DCS835 Compute Network and the Internet

Slides:

Advertisements

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

We will be covering VLANs this week. In addition we will do a practical involving setting up a router and how to create a VLAN.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.

Ch. 8 – VLANs (Virtual LANs)

VLANs.ppt CCNA Exploration Semester 3 Chapter 3

1 Lecture #6 Switch – VLAN Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok, Thailand.

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Semester 3, v Chapter 3: Virtual LANs

Sybex CCNA Chapter 11: VLAN’s Instructor & Todd Lammle.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.

Network Admin Course Plan Accede Institute Of Science & Technology.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.

Chapter 8: Virtual LAN (VLAN)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design LAN Switching and Wireless – Chapter 1.

Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.

Computer Networks 15-1 Chapter 15. Connecting LANs, Backbone Networks, and Virtual LANs 15.1 Connecting devices 15.2 Backbone networks 15.3 Virtual LANs.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

Switching Basics and Intermediate Routing CCNA 3 Chapter 8.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.

Switching Topic 2 VLANs.

Virtual LAN (VLAN) W.lilakiatsakun. VLAN Overview (1) A VLAN allows a network administrator to create groups of logically networked devices that act as.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.

Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.

Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 VLANs LAN Switching and Wireless – Chapter 3.

W&L Page 1 CCNA CCNA Training 2.5 Describe how VLANs create logically separate networks and the need for routing between them Jose Luis.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

Copyright 2003 CCNA 3 Chapter 9 Virtual LANs By Your Name.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 8 – Virtual LANs Virtual LANs VLAN Concepts VLAN Configuration.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.

LAN Switching and Wireless – Chapter 3

CCNA 3 Chapter 10 Virtual Trunking Protocol

Large-scale (Campus) Lan design (Part II)

Virtual Local Area Networks or VLANs

Link Layer 5.1 Introduction and services

HELLO WORLD!!! Run Project 2: WELCOME Subject: Virtual LAN’s

Virtual Local Area Networks (VLANs) Part I

Virtual Local Area Network

LAN Switching and Wireless – Chapter 3

Routing and Switching Essentials v6.0

Connecting LANs, Backbone Networks,

Chapter 3: Implementing VLAN Security

Chapter 3 VLANs Chaffee County Academy

LAN Switching and Wireless – Chapter 3

LAN Switching and Wireless – Chapter 3

LAN Switching and Wireless – Chapter 3

Presentation transcript:

DCS835 Compute Network and the Internet CSIS DCS835 Compute Network and the Internet VLANS Team 0 Maria Sette Roshan Shaikh 8/2/2011 Team 0

Outline Motivation Design Operation Security Conclusion References Q/A CSIS Outline Motivation Design Operation Security Conclusion References Q/A 8/2/2011 Team 0

Motivation – VLAN Contemporary LANs Need Segmentation CSIS Topology (All Within 802.3 Ethernet - TP) Geographic Organizational Functional Load [1] Functional Network Mis-configured Network (Broadcast Storms) Broadcast [2] Efficient Use of Available Ports 8/2/2011 Team 0

CSIS VLANS Ethernet 802.1Q [2] Group Of LANs That Have Different Physical Connections – Virtual Broadcast Domains [3] Communicate As If They Are Connected On A Single Network Segment [3] Unicast Or Broadcast Data Transmission Is Limited - Traffic Is Reduced [4] Software Based Solution Allows IT Administrators To Adapt To Changes 8/2/2011 Team 0

Advantages Ease of administration [8] Confinement of broadcast domains CSIS Advantages Ease of administration [8] Confinement of broadcast domains Reduction in network traffic Enforcement of security policies [10] 8/2/2011 Team 0

Design Ethernet 802.1Q New Frame Format (1995) CSIS Design Ethernet 802.1Q New Frame Format (1995) Ethernet Header (802.3) + VLAN Tag 802.3 VLAN Tag 802.1 Q (1998) Dest. Address Source Address Len Data Pad FCS Pri CFI VLAN Identifier Dest. Addr. Source Addr. V-Tag VLAN Protocol 0 x 8100 Len Data Pad FCS 8/2/2011 Team 0

