rep

Published on February 2017 | Categories: Documents | Downloads: 104 | Comments: 0 | Views: 852
of 27
Download PDF   Embed   Report

Comments

Content

VIRTUAL LAN
CS 708 Seminar

ARJUN J S (Roll No. 05068) B. Tech. Computer Science & Engineering

College of Engineering Kottarakkara Kollam 691 531 Ph: +91.474.2453300 http://www.cet.ihrd.ac.in [email protected]

Certificate

This is to certify that this report titled Virtual LAN is a bonafide record of the CS 708 Seminar work done by Mr.Arjun J S Reg No. 10264004, Seventh Semester B. Tech. Computer Science & Engineering student, under our guidance and supervision, in partial fulfillment of the requirements for the award of the degree, B. Tech. Computer Science and Engineering of Cochin University of Science & Technology.

December 30, 2008

Guide

Coordinator & Dept. Head

Renjith S R Lecturer Dept. of Computer Science & Engg.

Ahammed Siraj K K Asst. Professor Dept. of Computer Science & Engg.

Acknowledgments

I hereby take the opportunity to thank Asst Prof.Ahammed Siraj K K, Head of Department and Ranjith S R of computer science,College of Engineering Kottarakkara, for their valuable points and guidance through out the course of my seminar. Last but not leaving the one, I would like to thank my parents for their motivation and my friends who gave me their valuable contributions regarding my topic and the encouragement through the preparation of seminar. Above all I would like to thank God for His abundant blessings without which this wouldnt be possible.

Abstract The Virtual LAN configuration is a virtual concept that relates with Switches which is described in this SEMINAR. The nature and function of a bridged /switched network is to provide enhanced network services by segmenting the network into multiple collision domains. The fact remains that this network is a still a single broadcast domain. It is important to control the broadcast propagation throughout the network. Routers provide broadcast domain segmentation; similarly Switches also provide the same facility called virtual LANs (VLANs).A VLAN is defined as a broadcast domain. Definition: A group of devices on one or more logically segmented LANs (configured by use of software), enabling devices to communicate as if attached to the same physical medium, when they are actually located on numerous different LAN segments. VLANs are based on logical instead of physical connections and thus are tremendously flexible. VLANs enable you to group users into common broadcast domain regardless of their physical location in the internetwork.VLANs provides various benefits and improves various factors dealing in the switched network.

i

Contents
1 Introduction 2 Backbone network device 3 What is VLAN 4 How VLANs Operate? 5 Need for vlan 6 Different model of VLAN 7 VLAN Memberships 8 VLAN Identification Method 9 VLAN Trunking Protocol (VTP) 10 VTP Modes of Operation 11 Configuring VLANs 12 Advantages of VlANs 13 conclusion References 1 2 4 5 6 8 11 13 15 16 18 19 22 22

ii

1

Introduction

I know I keep telling you this, but Ive got to be sure you never forget it, so here I go, one last time: By default, switches break up collision domains and routers break up broadcast domains. Okay, I feel better! Now we can move on. In contrast to the networks of yesterday that were based on collapsed backbones, todays network design is characterized by a flatter architecturethanks to switches. So now what? How do we break up broadcast domains in a pure switched internetwork? By creating a virtual local area network (VLAN). A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. When you create VLANs, youre given the ability to create smaller broadcast domains within a layer 2 switched inter- network by assigning different ports on the switch to different subnetworks. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcast onto the network are only switched between the ports logically grouped within the same VLAN. So, does this mean we no longer need routers? Maybe yes; maybe no. It really depends on what you want or what your needs are. By default, hosts in a specific VLAN cannot commu- nicate with hosts that are members of another VLAN, so if you want inter-VLAN communication, the answer is that you still need a router.

