VLAN and its implementation

1,360 views
1,229 views

Published on

CONTENT
1. Acknowledgement
2. Certificate
3. Certificate of Approval
4. Problem Definition-Defining the problem.
5. Introduction
6. Network and It‘s Types
7. Actual Topic- VLAN
8. VLAN Membership
9. VTP
10. Implementation
11. Conclusion

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,360
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
88
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

VLAN and its implementation

  1. 1. VLAN AND IT’S IMPLEMENTATION Submitted in Partial fulfillment of the requirement for the award of the degree Bachelor of Computer Application By MOHIT KUMAR Under Guidance of MR. MOHD. ASAD SIDDIQUI Centre of Computer Education Institute of Professional Studies University Of Allahabad Allahabad 2013 1
  2. 2. CONTENT 1. Acknowledgement 2. Certificate 3. Certificate of Approval 4. Problem Definition-Defining the problem. 5. Introduction 6. Network and It‘s Types 7. Actual Topic- VLAN 8. VLAN Membership 9. VTP 10. Implementation 11. Conclusion 2
  3. 3. ACKNOWLEDGEMENT I would like to express my heartfelt gratitude to my project guide ‗Mr. MOHD ASAD SIDDIQUI‘ department of Computer Science, University Of Allahabad for his guidance, support and timely advice. I could not have completed this project without his encouragement and valuable suggestions. My heartfelt debt and thanks goes to my teachers Mr. AMIT KUMAR SINGH and Mr. R. K. Pandey , Centre of Computer Education, Institute of Professional Studies, University of Allahabad for their advice and encouragement during the past years. 3
  4. 4. CERTIFICATE It is certified that Mr. MOHIT KUMAR of Bachelor of Computer Application, Centre of Computer Education, Institute of Professional Studies, University of Allahabad has carried out the project work on ‗VLAN AND IT’S IMPLEMENTATION‘ under my guidance. The student has tried to understand the involved concepts. To the best of my knowledge a similar work has not been submitted at any other institution for the award of any degree or diploma. MR. MOHD. ASAD SIDDIQUI Resource Person Centre of Computer Education Institute of Professional Studies University Of Allahabad 4
  5. 5. CERITIFICATE OF APPROVAL This is to certify that the project entitled ‗VLAN AND IT’S IMPLEMENTATION‘ submitted by: MOHIT KUMAR is in the partial fulfillment of the requirement for the award of the degree of Bachelor of Computer Application awarded by the University of Allahabad, Allahabad. Internal Examiner External Examiner Course Coordinator Centre of Computer Education Institute of Professional Studies University Of Allahabad 5
  6. 6. PROBLEM DEFINITION A station is considered part of a LAN if it physically belongs to that LAN. The criterion of membership is geographic. What happens if we need a virtual connection between two stations belonging to two different physical LANs? We can roughly define a virtual local area network (VLAN) as a local area network configured by software, not by physical wiring using VTP(VLAN Trunk Protocol). NOW THE QUESTION OCCURES WHAT IS :  NETWORK  TYPES OF NETWORK  LAN (LOCAL AREA NETWORK)  WAN(WIDE AREA NETWORK)  VLAN  WORKING OF VLAN  CREATION OF VLAN In this project, you‘re going to learn, in detail, exactly what a VLAN is and how VLAN is created and how VLAN memberships are used in a switched network. Also, I‘m going to tell you all about how VLAN Trunk Protocol (VTP) is used with VLAN information and how trunking is used to send information from all VLANs across a single link. 6
  7. 7. Introduction Network: A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams. A computer network can also be defined as: A computer network or data network is a telecommunications network that allows computers to exchange data. In computer networks, networked computing devices pass data to each other along data connections. TYPES OF NETWORK:  LAN- Local Area Network  WLAN - Wireless Local Area Network  WAN- Wide Area Network  MAN- Metropolitan Area Network  VLAN-VIRTUAL LAN 7
  8. 8. LAN (LOCAL AREA NETWORK): A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. A local area network (LAN) is a group of computers and associated devices that share a common communications line or wireless link. Typically, connected devices share the resources of a single processor or server within a small geographic area. The Figure shows a switch connecting three LANs. 8
  9. 9. WLAN(WIRELESS LAN): A LAN based on Wi-Fi wireless network technology. It inherits all the properties of lan istead of it is not hard wired connected. A Wireless Local Area Network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDMradio), and usually providing a connection through an access point to the wider Internet. This gives users the ability to move around within a local coverage area and still be connected to the network. Most modern WLANs are based on IEEE standards, marketed under the Wi-Fi brand name. Wireless LANs have become popular in the home due to ease of installation, and in commercial complexes offering wireless access to their customers; often for free. 9
