LAN SegmentationLAN SegmentationVirtual LAN (VLAN)

Network SegmentationNetwork SegmentationSegmenting is the process of

separating certain portions of network traffic, either for◦ Performance, ◦Security,◦Reliability ◦Logical or geographical organisation

Devices used for network segmentation◦Switch◦Router

Segmenting using Routers Segmenting using Routers We have seen the use of routers for

◦Segmenting local networks Dividing an enterprise network into different

departments

Limitations :All devices on that subnet must be

connected to the same switch and that switch must be connected to a port on the router.

What if users on a network are connected to different switches?

SwitchesSwitchesSwitches are data link layer devices

that enable multiple physical LAN segments to be interconnected into a single larger network

switches forward and flood traffic based on MAC addresses. ◦MAC addresses are mapped to switch

portsBecause switching is performed in

hardware instead of in software, however, it is significantly faster. 

LAN switching employs micro-segmentation within switch hardware, which segments the LAN

Switches usually allows multiple conversations (traffic between two ports) to occur simultaneously.

Segmentation using Segmentation using switchesswitches

Limitation with switchesLimitation with switchesSwitches do not break up broadcast

domains, meaning that if a device sends a broadcast, all devices connected to that switch must listen. Remind: To break up broadcast domains,

we've traditionally used routers Virtual LANs are a way to break up

broadcast domains in a Layer 2 switched networks

VLANsVLANs

VLANs logically segment switched networks based on an organization's functions, project teams, or applications as opposed to a physical or geographical basis.

VLANVLANVLAN is a broadcast domainGrouped based on logical function,

department or application20% to 40% of work force moves

every year◦Recabling / readdressing and

reconfigurationTraffic can be switched between

VLANS with a router

8

LAN VS. VLANLAN VS. VLAN

9

When should you need a When should you need a VLAN?VLAN?You have more than 200 devices

on your LAN You have a lot of broadcast traffic

on your LAN Groups of users need more

security or are being slowed down by too many broadcasts?

Groups of users need to be on the same broadcast domain because they are running the same applications..

VLAN ConfigurationVLAN Configuration

Static VLANsStatic VLANs

Assign ports to VLAN 2Enter the following commands to add ports 0/7 to 0/9 to VLAN 2:Switch_B#configure terminalSwitch_B# Vlan 2 name SalesSwitch_B(config)#interface fastethernet 0/7Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 2

Assign ports on VLAN 3Switch_B#configure terminalSwitch_B# vlan 3 name AdminSwitch_B(config)#interface fastethernet 0/10Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 3

Configure VLANs on the Switches in a Configure VLANs on the Switches in a Converged Network TopologyConverged Network Topology

Role of Trunking VLANs in a Role of Trunking VLANs in a Converged NetworkConverged Network

•How to communicate between hosts on a VLAN spread over different switches?

•Trunk ports are created between switches to enable inter-switch communication

•Basic Ethernet frame is modified to include VLAN ID to which it belongs

•Frames are encapsulated •ISL (inter switch link) - Cisco proprietary•802.1Q – IEEE standard

Test VLAN configurationTest VLAN configurationPing users on different VLANs

◦Ping should not workPing users on same VLAN

◦Ping should work