VLANs: Virtual Local Area Networks

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Advertisements

VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Virtual LANs CIS 278.
Oct 12, 2004CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Autumn
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
Sept 28, 2004CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Autumn
VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter
© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
IEEE 802.1q - VLANs Nick Poorman.
Instructor & Todd Lammle
Sybex CCNA Chapter 11: VLAN’s Instructor & Todd Lammle.
VLAN Trunking Protocol
CN2668 Routers and Switches (V2) Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Building Cisco Multilayer Switched Networks (BCMSN)
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Chapter 8: Virtual LAN (VLAN)
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
© 2002, Cisco Systems, Inc. All rights reserved..
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
W&L Page 1 CCNA CCNA Training 2.7 Configure and verify trunking on Cisco switches Jose Luis Flores / Amel Walkinshaw Aug, 2015.
Switching Topic 2 VLANs.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.
Virtual LAN (VLAN) W.lilakiatsakun. VLAN Overview (1) A VLAN allows a network administrator to create groups of logically networked devices that act as.
Virtual Local Area Networks (VLANs) Part II
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Virtual Local Area Networks In Security By Mark Reed.
Introduction to Computer Networks Virtual Bridged LANs (IEEE 802.1Q) All rights reserved. No part of this publication and file may be reproduced, stored.
CCNA Practice Exam Questions
Switching and VLANs.
Chapter 11 VLANs and Inter-VLAN Routing
© 2002, Cisco Systems, Inc. All rights reserved.
Virtual Local Area Networks or VLANs
Instructor & Todd Lammle
Switching and VLANs.
Spanning Tree Protocol
Instructor Materials Chapter 6: VLANs
Virtual Local Area Networks (VLANs) Part I
Lecture#10: LAN Redundancy
Virtual LANs.
Spanning Tree Protocol
Virtual Local Area Network
Spanning Tree Protocol
Routing and Switching Essentials v6.0
CCNA Routing and Switching Routing and Switching Essentials v6.0
Switching and VLANs.
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
VLAN Theory and Implementation
Switching and VLANs.
Presentation transcript:

VLANs: Virtual Local Area Networks VLANs meet the need to have separated LANs However, LANs are not physically separated A virtual LAN (VLAN) is an emulation of a standard LAN A VLAN is a set of LAN stations that belong to an administrative group Group membership is based on configuration parameters rather than on physical location of a station A VLAN is essentially a broadcast domain Two physically separated networks Two virtual LANs implemented in a single switch

VLANs: Virtual Local Area Networks (cont.) A VLAN can span multiple switches (see the figure below) Trunk Two VLANs spanning two switches Switches normally define VLANs in terms of which ports are in each VLAN (Port-based VLANs) When sending a frame to another switch, the switches need a way to identify the VLAN to which the frame belongs A VLAN tag, that contains a VLAN identifier (VLAN ID), is added to the frame header The link between the two switches is called a trunk

VLANs: Virtual Local Area Networks (cont.) Typically, the stations in a VLAN are also in the same IP network; stations in different VLANs are in different IP networks L2 switches forward frames between stations in the same VLAN; they cannot forward frames between different VLANs Members of different VLANs must communicate with each other at Layer 3 (a router/L3 switch has to be used). Motivations for using VLANs To group users by groups that work together, instead of by physical location To enforce better security Conflict of jurisdiction Sensitive devices can be kept on a separate VLANs To separate specialized traffic from mainstream traffic - for example, putting IP telephones on a separate VLAN from that connecting user PCs To reduce overhead by limiting the size of each broadcast domain

Port configuration Access port Trunk port It transmits and receives untagged frames It can have only one VLAN configured on the interface It can carry traffic for only one VLAN Trunk port It transmits and receives tagged frames A trunk port can have more VLANs configured on the interface It can carry traffic for several VLANs simultaneously Switch A ACCESS (untagged) TRUNK Switch B Switch C Switch D (tagged)

Passing VLAN traffic: trunks versus single links

VLAN configuration SW-Prova#show vlan brief VLAN Name Status Ports ---- -------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29, Fa0/30, Fa0/31, Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/36, Fa0/37, Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47, Fa0/48, Gi0/1, Gi0/2

