Virtual Local Area Network VLAN

1
Virtual Local Area Network (VLAN)

• Prepared By
• Ekin Koskos
• Evrim Küçükodaci
• Yahya Kaptan Gülez

2
Outline

• Introduction
• Virtual Local Area Network Operation
• Types of Virtual Local Area Network
• Virtual Local Area Network Configuration
• Troubleshooting in Virtual Local Area Network
• Benefits of Virtual Local Area Network

3
Introduction

• General Description of LAN
• Covering a small geographic area
• Home
• Office
• Group of Buildings

4
Definition of Virtual Local Area Network

• Commonly known as VLAN
• Group of hosts(ports) on the switch with a common
  set of requirements
• Group of hosts communicate as if they were
  attached to the same wire

5
Definition of Virtual Local Area Network

• VLAN has the same attributes as a physical LAN
• VLAN allows grouping to the end stations,
  services and devices
• End stations do not need to locate on the same
  LAN segment
• Broadcast domain created by one or more switches

6
Difference of VLAN and LAN
7
VLAN Membership
8
Broadcast Domains

• A switch creates a broadcast domain
• VLAN helps manage broadcast domains
• VLANS can be defined on ports groups, users or
  protocols
• LAN switches and network management software
  provide a mechanism to create VLANs

9
VLAN Operations

• VLAN has a switched network that is logically
  segmented
• Each switch port can be assigned to a VLAN
• Ports assigned to the same VLAN share broadcasts.
• Ports that do not belong to that VLAN do not
  share these broadcasts
• This improves network performance because
  unnecessary broadcasts are reduced

10
How does it work?

• Bridge receives data from a workstation, it tags
  the data with a VLAN identifier (This is called
  explicit tagging)
• In implicit tagging the data is not tagged, VLAN
  determine the port on which the data arrived
• Tagging can be based on
• The port from which it came
• The source Media Access Control (MAC) field
• The source network address
• Or some other field or combination of fields

11
Frame Tagging Methods
12
How does it work? (contd)

• VLANs are classified based on the method used
• The bridge would have to keep an updated database
  containing a mapping between VLANs and fields
  used for tagging
• To understand how VLAN's work, there is need to
  look at the types of VLAN

13
Virtual Local Area Network

• Types of VLAN

14
Default VLAN

• The default VLAN for every port in the switch is
  the management VLAN VLAN 1.
• The management VLAN is always VLAN 1 and may not
  be deleted.
• At least one port must be assigned to VLAN 1 in
  order to manage the switch.

15
Static VLAN Membership

• Static membership VLANs are called port-based and
  port- centric membership VLANs
• Static VLANs are ports on a switch that are
  manually assigned to a VLAN
• All moves are controlled and managed.

16
Dynamic VLAN Membership

• Dynamic membership VLANs are created through
  network management software
• CiscoWorks 2000
• Membership is based on the MAC address of the
  device connected to the switch port
• Network administrator gets all the devices MAC
  addresses and put it into a database. WHY?

17
Types of VLAN

• Three basic VLAN memberships for determining and
  controlling how a packet entering a switch gets
  assigned to a VLAN.

18
Port driven VLANs

• Most common configuration method
• User assigned by port association
• Easily administered through GUIs
• Maximizes security between VLANs
• Packets do not leak into other domains

19
Port driven VLANs contd.

• User assigned port association ???
• For example, in a bridge with four ports, ports
  1, 2, and 4 belong to VLAN 1
• and port 3 belongs to VLAN 2

• Disadvantage
• Does not allow for user mobility

Assignment of ports to different VLAN's.
20
MAC address driven VLANs

• User assigned based on MAC addresses
• Offers flexibility
• For ExampleSince MAC addresses form a part of
  the workstation's network interface card, when a
  workstation is moved, no reconfiguration is
  needed to allow the workstation to remain in the
  same VLAN
• Impacts performance, scability, and administration

21
MAC address driven VLANs contd
Assignment of MAC addresses to different VLAN's
22
MAC address driven VLANs contd

• Disadvantage
• VLAN membership must be assigned initially.
• In networks with thousands of users. Also, in
  environments where notebook PC's are used, the
  MAC address is associated with the docking
  station and not with the notebook PC.
  Consequently, when a notebook PC is moved to a
  different docking station, its VLAN membership
  must be reconfigured.

23
Network address driven VLANs

• The network IP subnet address can be used to
  classify VLAN membership

Assignment of IP subnet addresses to different
VLAN's
24
Network address driven VLANs contd

• IP addresses are used only as a mapping to
  determine membership in VLAN's.
• In Layer 3 VLAN's, users can move their
  workstations without reconfiguring their network
  addresses. The only problem is that it generally
  takes longer to forward packets using Layer 3
  information than using MAC addresses.

25
Selecting VLANs

• The number of VLANs in a switch vary based on
  several factors

• Traffic patterns
• Types of applications
• Network management needs
• Group commonality

26
Selecting VLANs
The IP addressing scheme is another important
consideration in defining the number of VLANs in
a switch.
For example, a network that uses a 24-bit mask to
define a subnet has a total of 254 host addresses
allowed on one subnet.
27
Virtual Local Area Network

• VLAN Configuration

28
VLAN Configuration

• VLANs,
• Allow control of broadcast, multicast,
  unicast,and unknown unicast within a Layer 2
  device.
• Defined in VLAN Trunking Protocol (VTP) database.
• Assigned numbers for identification within and
  between swithces.
• Have a configurable parameters.

29
VLAN Configuration

• Configuration is done through software.
• Each VLAN must have a unique Layer 3 network or
  subnet address.
• VLANs can exist either as end to end networks or
  inside of geographic boundaries.

