Embed Size (px)
DESCRIPTION
Ethernet Errors and Problems. Frame size errors Short frame Long frame Jabber Collision Errors What percent collision rate is acceptable? Late collision? Why late collisions occur? How to prevent them? Solutions to prevent collisions? Broadcasts - PowerPoint PPT Presentation
Citation preview
IST 228\Ch6:Virtual LANs (VLANs) 1
Ethernet Errors and Problems• Frame size errors
– Short frame– Long frame– Jabber
• Collision Errors– What percent collision rate is acceptable?– Late collision?– Why late collisions occur? How to prevent them?– Solutions to prevent collisions?
• Broadcasts– How much broadcast traffic is acceptable? – How to reduce the amount of broadcast traffic?
IST 228\Ch6:Virtual LANs (VLANs) 2
Ethernet Security Problems
• By default, all users can see all network devices located on a physical LAN.
• Anyone can observe all network traffic by plugging a network analyzer into a hub.
IST 228\Ch6:Virtual LANs (VLANs) 3
Solution(s)?
• Securing Switch Ports– limiting device connections
1900s2(config)#mac-address-table permanent <MAC Address> e0/7
– limiting communication1900s2(config)#mac-address-table restricted static <MAC
Address> e0/6 e0/12
– limiting the number of devices1900s2(config)#interface e/10
1900s2(config-if)#port secure max-mac-count 5
IST 228\Ch6:Virtual LANs (VLANs) 4
Solution(s)?• Switching Methods
– Cut-Through
– Store-and-Forward Switches
– Fragment-Free Switching
– Adaptive Cut-Through
1900s2(config)#switching-mode store-and-forward
IST 228\Ch6:Virtual LANs (VLANs) 5
Solution(s)? • Use bridges • Use switches• Use routers to
segment a network (Collapsed Backbone Approach)
• Advantages • Disadvantages
IST 228\Ch6:Virtual LANs (VLANs) 6
Virtual LANs (VLAN)• A VLAN is a logical
grouping of network devices connected to defined ports on switches.
• Each VLAN is a broadcast domain within a layer-2 switched network, created by assigning ports on switches to different subnetworks.
IST 228\Ch6:Virtual LANs (VLANs) 7
Benefits
• Simplified Network Management• Broadcast Control• Security• Flexibility and Scalability
– 20% to 40% of the workforce is on move every year.
– Implementing changes and moves constitutes 23% of the total network administration cost.
IST 228\Ch6:Virtual LANs (VLANs) 8
VLAN Membership
• Static VLANs– the most secure
• Dynamic VLANs– use an intelligent software to assign
ports.
IST 228\Ch6:Virtual LANs (VLANs) 9
Creating VLANs on Cisco Catalyst 19001900s2>enable
1900s2#configure terminal
1900s2(config)#vlan 2 name engineering
1900s2(config)#vlan 3 name marketing
: :
1900s2(config)#exit
1900s2#show vlan
IST 228\Ch6:Virtual LANs (VLANs) 10
Assigning Ports to VLANs1900s2(config)#interface e0/2
1900s2(config)#vlan-membership static 2
1900s2(config)#exit
1900s2(config)#interface e0/3
1900s2(config)#vlan-membership static 2
1900s2(config)#exit
: :
1900s2#show vlan
Use the show vlan [#] command to gather information about a specific vlan.
IST 228\Ch6:Virtual LANs (VLANs) 11
Link Types and Configuration• Access Links
– A device attached to an access link is unaware of a VLAN membership.
– Access-link devices cannot communicate with devices outside their VLAN unless...
• Trunk links– Switch-to-switch, switch-to-server, or switch-to-
router 100- or 1000Mbps links that can carry traffic from multiple VLANs.
– Five different states you can set for a trunk link:• Auto• Desirable• Nonegotiate• Off• On
IST 228\Ch6:Virtual LANs (VLANs) 12
Trunk Links
IST 228\Ch6:Virtual LANs (VLANs) 13
Configuration of Trunk links1900s2#configure terminal
1900s2(config)#interface f0/26
1900s2(config-if)#trunk on
By default, all VLANs are enabled to be routed over this newly configured trunk link.1900s2(config-if)#no trunk-vlan 2
You cleared VLAN 7 from the trunk. 1900s2#show trunk a allowed-vlans
IST 228\Ch6:Virtual LANs (VLANs) 14
VLAN Trunk Protocol (VTP)
• Layer 2 messaging protocol• Manages all changes to the VLANs
across networks.• Any changes made to a VLAN by an
administrator are automatically propagated by VTP to all VTP-enabled devices.
• No need for VTP if there is only a single switch or if all switches are in the same VLAN.
IST 228\Ch6:Virtual LANs (VLANs) 15
Using VTP• VTP devices are organized into domains.• Each domain must have at least one VTP
server. • Each switch can only be in one domain.1900s2(config)#VTP domain <domain name>
• Three different modes– Server– Client– Transparent
1900s2(config)#VTP client
• VTP Pruning: Reduces the number of VTP updates that traverse a link. By default, VTP pruning is disabled on all switches.
1900s2(config)#vtp pruning enable1900s2(config)#delete vtp
IST 228\Ch6:Virtual LANs (VLANs) 16
Nonswitching Hubs and VLANs• Considerations to keep in mind when
implementing hubs on a network that employs VLANs:– If you insert a hub into a port on a switch and then
connect several devices to the hub, all the system attached to that hub will be in the same VLAN
– If you must move a single workstation that is attached to a hub with several workstations, you will have to physically attach the device to another hub or switch ports in order to change its VLAN assignment
– The more hosts attached at individual switch ports, the greater the microsegmentation and flexibility the VLAN can offer
IST 228\Ch6:Virtual LANs (VLANs) 17
Routers and VLANs
• Routers are used with VLANs– to communicate each other– to increase security
IST 228\Ch6:Virtual LANs (VLANs) 18
VLAN Identification
• Inter-Switch Link (ISL)• IEEE 802.1Q• LAN emulation• 802.10 (FDDI)