VLAN configuration (cont.) SW-Prova#vlan database Switch(vlan)#vlan 2 name Amministrazione VLAN 2 added: Name: Amministrazione Switch(vlan)#vlan 3 name Vendite VLAN 3 added: Name: Vendite Switch(vlan)#vlan 4 name prova-1 VLAN 4 added: Name: prova-1 Switch(vlan)#vlan 5 name prova-2 VLAN 5 added: Name: prova-2 Switch(vlan)#vlan 6 name prova-3 VLAN 6 added: Name: prova-3 Switch(vlan)#vlan 100 name Produzione VLAN 100 added: Name: Produzione SW-Prova(vlan)#exit APPLY completed. Exiting.... SW-Prova#

Association of ports to VLANs SW-Prova(config)#int fastEthernet 0/12 SW-Prova(config-if)#switchport access vlan 100 Switch(config-if)#exit ……. SW-Prova(config)#int fastEthernet 0/16 SW-Prova(config-if)#switchport access vlan 2 SW-Prova(config-if)#exit …….. SW-Prova(config)#int fastEthernet 0/20 SW-Prova(config-if)#switchport access vlan 3 SW-Prova(config)#int fastEthernet 0/24 SW-Prova(config-if)#switchport access vlan 4 SW-Prova(config)#int fastEthernet 0/28 SW-Prova(config-if)#switchport access vlan 5 SW-Prova(config)#int fastEthernet 0/32 SW-Prova(config-if)#switchport access vlan 6

Association of ports to VLANs (cont.) SW-Prova#show vlan brief VLAN Name Status Ports ---- -------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/36, Fa0/37, Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47, Fa0/48, Gi0/1, Gi0/2 2 Amministrazione active Fa0/16, Fa0/17, Fa0/18, Fa0/19 3 Vendite active Fa0/20, Fa0/21, Fa0/22, Fa0/23 4 prova-1 active Fa0/24, Fa0/25, Fa0/26, Fa0/27 5 prova-2 active Fa0/28, Fa0/29, Fa0/30, Fa0/31 6 prova-3 active Fa0/32, Fa0/33, Fa0/34, Fa0/35 100 Produzione active Fa0/12, Fa0/13, Fa0/14, Fa0/15

Definition of trunk ports SW-A SW-Prova SW-B TRUNK TRUNK TRUNK TRUNK (tagged) (tagged) GigabitEthernet 0/1 GigabitEthernet 0/2 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 5 VLAN 6 ACCESS (untagged) ACCESS (untagged) ACCESS (untagged) SW-Prova(config)#interface GigabitEthernet 0/1 SW-Prova(config-if)#switchport mode trunk SW-Prova(config-if)#switchport trunk allowed vlan add 1,2,5,6 SW-Prova(config-if)#exit SW-Prova(config)#interface GigabitEthernet 0/2 SW-Prova(config-if)#switchport trunk allowed vlan all

IEEE 802.1Q-2005: port association Port-based VLANs Low flexibility Network managers take control of users SW-A SW-Prova SW-B TRUNK TRUNK TRUNK TRUNK (tagged) (tagged) VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 5 VLAN 6

IEEE 802.1Q: tag format Tag format for Ethernet V 2.0 and IEEE 802.3 frames 6 Destination Address 3 1 PCP DEI 81-00 801.Q Tag 6 Source Address 2 2 TPID (Tag Protocol Identifier) VID (VLAN ID) - 12 bits 2 TCI (Tag Control Information) 2 Length/Type Payload 42 - 1500 PAD only in the IEEE 802.3 frames FCS 4

IEEE 802.1Q: tag format (cont) Tag Control Information (TCI) Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p priority It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest) These values can be used to prioritize different classes of traffic (voice, video, data, etc.) Drop Eligible Indicator (DEI): a 1-bit field May be used separately or in conjunction with PCP to indicate frames eligible to be dropped in the presence of congestion VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs The value 0x000 indicates that the frame does not belong to any VLAN; in this case, the 802.1Q tag specifies only a priority and is referred to as a priority tag On switches, VLAN 1 (the default VLAN ID) is often reserved for a management VLAN