  10. 10. The figure shows a Wi-Fi range. WAN(WIDE AREA NETWORK): As the term implies, a WAN spans a large physical distance. The Internet is the largest WAN, spanning the Earth. A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. A WAN differs from a LAN in several important ways. Most WANs (like the Internet) are not owned by any one organization but rather exist under collective or distributed ownership and management. WANs tend to use technology like ATM, Frame Relay connectivity over the longer distances. 10
  11. 11. MAN (Metropolitan Area Network): A network spanning a physical area larger than a LAN but smaller than a WAN, such as a city. A MAN is typically owned an operated by a single entity such as a government body or large corporation. A Metropolitan Area Network (MAN) is a computer network in which two or more computers or communicating devices or networks which are geographically separated but in same metropolitan city and are connected to each other are said to be connected on MAN. Metropolitan limits are determined by local municipal corporations; the larger the city, the bigger the MAN, the smaller a metro city, smaller the MAN. 11
  12. 12. The problem here starts to become evident as we populate the network with more switches and workstations. Since most workstations tend to be loaded with the Windows operating system, this will result in unavoidable broadcasts being sent occasionally on the network wire - something we certainly want to avoid. Another major concern is security. In the above network, all users are able to see all devices. In a much larger network containing critical file servers, databases and other confidential information, this would mean that everyone would have network access to these servers and naturally, they would be more susceptible to an attack. To effectively protect such systems from your network you would need to restrict access at the network level by segmenting the existing network or simply placing a firewall in front of each critical system, but the cost and complexity will surely make most administrators think twice about it. . WHAT IS VLAN? Welcome to the wonderful world of VLANs! All the above problems, and a lot more, can be forgotten with the creation of VLANs...well, to some extent at least. A virtual local area network (VLAN) is a logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. Higher-end switches allow the functionality and implementation of VLANs. The purpose of implementing a VLAN is to improve the performance of a network or apply appropriate security features. Short for virtual LAN, A network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration. In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets 12
  13. 13. can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN or VLAN. Computer networks can be segmented into local area networks (LAN) and wide area networks (WAN). Network devices such as switches, hubs, bridges, workstations and servers connected to each other in the same network at a specific location are generally known as LANs. A LAN is also considered a broadcast domain. A VLAN allows several networks to work virtually as a LAN. One of the most beneficial elements of a VLAN is that it removes latency in the network, which saves network resources and increases network efficiency. In addition, VLANs are created to provide segmentation and assist in issues like security, network management and scalability. Furthermore, traffic patterns can easily be controlled by using VLANs. The original information will need to be resent after waiting for the collision to be resolved, thereby incurring a significant wastage of time and resources. To prevent collisions from traveling through all the workstations in the network, a bridge or a switch can be used. These devices will not forward collisions, but will allow broadcasts and multicasts to pass through. A router may be used to prevent broadcasts and multicasts from traveling through the network. The workstations, hubs, and repeaters together form a LAN segment. A LAN segment is also known as a collision domain since collisions remain within the segment. The area within which broadcasts and multicasts are confined is called a broadcast domain or LAN. To define broadcast and collision domains in a LAN depends on how the workstations, hubs, switches, and routers are physically connected together by LAN that is located in the same area. 13
  14. 14. 14
  15. 15. The figure shows a switch using VLAN software. 15
  16. 16. NEED OF VLAN(VIRTUAL LAN): These are few reasons why we should use VLANs – 1. To create more flexible designs that group users by department, or by groups that work together instead of by physical location. 2. To segment devices into smaller LANs (Broadcast Domains) to reduce overhead caused to each host in the LAN. 3. To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch. 4. To ensure better security by keeping hosts that work with sensitive data on a separate VLAN. 5. To separate traffic sent by a IP phone from traffic sent by PCs connected to the phones. 6. A proper VLAN design can ensure that only devices that have that VLAN defined on it will receive and forward packets intended as source or destination of the network flow. 7. VLAN's can be used to create broadcast domains which eliminate the need for expensive routers. 8. We can break apart our network as needed without having to go and move cables around; if we used different switches for each group then we would have many more switches and much more cabling in place to support them. 9. VLANs allow QoS measures to be taken on devices normally fighting for shared bandwidth. 16
  17. 17. TYPES OF VLAN  STATIC VLAN  DYNAMIC VLAN STATIC VLAN: Creating static VLANs is the most common way to create a VLAN, and one of the reasons for that is because static VLANs are the most secure. This security stems from the fact that any switch port you‘ve assigned a VLAN association to will always maintain it unless you change the port assignment manually. Static VLAN configuration is pretty easy to set up and supervise, and it works really well in a networking environment where any user movement within the network needs to be controlled. It can be helpful to use network management software to configure the ports, but you don‘t have to use it if you don‘t want to. DYNAMIC VLAN: A dynamic VLAN determines a node‘s VLAN assignment automatically. Using intelligent management software, you can enable hardware (Media Access Control [MAC]) addresses, protocols, or even applications to create dynamic VLANs; it‘s up to you. For example, suppose MAC addresses have been entered into a centralized VLAN management application. If a node is then attached to an unassigned switch port, the VLAN management database can look up the hardware address and assign and configure the switch port to the correct VLAN. This is very cool—it makes management and configuration easier because if a user moves, the switch will assign them to the correct VLAN automatically. 17
  18. 18. Other VLAN classification criteria Up until now, we have been thinking just of port-based VLANs. However, there are other ways of defining VLAN membership. In this section, we will consider two examples of these other types of VLAN:  Protocol-based VLANs  Subnet-based VLANs Protocol-based VLANs With this method, different protocol types are assigned to different VLANs. For example, IP defines one VLAN; IPX defines another VLAN, Netbeui yet another VLAN, etc. Subnet-based VLANs With this method, the VLAN membership is defined by the subnet to which a workstation's IP address belongs. 18
  19. 19. Advantages of VLAN There are several advantages to using VLANs. Performance In networks where traffic consists of a high percentage of broadcasts and multicasts, VLAN's can reduce the need to send such traffic to unnecessary destinations. Example: In a broadcast domain consisting of 10 users, if the broadcast traffic is intended only for 5 of the users, then placing those 5 users on a separate VLAN can reduce traffic. Compared to switches, routers require more processing of incoming traffic. As the volume of traffic passing through the routers increases, so does the latency in the routers, which results in reduced performance. The use of VLAN's reduces the number of routers needed, since VLAN's create broadcast domains using switches instead of routers . Simplified Administration 70% network costs are a result of adds, moves, and changes of users in the network. Every time a user is moved in a LAN, new station addressing, and reconfiguration of hubs and routers becomes necessary. Some of these tasks can be simplified with the use of VLAN's. If a user is moved within a VLAN, reconfiguration of routers is unnecessary. In addition, depending on the type of VLAN, other administrative work can be reduced or eliminated. VLAN's is a tool that created which can allow network managers to drag and drop users into different VLAN's or to set up aliases. Cost and Time Reduction VLANs can reduce the migration cost of stations going from one group to another. Physical reconfiguration takes time and is costly. Instead of physically moving one station to another segment or even to another switch, it is much easier and quicker to move it by using software. 19
  20. 20. Broadcast Control Broadcasts are required for the normal function of a network. Many protocols and applications depend on broadcast communication to function properly. A layer 2 switched network is in a single broadcast domain and the broadcasts can reach the network segments which are so far where a particular broadcast has no scope and consume available network bandwidth. A layer 3 device (typically a Router) is used to segment a broadcast domain. Creating Virtual Work Groups VLANs can be used to create virtual work groups. For example, in a campus environment, professors working on the same project can send broadcast messages to one another without the necessity of belonging to the same department. This can reduce traffic if the multicasting capability of IP was previously used. Security VLANs provide an extra measure of security. People belonging to the same group can send broadcast messages with the guaranteed assurance that users in other groups will not receive these messages. Physical Layer Transparency VLANs are transparent on the physical topology and medium over which the network is connected. 20
  21. 21. How VLANs work When a LAN bridge receives data from a workstation, it tags the data with a VLAN identifier indicating the VLAN from which the data came. This is called explicit tagging. It is also possible to determine to which VLAN the data received belongs using implicit tagging. In implicit tagging the data is not tagged, but the VLAN from which the data came is determined based on other information like the port on which the data arrived. Tagging can be based on the port from which it came, the source Media Access Control (MAC) field, the source network address, or some other field or combination of fields. VLAN's are classified based on the method used. To be able to do the tagging of data using any of the methods, the bridge would have to keep an updated database containing a mapping between VLAN's and whichever field is used for tagging. Example: If tagging is by port, the database should indicate which ports belong to which VLAN. This database is called a filtering database. Bridges would have to be able to maintain this database and also to make sure that all the bridges on the LAN have the same information in each of their databases. The bridge determines where the data is to go next based on normal LAN operations. Once the bridge determines where the data is to go, it now needs to determine whether the VLAN identifier should be added to the data and sent. If the data is to go to a device that knows about VLAN implementation (VLAN-aware), the VLAN identifier is added to the data. If it is to go to a device that has no knowledge of VLAN implementation (VLAN-unaware), the bridge sends the data without the VLAN identifier. In order to understand how VLAN's work, we need to look at the types of VLAN's, the types of connections between devices on VLAN's, the filtering database which is used to send traffic to the correct VLAN, and tagging, a process used to identify the VLAN originating the data. 21
  22. 22. Types of Connections Devices on a VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware. VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats. 1) Trunk Link All the devices connected to a trunk link, including workstations, must be VLAN-aware. All frames on a trunk link must have a special header attached. These special frames are called tagged frames. Trunk link between two VLAN-aware bridges. 22
  23. 23. 2) Access Link An access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. All frames on access links must be implicitly tagged (untagged). The VLAN-unaware device can be a LAN segment with VLAN-unaware workstations or it can be a number of LAN segments containing VLAN-unaware devices. Access link between a VLAN-aware bridge and a VLAN-unaware device. 23
  24. 24. 3) Hybrid Link This is a combination of the previous two links. This is a link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have both tagged and untagged frames, but all the frames for a specific VLAN must be either tagged or untagged. Hybrid link containing both VLAN-aware and VLAN-unaware devices. It must also be noted that the network can have a combination of all three types of links. 24
  25. 25. Here’s a short list of ways VLANs simplify network management:  Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN.  A group of users that need an unusually high level of security can be put into its own VLAN so that users outside of the VLAN can‘t communicate with them.  As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations.  VLANs greatly enhance network security.  VLANs increase the number of broadcast domains while decreasing their size. 25
  26. 26. Identifying VLANs Know that switch ports are layer 2–only interfaces that are associated with a physical port. A switch port can belong to only one VLAN if it is an access port or all VLANs if it is a trunk port. You can manually configure a port as an access or trunk port, or you can let the Dynamic Trunking Protocol (DTP) operate on a perport basis to set the switchport mode. DTP does this by negotiating with the port on the other end of the link. Switches are definitely pretty busy devices. As frames are switched throughout the network, they‘ve got to be able to keep track of all the different types plus understand what to do with them depending on the hardware address. And remember—frames are handled differently according to the type of link they‘re traversing. There are two different types of links in a switched environment: Access ports An access port belongs to and carries the traffic of only one VLAN. Traffic is both received and sent in native formats with no VLAN tagging whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port. So, what do you think will happen if an access port receives a tagged packet, like IEEE 802.1Q tagged? Right— that packet would simply be dropped. But why? Well, because an access port doesn‘t look at the source address, so tagged traffic can be forwarded and received only on trunk ports. Trunk Ports An access link, this can be referred to as the configured VLAN of the port. Any device attached to an access link is unaware of a VLAN membership— the device just assumes it‘s part of the same broadcast domain, but it doesn‘t have the big picture, so it doesn‘t understand the physical network topology at all. Inter-Switch Link (ISL) Inter-Switch Link (ISL) is a way of explicitly tagging VLAN information onto an Ethernet frame. This tagging information allows VLANs to be multiplexed over a trunk link through an external encapsulation method (ISL), which allows the switch to identify the VLAN membership of a frame over the trunked link. 26
