![Page 1: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/1.jpg)
Chapter 3 - VLANs
![Page 2: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/2.jpg)
VLANs
Logical grouping of devices or usersConfiguration done at switch via softwareNot standardized – proprietary software from vendor
![Page 3: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/3.jpg)
VLANs
Logically segment the physical LAN infrastructure into different subnets (or broadcast domains for Ethernet)
![Page 4: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/4.jpg)
Differences Between Traditional Switched LAN and VLANs
VLANs work at Layer 2 and Layer 3 of OSICommunications between VLANs is done by routersVLANs provide a method of controlling network broadcasts
Administrators assign users to VLANsVLANs increase network security – defines who can communicate with whomGroup switch ports and their connected users into logically defined workgroups
![Page 5: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/5.jpg)
![Page 6: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/6.jpg)
![Page 7: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/7.jpg)
Transport of VLANs Across the Backbone
Ability to transport VLAN information between interconnected switches and routers that reside on the backbone– Remove physical boundaries between users– Increase configuration flexibility – users move– Provide mechanism for interoperability between
backbone components
![Page 8: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/8.jpg)
VLAN transportation
Backbone commonly acts as collection point for large volumes of trafficCarries end user information and ID between switches, routers and directly attached servers
![Page 9: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/9.jpg)
Routers in the VLAN
Traditionally provide firewalls, broadcast management etc.Provide connected routes between different VLANsCost effectively integrate external routers into switching architecture by using one or more high speed backbone connection like:– Fast Ethernet, or ATM connection
• Increasing the throughput between switches and routers• Consolidating number of physical router ports required fro
communication between VLANs
![Page 10: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/10.jpg)
Frame Use in the VLAN
Switches core component of VLAN communicationEach switch makes forwarding and filtering decisions based on the frame– Based on VLAN metrics
Approaches for logically grouping users into distinct VLANs:– Frame filtering– Frame tagging (identification)
![Page 11: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/11.jpg)
Frame Filtering
![Page 12: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/12.jpg)
Frame Tagging
Uniquely assigns a VLAN ID to each frameVLAN IDs assigned by switch administratorChosen by IEEE for its scalabilityGaining recognition as the standard trunking mechanismIEEE 802.1q states that Frame Tagging is the way to implement VLANs
![Page 13: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/13.jpg)
Frame Tagging Continued
Places a unique identifier in the header of each frame as it is forwarded throughout the networkWhen the frame exits the network backbone – switch removes the identifier before the frame is transmitted to its targetFrame identification functions at Layer 2 and requires little administrative overhead
![Page 14: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/14.jpg)
Ports, VLANs and Broadcasts
VLANs make up a switched network – logically segmentedPorts assigned to the same VLAN share broadcastsThree VLAN implementation– Port-centric– Static– Dynamic
![Page 15: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/15.jpg)
Port-Centric
All nodes connected to ports in the same VLAN are assigned same VLAN ID VLAN Membership by port make administrator’s job easier and more efficient because:
• Users assigned by port• VLANs easily administered• Increased security• Packets do not LEAK into other domains
![Page 16: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/16.jpg)
Port-Centric VLANs
![Page 17: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/17.jpg)
Static VLANs
Ports on switch that is statically assigned to a VLANRequire administrator to make changesSecureEasy to configureStraightforward to monitorWorks well in which moves are controlled and managed
![Page 18: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/18.jpg)
STATIC VLANs
![Page 19: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/19.jpg)
Dynamic VLANs
Ports on switch automatically determine their VLAN assignmentsBased on MAC addresses, logical addressing or protocol type of data packetLess administration with in the wiring closet when a user moves or new one addedCentralized notification when an unrecognized user is added to the networkMore administration is required to initially set up database within the VLAN management software
![Page 20: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/20.jpg)
Dynamic VLANs
![Page 21: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/21.jpg)
VLAN Additions, Moves and Changes
Companies continually reorganizing – These moves/changes are network manager’s biggest
headaches and one of the largest expenses related to managing a network
VLANs provide effective measures for controlling changes and reducing costsUsers in a VLAN can share the same network address space i.e. IP subnetVLANs require less rewiring, configuration and debugging
![Page 22: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/22.jpg)
Movement of Users
![Page 23: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/23.jpg)
VLANs Help Control Broadcast Activity
Most effective measures is to properly segment with firewalls that help prevent problems on segment from damaging other parts of the networkFirewall segmentation provides reliability and minimizes overhead broadcast trafficNo routers between switches broadcasts (layer 2) are sent to every switched port – referred to as a FLAT network(one broadcast domain across the whole network)Flat Network– Provides low latency & high throughput– Easy to administer
![Page 24: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/24.jpg)
VLANs Controlling Broadcast Activity
FLAT Network – Disadvantages– Increases vulnerability to broadcast traffic across all switches,
ports, backbone links and usersVLANs effectively extend firewalls from routers to the switch fabric and protecting against potentially dangerous broadcast problemsCreating firewalls– Assign switch ports or users to specific VLAN groups both
within single switches and across multiple connected switches
![Page 25: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/25.jpg)
VLANs and Broadcast Activity
![Page 26: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/26.jpg)
How do VLANs Improve Network Security
Restrict number of users in a VLAN groupPrevent another user from joining without first receiving approval from the VLAN network management applicationConfigure all unused ports to a default low-service VLAN
![Page 27: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/27.jpg)
Tightening Network Security
![Page 28: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/28.jpg)
VLANS Save Money
Connect existing HUBS to switchesEach hub segment connected to a switch can be assigned only ONE VLANStations that share a hub segment are in the same VLANIf a station need to be assigned a new VLAN that station must move to the new hub with the appropriate VLAN
![Page 29: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/29.jpg)
Using Existing Hubs
![Page 30: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/30.jpg)
Summary
Switch is designed to physically segment a LAN into individual domainsLAN typically configured according to the physical infrastructure it connectsLANs that use LAN switching devices - VLAN technology is cost effective and an efficient way of grouping network users into virtual workgroups regardless of their physical placment
![Page 31: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/31.jpg)
Summary Continued
VLANs work at Layer 2 and Layer 3 of the OSIVLAN architecture must allow transportation of VLAN information between interconnected switches and routers on the corporate backboneMost common approach for logically grouping users into distinct VLANS are frame filtering, frame tagging, and frame identfication
![Page 32: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/32.jpg)
Summary Continued
Types of VLANS– Port-centric– Static– Dynamic
VLANs provide benefits– Reduce administration costs – moves, additions changes– Controlled broadcast activity– Workgroup and network security– Save money by using existing hubs
![Page 33: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/33.jpg)
QUIZ
![Page 34: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/34.jpg)
QUIZ
![Page 35: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/35.jpg)
QUIZ
![Page 36: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/36.jpg)
QUIZ
![Page 37: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/37.jpg)
QUIZ
![Page 38: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/38.jpg)
QUIZ
![Page 39: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/39.jpg)
QUIZ
![Page 40: Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor](https://reader036.vdocuments.site/reader036/viewer/2022081503/5697bf701a28abf838c7d90b/html5/thumbnails/40.jpg)
THE END!!!