Virtual Local Area Networks In Security By Mark Reed.

Slides:



Advertisements
Similar presentations
LAN Segmentation Virtual LAN (VLAN).
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
RIP V1 W.lilakiatsakun.
Virtual LANs.
VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
VLANs Virtual LANs CIS 278.
Oct 12, 2004CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Autumn
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Sept 28, 2004CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Autumn
802.1D – Selective Multicast
1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.
Jan 01, 2008CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Winter
VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.
VLANs Semester 3, Chapter 3 Allan Johnson Website:
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter
© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs
Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
1 Lecture #6 Switch – VLAN Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok, Thailand.
Connecting LANs, (network devices) Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Chapter 4: Managing LAN Traffic
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Semester 3, v Chapter 3: Virtual LANs
VLAN Trunking Protocol (VTP)
VLAN Suman Pandey. References D. Passmore, and J. Freeman, “The Virtual LAN Technology Report”, March, 1997 IEEE.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Hubs to VLANs Cisco Networking Academy Program © Cisco Systems, Inc From Hubs to VLANs.
Chapter 8: Virtual LAN (VLAN)
VIRTUAL LANS. A station is considered part of a LAN if it physically belongs to that LAN. The criterion of membership is geographic What happens if we.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
Author: Bill Buchanan. 1. Broadcast: What is the MAC address of this network address? 2. Requested host: All the hosts read the broadcast and checks.
Chapter Overview Bridging Switching Routing.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
1 CSCD 433 Network Programming Fall 2011 Lecture 5 VLAN's.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
CCNA Guide to Cisco Networking Chapter 2: Network Devices.
Switching Topic 2 VLANs.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.
Virtual LAN (VLAN) W.lilakiatsakun. VLAN Overview (1) A VLAN allows a network administrator to create groups of logically networked devices that act as.
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Instructor & Todd Lammle Sybex CCNA Chapter 9: VLAN’s 1.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 8 – Virtual LANs Virtual LANs VLAN Concepts VLAN Configuration.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Virtual Local Area Networks (VLAN) Group 3 Shade Alabsa, Blayne Cohran, Betty Kretlow, Sayali Joshi, Siva Kalyan Chakravarthy.
© 2002, Cisco Systems, Inc. All rights reserved.
Virtual Local Area Networks or VLANs
HELLO WORLD!!! Run Project 2: WELCOME Subject: Virtual LAN’s
Virtual Local Area Networks (VLANs) Part I
Chapter 17 Connecting Devices And Virtual LANs 17.# 1
VLANs: Virtual Local Area Networks
Virtual LANs.
Net 323: NETWORK Protocols
Virtual Local Area Network
Subject Name: Computer Communication Networks Subject Code: 10EC71
Chapter 3 VLANs Chaffee County Academy
Ch 17 - Binding Protocol Addresses
Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s
Presentation transcript:

Virtual Local Area Networks In Security By Mark Reed

Topics Definition of LAN and VLAN Advantages of using VLANs When to consider using VLANs Why we use VLANs How VLANs work Types of VLANs Increase network security with VLANs

LAN - Definition Local Area Network (LAN) – is a single broadcast domain of computers and network devices that are physically located near each other. A single broadcast domain is a domain in which that if a user on the LAN sends a request that it will be received by each node on the same LAN.

VLAN - Definition Virtual Local Area Network (VLAN) – is a group of hosts with a common set of requirements that communicate as if they were attached to the broadcast domain, regardless of their physical location.

What are the advantages of a VLAN? Have the same attributes as a physical LAN Allows for workstations to be grouped together even if they are not located on the same network switch Network reconfiguration can be done through software instead of physically relocating devices

When should you consider using VLAN’s? If you have more than 200 devices on your network If your network has a lot of broadcast traffic that may be affecting network performance If groups of users need more network security because of sensitive information If groups of users need a lot of bandwidth or access to the same applications If you need to make a single switch into multiple virtual switches

Why use VLAN’s? Increase network performance Allows network administrators to form virtual workgroups for departments or divisions Simplify network administration Reduce network costs Increase network security

How Do VLAN’s Work? Explicit Tagging – When a switch receives data it tags the data with a VLAN identifier indicating the VLAN from which the data came Implicit Tagging – the VLAN from which the data came is determined based on information like the port on which the data arrived

Type Of VLAN’s Tagging can be based on the port from which it came, the source Media Access Control (MAC) field, the source network address, or some other field or combination of fields VLAN’s are classified based on the method of tagging that is used Switches hold a filtering database which stores this information

Layer 1 – Membership By Port Can be defined based on the ports that belong to the VLAN Main disadvantage of this method is that it does not allow for user mobility If a user moves to a different location, the network administrator must reconfigure the VLAN for that user

Layer 2 – Membership By Address Is based on the MAC address of the workstation or the source of the data No reconfiguration is needed if the workstation is moved since the MAC address is part of the network interface card Membership tables will not need to be change

Layer 3 – Membership By IP Subnet Address Is based on the header of the frame or data that is being sent Workstations can be moved without reconfiguring the network address Takes longer to forward Layer 3 information than it does using the MAC address

Frame Processing When a switch receives data it determines which VLAN the data belongs to either by implicit or explicit tagging The switch also keeps track of VLAN members in a filtering database which it uses to determine where the data is to be sent

Filtering Database Membership information for a VLAN is stored in a filtering database The filtering database consists of two types of entries – Static Entries and Dynamic Entries

Static Database Entries Static information is added, modified and deleted by a network administrator There are two types of static database entries 1.Static Filtering Entries – specify for every port whether frames should be forwarded or discarded 2.Static Registration Entries – specify which ports are registered for a specific VLAN

Dynamic Database Entries Dynamics entries are learned by the switch and cannot be created or updated manually Learning process observes the port from which a frame with a given source address and VLAN ID is received and updates the database accordingly The entry is updated only if the port allows learning, the source is a workstation and if there is space available in the database

Dynamic Database Entries Contd. There are three types of dynamic entries 1.Dynamic Filtering Entries – specify whether frames that are to be sent to a specific MAC and on a certain VLAN should be forwarded or discarded 2.Group Registration Entries – specify whether frames that are to be sent to a group MAC address on a certain VLAN should be forwarded or discarded 3.Dynamic Registration Entries – specify which ports are registered for a specific VLAN

VLAN’s Increase Security VLAN’s provide additional security not available in a shared network environment A switched network environment delivers frames only to the intended recipients and broadcast frames only to other members of the VLAN Allows network administrators to segment users that require access to sensitive information into separate VLAN’s from the rest of the general user community regardless of physical location Monitoring a port with a traffic analyzer will only view the traffic associated with that particular port

Summary VLAN’s allow the formation of virtual workgroups, better security, improved performance, simplified administration and reduced network costs. VLAN’s are formed by logical segmentation of a network and can be classified into Layers. Tagging and the filtering database allow a switch to determine the source and destination VLAN for received data.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.