Presentation is loading. Please wait.

Presentation is loading. Please wait.

VLANs Last Update 2015.05.12 1.9.0 1Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com.

Published byClarence Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "VLANs Last Update 2015.05.12 1.9.0 1Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com."— Presentation transcript:

1 VLANs Last Update 2015.05.12 1.9.0 1Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com

2 Objective Learn what a VLAN is and how to configure one Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 2

3 What is a VLAN Another way to separate a LAN that gets too large, besides a physical basis, is to divide it logically using a VLAN A VLAN is a collection of nodes grouped together in a broadcast domain without necessarily being physically near each other 3

4 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com What is a VLAN A VLAN is a single or stack of switches that instead of connecting to a single network can be divided port by port into distinct networks merely by configuring the switch The standard for VLANs is 802.1Q 4

5 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com When to Use a VLAN The main reasons to divide a network are –Maintain security –Traffic management –Control broadcast traffic 5

6 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Security Security is another concern these days as we find more and more security holes on the inside of the network When a group of users belongs to the same broadcast domain, all of the network traffic generated within that broadcast domain is accessible by each user 6

7 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Security Thus, if a user is running a network analyzer, they can see every frame that crosses the network Security issues arise when programs send data that needs to be protected, such as payroll data 7

8 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Security For example, if all human resource computers are assigned to a VLAN, access to that virtual network could be limited to only those computers that are part of the HR department This is done by restricting which MAC addresses are allowed access to any VLAN 8

9 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Security Keeping track of which MAC address is assigned to a particular VLAN and switch port can be a difficult task of course 9

10 Traffic Management One can also look at a VLAN in terms of the use, such as –Data –Voice –Video –Management This use might be for ease of network management or for QoS reasons Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 10

11 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Control of Broadcast Traffic Layer 3 devices block broadcasts from traveling between network segments However, in a flat, switched – using layer 2 switches - network, broadcasts travel throughout the entire network and are seen by every PC connected to the wire In a large LAN, broadcasts can overwhelm the network and eventually lead to network failure 11

12 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Control of Broadcast Traffic By dividing switch ports into VLANs, separate broadcast domains are created without using layer 3 devices For example, a single switch, that supports this function, with say 24 ports Ports 1 through 12 would be on one VLAN and users on ports 13 through 24 would be on another VLAN 12

13 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Control of Broadcast Traffic Using this scenario, if all groups were generating the same amount of broadcast traffic, you would cut the broadcasts seen by each switch port in half, without having to buy any additional switches 13

14 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com VLANs 14

15 VLAN ID Ranges Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 15 Basic VLAN IDs are 1 to 1005 VLAN 1 is the default VLAN which always exists IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs, which of course no longer exist IDs 1 and 1002 to 1005 are automatically created and cannot be removed

16 VLAN ID Ranges Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 16 There are also extended range VLANs These are identified by a VLAN ID between 1006 and 4094 These support fewer VLAN features than normal range VLANs VTP as explained later cannot deal with extended range VLANs

17 VLAN Database File Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 17 Configurations are stored in a database file named vlan.dat This file is stored in the flash memory of the switch Erasing the startup config will not delete the vlans

18 VLAN Database File Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 18 If you are brave, this is done by issuing the command –delete flash:vlan.dat It is better is to just go to global configuration mode, display the vlan database, and then remove each one by preceding the command that created each one with no in front

19 VLAN Database File Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 19 For example –enable –show vlan brief –config t –no vlan 2 –no vlan 3 –end

20 Types of VLANs Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 20 The only type of VLAN used today is a static port based VLAN where each port is assigned to a VLAN By default all ports are assigned to VLAN 1, which is also the default native or management VLAN VLAN 1 cannot be used for any other purpose

21 Management VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 21 By default the management VLAN is VLAN 1 This can be changed Cisco says to do this for security reasons However, Cisco recommends changing to 99 Of course, everyone knows this, so what is the point, leave it at 1

22 Native VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 22 The native VLAN is how a switch identifies frames that should be forwarded as normal frames In other words, these are not VLAN frames They are not modified when they are sent over the trunk links

23 Management VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 23 If you change the management VLAN on one switch, but not on another switch, a common error will display on the CLI This is Native VLAN Mismatch This means the native or management VLAN on one or more switches differs from the other switches

24 VLAN Trunk Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 24 A VLAN trunk is a point-to-point link between a switch port on one switch and a port on another device, such as a switch or router The trunk carries the traffic of multiple VLANs over this single link This allows VLANs to be extended across an entire network

25 VLAN Trunk Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 25 802.1Q defines trunk formation on Fast Ethernet and Gigabit Ethernet ports

26 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Tagging Frames As the standard Ethernet II frame format does not include a facility to indicate which if any VLAN a frame belongs to this marking is done using tags The 802.1Q form of the tag is inserted into the frame as opposed to being placed at the beginning of the frame as the older Cisco ISL method used Here is the 802.1Q tag format as shown in a graphic from Fluke Networks 26

