown Boulder
office buildings, including Executive Suites
• Multiple, diverse businesses in one space
• Fortune 500 services on a small company
budget
Session #: 706
Broadway Suites
Session #: 706
What is a Virtual LAN?
• A virtual LAN, commonly known as a
VLAN, is a method of creating
independent logical networks within a
physical network.
• Virtual LANs operate at Layer 2 (the data
link layer) of the OSI model.
Wikipedia
Session #: 706
6
Background – The 7 layer burrito
OSI Model
Squishy, not
specific
VLANs are in
Layer 2
Session #: 706
What Lives at Layer 2?
• Software –
Ethernet Protocol
• End Points
• Ethernet Hubs
• Ethernet Switches
Session #: 706
L2 Hardware – Endpoints
• Phones and PCs are multi layer devices
• We will talk about them at layer 2 today
Session #: 706
L2 Hardware – Network Hub
• Network Hubs –
• broadcast traffic
• not very efficient
Session #: 706
L2 Hardware – Network Switch
• Network Switches –
• Starts like a hub
• Gradually directs traffic
to specific ports
instead of broadcast
• How do they do that?
Session #: 706
Detour - L2 MAC Addresses
• Like a VIN Number on a car
• Unique to each and every network device
00-07-E9-55-64-4D
• MAC addresses are used to identify the
sender and recipient of an ethernet packet
Session #: 706
Network Switch
• Stores MAC
addresses and
associated port
numbers in a table
• Makes network
more efficient!
Session #: 706
Evolution - Managed Switches
Have a user console that can show •
•
•
•
If a port is connected or not
Port speed (10MB, 100MB, 1000MB)
MAC address table
Calls out with alarms
• Best solution for Administrators
• Cost more $$$$$!
Session #: 706
Segregation – Sorry Dr. King..
• Sometimes we need to have departments
separated –
• HR, confidentiality
• Marketing, high bandwidth usage
• Operations
• Each department needs its own LAN
Session #: 706
Segregation – The Old Way
• Multiple Managed
Network Switches
• Costly
• Complex
Session #: 706
Segregation – The New Idea
• Multiple MAC
Address Tables
• One switch,
divided into
'Virtual LANs‘
• Great idea, how
would it work?
Session #: 706
Detour - RFCs (secret recipes)
• Request for Comments
• Internet Engineering
Task Force (IETF)
• Institute of Electrical and
Electronics Engineers
(IEEE)
Session #: 706
Some Common RFCs
802.1a,b,g,etc
Wireless Ethernet (WiFi)
854
Telnet
802.1x
Network Access Control
1719
Private Class IP numbers
821
SMTP (Simple Mail Transport Protocol)
1939
POP3 (Post Office Protocol 3)
802.3AF
Power Over Ethernet
2131
DHCP (Dynamic Host Configuration)
Session #: 706
RFC 802.1q - VLANs
• Defines how to segregate a single L2
network switch into multiple “virtual' LANs
or networks with multiple MAC tables
• One managed network $witch can now
serve multiple departments without losing
security or performance
Session #: 706
Layer 2 Switch with VLANs
• Logical evolution from
switching table
• Port based VLAN
identification – every
port belongs to a
VLAN
VLAN
VLAN
2 – 1Human
– Marketing
Resources
VLAN
–3 Operations
• Separate broadcast
domains
Session #: 706
VLANs Across Switches
Session #: 706
VLAN Tags – Don't Lose my Bag
•
•
•
•
•
DEN
CHI
NYC
ELM
SAT
Session #: 706
VLAN Tags – Ethernet Packets
• Ethernet packet fields
• Header
• Payload
• End
• VLAN tagging information
is added to the header,
making it slightly longer
Session #: 706
VLAN Trunking Across Switches
The ports which join the switches are defined as belonging
to native VLAN and a secondary VLAN. The secondary
VLAN sends ‘tagged’ packets so they can be segregated
Session #: 706
Read you loud and clear…
• VLAN compliant devices can accept tagged or
untagged packets
• Packets without tags stay in the native VLAN (port
based VLAN)
• Packets with tags go into the VLAN defined by the
tag (if that VLAN is allowed on that port)
Session #: 706
Eh? What was that?
• Non VLAN compliant
devices discard
tagged packets –
they have an invalid
header length!
Session #: 706
What Devices Read Tags?
• VLAN compliant
switches
• VLAN compliant IP
phones
• Microsoft Windows ?
X
Session #: 706
Review - Who Sends Tags?
Trunk
Devices
between
areswitches
all in Port
must
Based
send
VLANs
and receive
– no tags
tags
Session #: 706
802.1q VLAN Port Parameters
• Native VLAN (port based VLAN)
• Secondary VLANs
• Tagging
Session #: 706
IP Phone Deployment
• Avaya suggests that phones should always
be in their own VLAN
•
•
•
•
Increases security
Cuts down on broadcast traffic
Increases voice quality
Makes troubleshooting easier
Session #: 706
VLAN Deployment Options
2 VLANs, 2 Ports
2 VLANs, 1 Port!
Session #: 706
IP Phones have a Network Switch!
2 VLANs, 1 Port!
The phone contains a
VLAN compliant
3 port network switch!!
Session #: 706
Detour – Phones & DHCP & VLANs
• DHCP is an ethernet broadcast request
used by devices to get an IP number
• Broadcast packets do not cross VLANs
• Each VLAN needs its own DHCP Server
Session #: 706
Detour – Phones & DHCP & VLANs
• On bootup, the phone sends a DHCP
request in the native VLAN (port VLAN)
• The phone is notified if there is a specific
voice VLAN
• The phone sends a new DHCP request
with the correct VLAN tag
Session #: 706
Review – Who Sends Tags?
The blue VLAN is a
secondary VLAN for both
network switch ports
The green VLAN is the
native VLAN for both
network switch ports
Session #: 706
Broadway Suites, 100+ VLANs
1942 Broadway
LEGEND
SM Fiber (LX)
MM Fiber (50 micron SX)
1919 14th
(Vectra
Bank)
1300 Walnut
1877
Broadway
1800 Broadway
1801 13th
1301 Canyon
Session #: 706
37
Do You Understand VLANs?
• You don't really
understand
something unless you
can explain it to your
grandmother...
Albert Einstein
Session #: 706
38
Final Reminders
• Please remember to turn in session
evaluations
• The session number is: 706
Session #: 706
39
Thank You
Session #: 706
40