Routing, VLANs and Network Segmentation

Nick Rowlett Technology Director – Sparta Schools Cisco Certified Network Administrator Microsoft Certified System Administrator

Agenda Open Systems Interconnection Reference Model aka The OSI Model Layer 2 switching protocols; discussion & demonstration Layer 3 protocols; discussion & demonstration Layer 4 – what to know!

Why would I want to segment my Network?

HIGH SCHOOL ELEMENTARY SCHOOL MIDDLE SCHOOL ADMIN BLDG.

vlan 1 vlan 2 TRUNK

I: The OSI Reference Model 1: Physical 2: Data Link 3: Network 4: Transport 5: Session 6: Presentation 7: Application LLC / MAC AE-EB-B0 IP Transmission Medium / IEEE802.x Application Transport TCP / UDP

I: The OSI Reference Model 7: Application 6: Presentation 5: Session 4: Transport 3: Network 2: Data Link 1: Physical Transmission Medium HUB SWITCH – L2 ROUTING - L3 7: Application 6: Presentation 5: Session 4: Transport 3: Network 2: Data Link 1: Physical

VLAN Segmentation VLAN: Virtual Local Area Network Collision: When two hosts try to communicate at the exact same time Unicast: Traffic from one host to one host Multicast: Traffic from one hosts to many hosts Broadcast: Traffic sent to all hosts Quality of Service (QoS): guaranteed performance, low latency/errors

HUB1 collision domain 1 broadcast domain LAYER 1

CSMA/CD

CSMA/CD in Real Life

SWITCH 1 broadcast domain LAYER 2 3 collision domains (1 per port)

LAYER 2 VLAN 1VLAN 2

Ethernet IEEE Transmitted in frames Uses MAC addresses to communicate

MAC Addresses 000e.1eca.f e-1e-ca-f8-34 Show mac-address-table MACVLANPORT 000e.1eca.f8349Fa0/1

Unicast / Broadcast FF:FF:FF:FF:FF:FFLayer 2:

Layer 2 protocols Spanning Tree – STP – RSTP – PVST – PVST+ – MSTP – R-PVST Link Aggregation – LACP – Proprietary

Spanning Tree Root bridge election Determine least cost path to root bridge Disable other paths Bridge Protocol Data Units (BPDU) BPDU

Spanning Tree Port states: – Blocking – Listening – Learning – Forwarding – Disabled Normal Operation

Broadcast!

Spanning Tree Topology Change Notification Root TCN ACK Broadcast!

Spanning Tree Portfast (or similar) – Configure on KNOWN endpoint ports – Eliminates convergence time to forwarding state

DHCP (Anthropomorphized) Can I get an IP address? Anyone? Yo I can give you Sounds good, I’ll use it. OK!

ARP Address Resolution Protocol “between” layers 2/3 Windows: arp –a Internet Address Physical Address Type b5-da-ac-83 dynamic ff-ff-ff-ff-ff-ff static Switches: show arp

Layer 3 protocols IPv4 IPv6 IPSec Route sharing protocols – RIP, OSPF, EIGRP ICMP (ping)

IP Address (v4) (/24) Host: Subnet Mask: Broadcast: Network: Gateway:

IP Subnetting

IP Subnetting Host Subnet Mask (255)(255)(255)(0)

Routing Gateway of Last Resort: via Directly connected: /24 is directly connected, Vlan20 Static Route: /24 via

VLAN VLAN 2 BROADCAST LAYER 3

LAYER 3 routing VLAN VLAN

‘Bad’ layer 3 VLAN BROADCAST

INTERNET VLAN 1: VLAN 2: QoS: Prefer VLAN IP PBX VOICE CIRCUIT TRUNK VLANs 1, 2

HIGH SCHOOL ELEMENTARY SCHOOL MIDDLE SCHOOL ADMIN BLDG.

ADMINISTRATION BUILDING: NETWORK: /24 VLAN 101 – ADMIN_VLAN VLAN 101 IP:

MIDDLE SCHOOL: NETWORK: /24 VLAN 201 – MS_VLAN VLAN 201 IP: /24

ELEMENTARY SCHOOL: NETWORK: /24 VLAN 301 – ES_VLAN VLAN 301 IP: / /24

HIGH SCHOOL: NETWORK: /24 VLAN 401 – HS_VLAN VLAN 401 IP: / / /24

/ / / / / /30

/ / / / / /30

/ / / / / /30

/ / / /24 LAYER 2 TRUNK LAYER 3 ROUTED

VLAN VLAN INTERNET TRUNK VLAN1 VLAN VLAN 3 (guest) VLAN3

I: The OSI Reference Model 7: Application 6: Presentation 5: Session 4: Transport 3: Network 2: Data Link 1: Physical Transmission Medium HUB SWITCH – L2 ROUTING - L3 7: Application 6: Presentation 5: Session 4: Transport 3: Network 2: Data Link 1: Physical

Questions?