the university of bolton school of business & creative technologies mwd1014 computer networks...
TRANSCRIPT
The University of Bolton
School of Business & Creative Technologies
MWD1014 Computer NetworksVirtual Local Area Networks (VLANs)
Martin Stanhope
Overview
This presentation will introduce you to the following concepts:
• VLANs (based on switch port membership)• Creating VLANs• Assigning ports to VLANs• Interconnecting VLANs across multiple switches• The use of trunk ports and trunk links• Inter-VLAN communication using a router• The use of router subinterfaces
2
All switch ports belong to VLAN1 by default
3
fa0/1
v1
fa0/2
v1
fa0/3
v1
fa0/4
v1
fa0/5
v1
fa0/6
v1
fa0/7
v1
•The above represents a lan switch.•To get us started, for the time being, consider a VLAN to be a group of switch ports.•All switch ports belong to VLAN1 by default (abbreviated in the above as v1)
New vlans can be created and switch ports assigned to them
4
fa0/1
v1
fa0/2
v2
fa0/3
v2
fa0/4
v3
fa0/5
v3
fa0/6
v1
fa0/7
v1
•VLANs are only created on switches.•Switch ports are then assigned to the VLANs•PCs are then attached to the switch ports.•The PCs become members of the VLANs due to the ports they a wired to.•This is STATIC (port-centric) VLAN membership.
CLI commands to create the two new VLANs
Switches can be configured in the same way as routers by connecting a laptop to the switch’s console port and using Hyperterminal software to access the switch’s command line interface (CLI) as shown below...
S1> enable
S1# vlan databaseS1(vlan)# vlan 2 name studentsS1(vlan)# vlan 3 name staffS1(vlan)# end
5
Assign switch ports to the new VLANs
S1# configure terminalS1(config)# interface fa0/2S1(config-if)# switchport mode accessS1(config-if)# switchport access vlan 2
S1(config)# interface fa0/3S1(config-if)# switchport mode accessS1(config-if)# switchport access vlan 2
S1(config)# interface fa0/4S1(config-if)# switchport mode accessS1(config-if)# switchport access vlan 3
S1(config)# interface fa0/5S1(config-if)# switchport mode accessS1(config-if)# switchport access vlan 3
6
Attach PCs to the ports and assign appropriate IP addresses according to the VLANS the ports belong to.
7
fa0/1
v1
fa0/2
v2
fa0/3
v2
fa0/4
v3
fa0/5
v3
fa0/6
v1
fa0/7
v1
VLAN 1 network address – 192.168.1.0/24VLAN 2 network address – 192.168.2.0/24VLAN 3 network address – 192.168.3.0/24
Linking multiple VLANs across 2 switches
8
VLAN1
VLAN2
VLAN3
Colour key...•VLANs 1 exist by default on both switches. VLANs 2 and 3 have to be created on each switch.•Notice how ports and cables are required to link the VLANs corresponding on both switches•PCs can only communicate with other PCs in the same VLAN.•Inter VLAN communications will require a router (see later notes)•This method of interlinking VLANs across switches doesn’t scale very well as more ports and cables are required for more VLANs.
Linking multiple VLANs across 2 switches using a trunk link
9
T T
VLAN1
VLAN2
VLAN3
Colour key...
•One port on each switch is configured as a TRUNK port.•A trunk link allows traffic from any VLAN to cross it.•The trunk link cable is just a normal UTP crossover cable. •Trunking reduces the number of ports and cables required to allow traffic from multiple VLANs to move between the switches. •Frames are tagged with an ID representing their source VLAN by the originating switch so they be delivered to the corresponding VLAN at the other end of the trunk link. IEEE802.1q Frame Tagging standard.•PCs can only communicate with other PCs in the same VLAN.•Inter VLAN communications requires router (see later notes).
Trunk link
Configuring switch ports to be trunk ports instead of access ports
• Configure Switch 1 port fa0/6 to be a trunk portS1(config)# interface fa0/6S1(config)# switchport mode trunkS1(config)# switchport trunk native vlan 1S1(config)# end
• Configure Switch 2 port fa0/6 to be a trunk portS2(config)# interface fa0/6S2(config)# switchport mode trunkS2(config)# switchport trunk native vlan 1S2(config)# end
10Note – The ‘switchport trunk native vlan 1’ command is required for trunks to be able to handle ‘non-VLAN’ generated traffic. This is a little advanced for this level but has been included here for completeness.
Inter-VLAN routing – Method 1 using no trunks
11VLAN1 VLAN2 VLAN3
Colour key...
RouterThree router Ethernet interfaces are required as there are 3 networks (VLANs) to interconnect
VLAN Trunks
• A trunk is a point-to-point link between two network devices that carries traffic from more than one VLAN.
