Semester 3Semester 3

CHAPTER 8CHAPTER 8

Secci de TelemticaSecci de Telemtica

ContentContent

VLANs Concepts VLAN Configuration VLAN Configuration Troubleshooting VLANsg

VLANs ConceptsVLANs ConceptsVLANs ConceptsVLANs Concepts

VLANs and Physical BoundariesVLANs and Physical Boundaries

Introduction to VLANsIntroduction to VLANs

A group of ports or users in same A group of ports or users in same broadcast domain

Can be based on port ID, MAC address, protocol, or applicationp pp

LAN switches and network management software provide amanagement software provide a mechanism

Frame tagged with VLAN ID (Trunk Port-802.1q)q)

Remove the physical boundariesRemove the physical boundaries

Group users by departament team or Group users by departament, team or aplication Routers provide communication between Routers provide communication between VLANs

Introduction to VLANsIntroduction to VLANs

Implementing VLANs on a switch causes the following to occur: The switch maintains a separate bridging

table for each VLANtable for each VLAN. If the frame comes in on a port in VLAN 1,

the switch searches the bridging table forthe switch searches the bridging table for VLAN 1.

When the frame is received, the switch adds th dd t th b id i t bl if it ithe source address to the bridging table if it is currently unknown.

The destination is checked so a forwardingThe destination is checked so a forwarding decision can be made.

For learning and forwarding the search is g gmade against the address table for that VLAN only

Static VLANsStatic VLANs

A i t ( t t i ) Assign ports (port-centric)

Static VLANs are secure, easy to configure y gand monitor

Dynamic VLANsDynamic VLANs

VLANs assigned using centralized VLAN management applicationVLAN b d MAC dd l i l dd VLANs based on MAC address, logical address, or protocol type

Less administration in wiring closetg Notification when unrecognized user is added to

network

Staticallly vs DynamicallyStaticallly vs Dynamically

Benefits of VLANsBenefits of VLANs

Easily move workstations on the LAN. Easily add workstations to the LAN. Easily change the LAN configuration. Easily control network traffic. Improve security

Establishing VLAN MembershipEstablishing VLAN Membership

How many VLAN do VLANs memberships

P t b d

How many VLAN do we need? Traffic patterns Port based

MAC Address based

N t k Add b d

Traffic patterns

Types of applications

Network management Network Address based Network management needs

Group commonality

Membership by portMembership by port

Membership by MAC AddressMembership by MAC Address

Communicating between VLANsCommunicating between VLANs

InterInter--Switch LinkSwitch Link

VLAN CONFIGURATIONVLAN CONFIGURATION

VLAN basicsVLAN basics

VLANs can exist either as end-to-end networks or they can exist inside of geographic boundariesthey can exist inside of geographic boundaries

End-to-end VLANsU d i t VLAN i d d t f h i l Users are grouped into VLANs independent of physical location, but dependent on group or job function

80/20 rule traffic flow 80% of traffic remains in the VLAN, 20% goes out

As a user moves around the campus, VLAN membership for that user should not changethat user should not change.

Each VLAN has a common set of security requirements for all members.

Geographic VLAN As large as a buildingg g New 20/80 rule traffic flow Deterministic, consistent method of accessing resources

Static VLANsStatic VLANs

VLAN ti VLAN creation Switch#vlan database

Switch(vlan)#vlan vlan numberSwitch(vlan)#vlan vlan_numberSwitch(vlan)#exit

VLAN port assignament Switch(config)#interface fastethernet 0/9

Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan( g )# pvlan_number

VLAN verification Switch#show vlan

Switch#sh vlan id

Switch#show vlan brief

Default guidelines to followDefault guidelines to follow

The maximum number of VLANs is switch e a u u be o s s s cdependent.

VLAN 1 is one of the factory-default VLANsVLAN 1 is one of the factory-default VLANs. VLAN 1 is the default Ethernet VLAN. Cisco Discovery Protocol (CDP) and VLAN

Trunking Protocol (VTP) advertisements are t VLAN 1sent on VLAN 1.

The Catalyst 29xx IP address is in the VLAN 1 ybroadcast domain by default.

The switch must be in VTP server mode toThe switch must be in VTP server mode to create, add, or delete VLANs

TROUBLESHOOTING VLANsTROUBLESHOOTING VLANs

VLANs Problem IsolationVLANs Problem Isolation

Problem Isolation in CatalystProblem Isolation in Catalyst

VLAN troubleshooting scenariosVLAN troubleshooting scenarios

Using Existing HubsUsing Existing Hubs

ReviewReview

VLANs Concepts VLAN Configuration Troubleshooting VLANs