IEEE 802.1V Port-based VLANs IEEE 802.1V defines protocol-based VLANs Static VLAN assignments are created by placing each switch port in a particular VLAN As a device accesses the network, the device automatically becomes a member of the VLAN in which the access port has been placed IEEE 802.1V defines protocol-based VLANs If a frame received from a given port encapsulates a PDU generated by a protocol for which a VLAN has been specified, then the frame is considered part of that VLAN Otherwise, the frame is considered part of the VLAN associated to that port

IEEE 802.1Q: IVL switches IVL (Indipendent Virtual LAN) bridge: a Filtering Database, identified by a FID (Filtering Identifier), is created for each VLAN A station can belong to more than one VLAN IVL switch Port MAC adress Ag. Time 4 08-00-2b-16-50-a0 1 5 08-00-2b-20-10-56 7 7 08-00-2b-c4-e6-aa 2 9 08-00-5a-10-40-e1 12 FID # 1 VLAN 2 FID # 2 VLAN 4 FID # 3 VLAN 6 4 5 6 7 8 9 VLAN 2 VLAN 2 VLAN 2 VLAN 4 VLAN 4 VLAN 6 08-00-5a-10-40-e1 08-00-2b-16-50-a0 08-00-2b-c4-e6-aa 08-00-2b-20-10-56

IVL Switch and VLAN-aware servers 802.1Q aware Port 3 TRUNK IVL Switch Port 1 VLAN 10 VLAN 15 Port 2 VLAN 15 VLAN 10 Client A Client B Switch(config)#int fastEthernet 0/3 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan add 10,15 Switch(config-if)#end

IEEE 802.1Q : the native VLAN 802.1Q defines one VLAN on each trunk as the native VLAN (VLAN 1, by default) Frames in the native VLAN are not tagged when sent over a trunk When the switch on the other side of the trunk link receives a frame and notices the lack of an 802.1Q tag, it knows that the frame is part of the native VLAN Native VLAN plays an important role in some practical situations, such as that in figure: trunk 802.1Q-aware IP phone with a built-in L2 switch 802.1Q-unaware PC You can put the IP phone in a given VLAN X . The PC is placed in the native VLAN L2 access switch carries VLAN X and VLAN 1

Configuration of trunk ports IEEE 802.1Q allows for the following methods: Static configuration of VLAN membership information via management facilities (Static VLAN Registration Entries) Dynamic configuration and distribution of VLAN membership information by means of Multiple VLAN Registration Protocol (MVRP) Combined static and dynamic configuration. The static configuration mechanisms are used in order to configure some VLAN membership information; for other VIDs, MVRP is relied upon to register and propagate the membership information

VLANs and the standard STP IEEE 802.1D In a network where the STP protocol runs and VLANs are configured BPDUs are transmitted untagged The spanning tree will be independent of VLANs (here, a single instance of STP is assumed) Links connecting VLAN-aware switches which are part of a mesh must be trunk VLAN-aware switch Access link VLAN 15 Blocking Trunk link (all VLANs) Problem: only the frames of VLAN 15 can be forwarded

Multiple spanning trees Every switch runs more STP instances On a switch, a different set of parameters (bridge priority, port cost, port priority) are configured for each STP instance More uniform use of resources (load balancing at layer-2) Multiple Spanning Tree (MST) protocol is defined in IEEE 802.1s Per VLAN Spanning Tree (PVST) and Per VLAN Spanning Tree Plus (PVST+) are Cisco proprietary protocols 1,7000,08002b201056 1,8000,08002b102062 1,6000,08002bc4e6aa Root for tree 1 B A C 2,7000,08002b201056 2,6000,08002b102062 2,8000,08002bc4e6aa Root for tree 2 Tree 1 VLAN 1, 3, 8, 10 Tree 2 VLAN 2, 4, 5, 6 Tree 1 Bridge Priority MAC address Tree 2 SW-1 SW-2 SW-3 LAN segment

How to accommodate the VLAN information The System ID Extension field has been introduced, borrowing 12 bits from the original Bridge Priority: The Bridge Priority is a value of 0 to 61440 and increments in blocks of 4096 The System ID Extension is a value of 1 to 4095 corresponding to the VLAN participating in STP

Wireshark packet capture of a BPDU The (Bridge Priority + System ID Extension) and MAC address together make up the Bridge ID used to elect the Root Bridge

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.