VLANsVirtual LANs

CIS 278

VLAN Definition

• Per Webopedia:

• Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.

VLAN Definition

• Broadcast domains are typically constrained to a set of interconnected switches or bridges.

• A router defines the end of a broadcast domain.

• VLANs provide multiple broadcast domains within what would otherwise be a single broadcast domain.

VLAN DefinitionContinued

• VLANs are configured through software rather than hardware, which makes them extremely flexible.

• One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.

VLAN Overview

• A LAN traditionally is made up of workstations all connected to the same wire. That puts them all in the same collision domain.

VLAN Overview

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Ethernet LAN

VLAN Overview

• The same network can be built using a hub instead of backbone cable.

VLAN Overview

WorkstationWorkstation

Workstation

Workstation

Workstation

Workstation

WorkstationWorkstation

Multiport Repeater (hub)

VLAN Overview

• If network traffic becomes too great and the number of collisions impacts network performance, we can often improve performance by adding a switch

VLAN Overview

WorkstationWorkstation

Workstation

Workstation

Workstation

Workstation

ServerServer

Switch

VLAN Overview

• Each workstation is on a collision domain of two devices; the workstation and the single port of the switch.

• Access to servers is enhanced by increasing the port speed on the Server ports

VLAN Overview

WorkstationWorkstation

Workstation

Workstation

Workstation

Workstation

ServerServer

Switch100 Mbps

1 Gbps

100 Mpbs

1 Gbps

VLAN Overview

• All ports on the switch are part of the same broadcast domain.

• What do we do when broadcasts are starting to impact network performance? Segment.

VLAN Overview

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Server

Server

Switch100 Mbps

1 Gbps

100 Mbps

1 Gbps

Switch

Router

VLAN Overview

• Notice that we insert a router to provide connectivity between the two broadcast domains, while providing the added security routers can bring and isolation from broadcasts on the other segment.

VLAN Overview

• Networks continued to grow until the number of routers required for a network became cumbersome, often requiring more than one router per switch. Hardware use became inefficient.

VLAN Overview

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Server

Server

Switch

100 Mbps

1 Gbps

100 Mbps

1 Gbps

Switch

Router

Workstation

Workstation

Workstation

Workstation

Workstation

Workstation

Server

Server

Switch

100 Mbps

1 Gbps

100 Mbps

1 Gbps

Switch

Router

VLAN Overview

• Moving a user to another part of the same floor would sometimes mean moving them into a new broadcast domain, which wasn’t always desirable.

• To address this need, multiple broadcast domains had to be available in the same wiring closet.

VLAN Overview

• There was a desire to define a method of providing separate broadcast domains within a single closet, and even within a single switch, so switch ports could be used more efficiently.

• VLANs were born• VLANs are broadcast domains that are not

defined by physical location

VLANs

• Network architects had conflicting ideas about how they wanted to separate their user broadcast domains.– By protocol– By name– By services– By IP address– By MAC address

VLANs

• Furthermore, network architects wanted to be able to make broadcast domain changes without having to add hardware or move hardware around. That is, they wanted to make such changes through configuration modifications rather than hardware replacement.

VLANs

• In addition to that, they wanted to make sure someone couldn’t just plug into an unused port and start sniffing the broadcasts to gather information surreptitiously.

Static VLANs

• Static VLANs are assigned by port. Each port is assigned to a VLAN, so whichever workstation shows up in that port becomes part of the VLAN

• VLANs are assigned on a port basis and the broadcast domains span switches

Static VLANs

• Communication between two adjacent workstations in the same switch but on different VLANs involves router.

Dynamic VLANs

• Dynamic VLANs assume that the network administrator builds a database of all MAC addresses, then assigns those addresses to logical VLANs.

• Once built, the workstations can be plugged into any port on any switch at any time and it will find its way to the proper VLAN

Dynamic VLANs

A

A

B

C

A

A

C

D

Switch

100 Mbps

1 Gbps

100 Mbps

1 Gbps

Switch

Router

B

D

D

C

B

B

B

D

Switch

100 Mbps

1 Gbps

100 Mbps

1 Gbps

Switch

VLANs

• Trunk connections between the switches and routers carry traffic for all included VLANs.

• The traffic from multiple broadcast domains can quickly cause bottlenecks if the network is not carefully designed

VLANs Tagging

• VLANs are identified by special tags attached to each frame.

• IEEE 802.1Q specifies how these tags are formatted

• Devices that don’t understand VLANs will consider these frames improperly formatted

VLANs Access Link

• Access links are where the end station connects to the switch. VLAN information is not included on these links.

• Trunk links carry the VLAN information.

VLANs Tagging

• ISL (Inter-Switch Link) is the Cisco proprietary method of tagging, designed before 802.1Q was standardized. I mention it for historical reasons, as Cisco no longer makes hardware that supports ISL.

VLANs VTP Modes

• VLAN Trunk Protocol is designed to carry VLAN information across internetworks.

• It requires a central VTP server. Switches are commonly the servers.

VLANs Trunk Protocol

• VTP servers can make changes to the VTP domain

• VTP clients send and receive VTP updates, but they can’t make changes

• Transparent switches pass VTP updates but they don’t participate in the protocol.

VLANs Trunk Protocol

• VTP Pruning is a method of removing traffic from a link if there is nothing at the end of that link that requires the VLAN information. This increases security and reduces traffic.

VLANs Advantages

• VLANs can be logically subnetted• Adds, moves and changes are handled through

configuration rather than physical moves• VLANs can provide greater security by isolating

broadcasts• Users can be assigned logically rather than being

imposed by their physical location.• Broadcast domains can be assigned by reasonable

size rather than by physical port limitations.

VLANs Disadvantages

• VLANs may take considerably more configuration

• Broadcast domains aren’t always obvious• Troubleshooting problems becomes more

difficult• The network becomes more complex• Trunk traffic can be hard to predict and

difficult to monitor