Chapter 3 VLANs Chaffee County Academy Semester 3, version 2.1.3 Chapter 3 VLANs Chaffee County Academy
3.1.1 VLANs A VLAN is a logical grouping of devices or users that can be grouped by function, department, or application, regardless of their physical segment location. VLAN configuration is done at the switch via software.
3.2.1 Segmentation with Switching Architectures LANs are increasingly being divided into workgroups connected via common backbones to form VLAN topologies. VLANs logically segment the physical LAN infrastructure into different subnets (or broadcast domains for Ethernet). Broadcast frames are switched only between ports within the same VLAN. VLANs create broadcast domains.
3.2.3 The Transport of VLANs Across Backbones Important to any VLAN architecture is the ability to transport VLAN information between interconnected switches and routers that reside on the corporate backbone. Within the backbone, high-bandwidth, high-capacity links are typically chosen to carry the traffic throughout the enterprise.
3.2.4 The Role of Routers in VLANs The traditional role of a router is to provide firewalls, broadcast management and route processing and distribution. While VLAN switches take on some of these tasks, routers still remain vital in VLAN architectures because they provide connected routes between different VLANs. Routers provide communication between VLANs.
3.2.5 How Frames are Used in VLANs VLANs use frames to make filtering and forwarding decisions. The most common approaches for logically grouping users into distinct VLANs are frame filtering and frame identification (frame tagging). Both of these techniques look at the frame when it is either received or forwarded by the switch.
Frame Filtering Frame filtering examines particular information about each frame. A filtering table is developed for each switch; this provides a high level of administrative control because it can examine many attributes of each frame.
Frame Tagging Frame tagging uniquely assigns a VLAN ID to each frame. This technique was chosen by the Institute of Electrical and Electronic Engineers (IEEE) standards group because of its scalability. IEEE 802.1q states that frame tagging is the way to implement VLANs.
Frame Tagging Frame tagging places a unique identifier in the header of each frame as it is forwarded throughout the network backbone. Frame identification functions at Layer 2.
3.3 VLAN Implementation A VLAN makes up a switched network that is logically segmented by functions, project teams, or applications, without regard to the physical location of users. Three VLAN implementation methods can be used to assign a switch port to a VLAN. They are: port-centric static dynamic
3.3.2 Port Centric In port-centric VLANs, all the nodes connected to ports in the same VLAN (same switched port) are assigned to the same VLAN ID.
3.3.3 Static VLANs Static VLANs are ports on a switch that are statically assigned to a VLAN. Although static VLANs require the administrator to make changes, they are secure, easy to configure, and straightforward to monitor. Static VLANs work well in networks in which moves are controlled and managed.
3.3.4 Dynamic VLANs Dynamic VLANs are ports on a switch that are automatically assigned to a VLAN. Dynamic VLAN functions are based on MAC addresses, logical addressing, or protocol type of the data packets.
3.3.4 Dynamic VLANs The major benefits of this approach are less administration within the wiring closet when a user is added or moved and centralized notification when an unrecognized user is added to the network. Typically, more administration is required up front to set up the database within the VLAN management software and to maintain an accurate database of all network users.
3.4.1 Making Additions, Moves and Changes Easier Moves, additions, and changes are one of a network manager's biggest headaches and one of the largest expenses related to managing the network. VLANs provide an effective mechanism for controlling these changes and reducing much of the cost associated with hub and router reconfigurations.
3.4.1 Making Additions, Moves and Changes Easier A location change can be as simple as plugging a user into a port on a VLAN-capable switch and configuring the port on the switch to that VLAN. Users may be reassigned to different VLANs using the switch software.
3.4.2 How VLANs Control Broadcasts Broadcast traffic occurs in every network. New multimedia applications are being developed that are broadcast and multicast intensive. You need to take preventive measures to ensure against broadcast-related problems.
3.4.2 How VLANs Control Broadcasts One of the most effective preventive measure is to properly segment the network with protective firewalls. Thus, although one segment may have excessive broadcast conditions, the rest of the network is protected with a firewall commonly provided by a router.
3.4.2 How VLANs Control Broadcasts The router reduces or eliminates broadcast related problems with firewalls. VLANs are an effective mechanism for extending firewalls from the routers to the switch fabric and protecting the network against potentially dangerous broadcast problems.
3.4.2 How VLANs Control Broadcasts The smaller the VLAN group, the smaller the number of users affected by broadcast traffic activity within the VLAN group. VLANs along with routers, establish broadcast domains.
3.4.3 How VLANs Improve Security Confidential data requires security through access restriction. One problem of shared LANs is that they are relatively easy to penetrate. One cost-effective and easy administrative technique to increase security is to segment the network into multiple broadcast groups.
3.4.3 How VLANs Improve Security Multiple broadcast groups allow the network manager to: Restrict the number of users in a VLAN group Prevent another user from joining without first receiving approval from the VLAN network management application Configure all unused ports to a default low-service VLAN
3.4.3 How VLANs Improve Security Restricted applications and resources are commonly placed in a secured VLAN group. On the secured VLAN, the switch restricts access into the group. Restrictions can be placed based on station addresses, application types, or protocol types. One benefit of using VLANs is tighter network security.
3.4.4 How VLANs can Save $$$$ Network managers save money by connecting existing hubs to switches. Each hub segment connected to a switch port can be assigned to only one VLAN. Stations that share a hub segment are all assigned to the same VLAN group.
The End Good luck on your Chapter 3 online exam!