Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch

    1. 1. Virtual Local Area Network (VLAN) Prepared By Ekin Koskos Evrim Küçükodacı Yahya Kaptan Gülez
    2. 2. Outline <ul><li>Introduction </li></ul><ul><li>Virtual Local Area Network Operation </li></ul><ul><li>Types of Virtual Local Area Network </li></ul><ul><li>Virtual Local Area Network Configuration </li></ul><ul><li>Troubleshooting in Virtual Local Area Network </li></ul><ul><li>Benefits of Virtual Local Area Network </li></ul>
    3. 3. Introduction <ul><li>General Description of LAN </li></ul><ul><li>C overing a small geographic area </li></ul><ul><li>Home </li></ul><ul><li>Office </li></ul><ul><li>Group of Buildings </li></ul>
    4. 4. Definition of Virtual Local Area Network <ul><li>Commonly known as VLAN </li></ul><ul><li>G roup of hosts (ports) on the switch with a common set of requirements </li></ul><ul><li>Group of hosts communicate as if they were attached to the same wire </li></ul>
    5. 5. Definition of Virtual Local Area Network <ul><li>VLAN has the same attributes as a physical LAN </li></ul><ul><li>VLAN allows grouping to the end stations, services and devices </li></ul><ul><li>End stations do not need to locate on the same LAN segment </li></ul><ul><li>Broadcast domain created by one or more switches </li></ul>
    6. 6. Difference of VLAN and LAN
    7. 7. VLAN Membership
    8. 8. Broadcast Domains <ul><li>A switch creates a broadcast domain </li></ul><ul><li>VLAN helps manage broadcast domains </li></ul><ul><li>VLANS can be defined on ports groups, users or protocols </li></ul><ul><li>LAN switches and network management software provide a mechanism to create VLANs </li></ul>
    9. 9. VLAN Operations <ul><li>VLAN has a switched network that is logically segmented </li></ul><ul><li>Each switch port can be assigned to a VLAN </li></ul><ul><li>Ports assigned to the same VLAN share broadcasts. </li></ul><ul><li>Ports that do not belong to that VLAN do not share these broadcasts </li></ul><ul><li>This improves network performance because unnecessary broadcasts are reduced </li></ul>
    10. 10. How does it work? <ul><li>B ridge receives data from a workstation, it tags the data with a VLAN identifier ( This is called explicit tagging ) </li></ul><ul><li>In implicit tagging the data is not tagged , VLAN determine t he port on which the data arrived </li></ul><ul><li>Tagging can be based on </li></ul><ul><ul><li>The port from which it came </li></ul></ul><ul><ul><li>T he source Media Access Control (MAC) field </li></ul></ul><ul><ul><li>T he source network address </li></ul></ul><ul><ul><li>Or some other field or combination of fields </li></ul></ul>
    11. 11. Frame Tag ging Methods
    12. 12. How does it work? (cont’d) <ul><li>VLANs are classified based on the method used </li></ul><ul><li>T he bridge would have to keep an updated database containing a mapping between VLANs ’ and field s used for tagging </li></ul><ul><li>To understand how VLAN's work , t here is need to look at the types of VLA N </li></ul>
    13. 13. Virtual Local Area Network Types of VLAN
    14. 14. Default VLAN <ul><li>The default VLAN for every port in the switch is the management VLAN – VLAN 1. </li></ul><ul><li>The management VLAN is always VLAN 1 and may not be deleted. </li></ul><ul><li>At least one port must be assigned to VLAN 1 in order to manage the switch. </li></ul>
    15. 15. Static VLAN Membership <ul><li>Static membership VLANs are called port-based and port- centric membership VLANs </li></ul><ul><li>Static VLANs are ports on a switch that are manually assigned to a VLAN </li></ul><ul><li>All moves are controlled and managed. </li></ul>
    16. 16. Dynamic VLAN Membership <ul><li>Dynamic membership VLANs are created through network management software </li></ul><ul><li>CiscoWorks 2000 </li></ul><ul><li>Membership is based on the MAC address of the device connected to the switch port </li></ul><ul><li>Network administrator gets all the device’s MAC addresses and put it into a database. WHY? </li></ul>
    17. 17. Types of VLAN <ul><li>Three basic VLAN memberships for determining and controlling how a packet entering a switch gets assigned to a VLAN. </li></ul>
    18. 18. Port driven VLANs <ul><li>Most common configuration method </li></ul><ul><li>User assigned by port association </li></ul><ul><li>Easily administered through GUIs </li></ul><ul><li>Maximizes security between VLANs </li></ul><ul><li>Packets do not “leak” into other domains </li></ul>
    19. 19. Port driven VLANs cont’d. <ul><li>User assigned port association ??? </li></ul><ul><li>For example, in a bridge with four ports, ports 1, 2, and 4 belong to VLAN 1 </li></ul><ul><li>and port 3 belongs to VLAN 2 </li></ul>Assignment of ports to different VLAN's. <ul><li>Disadvantage: </li></ul><ul><li>D oes not allow for user mobility </li></ul>1 4 2 3 1 2 1 1 VLAN Port
    20. 20. MAC address driven VLANs <ul><li>User assigned based on MAC addresses </li></ul><ul><li>Offers flexibility </li></ul><ul><li>For Example: Since MAC addresses form a part of the workstation's network interface card, when a workstation is moved, no reconfiguration is needed to allow the workstation to remain in the same VLAN </li></ul><ul><li>Impacts performance, scability, and administration </li></ul>
    21. 21. MAC address driven VLANs cont’d Assignment of MAC addresses to different VLAN's 1 5483579475843 2 3045834758445 2 2389234873743 1 1212354145121 VLAN MAC Address
    22. 22. MAC address driven VLANs cont’d <ul><li>Disadvantage </li></ul><ul><li>VLAN membership must be assigned initially . </li></ul><ul><li>In networks with thousands of users . Also, in environments where notebook PC's are used, the MAC address is associated with the docking station and not with the notebook PC. Consequently, when a notebook PC is moved to a different docking station, its VLAN membership must be reconfigured. </li></ul>
    23. 23. Network address driven VLANs <ul><li>The network IP subnet address can be used to classify VLAN membership </li></ul>Assignment of IP subnet addresses to different VLAN's 2 26.21.35 1 23.2.24 VLAN IP Subnet
    24. 24. Network address driven VLANs cont’d <ul><li>IP addresses are used only as a mapping to determine membership in VLAN's. </li></ul><ul><li>In Layer 3 VLAN's, users can move their workstations without reconfiguring their network addresses. The only problem is that it generally takes longer to forward packets using Layer 3 information than using MAC addresses. </li></ul>
    25. 25. Selecting VLANs <ul><li>The number of VLANs in a switch vary based on several factors </li></ul><ul><li>Traffic patterns </li></ul><ul><li>Types of applications </li></ul><ul><li>Network management needs </li></ul><ul><li>Group commonality </li></ul>
    26. 26. Selecting VLANs The IP addressing scheme is another important consideration in defining the number of VLANs in a switch. For example , a network that uses a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet.
    27. 27. Virtual Local Area Network VLAN Conf iguration
    28. 28. VLAN Conf iguration <ul><li>VLANs, </li></ul><ul><li>Allow control of broadcast, multicast, unicast,and unknown unicast within a Layer 2 device. </li></ul><ul><li>Defined in VLAN Trunking Protocol (VTP) database. </li></ul><ul><li>Assigned numbers for identification within and between swithces. </li></ul><ul><li>Have a configurable parameters. </li></ul>
    29. 29. VLAN Conf iguration <ul><li>Configuration is done through software. </li></ul><ul><li>Each VLAN must have a unique Layer 3 network or subnet address. </li></ul><ul><li>VLANs can exist either as end to end networks or inside of geographic boundaries. </li></ul>
    30. 30. End to End VLANs <ul><li>VLAN membership for users is based on department or job function </li></ul><ul><li>VLAN membership for users do not change when they relocate within the campus </li></ul><ul><li>Each VLAN has a common set of security requirements for all members </li></ul><ul><li>End to end VLANs use the 80/20 rule </li></ul><ul><li> 80% of traffic inside the VLAN and 20% travels outside </li></ul><ul><li> T his creates difficulties sharing resources if users are spread out </li></ul>
    31. 31. End to End VLANs
    32. 32. Geographical VLANs <ul><li>Geographical VLANs use 20/80 rule </li></ul><ul><ul><li>20% of traffic inside the VLAN and 80% travels outside </li></ul></ul><ul><ul><li>This means that 80 percent of the services from resources must travel through a Layer 3 device </li></ul></ul><ul><ul><li>However this provides a deterministic and consistent method to access resources </li></ul></ul>
    33. 33. Geographical VLANS
    34. 34. Traffic Rules <ul><li>A core layer router is used to route between subnets. </li></ul><ul><li>A network is engineered, based on traffic flow patterns. </li></ul><ul><li>Typically the rule has been to have 80 percent of the traffic contained within a VLAN. </li></ul><ul><li>The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN. </li></ul>
    35. 35. Configuration of a Static VLAN <ul><li>Static VLANs are ports on a switch that are manually assigned to a VLAN </li></ul><ul><li>That can be accomplished with a VLAN management application or configured directly into the switch through the CLI </li></ul>
    36. 36. Configuration of a Static VLAN <ul><li>Static VLAN works well in networks with the following specific requirements: </li></ul><ul><ul><li>All moves are controlled and managed. </li></ul></ul><ul><ul><li>There is a robust management software to configure the ports. </li></ul></ul><ul><ul><li>The additional overhead required to maintain end-station MAC addresses and custom filtering tables is not acceptable. </li></ul></ul>
    37. 37. Verification of VLAN Configuration <ul><li>The following commands can be used to verify VLAN configurations. </li></ul><ul><ul><li>show vlan </li></ul></ul><ul><ul><li>Show vlan brief </li></ul></ul><ul><ul><li>Show vlan id </li></ul></ul>
    38. 38. Verification of VLAN Configuration <ul><li>The following figure shows a list of applicable commands </li></ul>
    39. 39. Verification of VLAN Configuration <ul><li>The following figure shows the steps to assign a new VLAN to a port on the Sydney switch. </li></ul>
    40. 40. Verification of VLAN Configuration <ul><li>The following figure shows the output list of show vlan command. </li></ul>
    41. 41. Verification of VLAN Configuration <ul><li>The following figure shows the output list of show vlan brief command. </li></ul>
    42. 42. Saving VLAN Configuration <ul><li>The switch configuration settings can be backed up to TFTP server with the copy running-config tftp command. </li></ul><ul><li>The HyperTerminal text capture feature along with the commands show running-config and show vlan can be used to capture configurations settings. </li></ul>
    43. 43. Saving VLAN Configuration <ul><li>The following figure shows that capture VLAN Configuration with HyperTerminal </li></ul>
    44. 44. Deleting VLANs <ul><li>When a VLAN is deleted, all ports assigned to that VLAN become inactive. </li></ul><ul><li>The ports will remain associated with the deleted VLAN until assigned to a new VLAN . </li></ul>
    45. 45. Deleting VLANs <ul><li>The command below is used to remove a VLAN from a switch: </li></ul><ul><ul><li>Switch#vlan database </li></ul></ul><ul><ul><li>Switch(vlan)# no vlan 300 </li></ul></ul>
    46. 46. Deleting VLANs <ul><li>Steps to assign a switch port to a new VLAN </li></ul>
    47. 47. Deleting VLANs
    48. 48. Virtual Local Area Network Troubleshoot ing VLAN
    49. 49. Troubleshooting VLAN <ul><li>Switch LEDs </li></ul><ul><li>CDP </li></ul><ul><li>Check VLAN membership </li></ul><ul><li>Check trunking </li></ul><ul><li>Check spanning tree protocol </li></ul><ul><li>Bottle necks </li></ul><ul><ul><li>The old 80/20 rule, which stated that only 20 percent of network traffic went over the backbone, is obsolete. </li></ul></ul>
    50. 50. Troubleshooting VLAN <ul><li>VLAN Problem Isolation </li></ul>
    51. 51. Troubleshooting VLAN <ul><li>Problem Isolation in Catalyst Networks </li></ul>
    52. 52. Virtual Local Area Network Benefits of VLAN
    53. 53. Benefits of VLAN
    54. 54. Benefits of VLAN <ul><li>VLANs allow network administrators to organize LANs logically instead of physically. </li></ul><ul><li>Easily move workstations on the LAN </li></ul><ul><li>Easily add workstations to the LAN </li></ul><ul><li>Easily change the LAN configuration </li></ul><ul><li>Easily control network traffic </li></ul><ul><li>Improve security </li></ul>
    55. 55. Why use VLAN instead of LAN ? <ul><li>Performance </li></ul><ul><li>Formation of Virtual Workgroups </li></ul><ul><li>Simplified Administration </li></ul><ul><li>Reduces Cost </li></ul><ul><li>Security </li></ul>
    56. 56. Performance <ul><li>Network traffic consists of a high percentage of broadcasts and multicasts </li></ul><ul><li>Reduce the need to send such traffic to unnecessary destinations </li></ul><ul><li>Reduces the number of routers needed, Since VLANs create broadcast domains using switches instead of routers. </li></ul>
    57. 57. Formation of Virtual Workgroups <ul><li>I t is easier to place members of a workgroup together </li></ul><ul><li>Without VLAN's, the only way this would be possible is to physically move all the members of the workgroup closer together. </li></ul>
    58. 58. Simplified Administration <ul><li>Seventy percent of network costs are a result of adds, moves, and changes of users in the network </li></ul><ul><li>If a user is moved within a VLAN, reconfiguration of routers is unnecessary </li></ul><ul><li>Every time a user is moved in a LAN, recabling, new station addressing, and reconfiguration of hubs and routers becomes necessary. </li></ul>
    59. 59. Reduced Cost <ul><li>Eliminate the need for expensive routers </li></ul>
    60. 60. Security <ul><li>VLAN can also be used to control broadcast domains </li></ul><ul><li>Set up firewalls </li></ul><ul><li>Restrict access </li></ul><ul><li>Inform the network manager of an intrusion </li></ul>
    61. 61. References <ul><li>Cisco Networking Academy, https://cisco.netacad.net </li></ul><ul><li>Wikipedia, http://en.wikipedia.org/wiki/Virtual_LAN </li></ul><ul><li>UCDAVIS Network21, http://net21.ucdavis.edu/newvlan.htm </li></ul><ul><li>VLAN, Raj Jain, </li></ul><ul><li>http://www.cs.wustl.edu/~jain/cis788-97/ftp/virtual_lans/index.htm </li></ul><ul><li>Cisco Press http:// www.ciscopress.com/articles/article.asp?p =29803&rl=1 </li></ul>
    62. 62. Questions??? <ul><li>How the VLANs help the network administrator organize the network? </li></ul><ul><li>A 12 port switch has been configured to support three VLANs named Sales, Marketting and Finance. Each VLAN spans four ports on the switch. The network administrator has deleted the Marketting VLAN from the switch. What is the status of the ports associated with this VLAN? </li></ul><ul><li>Why network administrators use database to save MAC addresses? </li></ul>
    63. 63. Questions??? <ul><li>4.How many broadcast domain exist in the scenario presented in the graphic? </li></ul>
    64. 64. Virtual Local Area Network Thank you for Listening!