1

2

Backbone network device

In todays networked backbone, there are certain hardware devices that connect other networks to the backbone. These are special purpose devices and computers that just transfer messages from one network to another. Before we look deep into the topic Virtual LANs, let us see the basic devices used in the network backbone. They are 1. Bridges 2. Switches 3. Routers 4. Gateways 5. Hubs BRIDGES-Bridges operate at the data link layer. They connect two LAN segments that use the same data link and network protocol. They may use the same or different types of cables. Bridges learn whether to forward packets, and only forward those messages that need to go to other network segments. If a bridge receives a packet with a destination address that is not in the address table, it forwards the packet to all networks or network segments except the one on which it was received. Bridges are a combination of both hardware and software, typically a black box that sits between the two networks, but can also be a computer with two NICs and special software. SWITCHES-Like bridges, switches operate at the data link layer. Switches connect two or more computers or network segments that use the same data link and network protocol. They may connect the same or different types of cable. The switch is a device that connects a material coming in with an appropriate outlet. They require more processing power. Switches operate at the same layers as bridges but differ from them in two ways: 1. First, most switches enable all ports to be in use simultaneously, making them faster than bridges. 2. Second, unlike bridges, switches dont learn addresses, and need to have addresses defined. There are two types of switches: 1. Cut-through switches examine the destination of the incoming packet and immediately connect the port with the incoming message to the correct outgoing port. It is hardware-based. 2. Store-and-forward switches copy the incoming packet into memory before processing the destination address. ROUTERS-Routers operate at the network layer. Routers connect two or more LANs that use the same or different data link protocols,

2

but the same network protocol. Routers may be black boxes, computers with several NICs, or special network modules in computers. In general they perform more processing on each message than bridges and therefore operate more slowly. Routers can choose the best route when compared with bridges .They only process messages specifically addressed to it. Routers can connect networks using different data link layer protocols. Therefore, routers are able to change data link layer packets. Routers may split a message into several smaller messages for better transmission. GATEWAYS-Gateways operate at the network layer and use network layer addresses in processing messages. Gateways connect two or more LANs that use the same or different (usually different) data link and network protocols. The may connect the same or different kinds of cable. Gateways process only those messages explicitly addressed to them. Gateways translate one network protocol into another, translate data formats, and open sessions between application programs, thus overcoming both hardware and software incompatibilities. A gateway may be a stand-alone microcomputer with several NICs and special software, a FEP connected to a mainframe computer, or even a special circuit card in the network server. One of the most common uses of gateways is to enable LANs that use TCP/IP and Ethernet to communicate with IBM mainframes that use SNA. The gateway provides both the basic system interconnection and the necessary translation between the protocols in both directions. HUBS- Physical layer devices that are really just multiple port repeaters. When an electronic digital signal is received on a port, the signal is reampli-fied or regenerated and forwarded out all segments except the segment from which the signal was received.

3

3

What is VLAN

In a broadcast environment, a broadcast is sent out by a host on a single segment would propagate to all segments, saturating the bandwidth of the entire network. Also, without forcing some method of checking at an upper layer, all devices in the broadcast domain would be able to communicate via Layer 2.This severely limits the amount of security that could be enforced on the network. Before the introduction of switches and VLANs, networks were divided into multiple broadcast domains by connectivity through a router .Because routers do not forward broadcasts, each interface is in a different broadcast domain. Each segment is an individual IP subnet and regardless of a workstations function, its subnet is defined by its physical location. Definition: A group of devices on one or more logically segmented LANs (configured by use of software), enabling devices to communicate as if attached to the same physical medium, when they are actually located on numerous different LAN segments. VLANs are based on logical instead of physical connections and thus are tremendously flexible. A VLAN is logical broadcast domain that can span multiple physical LAN segments .A VLAN can be designed to provide independent broadcast domains for station logically segmented by functions, project teams, or applications without regard to the physical location of users. Each switch port can only be assigned to only one VLAN. Ports in a VLAN share broadcasts. Ports that do not belong to the same VLAN do not share broadcasts. This control of broadcast improves the networks overall performance. VLANs enable switches to create multiple broadcast domains within a switched network. Any user in this VLAN would receive a broadcast from any other member of the VLAN; users of other VLANs would not receive these broadcasts. Each of the users in a given VLAN would also be in the same IP subnet.

4

4

How VLANs Operate?

A Catalyst Switch operates in your network like a traditional bridge. Each VLAN configured on the switch implements address learning, forwarding /filtering decisions and loop avoidance mechanisms as if it were a separate bridge .This VLAN might include several ports. Internally , the catalyst switch implements VLANs by restricting data forwarding to destination ports I the same VLAN as originating ports .in other words , when a frame arrives on a switch port, the catalyst must retransmit the frame only to a port that belongs to the same VLAN . The implication is that a VLAN operating on a Catalyst switch limits transmission of unicast, multicast and broadcast traffic .flooded traffic originating from a particular VLAN floods out only other ports belonging to that VLAN .This means that each VLAN is an individual broadcast domain. Normally, a port carries traffic only for the single connection VLAN it belongs too. In order for a VLAN to span multiple switches on a single connection, a trunk is required to connect two switches. A trunk port can only be configured on the Fast Ethernet ports ion the Catalyst 1900 switches. Here we can see that each figure (triangle, circle, and square) represents a separate VLAN. These nodes do not communicate with each other but communication is between those represented by the same figure .For example here we can see that circle is represents Administrative section. Therefore network can be divided into Administrative VLAN (circle), Engineering VLAN (square) and Marketing VLAN (triangle).