  27. 27. Membership What characteristic can be used to group stations in a VLAN? Vendors use different characteristics such as port numbers, MAC addresses, IP addresses, IP multicast addresses, or a combination of two or more of these. Port Numbers Some VLAN vendors use switch port numbers as a membership characteristic. For example, the administrator can define that stations connecting to ports 1, 2, 3, and 7 belong to VLAN 1; stations connecting to ports 4, 10, and 12 belong to VLAN 2; and so on. MAC Addresses Some VLAN vendors use the 48-bit MAC address as a membership characteristic. For example, the administrator can stipulate that stations having MAC addresses E21342A12334 and F2A123BCD341belong to VLAN 1. IP Addresses Some VLAN vendors use the 32-bit IP address (see Chapter 19) as a membership characteristic. For example, the administrator can stipulate that stations having IP addresses 181.34.23.67, 181.34.23.72, 181.34.23.98, and 181.34.23.112 belong to VLAN 1. Multicast IP Addresses Some VLAN vendors use the multicast IP address (see Chapter 19) as a membership characteristic. Multicasting at the IP layer is now translated to multicasting at the data link layer. Combination Recently, the software available from some vendors allows all these characteristics to be combined. The administrator can choose one or more characteristics when installing the software. In addition, the software can be reconfigured to change the settings. 27
  28. 28. Configuration How are the stations grouped into different VLANs? Stations are configured in one of three ways: Manual, Semi-Automatic, and Automatic. Manual Configuration: In a manual configuration, the network administrator uses the VLAN software to manually assign the stations into different VLANs at setup. Later migration from one VLAN to another is also done manually. Note that this is not a physical configuration; it is a logical configuration. The term manually here means that the administrator types the port numbers, the IP addresses, or other characteristics, using the VLAN software. Automatic Configuration: In an automatic configuration, the stations are automatically connected or disconnected from a VLAN using criteria defined by the administrator. For example, the administrator can define the project number as the criterion for being a member of a group. When a user changes the project, he or she automatically migrates to a new VLAN. Semiautomatic Configuration: A semiautomatic configuration is somewhere between a manual configuration and an automatic configuration. Usually, the initializing is done manually, with migrations done automatically. 28
  29. 29. USE OF SWITCHES Generally, In implementation of VLAN one have to use Switches,because it provides better network services than hubs & also provides the following advantages:  Broadcast Control-Since switches have become more affordable lately, a lot of companies are replacing their flat hub networks with pure switched network and VLAN environments. All devices within a VLAN are members of the same broadcast domain and receive all broadcasts. By default, these broadcasts are filtered from all ports on a switch that aren‘t members of the same VLAN  Security- A flat internetwork‘s security used to be tackled by connecting hubs and switches together with routers. So it was basically the router‘s job to maintain security.  Flexibility- Layer 2 switches only read frames for filtering—they don‘t look at the Network layer protocol. And by default, switches forward all broadcasts. But if you create and implement VLANs, you‘re essentially creating smaller broadcast domains at layer 2.  Scalability- Another advantage is that when a VLAN gets too big, you can create more VLANs to keep the broadcasts from consuming too much bandwidth—the fewer users in a VLAN, the fewer users affected by broadcasts. 29
  30. 30. Communication Between Switches In a multiswitched backbone, each switch must know not only which station belongs to which VLAN, but also the membership of stations connected to other switches. For example, in Figure 15.17, switch A must know the membership status of stations connected to switch B, and switch B must know the same about switch A. Three methods have been devised for this purpose: table maintenance, frame tagging, and time-division multiplexing. Table Maintenance In this method, when a station sends a broadcast frame to its group members, the switch creates an entry in a table and records station membership. The switches send their tables to one another periodically for updating. Frame Tagging In this method, when a frame is traveling between switches, an extra header is added to the MAC frame to define the destination VLAN. The frame tag is used by the receiving switches to determine the VLANs to be receiving the broadcast message. Time-Division Multiplexing (TDM) In this method, the connection (trunk) between switches is divided into timeshared channels (see TDM in Chapter 6). For example, if the total number of VLANs in a backbone is five, each trunk is divided into five channels. The traffic destined for VLAN 1 travels in channell, the traffic destined for VLAN 2 travels in channel 2, and so on. The receiving switch determines the destination VLAN by checking the channel from which the frame arrived. 30
  31. 31. Two switches in a backbone using VLAN software. 31
