Presentation on theme: "LAN Segmentation Virtual LAN (VLAN). Network Segmentation Segmenting is the process of separating certain portions of network traffic, either for ◦ Performance,"— Presentation transcript:
LAN Segmentation Virtual LAN (VLAN)
Network Segmentation Segmenting is the process of separating certain portions of network traffic, either for ◦ Performance, ◦ Security, ◦ Reliability ◦ Logical or geographical organisation Devices used for network segmentation ◦ Switch ◦ Router
Segmenting using Routers We have seen the use of routers for ◦ Segmenting local networks Dividing an enterprise network into different departments Limitations : All devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router. What if users on a network are connected to different switches?
Switches Switches are data link layer devices that enable multiple physical LAN segments to be interconnected into a single larger network switches forward and flood traffic based on MAC addresses. ◦ MAC addresses are mapped to switch ports Because switching is performed in hardware instead of in software, however, it is significantly faster.
LAN switching employs micro-segmentation within switch hardware, which segments the LAN Switches usually allows multiple conversations (traffic between two ports) to occur simultaneously. Segmentation using switches
Limitation with switches Switches do not break up broadcast domains, meaning that if a device sends a broadcast, all devices connected to that switch must listen. Remind: To break up broadcast domains, we've traditionally used routers Virtual LANs are a way to break up broadcast domains in a Layer 2 switched networks
VLANs VLANs logically segment switched networks based on an organization's functions, project teams, or applications as opposed to a physical or geographical basis.
VLAN VLAN is a broadcast domain Grouped based on logical function, department or application 20% to 40% of work force moves every year ◦ Recabling / readdressing and reconfiguration Traffic can be switched between VLANS with a router 8
LAN VS. VLAN 9
When should you need a VLAN? You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same applications..
Static VLANs Assign ports to VLAN 2 Enter the following commands to add ports 0/7 to 0/9 to VLAN 2: Switch_B#configure terminal Switch_B# Vlan 2 name Sales Switch_B(config)#interface fastethernet 0/7 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 2 Assign ports on VLAN 3 Switch_B#configure terminal Switch_B# vlan 3 name Admin Switch_B(config)#interface fastethernet 0/10 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 3
Configure VLANs on the Switches in a Converged Network Topology
Role of Trunking VLANs in a Converged Network How to communicate between hosts on a VLAN spread over different switches? Trunk ports are created between switches to enable inter-switch communication Basic Ethernet frame is modified to include VLAN ID to which it belongs Frames are encapsulated ISL (inter switch link) - Cisco proprietary 802.1Q – IEEE standard
Test VLAN configuration Ping users on different VLANs ◦ Ping should not work Ping users on same VLAN ◦ Ping should work