dwight reifsnyder

40
1 Session #: 706 Dwight Reifsnyder Virtual LANS

Upload: sanjiv

Post on 10-Jan-2016

40 views

Category:

Documents


4 download

DESCRIPTION

Virtual LANS. Dwight Reifsnyder. “IEEE 802.1Q tagging (VLAN) is a useful method of managing VoIP traffic in your LAN. Avaya recommends that you establish a voice VLAN, set L2QVLAN to that VLAN and provide voice traffic with priority over other traffic.” IP Phones LAN Admin Guide, Feb 2007. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Dwight Reifsnyder

1 Session #: 706

Dwight Reifsnyder

Virtual LANS

Page 2: Dwight Reifsnyder

Session #: 706

What’s the Point? Why Bother?

“IEEE 802.1Q tagging (VLAN) is a useful method of managing VoIP traffic in your

LAN.

Avaya recommends that you establish a voice VLAN, set L2QVLAN to that VLAN and provide voice traffic with priority over

other traffic.”IP Phones LAN Admin Guide, Feb 2007

Page 3: Dwight Reifsnyder

3Session #: 706

EYAWTK – Session Overview

• Provide a basic understanding of VLANS

• Discuss IP phone VLAN implementation

• We might accidentally learn some other useful information if we are not careful

Page 4: Dwight Reifsnyder

Session #: 706

Broadway Suites

• Service Provider for downtown Boulder office buildings, including Executive Suites

• Multiple, diverse businesses in one space• Fortune 500 services on a small company

budget

Page 5: Dwight Reifsnyder

Session #: 706

Broadway Suites

Page 6: Dwight Reifsnyder

6Session #: 706

What is a Virtual LAN?

• A virtual LAN, commonly known as a VLAN, is a method of creating independent logical networks within a physical network.

• Virtual LANs operate at Layer 2 (the data link layer) of the OSI model.

Wikipedia

Page 7: Dwight Reifsnyder

Session #: 706

Background – The 7 layer burrito

OSI Model

Squishy, not specific

VLANs are in Layer 2

Page 8: Dwight Reifsnyder

Session #: 706

What Lives at Layer 2?

• Software – Ethernet Protocol

• End Points• Ethernet Hubs• Ethernet Switches

Page 9: Dwight Reifsnyder

Session #: 706

L2 Hardware – Endpoints

• Phones and PCs are multi layer devices

• We will talk about them at layer 2 today

Page 10: Dwight Reifsnyder

Session #: 706

L2 Hardware – Network Hub

• Network Hubs – • broadcast traffic• not very efficient

Page 11: Dwight Reifsnyder

Session #: 706

L2 Hardware – Network Switch

• Network Switches –• Starts like a hub• Gradually directs traffic

to specific ports instead of broadcast

• How do they do that?

Page 12: Dwight Reifsnyder

Session #: 706

Detour - L2 MAC Addresses

• Like a VIN Number on a car

• Unique to each and every network device

00-07-E9-55-64-4D

• MAC addresses are used to identify the sender and recipient of an ethernet packet

Page 13: Dwight Reifsnyder

Session #: 706

Network Switch

• Stores MAC addresses and associated port numbers in a table

• Makes network more efficient!

Page 14: Dwight Reifsnyder

Session #: 706

Evolution - Managed Switches

Have a user console that can show -• If a port is connected or not• Port speed (10MB, 100MB, 1000MB)• MAC address table• Calls out with alarms

• Best solution for Administrators• Cost more $$$$$!

Page 15: Dwight Reifsnyder

Session #: 706

Segregation – Sorry Dr. King..

• Sometimes we need to have departments separated – • HR, confidentiality• Marketing, high bandwidth usage• Operations

• Each department needs its own LAN

Page 16: Dwight Reifsnyder

Session #: 706

Segregation – The Old Way

• Multiple Managed Network Switches

• Costly • Complex

Page 17: Dwight Reifsnyder

Session #: 706

Segregation – The New Idea

• Multiple MAC Address Tables

• One switch, divided into 'Virtual LANs‘

• Great idea, how would it work?