  32. 32. VLAN TRUNKING PROTOCOL(VTP) Cisco created this one too. The basic goals of VLAN Trunking Protocol (VTP) are to manage all configured VLANs across a switched internetwork and to maintain consistency throughout that network VTP allows you to add, delete, and rename VLANs—information that is then propagated to all other switches in the VTP domain. Here‘s a list of some of the cool features VTP has to offer:  Consistent VLAN configuration across all switches in the network.  VLAN trunking over mixed networks, such as Ethernet to ATM LANE or even FDDI.  Accurate tracking and monitoring of VLANs  Dynamic reporting of added VLANs to all switches in the VTP domain.  Plug and Play VLAN adding 32
  33. 33. Very nice, but before you can get VTP to manage your VLANs across the network, you have to create a VTP server. All servers that need to share VLAN information must use the same domain name, and a switch can be in only one domain at a time. So basically, this means that a switch can only share VTP domain information with other switches if they‘re configured into the same VTP domain. You can use a VTP domain if you have more than one switch connected in a network, but if you‘ve got all your switches in only one VLAN, you just don‘t need to use VTP. Do keep in mind that VTP information is sent between switches only via a trunk port. 33
  34. 34. ROUTING BETWEEN VLAN Hosts in a VLAN live in their own broadcast domain and can communicate freely. VLANs create network partitioning and traffic separation at layer 2 of the OSI, and as I said when I told you why we still need routers, if you want hosts or any other IP-addressable device to communicate between VLANs, you just have to have a layer 3 device—period. For this, you can use a router that has an interface for each VLAN or a router that supports ISL or 802.1Q routing. The least expensive router that supports ISL or 802.1Q routing is the 2600 series router. (You‘d have to buy that from a usedequipment reseller, because they are end of life, or EOL.) The 1600, 1700, and 2500 series don‘t support ISL or 802.1Q routing. I‘d recommend at least a 2800 as a bare minimum, and that only supports 802.1Q—Cisco is really moving away from ISL, so you probably should only be using 802.1Q anyway. (Some IOSs on the 2800 may support both ISL and 802.1Q—I just have never seen it supported.) The figure shows a routers with individual VLAN association. 34
  35. 35. Implementing VLANs Port-based VLANs In the previous section, we simply stated that the network is split up into sets of virtual LANs. It is one thing to say this; it is quite another thing to understand how this is actually achieved. Fundamentally, the act of creating a VLAN on a switch involves defining a set of ports, and defining the criteria for VLAN membership for workstations connected to those ports. With port-based VLANs, the ports of a switch are simply assigned to VLANs, with no extra criteria. All devices connected to a given port automatically become members of the VLAN to which that port was assigned. Distributing a single VLAN across multiple switches The ABOVE FIGURE shows an example of a VLAN based network. It shows some of VLAN A connected to one switch, and some more of VLAN A connected to another switch. You may be asking ―Are these both part of the same VLAN A, or separate VLANs that all happen to be called VLAN A?‖ The answer is that they are all parts of the same VLAN—there is a single VLAN A that is Spread across two switches. How is this achieved? How does one switch know that when it receives a broadcast packet that it associates to VLAN A that it must also forward that broadcast to other switches? This can be done in a number of different ways, and in the early days of VLANs, just about every one of these ways was tried. Some vendors had their switches use a proprietary protocol to inform each other of their VLAN tables; some vendors used time-divided multiplexing in which different timeslots were allocated to different VLANs; other vendors used frame tagging. In the end, frame tagging became the accepted standard. As we will see, in most respects this is a simple and elegant solution. However, it initially had one big downside: it required a fundamental change to format of the Ethernet header. This split the world‘s Ethernet devices into those that recognized tagged headers and those that did not recognize tagged headers. In other words, a lot of Ethernet equipment was rendered obsolete. 35
  36. 36. The key benefits of implementing VLANs includes:  Allow network administrators to apply additional security to network communication.  Make expansion and relocation of a network or a network device easier.  Provide flexibility because administrators are able to configure in a centralized environment while the devices might be located in different geographical locations.  Decrease the latency and traffic load on the network and the network devices, offering increased performance 36
  37. 37. Conclusion In computer networking, virtual local area network, virtual LAN or VLAN is a concept of partitioning a physical network, so that distinct broadcast domains are created. This is usually achieved on switch or router devices. The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. To understand this problem, we need to look briefly at how LANs have developed over the years. Initially LANs were very flat—all the workstations were connected to a single piece of coaxial cable, or to sets of chained hubs. In a flat LAN, every packet that any device puts onto the wire gets sent to every other device on the LAN. 37

×