Presentation is loading. Please wait.

Presentation is loading. Please wait.

VLANs: Virtual Local Area Networks

Published byZoe Cook Modified over 6 years ago

Similar presentations

Presentation on theme: "VLANs: Virtual Local Area Networks"— Presentation transcript:

1 VLANs: Virtual Local Area Networks
VLANs meet the need to have separated LANs However, LANs are not physically separated A virtual LAN (VLAN) is an emulation of a standard LAN A VLAN is a set of LAN stations that belong to an administrative group Group membership is based on configuration parameters rather than on physical location of a station A VLAN is essentially a broadcast domain Two physically separated networks Two virtual LANs implemented in a single switch

2 VLANs: Virtual Local Area Networks (cont.)
A VLAN can span multiple switches (see the figure below) Trunk Two VLANs spanning two switches Switches normally define VLANs in terms of which ports are in each VLAN (Port-based VLANs) When sending a frame to another switch, the switches need a way to identify the VLAN to which the frame belongs A VLAN tag, that contains a VLAN identifier (VLAN ID), is added to the frame header The link between the two switches is called a trunk

3 VLANs: Virtual Local Area Networks (cont.)
Typically, the stations in a VLAN are also in the same IP network; stations in different VLANs are in different IP networks L2 switches forward frames between stations in the same VLAN; they cannot forward frames between different VLANs Members of different VLANs must communicate with each other at Layer 3 (a router/L3 switch has to be used). Motivations for using VLANs To group users by groups that work together, instead of by physical location To enforce better security Conflict of jurisdiction Sensitive devices can be kept on a separate VLANs To separate specialized traffic from mainstream traffic - for example, putting IP telephones on a separate VLAN from that connecting user PCs To reduce overhead by limiting the size of each broadcast domain

4 Port configuration Access port Trunk port
It transmits and receives untagged frames It can have only one VLAN configured on the interface It can carry traffic for only one VLAN Trunk port It transmits and receives tagged frames A trunk port can have more VLANs configured on the interface It can carry traffic for several VLANs simultaneously Switch A ACCESS (untagged) TRUNK Switch B Switch C Switch D (tagged)

5 Passing VLAN traffic: trunks versus single links

6 VLAN configuration SW-Prova#show vlan brief VLAN Name Status Ports
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29, Fa0/30, Fa0/31, Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/36, Fa0/37, Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47, Fa0/48, Gi0/1, Gi0/2

7 VLAN configuration (cont.)
SW-Prova#vlan database Switch(vlan)#vlan 2 name Amministrazione VLAN 2 added: Name: Amministrazione Switch(vlan)#vlan 3 name Vendite VLAN 3 added: Name: Vendite Switch(vlan)#vlan 4 name prova-1 VLAN 4 added: Name: prova-1 Switch(vlan)#vlan 5 name prova-2 VLAN 5 added: Name: prova-2 Switch(vlan)#vlan 6 name prova-3 VLAN 6 added: Name: prova-3 Switch(vlan)#vlan 100 name Produzione VLAN 100 added: Name: Produzione SW-Prova(vlan)#exit APPLY completed. Exiting.... SW-Prova#

8 Association of ports to VLANs
SW-Prova(config)#int fastEthernet 0/12 SW-Prova(config-if)#switchport access vlan 100 Switch(config-if)#exit ……. SW-Prova(config)#int fastEthernet 0/16 SW-Prova(config-if)#switchport access vlan 2 SW-Prova(config-if)#exit …….. SW-Prova(config)#int fastEthernet 0/20 SW-Prova(config-if)#switchport access vlan 3 SW-Prova(config)#int fastEthernet 0/24 SW-Prova(config-if)#switchport access vlan 4 SW-Prova(config)#int fastEthernet 0/28 SW-Prova(config-if)#switchport access vlan 5 SW-Prova(config)#int fastEthernet 0/32 SW-Prova(config-if)#switchport access vlan 6

9 Association of ports to VLANs (cont.)
SW-Prova#show vlan brief VLAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/36, Fa0/37, Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47, Fa0/48, Gi0/1, Gi0/2 2 Amministrazione active Fa0/16, Fa0/17, Fa0/18, Fa0/19 3 Vendite active Fa0/20, Fa0/21, Fa0/22, Fa0/23 4 prova active Fa0/24, Fa0/25, Fa0/26, Fa0/27 5 prova active Fa0/28, Fa0/29, Fa0/30, Fa0/31 6 prova active Fa0/32, Fa0/33, Fa0/34, Fa0/35 100 Produzione active Fa0/12, Fa0/13, Fa0/14, Fa0/15

10 Definition of trunk ports
SW-A SW-Prova SW-B TRUNK TRUNK TRUNK TRUNK (tagged) (tagged) GigabitEthernet 0/1 GigabitEthernet 0/2 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 5 VLAN 6 ACCESS (untagged) ACCESS (untagged) ACCESS (untagged) SW-Prova(config)#interface GigabitEthernet 0/1 SW-Prova(config-if)#switchport mode trunk SW-Prova(config-if)#switchport trunk allowed vlan add 1,2,5,6 SW-Prova(config-if)#exit SW-Prova(config)#interface GigabitEthernet 0/2 SW-Prova(config-if)#switchport trunk allowed vlan all

11 IEEE 802.1Q-2005: port association
Port-based VLANs Low flexibility Network managers take control of users SW-A SW-Prova SW-B TRUNK TRUNK TRUNK TRUNK (tagged) (tagged) VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6 VLAN 100 VLAN 1 VLAN 2 VLAN 5 VLAN 6