Page 18: Dwight Reifsnyder

Session #: 706

Detour - RFCs (secret recipes)

• Request for Comments

• Internet Engineering Task Force (IETF)

• Institute of Electrical and Electronics Engineers (IEEE)

Page 19: Dwight Reifsnyder

Session #: 706

Some Common RFCs

802.1a,b,g,etc Wireless Ethernet (WiFi)

854 Telnet

802.1x Network Access Control

1719 Private Class IP numbers

821 SMTP (Simple Mail Transport Protocol)

1939 POP3 (Post Office Protocol 3)

802.3AF Power Over Ethernet

2131 DHCP (Dynamic Host Configuration)

Page 20: Dwight Reifsnyder

Session #: 706

RFC 802.1q - VLANs

• Defines how to segregate a single L2 network switch into multiple “virtual' LANs or networks with multiple MAC tables

• One managed network $witch can now serve multiple departments without losing security or performance

Page 21: Dwight Reifsnyder

Session #: 706

Layer 2 Switch with VLANs

• Logical evolution from switching table

• Port based VLAN identification – every port belongs to a VLAN

• Separate broadcast domains

VLAN 1 – OperationsVLAN 2 – Human ResourcesVLAN 3 – Marketing

Page 22: Dwight Reifsnyder

Session #: 706

VLANs Across Switches

Page 23: Dwight Reifsnyder

Session #: 706

VLAN Tags – Don't Lose my Bag

• DEN

• CHI

• NYC

• ELM

• SAT

Page 24: Dwight Reifsnyder

Session #: 706

VLAN Tags – Ethernet Packets

• Ethernet packet fields• Header• Payload • End

• VLAN tagging information is added to the header, making it slightly longer

Page 25: Dwight Reifsnyder

Session #: 706

VLAN Trunking Across Switches

The ports which join the switches are defined as belonging to native VLAN and a secondary VLAN. The

secondary VLAN sends ‘tagged’ packets so they can be segregated

Page 26: Dwight Reifsnyder

Session #: 706

Read you loud and clear…

• VLAN compliant devices can accept tagged or untagged packets

• Packets without tags stay in the native VLAN (port based VLAN)

• Packets with tags go into the VLAN defined by the tag (if that VLAN is allowed on that port)

Page 27: Dwight Reifsnyder

Session #: 706

Eh? What was that?

• Non VLAN compliant devices discard tagged packets –

they have an invalid header length!

Page 28: Dwight Reifsnyder

Session #: 706

What Devices Read Tags?

• VLAN compliant switches

• VLAN compliant IP phones

• Microsoft Windows ? X

Page 29: Dwight Reifsnyder

Session #: 706

Review - Who Sends Tags?

Devices are all in Port Based VLANs – no tagsTrunk between switches must send and receive tags

Page 30: Dwight Reifsnyder

Session #: 706

802.1q VLAN Port Parameters

• Native VLAN (port based VLAN)

• Secondary VLANs

• Tagging

Page 31: Dwight Reifsnyder

Session #: 706

IP Phone Deployment

• Avaya suggests that phones should always be in their own VLAN

• Increases security • Cuts down on broadcast traffic• Increases voice quality• Makes troubleshooting easier

Page 32: Dwight Reifsnyder

Session #: 706

VLAN Deployment Options

2 VLANs, 2 Ports

2 VLANs, 1 Port!

Page 33: Dwight Reifsnyder

Session #: 706

IP Phones have a Network Switch!

2 VLANs, 1 Port!

The phone contains aVLAN compliant

3 port network switch!!

Page 34: Dwight Reifsnyder

Session #: 706

Detour – Phones & DHCP & VLANs

• DHCP is an ethernet broadcast request used by devices to get an IP number

• Broadcast packets do not cross VLANs

• Each VLAN needs its own DHCP Server

Page 35: Dwight Reifsnyder

Session #: 706

Detour – Phones & DHCP & VLANs

• On bootup, the phone sends a DHCP request in the native VLAN (port VLAN)

• The phone is notified if there is a specific voice VLAN

• The phone sends a new DHCP request with the correct VLAN tag

Page 36: Dwight Reifsnyder

Session #: 706

Review – Who Sends Tags?

The green VLAN is the native VLAN for both network switch ports

The blue VLAN is a secondary VLAN for both network switch ports

Page 37: Dwight Reifsnyder

37Session #: 706

Broadway Suites, 100+ VLANs1942 Broadway

1877 Broadway

1800 Broadway 1301 Canyon

1300 Walnut

1919 14th

(Vectra Bank)

1801 13th

LEGENDSM Fiber (LX)MM Fiber (50 micron SX)

Page 38: Dwight Reifsnyder

38Session #: 706

Do You Understand VLANs?

• You don't really understand something unless you can explain it to your grandmother...

Albert Einstein

Page 39: Dwight Reifsnyder

39 Session #: 706

Final Reminders

• Please remember to turn in session evaluations

• The session number is: 706

Page 40: Dwight Reifsnyder

40 Session #: 706

Thank YouThank You