© 1999, Cisco Systems, Inc. www.cisco.com
Module 9: Understanding
Virtual LANs
Module 9: Understanding
Virtual LANs
9-2CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Agenda
• What Is a VLAN?
• How Does it Work?
• VLAN Technologies
9-3CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Constraints of Shared LANs
• Users are physically bound
• Subnets are tied to hubs
• Users are grouped by location
• No security on segment
• Addressing is constrained
• Moves require address changes
• Router ports are expensive
9-4CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Virtual LANs
• One broadcast domain within a switch
• VLANs help manage broadcast domain
• Can be defined on port groups, users, or protocols
• LAN switches and network management software provide a mechanism to create VLANs
Server Farm
VLAN 1VLAN 2VLAN 3
9-5CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Remove the Physical Boundaries
• Group users by department, team, or application
• Routers provide communication between VLANs
Engineering Marketing Acctg.
Floor 3
Floor 2
Floor 1
9-6CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
VLAN Benefits
• Reduced administrative costs
– Simplify moves, adds, and changes
• Efficient bandwidth utilization
– Better control of broadcasts
• Improved network security
– Separate VLAN group for high-security users
– Relocate servers into secured locations
• Scalability and performance
– Microsegment with scalability
– Distribute traffic load
9-7CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
VLAN ComponentsVLAN Components
Switches, Routers, Servers, ManagementMembership Establishment
Inter-VLAN Communications
Communication Across Fabric
Centralized Administration
• Switches—Membership determination
• Trunking—Common VLAN exchange
• Multiprotocol routing—Inter-VLAN exchange
• Servers—Multi-VLAN communication
• Management—Security, control, administration
Server Communication
9-8CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Approaches Can Vary Performance Port-Based
VLAN 1
VLAN 2
VLAN 3
Layer 3-Based
Subnet198.22.xx
VLAN 1 VLAN 2
Subnet198.21.xx
VLAN 2
MAC-Based
VLAN 1
MACAddresses
MACAddresses
Establishing VLAN MembershipEstablishing VLAN Membership
• Port driven
• MAC address driven
• Network address driven
• Application type driven
9-9CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Membership by Port
VLAN 2VLAN 1
VLAN 3
Maximizes Forwarding Performance • Users assigned by port
association
• Requires no lookup if done in ASICs
• Easily administered via GUIs
• Maximizes security between VLANs
• Packets do not “leak” into other domains
• Easily controlled across network
9-10CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Requires Filtering, Impacts Performance
Membership by MAC Addresses
VLAN 1020701A3EF1AOA032192FA2A026765175GA3A
VLAN 2050503G4GF2A040404THTB3A070706GGGF3A
VLAN 1020701A3EF1AOA032192FA2A026765175GA3A
VLAN 2050503G4GF2A040404THTB3A070706GGGF3A
Table Exchange
Tables AddAdministration Overhead
• Users assigned based on MAC addresses
• Flexible, yet adds overhead
• Impacts performance, scalability, administration
• Similar process for higher layers
MAC AddressTables
MAC AddressTables
9-11CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Multiple VLANs per Port
Broadcast Outgoing
Mac 1Mac 2
Mac 3
Mac 4Mac 5
Mac 6
Mac 7Mac 8
Mac 9
Mac 10Mac 11
Mac 12
Broadcast Incoming
Does This Make Sense in Switched/Shared LANs?
• Requested when multiple clients are attached
• Requires address lookups
• Cannot filter broadcasts on shared segment
• Results in lots of administration, little return
HubHub
9-12CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Two Physical Topology Approaches
Communicating Between VLANs
• Layer 3 links VLANs together
• Adds additional security and management
• Logical links conserve physical ports
• Multimode, depending on protocol
• Controls access by VLAN
• Up to 255 VLANs per router
VLAN 2
VLAN 3
VLAN 1
Cisco Internetworking Software
VLANs 1, 2, 3
Logical Communication
Physical Link per VLAN
9-13CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Server Connectivity
• Intelligent NICs decode tagging
• Supported by industry (Intel, CrossPoint)
• Maximizes performance, flexibility
C5000
C2900
C5000
C2820
Cisco 7500
VLAN VLAN 11 VLAN
2 VLAN 3
Server Farm
Multiple Tagging to Each Server
© 1999, Cisco Systems, Inc. www.cisco.comwww.cisco.com© 1999, Cisco Systems, Inc.
VLAN TechnologiesVLAN Technologies
9-15CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
Inter-Switch Link
VLAN Tag Added at Incoming Port
VLAN Tag Stripped by Forwarding Port
Inter-Switch Link (ISL) Carries
VLAN Identifier
• Interconnects multiple switches and maintains VLAN information as traffic goes between switches
• Establishes membership through ASICs
• Labels each packet as received (“packet tagging”)
• Eliminates lookups and tables
• Transports multiple VLANs across links
• Protocol, endstation-independent
• Easily managed• 802.10• ISLISL• 802.1Q• LANE
9-16CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
• Wide vendor endorsement for 802.1Q tagging standard
• Cisco supports across Fast Ethernet, Gigabit uplinks
• Cisco maps ISL to 802.1Q dynamically with VTP
Packet Tagging as Common VLAN Exchange
VLAN Standardization
Level-1 Explicit Tagging
SRC
DES SRC
Data
DES
DES SRC
FCSFCS
FCS DES SRC FCS
VLAN ID
9-17CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
802.1Q
VLAN Standard Implementation
• Cisco environment uses ISL
• Vendor environment uses an existing, yet different packet tagging method
• Interdomain communication based on 802.1Q standard
Si Si
Cisco Domain
Vendor X Domain
ISL ?
Company ABC
Typical Environment
9-18CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
• VLAN administration and configuration protocol
– Reduces VLAN setup and administration
– Eliminates configuration errors
– Decreases network manager’s time adding and managing VLANs
– Maps VLANs across different backbones (FDDI, Fast Ethernet, ATM)
– Maps between ISL and 802.1q
– Maintains security between VLANs
Virtual Trunk Protocol (VTP)
ATMFabric
VLAN 2
VLAN 1
ISL
LANE
ISL
LANE
LANE
802.1Q
9-19CSE: Networking Fundamentals—VLANs © 1999, Cisco Systems, Inc. www.cisco.com
SummarySummary
• VLANs enable logical (instead of physical) groups of users on a switch
• VLANs address the needs for mobility and flexibility
• VLANs reduce administrative overhead, improve security, and provide more efficient bandwidth utilization