09 Understanding VLANs

7/30/2019 09 Understanding VLANs

1/20

1999, Cisco Systems, Inc.www.cisco.com

Module 9:

UnderstandingVirtual LANs


2/20

9-2CSE: Networking FundamentalsVLANs 1999, Cisco Systems, Inc.www.cisco.com

Agenda

What Is a VLAN? How Does it Work?

VLAN Technologies


3/20


Constraints of Shared LANs

Users are physically bound

Subnets are tied to hubs

Users are grouped by

location

No security on segment

Addressing is constrained

Moves require addresschanges

Router ports are expensive


4/20


Virtual LANs

One broadcast domainwithin a switch

VLANs help managebroadcast domain

Can be defined onport groups, users, orprotocols

LAN switches andnetwork managementsoftware provide amechanism to create

VLANs

Server Farm

VLAN 1VLAN 2VLAN 3


5/20


Remove the PhysicalBoundaries

Group users by department, team, or application

Routers provide communication between VLANs

Engineering Marketing Acctg.

Floor 3

Floor 2

Floor 1


6/20


VLAN Benefits

Reduced administrative costs

Simplify moves, adds, and changes

Efficient bandwidth utilization

Better control of broadcasts

Improved network security

Separate VLAN group for high-security users

Relocate servers into secured locations Scalability and performance

Microsegment with scalability

Distribute traffic load


7/209-7CSE: Networking FundamentalsVLANs 1999, Cisco Systems, Inc.www.cisco.com

VLAN Components

Switches, Routers, Servers, Management

MembershipEstablishment

Inter-VLANCommunications

CommunicationAcross Fabric

CentralizedAdministration

SwitchesMembershipdetermination

TrunkingCommonVLAN exchange

Multiprotocol routingInter-VLAN exchange

ServersMulti-VLANcommunication

ManagementSecurity,control, administration

ServerCommunication



Approaches Can Vary PerformancePort-Based

VLAN 1

VLAN 2

VLAN 3

Layer 3-Based

Subnet

198.22.xx

VLAN 1 VLAN 2

Subnet

198.21.xx

VLAN 2

MAC-Based

VLAN 1

MACAddresses

MACAddresses

Establishing VLAN Membership

Port driven

MAC address driven

Network addressdriven

Application typedriven



Membership by Port

VLAN 2VLAN 1

VLAN 3

Maximizes Forwarding Performance Users assigned by port

association

Requires no lookup ifdone in ASICs

Easily administered via GUIs

Maximizes security between

VLANs Packets do not leak into

other domains

Easily controlled across

network



Requires Filtering, Impacts Performance

Membership by MAC Addresses

VLAN 1020701A3EF1AOA032192FA2A

026765175GA3A

VLAN 2050503G4GF2A040404THTB3A070706GGGF3A

VLAN 1020701A3EF1AOA032192FA2A

026765175GA3A

VLAN 2050503G4GF2A040404THTB3A070706GGGF3A

Table Exchange

Tables AddAdministration Overhead

Users assigned based on MAC addresses

Flexible, yet adds overhead

Impacts performance, scalability, administration

Similar process for higher layers

MAC AddressTables

MAC AddressTables



Multiple VLANs per Port

BroadcastOutgoing

Mac 1Mac 2

Mac 3

Mac 4Mac 5

Mac 6

Mac 7Mac 8

Mac 9

Mac 10Mac 11

Mac 12

BroadcastIncoming

Does This Make Sense in Switched/Shared LANs?

Requested when multiple clients are attached

Requires address lookups

Cannot filter broadcasts on shared segment

Results in lots of administration, little return

HubHub



Two Physical Topology Approaches

Communicating Between VLANs

Layer 3 linksVLANs together

Adds additional securityand management

Logical links conservephysical ports

Multimode, dependingon protocol

Controls access by VLAN

Up to 255 VLANs per router

VLAN 2

VLAN 3

VLAN 1

Cisco InternetworkingSoftware

VLANs 1, 2, 3

LogicalCommunication

Physical Linkper VLAN



Server Connectivity

Intelligent NICs decode tagging

Supported by industry (Intel, CrossPoint)

Maximizes performance, flexibility

C5000

C2900

C5000

C2820

Cisco7500

VLAN

1VLAN

2 VLAN3

Server Farm

Multiple Taggingto Each Server


14/20 1999, Cisco Systems, Inc.www.cisco.comwww.cisco.com

1999, Cisco Systems, Inc.

VLAN Technologies



Inter-Switch Link

VLAN Tag Addedat Incoming Port

VLAN Tag Strippedby Forwarding Port

Inter-Switch Link

(ISL) CarriesVLAN Identifier

Interconnects multipleswitches and maintains VLANinformation as traffic goesbetween switches

Establishes membershipthrough ASICs

Labels each packet asreceived (packet tagging)

Eliminates lookups and tables

Transports multiple VLANsacross links

Protocol, endstation-independent

Easily managed

802.10

ISL

802.1Q LANE


16/20



802.1Q

VLAN Standard Implementation

Cisco environmentuses ISL

Vendor environmentuses an existing, yetdifferent packet taggingmethod

Interdomaincommunication basedon 802.1Q standard

Si Si

CiscoDomain

Vendor XDomain

ISL ?

Company ABC

Typical Environment


18/20


VLAN administration andconfiguration protocol

Reduces VLAN setup andadministration

Eliminates configuration errors

Decreases network managerstime adding and managingVLANs

Maps VLANs across differentbackbones (FDDI, Fast Ethernet,ATM)

Maps between ISL and 802.1q

Maintains security between VLANs

Virtual Trunk Protocol (VTP)

ATMFabric

VLAN 2

VLAN 1

ISL

LANE

ISL

LANE

LANE

802.1Q


19/20


Summary

VLANs enable logical (instead ofphysical) groups of users on a switch

VLANs address the needsfor mobility and flexibility

VLANs reduce administrative overhead,

improve security, and provide moreefficient bandwidth utilization


20/20

20P t ti ID www cisco com

Documents

09 Understanding VLANs