2 Network SegmentationSegmenting is the process of separating certain portions of network traffic, either forPerformance,Security,ReliabilityLogical or geographical organisationDevices used for network segmentationSwitchRouter
3 Segmenting using Routers We have seen the use of routers forSegmenting local networksDividing an enterprise network into different departmentsLimitations :All devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.What if users on a network are connected to different switches?
4 SwitchesSwitches are data link layer devices that enable multiple physical LAN segments to be interconnected into a single larger networkswitches forward and flood traffic based on MAC addresses. MAC addresses are mapped to switch portsBecause switching is performed in hardware instead of in software, however, it is significantly faster.
5 Segmentation using switches LAN switching employs micro-segmentation within switch hardware, which segments the LANSwitches usually allows multiple conversations (traffic between two ports) to occur simultaneously.
6 Limitation with switches Switches do not break up broadcast domains, meaning that if a device sends a broadcast, all devices connected to that switch must listen.Remind: To break up broadcast domains, we've traditionally used routersVirtual LANs are a way to break up broadcast domains in a Layer 2 switched networks
7 VLANsVLANs logically segment switched networks based on an organization's functions, project teams, or applications as opposed to a physical or geographical basis.
8 VLAN VLAN is a broadcast domain Grouped based on logical function, department or application20% to 40% of work force moves every yearRecabling / readdressing and reconfigurationTraffic can be switched between VLANS with a router
10 When should you need a VLAN? You have more than 200 devices on your LANYou have a lot of broadcast traffic on your LANGroups of users need more security or are being slowed down by too many broadcasts?Groups of users need to be on the same broadcast domain because they are running the same applications..
12 Static VLANs Assign ports to VLAN 2 Enter the following commands to add ports 0/7 to 0/9 to VLAN 2:Switch_B#configure terminalSwitch_B# Vlan 2 name SalesSwitch_B(config)#interface fastethernet 0/7Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 2Assign ports on VLAN 3Switch_B#configure terminalSwitch_B# vlan 3 name AdminSwitch_B(config)#interface fastethernet 0/10Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 3
13 Configure VLANs on the Switches in a Converged Network Topology Graphic
14 Role of Trunking VLANs in a Converged Network How to communicate between hosts on a VLAN spread over different switches?Trunk ports are created between switches to enable inter-switch communicationBasic Ethernet frame is modified to include VLAN ID to which it belongsFrames are encapsulatedISL (inter switch link) - Cisco proprietary802.1Q – IEEE standardUse graphic
15 Test VLAN configuration Ping users on different VLANsPing should not workPing users on same VLANPing should work