30
End to End VLANs

• VLAN membership for users is based on department
  or job function
• VLAN membership for users do not change when they
  relocate within the campus
• Each VLAN has a common set of security
  requirements for all members
• End to end VLANs use the 80/20 rule
• 80 of traffic inside the VLAN and 20 travels
  outside
• This creates difficulties sharing resources if
  users are spread out

31
End to End VLANs
32
Geographical VLANs

• Geographical VLANs use 20/80 rule
• 20 of traffic inside the VLAN and 80 travels
  outside
• This means that 80 percent of the services from
  resources must travel through a Layer 3 device
• However this provides a deterministic and
  consistent method to access resources

33
Geographical VLANS
34
Traffic Rules

• A core layer router is used to route between
  subnets.
• A network is engineered, based on traffic flow
  patterns.
• Typically the rule has been to have 80 percent of
  the traffic contained within a VLAN.
• The remaining 20 percent crosses the router to
  the enterprise servers and to the Internet and
  WAN.

35
Configuration of a Static VLAN

• Static VLANs are ports on a switch that are
  manually assigned to a VLAN
• That can be accomplished with a VLAN management
  application or configured directly into the
  switch through the CLI

36
Configuration of a Static VLAN

• Static VLAN works well in networks with the
  following specific requirements
• All moves are controlled and managed.
• There is a robust management software to
  configure the ports.
• The additional overhead required to maintain
  end-station MAC addresses and custom filtering
  tables is not acceptable.

37
Verification of VLAN Configuration

• The following commands can be used to verify VLAN
  configurations.
• show vlan
• Show vlan brief
• Show vlan id

38
Verification of VLAN Configuration

• The following figure shows a list of applicable
  commands

39
Verification of VLAN Configuration

• The following figure shows the steps to assign a
  new VLAN to a port on the Sydney switch.

40
Verification of VLAN Configuration

• The following figure shows the output list of
  show vlan command.

41
Verification of VLAN Configuration

• The following figure shows the output list of
  show vlan brief command.

42
Saving VLAN Configuration

• The switch configuration settings can be backed
  up to TFTP server with the copy running-config
  tftp command.
• The HyperTerminal text capture feature along with
  the commands show running-config and show vlan
  can be used to capture configurations settings.

43
Saving VLAN Configuration

• The following figure shows that capture VLAN
  Configuration with HyperTerminal

44
Deleting VLANs

• When a VLAN is deleted, all ports assigned to
  that VLAN become inactive.
• The ports will remain associated with the deleted
  VLAN until assigned to a new VLAN.

45
Deleting VLANs

• The command below is used to remove a VLAN from a
  switch
• Switchvlan database
• Switch(vlan)no vlan 300

46
Deleting VLANs

• Steps to assign a switch port to a new VLAN

47
Deleting VLANs
48
Virtual Local Area Network

• Troubleshooting VLAN

49
Troubleshooting VLAN

• Switch LEDs
• CDP
• Check VLAN membership
• Check trunking
• Check spanning tree protocol
• Bottle necks
• The old 80/20 rule, which stated that only 20
  percent of network traffic went over the
  backbone, is obsolete.

50
Troubleshooting VLAN

• VLAN Problem Isolation

51
Troubleshooting VLAN

• Problem Isolation in Catalyst Networks

52
Virtual Local Area Network

• Benefits of VLAN

53
Benefits of VLAN
54
Benefits of VLAN

• VLANs allow network administrators to organize
  LANs logically instead of physically.
• Easily move workstations on the LAN
• Easily add workstations to the LAN
• Easily change the LAN configuration
• Easily control network traffic
• Improve security

55
Why use VLAN instead of LAN ?

• Performance
• Formation of Virtual Workgroups
• Simplified Administration
• Reduces Cost
• Security

56
Performance

• Network traffic consists of a high percentage of
  broadcasts and multicasts
• Reduce the need to send such traffic to
  unnecessary destinations
• Reduces the number of routers needed, Since VLANs
  create broadcast domains using switches instead
  of routers.

57
Formation of Virtual Workgroups

• It is easier to place members of a workgroup
  together
• Without VLAN's, the only way this would be
  possible is to physically move all the members of
  the workgroup closer together.

58
Simplified Administration

• Seventy percent of network costs are a result of
  adds, moves, and changes of users in the network
• If a user is moved within a VLAN, reconfiguration
  of routers is unnecessary
• Every time a user is moved in a LAN, recabling,
  new station addressing, and reconfiguration of
  hubs and routers becomes necessary.

59
Reduced Cost

• Eliminate the need for expensive routers

60
Security

• VLAN can also be used to control broadcast
  domains
• Set up firewalls
• Restrict access
• Inform the network manager of an intrusion

61
References

• Cisco Networking Academy, https//cisco.netacad.ne
  t
• Wikipedia, http//en.wikipedia.org/wiki/Virtual_LA
  N
• UCDAVIS Network21, http//net21.ucdavis.edu/newvla
  n.htm
• VLAN, Raj Jain,
• http//www.cs.wustl.edu/jain/cis788-97/ftp/virtu
  al_lans/index.htm
• Cisco Press http//www.ciscopress.com/articles/art
  icle.asp?p29803rl1

62
Questions???

• How the VLANs help the network administrator
  organize the network?
• A 12 port switch has been configured to support
  three VLANs named Sales, Marketting and Finance.
  Each VLAN spans four ports on the switch. The
  network administrator has deleted the Marketting
  VLAN from the switch. What is the status of the
  ports associated with this VLAN?
• Why network administrators use database to save
  MAC addresses?

63
Questions???

• 4.How many broadcast domain exist in the scenario
  presented in the graphic?

64
Virtual Local Area Network

• Thank you for Listening!