• A VLAN trunk allows you to extend the VLANs across an entire network.
• Cisco supports the IEEE 802.1q frame tagging standard for coordinating trunks on Fast Ethernet and Gigabit Ethernet interfaces.
• A VLAN trunk does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.
• Trunks are created by configuring the ports of the network devices.
• There is nothing special about the cables used. E.g. For a copper solution: cross-over cables between switches, straight-through cables between switch and router.
• Without trunks there is a need for a normal link between switches (or switch and router) FOR EACH VLAN. This results in many used ports and more cables than for a trunked solution.
12
Inter-VLAN routing – Method 2 using trunks
13
T T
VLAN1 VLAN2 VLAN3
Colour key...
T
Router
•A trunk link is used to connect the two switches allowing traffic from all VLANs to cross it.•A trunk link is used to connect one of the switches to the router to allow traffic to/from all VLANs.•How can 3 networks, VLAN 1, 2 and 3 be interlinked using just 1 router port?
Trunk link
Trunk link
Inter-VLAN routing using trunks. Router subinterfaces.
14
T T
VLAN1 VLAN2 VLAN3
Colour key...
T
Router
When using a trunk link to a router, a router physical interface e.g., fa0/0, can be configured to act as multiple ‘virtual subinterfaces’ identified using the following naming convention. One subinterface for each VLAN...fa0/0.1, fa0/0.2, fa0/0.3 etc.
Configuration of the ‘router-on-a-stick’ network scenario
• The next slides shows the IP/Subnet mask information for a working system.
• Note how each switch has been configured to have a VLAN1 virtual management interface that is given an IP address and subnet mask. This IP address can be used to remotely Telnet into the switch for remote configuration purposes.
• Each switch is also configured to have a ‘Default Gateway’ IP address that must correspond to the IP address of the VLAN1 subinterface on the router.
15
VLAN setup showing full configuration information
16
T T
VLAN1 192.168.1.0/24 VLAN2 192.168.2.0/24 VLAN3 192.168.3.0/24
Colour key...
T
Router
fa0/0... fa0/0.1 VLAN 1 interface 192.168.1.1/24... fa0/0.2 VLAN 2 interface 192.168.2.1/24... fa0/0.3 VLAN 3 interface 192.168.3.1/24
Switch 1 management info:IP = 192.168.1.2/24 (a valid VLAN1 address)DG = 192.168.1.1/24 (i.e. VLAN 1 interface address)
Switch 2 management info:IP = 192.168.1.3/24 (a valid VLAN1 address)DG = 192.168.1.1/24 (i.e. VLAN 1 interface address)
Configuring the 3 subinterfaces (one per VLAN) on the router physical interface using the IEEE802.1q frame tagging standard
R1# configure terminalR1(config)# interface fa0/0
R1(config)#no shutdown
R1(config-if)# interface fa0/0.1R1(config-subif)# encapsulation dot1q vlan1R1(config-subif)# ip address 192.168.1.1 255.255.255.0R1(config-if)# interface fa0/0.2R1(config-subif)# encapsulation dot1q vlan2R1(config-subif)# ip address 192.168.2.1 255.255.255.0R1(config-if)# interface fa0/0.3R1(config-subif)# encapsulation dot1q vlan3R1(config-subif)# ip address 192.168.3.1 255.255.255.0
R1(config-subif)# end
17
Why use VLANs instead of traditional LANs?
• Traditionally LANS are ‘geographical’ groupings of computers• VLANs allow PCs in different geographical locations to be in the
same network (or subnetwork). They are grouped by function not by location.
• VLANs are created on switches• Inter VLAN communication requires a router• VLANs are identified by a number or an assigned name• VLAN benefits
– Improved security– Cost reduction– Higher performance– Broadcast storm improvement– Improved IT staff efficiency– Simpler project or application management– Simpler to move company personal into different networks without
physically moving them. 18
What are the range of available VLANs?
• Normal Range VLAN IDs– VLAN ID ranges from 1 to 1005– VLANs 1002, 1003, 1004 and 1005 are reserved for
Token Ring and Fibre Distributed Data Interface (FDDI) networks.
– VLANs 1, 1002, 1003, 1004 and 1005 are automatically created on a switch and cannot be removed.
– VLAN configurations are stored in a VLAN database file named vlan.dat held in flash memory within the switch
19
What are the range of available VLANs? cont...
• Extended Range VLAN IDs– Range from 1006 to 4094– Designed for service providers– Support fewer VLAN features than normal range VLANs– Are saved in the running-config file
• Configurable VLANs– Cisco Catalyst 2960 switch can support up to 255 normal
and extended range VLANs– Cisco enterprise level units can join/stack 9 48-port
switches giving 432 ports on a single switch unit.
20