Design Number of VLANS Port Name & ID (Color) Topology CSIS Switch Computer Topology Geographic Organizational Functional Hybrid 8/2/2011 Team 0

Types Backward Compatibility CSIS How a packet gets assigned to a VLAN-Aware Switch [5] Port-based MAC address-based L3 protocol-based Backward Compatibility Only VLAN Switches 802.1 Q NICs 8/2/2011 Team 0

Requirements > 200 devices on LAN? CSIS Requirements > 200 devices on LAN? Groups of users need more security? [2] Slow Network by too many broadcasts? [3] Groups of users need to be on the same broadcast domain running the same applications - VoIP phones? 8/2/2011 Team 0

CSIS Operation Logical Broadcast Domains In A Single Switch Or Multiple Switches, Regardless Of Physical Proximity Configuration (CISCO) [7] VLAN Trunk Protocol (VTP) Mode, Domain Name, Which Ports On The Switch Belong To Which VLAN Linking VLANS Layer 3 Routing Device (WS−X4232 For Catalyst 4500/4000 Switches ) Built−in Support For Inter−VLAN Routing Catalyst 3550/3750/6500 8/2/2011 Team 0

[7] CSIS 8/2/2011 Team 0

[7] 8/2/2011 Team 0

VLAN Security Considerations CSIS Inadequate Switch Configuration [5] Best Practices -The SAFE Blueprint [6] Security Audit Inadequate Access Control Documentation, Policies, Procedures Firmware Controls Appropriate HW / SW Implementation 8/2/2011 Team 0

Threats [9] CSIS Availability Confidentiality Integrity Authenticity Interruption Confidentiality Interception Integrity Modification Authenticity Fabrication 8/2/2011 Team 0

Identifying Risks to Data CSIS Public Web Site Data Internal Payroll Data Marketing Data Confidential Type of Data What is at Risk Public Prestige, Trust, Revenue Internal Operations Confidential Operations, Internal Trust Secret Intellectual Property [9] Secret Trade Secrets 8/2/2011 Team 0

Prevention [5] Physical Access System passwords IP permit filters CSIS Prevention [5] Physical Access System passwords IP permit filters Login Banners Other tools: RADIUS TACACS+ Kerberos SSH SNMPv3 IDS / IPS 8/2/2011 Team 0

Conclusion Contemporary LANs Need Segmentation Design Security CSIS Topology , Load, Broadcast Design Group Of LANs That Have Different Physical Connections – Virtual Broadcast Domains Ethernet 802.1Q Security Threats, Risks, Prevention 8/2/2011 Team 0

CSIS References 8/2/2011 Team 0 Tanenbaud, A. and Wetherall, D., Compter Network, Pearson, Fifth Edition, pp. 838-840, 2011. Siefert and Edwards, The all New Switch Book, NY, John Wiley, 2008 http://www.frokwon.net/essays/VLAN.htm http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm Research Report: Secure Use of VLANs: An @stake Security Assessment—August 2002, http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf SAFE: A Security Blueprint for Enterprise Networks, http://www.cisco.com/go/safe/ Best Practices for Catalyst 4500, 5000, and 6500 Series Switch Configuration and Management, http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml Blum, Howard, Lecture Notes for Course DCS835 Networking and the Internet , Pace University, 2011. Unpublished course lecture notes. Shaikh, R, Network Security, MUET – 2011. Unpublished notes. http://www.cisco.com/warp/public/cc/pd/si/casi/ca4000/prodlit/ca450_wp/ca450_w6.jpg 8/2/2011 Team 0

DCS835 Compute Network and the Internet CSIS DCS835 Compute Network and the Internet Questions Team 0 Maria Sette msette@pace.edu Roshan Shaikh 5452w@pace.edu 8/2/2011 Team 0