Presentation on theme: "Semester 3, v Chapter 3: Virtual LANs"— Presentation transcript:
1 Semester 3, v. 2.1.2 Chapter 3: Virtual LANs Youngstown State University Cisco Regional AcademyCurriculum ReviewSemester 3, vChapter 3: Virtual LANs
2 DisclaimerThis presentation is intended for review purposes by Cisco Networking Academy Program teachers and students only.This presentation is not a substitute for careful study of the Cisco Academy curriculum.Most of the text and graphics have been copied directly from the on-line curriculum, and remain the copyrighted property of Cisco Systems.CCNA objectives are used for all YSU Regional authored reviews.
3 ContentsPart 1: VLANsPart 2: Segmenting with SwitchesPart 3: VLAN ImplementationPart 4:Benefits of VLANs
4 Chapter Learning Objectives You will be able to:Define the role of a switch in creating VLANs.Describe frame filtering and frame tagging.Describe beneficial reasons for implementing VLANs.Explain port centric, static, and dynamic VLANs.Explain how VLANs control broadcasts.FROM SEM # VERSION 1.1 !!Define VLANsName reasons to create VLANsDescribe the role switches play in the creation of VLANsDescribe VLAN frame filtering and VLAN frame taggingDescribe how switches can be used with hubsName the five components of VLAN implementations (Describe 5 beneficial affects of implementing a VLAN)Describe static and dynamic VLANs
6 VLAN: Overview Traditional LANs are: Configured according to Layer 1 requirements.Grouped by their location relative to the hub and cable runs to the IDF/MDF.Not segmented by workgroup association or need for bandwidth.The “structure” is controlled by the physical layout, not the logical needs.Traditional LAN segmentation does not group users according to their workgroup association or need for bandwidth
7 VLANs: OverviewA VLAN is a logical grouping of devices or users that can be grouped by:function,department,or application,Regardless of their physical segment location.Logical requirements rule over the physical layout.
8 VLANs: OverviewA group of ports or users in the same broadcast domain.Can be selected according to:Port ID numberMAC addressProtocolApplicationUse switches and proprietary software.
9 Segmenting with Switches Part 2Segmenting with Switches
10 Removing the Physical Boundary Using VLANs, you can group switch ports and their users into logically defined workgroups, such as:Coworkers in the same department.A cross-functional product team.User groups sharing the same application.Single or multiple switches can be used.
11 VLAN’s Across the Backbone To eliminate the physical restriction:VLAN information between interconnected switches and routers, must be carried and reside on the corporate backbone.For VLAN’s to work, there has to be a way for a data packet to leave one physical connection, get on the backbone wiring that connects the entire LAN and still be recognized as belonging to the dedicated VLAN. The packet has to carry an ID that says, for example, “ I belong to the Engineering Dept. VLAN,” regardless of where it started or where it is intended to end up!
12 Routers in the VLAN Still provide: But now also: Broadcast control Route processingSubnet connectivityBut now also:Connect the VLANs that are “logically” created but are not on the same “physical” location!
13 VLAN FramesSwitches make filtering and forwarding decisions by frame, using VLAN metrics.Frame filteringFrame taggingA frame is compared to the metrics and then is:sent,filtered,or broadcast.
14 Frame Filtering Each switch develops a filtering table. Each frame can be filtered according to:MAC address, orLayer 3 protocol typeIPIPX, etc.Like routers, switches share address table data across the backbone.
15 Frame TaggingPlaces a unique ID in the header of each frame as it is moves through the network backbone.ID is understood and examined by each switch prior to any broadcasts or transmissions to other switches, routers, or hosts.Functions at Layer 2; low administration!Selected by IEEE as VLAN standard.IEEE 802.1q
17 VLAN Ports and Broadcasts Each switch port can be assigned to a VLAN.Only ports assigned to the same VLAN share broadcasts.Switched VLANs can therefore segment broadcast domains like routers.
18 Types of VLANs Three types of VLAN implementation Port-centric Static Dynamic
19 Port CentricAll nodes connected to ports in the same VLAN are assigned the same VLAN ID.Users are assigned by port.Easy administration.Increased security between VLANs.Packets do not "leak" into other domains.
20 Static VLANs Switch ports are assigned to a VLAN. Any host that plugs into a port is automatically a member of that port’s VLAN gorup.Easy to configure and monitor.
21 Dynamic VLAN’s Central database server maintains the VLAN assignments. When a new host is connected to an open port, the switch checks the database for VLAN assignment.Assignment based on:MACLogical addressProtocol type.
23 Moving HostsPhysical moves are one of network managers biggest headache.Moves and additions require the least amount of reconfiguration when using VLANs.Hosts can move without changing IP or subnet membership as long as:They are connected to a VLAN switch.Retain their VLAN ID.
24 VLANs Control Broadcasts Switches not using VLANs, send broadcasts out every port just like a hub.Broadcast traffic within one VLAN is not sent outside that VLAN.The smaller the VLAN membership, the less hosts have to deal with excess broadcast traffic.
25 Improved Security A network manager can: Restrict the number of users in a VLAN groupPrevent a user from joining the VLAN without first receiving approval.Used with router ACL’s for tight control.
26 Save Money!Use existing hubs to connect many VLAN members to the same VLAN switch port.Relocating a host to a new VLAN can be as easy as plugging into a different hub.
27 SummarySwitched VLANs are a secure, layer 2, cost effective way to group users regardless of physical location.VLAN membership ID can travel the backbone.Common ID groupings are filtering, frame tagging, and frame identification.VLAN’s provideBroadcast ControlWorkgroup securityCost effective additions or moving of hosts.An Ethernet switch is designed to physically segment a LAN into individual collision domains.A typical LAN is configured according to the physical infrastructure it connects.In a LAN that uses LAN switching devices, VLAN technology is a cost-effective and efficient way of grouping network users into virtual workgroups, regardless of their physical location on the network.VLANs work at Layer 2 and Layer 3 of the OSI reference model.Important to any VLAN architecture is the ability to transport VLAN information between interconnected switches and routers that reside on the corporate backbone.The problems associated with shared LANs and switches are causing traditional LAN configurations to be replaced with switched VLAN networking configurations.The most common approaches for logically grouping users into distinct VLANs are frame filtering, frame tagging, and frame identification.There are three main types of VLANs: port-centric VLANs, static VLANs, and dynamic VLANs.VLANs provide the following benefits:They reduce administration costs related to solving problems associated with moves, additions, and changes.They provide controlled broadcast activity.They provide workgroup and network security.They save money by using existing hubs.