VLANs Virtual LANs CIS 278
VLAN Definition Per Webopedia: Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.
VLAN Definition Broadcast domains are typically constrained to a set of interconnected switches or bridges. A router defines the end of a broadcast domain. VLANs provide multiple broadcast domains within what would otherwise be a single broadcast domain.
VLAN Definition Continued VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
VLAN Overview A LAN traditionally is made up of workstations all connected to the same wire. That puts them all in the same collision domain.
VLAN Overview
VLAN Overview The same network can be built using a hub instead of backbone cable.
VLAN Overview
VLAN Overview If network traffic becomes too great and the number of collisions impacts network performance, we can often improve performance by adding a switch
VLAN Overview
VLAN Overview Each workstation is on a collision domain of two devices; the workstation and the single port of the switch. Access to servers is enhanced by increasing the port speed on the Server ports
VLAN Overview
VLAN Overview All ports on the switch are part of the same broadcast domain. What do we do when broadcasts are starting to impact network performance? Segment.
VLAN Overview
VLAN Overview Notice that we insert a router to provide connectivity between the two broadcast domains, while providing the added security routers can bring and isolation from broadcasts on the other segment.
VLAN Overview Networks continued to grow until the number of routers required for a network became cumbersome, often requiring more than one router per switch. Hardware use became inefficient.
VLAN Overview
VLAN Overview Moving a user to another part of the same floor would sometimes mean moving them into a new broadcast domain, which wasn’t always desirable. To address this need, multiple broadcast domains had to be available in the same wiring closet.
VLAN Overview There was a desire to define a method of providing separate broadcast domains within a single closet, and even within a single switch, so switch ports could be used more efficiently. VLANs were born VLANs are broadcast domains that are not defined by physical location
VLANs Network architects had conflicting ideas about how they wanted to separate their user broadcast domains. By protocol By name By services By IP address By MAC address
VLANs Furthermore, network architects wanted to be able to make broadcast domain changes without having to add hardware or move hardware around. That is, they wanted to make such changes through configuration modifications rather than hardware replacement.
VLANs In addition to that, they wanted to make sure someone couldn’t just plug into an unused port and start sniffing the broadcasts to gather information surreptitiously.
Static VLANs Static VLANs are assigned by port. Each port is assigned to a VLAN, so whichever workstation shows up in that port becomes part of the VLAN VLANs are assigned on a port basis and the broadcast domains span switches
Static VLANs Communication between two adjacent workstations in the same switch but on different VLANs involves router.
Dynamic VLANs Dynamic VLANs assume that the network administrator builds a database of all MAC addresses, then assigns those addresses to logical VLANs. Once built, the workstations can be plugged into any port on any switch at any time and it will find its way to the proper VLAN
Dynamic VLANs
VLANs Trunk connections between the switches and routers carry traffic for all included VLANs. The traffic from multiple broadcast domains can quickly cause bottlenecks if the network is not carefully designed
VLANs Tagging VLANs are identified by special tags attached to each frame. IEEE 802.1Q specifies how these tags are formatted Devices that don’t understand VLANs will consider these frames improperly formatted
VLANs Access Link Access links are where the end station connects to the switch. VLAN information is not included on these links. Trunk links carry the VLAN information.
VLANs Tagging ISL (Inter-Switch Link) is the Cisco proprietary method of tagging, designed before 802.1Q was standardized. I mention it for historical reasons, as Cisco no longer makes hardware that supports ISL.
VLANs VTP Modes VLAN Trunk Protocol is designed to carry VLAN information across internetworks. It requires a central VTP server. Switches are commonly the servers.
VLANs Trunk Protocol VTP servers can make changes to the VTP domain VTP clients send and receive VTP updates, but they can’t make changes Transparent switches pass VTP updates but they don’t participate in the protocol.
VLANs Trunk Protocol VTP Pruning is a method of removing traffic from a link if there is nothing at the end of that link that requires the VLAN information. This increases security and reduces traffic.
VLANs Advantages VLANs can be logically subnetted Adds, moves and changes are handled through configuration rather than physical moves VLANs can provide greater security by isolating broadcasts Users can be assigned logically rather than being imposed by their physical location. Broadcast domains can be assigned by reasonable size rather than by physical port limitations.
VLANs Disadvantages VLANs may take considerably more configuration Broadcast domains aren’t always obvious Troubleshooting problems becomes more difficult The network becomes more complex Trunk traffic can be hard to predict and difficult to monitor