Module 8: Virtual LANs

1
Module 8Virtual LANs

• CCNA 3 Version 3.1

2
Introduction to VLANs

• A VLAN (Virtual Local Area Network) is a logical
  grouping of devices or users
• devices or users can be grouped by
• Function
• Department
• Application
• Devices on a VLAN are restricted to only
  communicating with devices that are on their own
  VLAN
• Routers provide connectivity between different
  VLAN segments
• Just as routers provide connectivity between
  different LAN segments

3
Benefits of VLANs

• VLANs increase overall network performance by
  logically grouping users and resources together
• VLANs are used to ensure that a particular set
  of users are logically grouped regardless of the
  physical location.
• VLANs can enhance scalability, security, and
  network management
• Routers in VLAN topologies provide broadcast
  filtering, security, and traffic flow management
• VLANs simplify tasks when additions, moves, and
  changes to a network are necessary

4
Traditional LAN Segmentation vs.VLAN Segmentation
A VLAN is a group of network services not
restricted to a physical segment or LAN switch.
5
Introduction to VLANs
6
Intro to VLANs contd

• Physically connecting or moving cables and
  equipment is unnecessary when configuring VLANs.
• Configuration or reconfiguration of VLANs is done
  through software.

7
Communication within VLANs

• VLANs logically segment the network into
  different broadcast domains
• packets are only switched between ports that are
  designated for the same VLAN
• A workstation in a VLAN group is restricted to
  communicating with file servers or other
  workstations in the same VLAN group.
• VLANs consist of hosts or networking equipment
  connected by a single bridging domain.
• The bridging domain is supported on different
  networking equipment
• LAN switches operate bridging protocols with a
  separate bridge group for each VLAN.

8
A Network without VLANs
Uses one router and three switches
Three separate broadcast domains
9
A Network with VLANs
Uses one router and one switch
Still three separate broadcast domains
10
Frame Forwarding in VLANs

• Implementing VLANs on a switch causes the
  following to occur
• The switch maintains a separate bridging table
  for each VLAN
• If the frame comes in on a port in VLAN 1, the
  switch searches the bridging table for VLAN 1.
• When the frame is received, the switch adds the
  source address to the bridging table if it is
  currently unknown.
• The destination is checked so a forwarding
  decision can be made.
• For learning and forwarding the search is made
  against the address table for that VLAN only.

11
VLAN Configuration

• Static vs. Dynamic VLAN configuration

12
Static VLANs

• Static membership VLANs are called port-based and
  port-centric membership VLANs
• As a device enters the network, it automatically
  assumes the VLAN membership of the port to which
  it is attached

13
More on Dynamic VLANs

• Dynamic membership VLANs are created through
  network management software
• CiscoWorks 2000 or CiscoWorks for Switched
  Internetworks
• Dynamic VLANs allow for membership based on the
  MAC address of the device connected to the switch
  port
• As a device enters the network, it queries a
  database within the switch for a VLAN membership

14
Port-based (Port-centric)VLAN Membership

• In port-based or port-centric VLAN membership,
  the port is assigned to a specific VLAN
  membership independent of the user or system
  attached to the port
• all users of the same port must be in the same
  VLAN
• A single user, or multiple users, can be attached
  to a port and never realize that a VLAN exists
• This approach is easy to manage because no
  complex lookup tables are required for VLAN
  segmentation

15
Dynamic VLANs
16
Benefits of VLANs

• Key benefit of VLANs is the ability to organize a
  LAN logically, allowing administrators to
• Easily move workstations on the LAN
• Easily add workstations to the LAN
• Easily change the LAN configuration
• Easily control network traffic
• Improve security

17
Establishing VLAN Membership

• There are three basic VLAN memberships for
  determining and controlling how a packet gets
  assigned
• Port-based VLANs
• MAC address based VLANs
• Protocol based VLANs
• The frame headers are encapsulated or modified to
  reflect a VLAN ID before the frame is sent over
  the link between switches.
• Before forwarding to the destination device, the
  frame header is changed back to the original
  format.