27 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Tagging Frames 27

28 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Tagging Frames The 802.1Q method inserts 4 bytes of information between the Source MAC Address and Type Fields These fields are –Type Code –Priority –CFI –VLAN ID 28

29 Tagging Frames Let’s look at an example Here one computer with an IP address of 10.0.0.1 is pinging another computer at IP address 10.0.0.2 In this display from Wireshark the VLAN tags look like a layer between the Data Link and Network layers Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 29

30 Tagging Frames Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 30

31 Tagging Frames They are not Wikipedia provides us with a nice graphic that shows where these extra fields go in the Ethernet II frame Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 31

32 Tagging Frames Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 32

33 Tagging Frames Notice below in this display of an actual capture using Wireshark that the Type code has a hex number code of 8100 to indicate that the next protocol to be encountered is the VLAN protocol Wireshark very nicely explains to use that this is telling us that 802.1Q Virtual LAN information will appear next Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 33

34 Tagging Frames Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 34

35 Tagging Frames Sure enough there it is The three fields that carry the information needed are –Priority –CFI –ID as summarized for us in the first line of the VLAN tag display Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 35

36 Tagging Frames In this case the –Priority is 0 –CFI is 0 –VLAN is 20 What does all of this mean Just below the summary line we see that –The priority value in this example is Best Effort Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 36

37 Tagging Frames This priority refers to the 802.1p defined priorities of –0 and 1 Best Effort –2 Excellent Effort –3 Critical Application –4 Video –5 Voice –6 Internetwork Control –7 Network Control Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 37

38 Tagging Frames Here is a frame with a higher priority In this case 7 as STP is used for Network Control Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 38

39 Tagging Frames Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 39

40 Tagging Frames The next field or tag is CFI This is the Canonical Format Indicator These days it is always 0 The values are 0 where the MAC address is in canonical format 1 where the MAC address is in non-canonical format Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 40

41 Tagging Frames In the old days this code was used for compatibility between Ethernet and Token Ring networks Since Token Ring is dead, so is the code The last field carries the number of the VLAN In this case VLAN 20 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 41

42 Tagging Frames In the format that Wireshark uses to show us these tags the normal Type code field appears next In this example the protocol to which the Data Link layer will hand the data to at the Network layer is the Internet Protocol or IP Its code is 0800 in hex Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 42

43 Frame Tags Let’s look at some example frames where on the same setup we can see the native or management VLAN which is VLAN 1 The VLAN on the first switch which is VLAN 2 And the VLAN on the second switch which is VLAN 3 In this case the VLANs talk to each other through a Router on a Stick Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 43

44 VLAN 1 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 44

45 VLAN 2 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 45

46 VLAN 3 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 46

47 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com VLANs and Subnets A VLAN should entirely encompass a single IP address subnet There should be a one to one correspondence between VLANs and subnets A VLAN should never cross a subnet boundary A subnet should never be used on more than one VLAN 47

48 VLAN Configuration Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 48 The basic VLAN configuration steps are –Add the VLANs –Assign the ports to the VLANs

49 Add a VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 49

50 Where Are the Ports Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 50

51 Assign Ports to VLANs Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 51

52 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Verifying VLAN Configuration 52

53 Changing a VLAN Assignment Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 53

54 Deleting a VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 54

55 Configuring VLAN Trunks Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 55

56 Configuring VLAN Trunks Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 56 You can also restrict which VLANs may be sent over a trunk

57 Configuring VLAN Trunks Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 57

58 Lab Let’s make some VLANs Start Packet Tracer Open file e3-3344.pka Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 58

59 Remove a Trunk Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 59

60 Voice VLAN Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 60 A single switch port can be carry the traffic for two VLANs even while set to access mode if the second VLAN is for voice traffic

61 Verifying Trunk Configuration Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 61

62 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Common VLAN Problems 62

63 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com VLAN Problem Isolation 63

64 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com VLAN Problem Isolation 64

65 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com Sources The information on the frame alterations for VLANs was copied word for word from a paper on VLANs from Fluke Networks 65

66 Lab Let’s make some VLANs Lab 3-1 Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com 66

Download ppt "VLANs Last Update 2015.05.12 1.9.0 1Copyright 2008-2015 Kenneth M. Chipps Ph.D. www.chipps.com."

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Virtual LANs.

Virtual LANs.
VLANs Virtual LANs CIS 278.

VLANs Virtual LANs CIS 278.
Copyright 2008-2009 Kenneth M. Chipps Ph.D. www.chipps.com Cisco CCNA Exploration CCNA 3 LAN Switching and Wireless Chapter 6 InterVLAN Routing Last Update.

Copyright Kenneth M. Chipps Ph.D. Cisco CCNA Exploration CCNA 3 LAN Switching and Wireless Chapter 6 InterVLAN Routing Last Update.
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)

VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Static Routing Last Update 2011.05.15 1.3.0 1Copyright 2008-2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Static Routing Last Update Copyright Kenneth M. Chipps Ph.D.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.

CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.

VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Virtual LAN (VLAN) W.lilakiatsakun.

Virtual LAN (VLAN) W.lilakiatsakun.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Similar presentations

Ads by Google