VLAN'S

1
VLAN'S
2
VLANs and Physical Boundaries

• A VLAN is a logical grouping of devices or users
  that can be grouped by function, department, or
  application, regardless of their physical segment
  location. VLAN configuration is done at the
  switch via software.

3
VLANs and Physical Boundaries

• In a typical LAN, users are grouped based on
  their location in relation to the hub they are
  plugged into. Traditional LAN segmentation does
  not group users according to their workgroup
  association or need for bandwidth.

4
Introduction to VLANs

• A group of ports or users in the same broadcast
  domain
• Can be based on port ID, MAC address, protocol,
  or application
• LAN switches and network management software
  provide a mechanism to create VLANs
• Frame tagged with VLAN ID

5
VLANs

• VLANs work at layer 2 and layer 3 of the OSI
  reference model.
• Communication between VLANs is provided by layer
  3 routing.
• VLANs provide a method of controlling network
  broadcasts.
• The network administrator assigns users to a
  VLAN.
• VLANs can increase network security by defining
  which network nodes can communicate with each
  other.

6
VLAN Membership

• Membership by port group
• Membership based on MAC-layer address
• Layer three based VLANs
• IP multicast groups as VLANs

7
Membership by Port Group

• Many initial VLAN implementations define VLAN
  membership by groups of switch ports (e.G., Ports
  1, 2, 3, 7, and 8 on a switch equate to VLAN A,
  while ports 4,5, and 6 equal VLAN B).
• The primary limitation of VLANs defined by port
  is that the network manager must reconfigure VLAN
  membership when a user moves from one port to
  another.

8
By MAC Address

• VLANs based on MAC addresses enable network
  managers to move a workstation to a different
  physical location on the network and have that
  workstation automatically retain its VLAN
  membership.
• One of the drawbacks of MAC-address based VLAN
  solutions is the requirement that all users must
  be initially configured to be in a VLAN(s) from
  the outset.

9
Layer Three Based VLANs

• VLANs based on layer three information take into
  account protocol type (if multiple protocols are
  supported) or network-layer address (e.G., Subnet
  address for TCP/IP networks) in determining VLAN
  membership. Although these VLANs are based on
  layer three information, this does not constitute
  a "routing" function and should not be confused
  with network-layer routing. .

10
Layer Three Based VLANs

• Even though a switch is inspecting a packet's IP
  address to determine VLAN membership, no route
  calculation is undertaken, RIP or OSPF protocols
  are not employed, and frames traversing the
  switch are usually bridged according to
  implementation of the spanning tree algorithm.

11
IP Multicast Groups As VLANs

• When an IP packet is sent via multicast, it is
  sent to an address which is a proxy for an
  explicitly defined group of IP addresses which is
  established dynamically.
• Each workstation is given the opportunity to join
  a particular IP multicast group by responding
  affirmatively to a broadcast notification which
  signals that group's existence. All workstations
  which join an IP multicast group can be seen as
  members of the same virtual LAN.

12
Switching Architectures 

• Frame filtering-in their early days, VLANs were
  filter-based and they grouped users based on a
  filtering table. This model did not scale well
  because each frame had to be referenced to a
  filtering table.
• Frame tagging-uniquely assigns a VLAN ID to each
  frame. IEEE 802.1q states that frame tagging is
  the way to implement VLANs.

13
Frame Tagging

• Frame tagging places a unique identifier in the
  header of each frame as it is forwarded
  throughout the network backbone. The identifier
  is understood and examined by each switch prior
  to any broadcasts or transmissions to other
  switches, routers, or end-station devices. When
  the frame exits the network backbone, the switch
  removes the identifier before the frame is
  transmitted to the target end station. Layer 2!

14
Port-centric VLANs

• Users are assigned by port.
• VLANs are easily administered.
• It provides increased security between VLANs.
• Packets do not "leak" into other domains.

15
Static VLANs

• Are ports on a switch that you statically assign
  to a VLAN.
• Static VLANs work well in networks in which moves
  are controlled and managed.

16
Dynamic VLANs

• Dynamic VLAN functions are based on MAC
  addresses, logical addressing, or protocol type
  of the data packets.
• In dynamic VLANs, the switch, pre-programmed with
  MAC addresses and VLAN numbers, can recognize
  when a host has switched ports and automatically
  reconfigure the port.

17
Dynamic VLANs

• The major benefits of this approach are less
  administration within the wiring closet when a
  user is added or moved and centralized
  notification when an unrecognized user is added
  to the network. Typically, more administration is
  required up front to set up the database within
  the VLAN management software and to maintain an
  accurate database of all network users.