© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs

© 1999, Cisco Systems, Inc. www.cisco.com

Module 9: Understanding

Virtual LANs

Module 9: Understanding

Virtual LANs

9-2CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com

Agenda

• What Is a VLAN?

• How Does it Work?

• VLAN Technologies


Constraints of Shared LANs

• Users are physically bound

• Subnets are tied to hubs

• Users are grouped by location

• No security on segment

• Addressing is constrained

• Moves require address changes

• Router ports are expensive


Virtual LANs

• One broadcast domain within a switch

• VLANs help manage broadcast domain

• Can be defined on port groups, users, or protocols

• LAN switches and network management software provide a mechanism to create VLANs

Server Farm

VLAN 1VLAN 2VLAN 3


Remove the Physical Boundaries

• Group users by department, team, or application

• Routers provide communication between VLANs

Engineering Marketing Acctg.

Floor 3

Floor 2

Floor 1


VLAN Benefits

• Reduced administrative costs

– Simplify moves, adds, and changes

• Efficient bandwidth utilization

– Better control of broadcasts

• Improved network security

– Separate VLAN group for high-security users

– Relocate servers into secured locations

• Scalability and performance

– Microsegment with scalability

– Distribute traffic load


VLAN ComponentsVLAN Components

Switches, Routers, Servers, ManagementMembership Establishment

Inter-VLAN Communications

Communication Across Fabric

Centralized Administration

• Switches—Membership determination

• Trunking—Common VLAN exchange

• Multiprotocol routing—Inter-VLAN exchange

• Servers—Multi-VLAN communication

• Management—Security, control, administration

Server Communication


Approaches Can Vary Performance Port-Based

VLAN 1

VLAN 2

VLAN 3

Layer 3-Based

Subnet198.22.xx

VLAN 1 VLAN 2

Subnet198.21.xx

VLAN 2

MAC-Based

VLAN 1

MACAddresses

MACAddresses

Establishing VLAN MembershipEstablishing VLAN Membership

• Port driven

• MAC address driven

• Network address driven

• Application type driven


Membership by Port

VLAN 2VLAN 1

VLAN 3

Maximizes Forwarding Performance • Users assigned by port

association

• Requires no lookup if done in ASICs

• Easily administered via GUIs

• Maximizes security between VLANs

• Packets do not “leak” into other domains

• Easily controlled across network


Requires Filtering, Impacts Performance

Membership by MAC Addresses

VLAN 1020701A3EF1AOA032192FA2A026765175GA3A

VLAN 2050503G4GF2A040404THTB3A070706GGGF3A

VLAN 1020701A3EF1AOA032192FA2A026765175GA3A

VLAN 2050503G4GF2A040404THTB3A070706GGGF3A

Table Exchange

Tables AddAdministration Overhead

• Users assigned based on MAC addresses

• Flexible, yet adds overhead

• Impacts performance, scalability, administration

• Similar process for higher layers

MAC AddressTables

MAC AddressTables


Multiple VLANs per Port

Broadcast Outgoing

Mac 1Mac 2

Mac 3

Mac 4Mac 5

Mac 6

Mac 7Mac 8

Mac 9

Mac 10Mac 11

Mac 12

Broadcast Incoming

Does This Make Sense in Switched/Shared LANs?

• Requested when multiple clients are attached

• Requires address lookups

• Cannot filter broadcasts on shared segment

• Results in lots of administration, little return

HubHub


Two Physical Topology Approaches

Communicating Between VLANs

• Layer 3 links VLANs together

• Adds additional security and management

• Logical links conserve physical ports

• Multimode, depending on protocol

• Controls access by VLAN

• Up to 255 VLANs per router

VLAN 2

VLAN 3

VLAN 1

Cisco Internetworking Software

VLANs 1, 2, 3

Logical Communication

Physical Link per VLAN


Server Connectivity

• Intelligent NICs decode tagging

• Supported by industry (Intel, CrossPoint)

• Maximizes performance, flexibility

C5000

C2900

C5000

C2820

Cisco 7500

VLAN VLAN 11 VLAN

2 VLAN 3

Server Farm

Multiple Tagging to Each Server

© 1999, Cisco Systems, Inc. www.cisco.comwww.cisco.com© 1999, Cisco Systems, Inc.

VLAN TechnologiesVLAN Technologies


Inter-Switch Link

VLAN Tag Added at Incoming Port

VLAN Tag Stripped by Forwarding Port

Inter-Switch Link (ISL) Carries

VLAN Identifier

• Interconnects multiple switches and maintains VLAN information as traffic goes between switches

• Establishes membership through ASICs

• Labels each packet as received (“packet tagging”)

• Eliminates lookups and tables

• Transports multiple VLANs across links

• Protocol, endstation-independent

• Easily managed• 802.10• ISLISL• 802.1Q• LANE


• Wide vendor endorsement for 802.1Q tagging standard

• Cisco supports across Fast Ethernet, Gigabit uplinks

• Cisco maps ISL to 802.1Q dynamically with VTP

Packet Tagging as Common VLAN Exchange

VLAN Standardization

Level-1 Explicit Tagging

SRC

DES SRC

Data

DES

DES SRC

FCSFCS

FCS DES SRC FCS

VLAN ID


802.1Q

VLAN Standard Implementation

• Cisco environment uses ISL

• Vendor environment uses an existing, yet different packet tagging method

• Interdomain communication based on 802.1Q standard

Si Si

Cisco Domain

Vendor X Domain

ISL ?

Company ABC

Typical Environment


• VLAN administration and configuration protocol

– Reduces VLAN setup and administration

– Eliminates configuration errors

– Decreases network manager’s time adding and managing VLANs

– Maps VLANs across different backbones (FDDI, Fast Ethernet, ATM)

– Maps between ISL and 802.1q

– Maintains security between VLANs

Virtual Trunk Protocol (VTP)

ATMFabric

VLAN 2

VLAN 1

ISL

LANE

ISL

LANE

LANE

802.1Q


SummarySummary

• VLANs enable logical (instead of physical) groups of users on a switch

• VLANs address the needs for mobility and flexibility

• VLANs reduce administrative overhead, improve security, and provide more efficient bandwidth utilization

20Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com

Documents

© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs