Upload
meredith-poynor
View
251
Download
0
Tags:
Embed Size (px)
Citation preview
LAN SegmentationLAN SegmentationVirtual LAN (VLAN)
Network SegmentationNetwork SegmentationSegmenting is the process of
separating certain portions of network traffic, either for◦ Performance, ◦Security,◦Reliability ◦Logical or geographical organisation
Devices used for network segmentation◦Switch◦Router
Segmenting using Routers Segmenting using Routers We have seen the use of routers for
◦Segmenting local networks Dividing an enterprise network into different
departments
Limitations :All devices on that subnet must be
connected to the same switch and that switch must be connected to a port on the router.
What if users on a network are connected to different switches?
SwitchesSwitchesSwitches are data link layer devices
that enable multiple physical LAN segments to be interconnected into a single larger network
switches forward and flood traffic based on MAC addresses. ◦MAC addresses are mapped to switch
portsBecause switching is performed in
hardware instead of in software, however, it is significantly faster.
LAN switching employs micro-segmentation within switch hardware, which segments the LAN
Switches usually allows multiple conversations (traffic between two ports) to occur simultaneously.
Segmentation using Segmentation using switchesswitches
Limitation with switchesLimitation with switchesSwitches do not break up broadcast
domains, meaning that if a device sends a broadcast, all devices connected to that switch must listen. Remind: To break up broadcast domains,
we've traditionally used routers Virtual LANs are a way to break up
broadcast domains in a Layer 2 switched networks
VLANsVLANs
VLANs logically segment switched networks based on an organization's functions, project teams, or applications as opposed to a physical or geographical basis.
VLANVLANVLAN is a broadcast domainGrouped based on logical function,
department or application20% to 40% of work force moves
every year◦Recabling / readdressing and
reconfigurationTraffic can be switched between
VLANS with a router
8
LAN VS. VLANLAN VS. VLAN
9
When should you need a When should you need a VLAN?VLAN?You have more than 200 devices
on your LAN You have a lot of broadcast traffic
on your LAN Groups of users need more
security or are being slowed down by too many broadcasts?
Groups of users need to be on the same broadcast domain because they are running the same applications..
VLAN ConfigurationVLAN Configuration
Static VLANsStatic VLANs
Assign ports to VLAN 2Enter the following commands to add ports 0/7 to 0/9 to VLAN 2:Switch_B#configure terminalSwitch_B# Vlan 2 name SalesSwitch_B(config)#interface fastethernet 0/7Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 2
Assign ports on VLAN 3Switch_B#configure terminalSwitch_B# vlan 3 name AdminSwitch_B(config)#interface fastethernet 0/10Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 3
Configure VLANs on the Switches in a Configure VLANs on the Switches in a Converged Network TopologyConverged Network Topology
Role of Trunking VLANs in a Role of Trunking VLANs in a Converged NetworkConverged Network
•How to communicate between hosts on a VLAN spread over different switches?
•Trunk ports are created between switches to enable inter-switch communication
•Basic Ethernet frame is modified to include VLAN ID to which it belongs
•Frames are encapsulated •ISL (inter switch link) - Cisco proprietary•802.1Q – IEEE standard
Test VLAN configurationTest VLAN configurationPing users on different VLANs
◦Ping should not workPing users on same VLAN
◦Ping should work