18
VLAN Types
19
Identifying Frames through Frame Tagging

• Frame Tagging (frame identification) uniquely
  assigns a user-defined ID to each frame
• There are two major methods of frame tagging
• Inter-Switch Link (ISL) (frame is lengthened)
• 802.1Q (header is modified)
• ISL used to be the most common, but is now being
  replaced by 802.1Q frame tagging
• A unique identifier is placed in the header of
  the frame
• The ID is removed when frame exits the backbone

20
VLAN Configuration

• VLANs can exist either as end-to-end networks or
  they can exist inside of geographic boundaries
• An end-to-end VLAN network comprises the
  following characteristics
• Users are grouped into VLANs independent of
  physical location, but dependent on group or job
  function.
• All users in a VLAN should have the same 80/20
  traffic flow patterns (80 percent of the traffic
  is contained within the VLAN and 20 percent of
  the traffic crosses the router to the enterprise
  servers, Internet, or WAN)
• As a user moves around the campus, VLAN
  membership for that user should not change.
• Each VLAN has a common set of security
  requirements for all members.

21
End-to-End VLANs
22
Geographic VLANs
Today, users are required to use many different
resources, many of which are no longer in their
VLAN
Because of this shift in placement and usage of
resources, VLANs are now more frequently being
created around geographic boundaries rather than
commonality boundaries (resulting in a 20/80
traffic pattern)
23
Static VLAN Configuration

• The following guidelines must be followed when
  configuring VLANs on Cisco 29xx switches
• The maximum number of VLANs is switch dependent.
• VLAN 1 is one of the factory-default VLANs.
• VLAN 1 is the default Ethernet VLAN.
• Cisco Discovery Protocol (CDP) and VLAN Trunking
  Protocol (VTP) advertisements are sent on VLAN 1.
  
• The Catalyst 29xx IP address is in the VLAN 1
  broadcast domain by default.
• The switch must be in VTP server mode to create,
  add, or delete VLANs.

24
Static VLAN Configuration

• Steps to create the VLAN (A VLAN name may also
  be configured)
• Switchvlan databaseSwitch(vlan)vlan
  vlan_numberSwitch(vlan)exit
• Upon exiting, the VLAN is applied to the switch.
  The next step is to assign the VLAN to one or
  more interfaces
• Switch(config)interface fastethernet
  0/9Switch(config-if)switchport access vlan
  vlan_number

25
Static VLAN Configuration

• Verify VLAN configuration by using the show vlan,
  show vlan brief, or show vlan id id_number
  commands.
• Note
• A created VLAN remains unused until it is mapped
  to switch ports.
• All Ethernet ports are on VLAN 1 by default.

26
Adding and Deleting VLANs

• Commands to assign and new VLAN to a switch port

• Commands to delete a VLAN

Note When a VLAN is deleted any ports assigned
to that VLAN become inactive. The ports will,
however, remain associated with the deleted VLAN
until assigned to a new VLAN.
27
VLAN Troubleshooting
Well cover Trunking later in Mod 9
28
VLAN Troubleshooting Show Commands

• show vlan
• displays the VLAN information on the switch
• The display shows  the VLAN ID, name, status, and
  assigned ports.
• show vlan (keyword options and keyword)
• displays information about that VLAN on the
  router
• The show vlan command followed by the VLAN number
  displays specific information about that VLAN on
  the router
• Output from the command includes the VLAN ID,
  router subinterface, and protocol information.
• show spanning-tree
• displays the spanning-tree topology known to the
  router

29
VLAN Troubleshooting

• The Spanning-Tree Protocol (STP) is considered
  one of the most important Layer 2 protocols on
  the Catalyst switches
• By preventing logical loops in a bridged network,
  STP allows Layer 2 redundancy without generating
  broadcast storms.
• Minimize spanning-tree problems by actively
  developing a baseline study of the network

30
VLAN Troubleshooting

• Well cover more troubleshooting techniques next
  class when we discuss Module 9 VLAN Trunking

31
Module 8Virtual LANs

• CCNA 3 Version 3.1

THE END