12 IEEE 802.1Q: tag format Tag format for Ethernet V 2.0 and IEEE frames 6 Destination Address 3 1 PCP DEI 81-00 801.Q Tag 6 Source Address 2 2 TPID (Tag Protocol Identifier) VID (VLAN ID) - 12 bits 2 TCI (Tag Control Information) 2 Length/Type Payload 42 - 1500 PAD only in the IEEE frames FCS 4

13 IEEE 802.1Q: tag format (cont)
Tag Control Information (TCI) Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p priority It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest) These values can be used to prioritize different classes of traffic (voice, video, data, etc.) Drop Eligible Indicator (DEI): a 1-bit field May be used separately or in conjunction with PCP to indicate frames eligible to be dropped in the presence of congestion VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs The value 0x000 indicates that the frame does not belong to any VLAN; in this case, the 802.1Q tag specifies only a priority and is referred to as a priority tag On switches, VLAN 1 (the default VLAN ID) is often reserved for a management VLAN

14 IEEE 802.1V Port-based VLANs IEEE 802.1V defines protocol-based VLANs
Static VLAN assignments are created by placing each switch port in a particular VLAN As a device accesses the network, the device automatically becomes a member of the VLAN in which the access port has been placed IEEE 802.1V defines protocol-based VLANs If a frame received from a given port encapsulates a PDU generated by a protocol for which a VLAN has been specified, then the frame is considered part of that VLAN Otherwise, the frame is considered part of the VLAN associated to that port

15 IEEE 802.1Q: IVL switches IVL (Indipendent Virtual LAN) bridge: a Filtering Database, identified by a FID (Filtering Identifier), is created for each VLAN A station can belong to more than one VLAN IVL switch Port MAC adress Ag. Time b a b b-c4-e6-aa a e FID # 1 VLAN 2 FID # 2 VLAN 4 FID # 3 VLAN 6 VLAN 2 VLAN 2 VLAN 2 VLAN 4 VLAN 4 VLAN 6 a e1 b a0 b-c4-e6-aa b

16 IVL Switch and VLAN-aware servers
802.1Q aware Port 3 TRUNK IVL Switch Port 1 VLAN 10 VLAN 15 Port 2 VLAN 15 VLAN 10 Client A Client B Switch(config)#int fastEthernet 0/3 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan add 10,15 Switch(config-if)#end

17 IEEE 802.1Q : the native VLAN 802.1Q defines one VLAN on each trunk as the native VLAN (VLAN 1, by default) Frames in the native VLAN are not tagged when sent over a trunk When the switch on the other side of the trunk link receives a frame and notices the lack of an 802.1Q tag, it knows that the frame is part of the native VLAN Native VLAN plays an important role in some practical situations, such as that in figure: trunk 802.1Q-aware IP phone with a built-in L2 switch 802.1Q-unaware PC You can put the IP phone in a given VLAN X . The PC is placed in the native VLAN L2 access switch carries VLAN X and VLAN 1

18 Configuration of trunk ports
IEEE 802.1Q allows for the following methods: Static configuration of VLAN membership information via management facilities (Static VLAN Registration Entries) Dynamic configuration and distribution of VLAN membership information by means of Multiple VLAN Registration Protocol (MVRP) Combined static and dynamic configuration. The static configuration mechanisms are used in order to configure some VLAN membership information; for other VIDs, MVRP is relied upon to register and propagate the membership information

19 VLANs and the standard STP IEEE 802.1D
In a network where the STP protocol runs and VLANs are configured BPDUs are transmitted untagged The spanning tree will be independent of VLANs (here, a single instance of STP is assumed) Links connecting VLAN-aware switches which are part of a mesh must be trunk VLAN-aware switch Access link VLAN 15 Blocking Trunk link (all VLANs) Problem: only the frames of VLAN 15 can be forwarded

20 Multiple spanning trees
Every switch runs more STP instances On a switch, a different set of parameters (bridge priority, port cost, port priority) are configured for each STP instance More uniform use of resources (load balancing at layer-2) Multiple Spanning Tree (MST) protocol is defined in IEEE 802.1s Per VLAN Spanning Tree (PVST) and Per VLAN Spanning Tree Plus (PVST+) are Cisco proprietary protocols 1,7000,08002b201056 1,8000,08002b102062 1,6000,08002bc4e6aa Root for tree 1 B A C 2,7000,08002b201056 2,6000,08002b102062 2,8000,08002bc4e6aa Root for tree 2 Tree 1 VLAN 1, 3, 8, 10 Tree 2 VLAN 2, 4, 5, 6 Tree 1 Bridge Priority MAC address Tree 2 SW-1 SW-2 SW-3 LAN segment

21 How to accommodate the VLAN information
The System ID Extension field has been introduced, borrowing 12 bits from the original Bridge Priority: The Bridge Priority is a value of 0 to and increments in blocks of 4096 The System ID Extension is a value of 1 to 4095 corresponding to the VLAN participating in STP

22 Wireshark packet capture of a BPDU
The (Bridge Priority + System ID Extension) and MAC address together make up the Bridge ID used to elect the Root Bridge

Download ppt "VLANs: Virtual Local Area Networks"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.

VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Virtual LANs CIS 278.

VLANs Virtual LANs CIS 278.
Oct 12, 2004CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Autumn 2004-2005.

Oct 12, 2004CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Autumn
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)

VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
Sept 28, 2004CS573: Network Protocols and Standards1 802.1D – Selective Multicast Network Protocols and Standards Autumn 2004-2005.

Sept 28, 2004CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Autumn
VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.

VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter 2007-2008.

Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.

LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.

CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING 300-115 Mohamed Samir YouTube channel.

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
IEEE 802.1q - VLANs Nick Poorman.

IEEE 802.1q - VLANs Nick Poorman.

Similar presentations

Ads by Google