5

5

Need for vlan

By the 1980’s, most networks consisted of a simple, hierarchical arrangement in which multiple, shared-media networks were connected by a router. With their sophisticated packet handling, routers allowed communication between networks when necessary, while effectively segmenting traffic so that large shared networks were not swamped by excessive traffic. Unfortunately, traditional routers were slow, complicated and expensive. As the need for faster networks emerged, a new solution was needed. Switches spearheaded the next evolution of network structure. By segmenting the network and providing dedi-

6

cated bandwidth where needed, they greatly increased performance, while reducing cost and complexity. However, traditional switches segment only unicast, or node-to-node, traffic. Unlike routers, they do not limit broadcast traffic (packets that are addressed to all the nodes within the network) or multicast traffic (packets that are distributed to a group of nodes). As networks have grown and traffic has increased, IT managers have been forced to segment their networks into more and more switched subnets to meet increasing performance demands. With these changes, broadcast and multicast traffic have placed a greater burden on network bandwidth. In the worst case scenario, broadcast traffic can spiral out of control, creating broadcast storms that can bring down the network. As switched networks have become more common, routers have continued to exist within the network. But they’ve been forced toward the periphery, where speed is generally less critical. VLANs offer an effective solution to swamped routers and broadcast storms. By limiting the distribution of broadcast, multicast and unicast traffic, they can help free up bandwidth, reduce the need for expensive and complicated routing between switched networks, and eliminate the danger of broadcast storms. With these advantages, VLANs revive many of the key advantages of LAN routing, but with greater flexibility, performance, simplicity and affordability.

7

6

Different model of VLAN

In general there are three basic models for determining and controlling how a packet gets assigned to a VLAN. They are: Port-based VLANs- In this implementation the administrator assigns each port of a switch to a VLAN. The switch determines the VLAN membership of each packet by noting For example, ports 1-3 might be assigned to the Sales VLAN, ports 4-6 to the Engineering VLAN and ports 7-9 to the Administrative VLAN (see Figure). The switch determines the VLAN membership of each packet by noting the port on which it arrives. When a user is moved to a different port of the switch, the administrator can simply reassign the new port to the user’s old VLAN. The network change is then completely transparent to the user, and the administrator saves a trip to the wiring closet. However, this method has one significant drawback. If a repeater is attached to a port on the switch, all of the users connected to that repeater must be members of the same VLAN.

8

Figure 1: port based vlan
MAC address-based VLANs- The VLAN membership of a packet in this case is determined by its source or destination MAC address. Each switch maintains a table of MAC addresses and their corresponding VLAN memberships. A key advantage of this method is that the switch doesn’t need to be reconfigured when a user moves to a different port. However, assigning VLAN membership to each MAC address can be a time consuming task. Also, a single MAC address cannot easily be a member of multiple VLANs. This can be a significant limitation, making it difficult to share server resources between more than one VLAN. (Although a MAC address can theoretically be assigned to multiple VLANs, this can cause serious problems with existing bridging and routing, producing confusion in switch forwarding tables.)

9

Layer 3 (or protocol)-based VLANs- With this method, the VLAN membership of a packet is based on protocols (IP, IPX, NetBIOS, etc.) and Layer 3 addresses. This is the most flexible method and provides the most logical grouping of users. An IP subnet or an IPX network, for example, can each be assigned their own VLAN. Additionally, protocol-based membership allows the administrator to assign nonroutable protocols, such as NetBIOS or DECnet, to larger VLANs than routable protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs. Another important distinction between VLAN implementations is the method used to indicate membership when a packet travels between switches. Two methods exist: Implicit VLAN membership is indicated by the MAC address. In this case, all switches that support a particular VLAN must share a table of member MAC addresses. Explicit A tag is added to the packet to indicate VLAN membership. Cisco ISL and the IEEE 802.1q VLAN specifications both use this method. To summarize, when a packet enters its local switch, the determination of its VLAN membership can be port-based, MACbased or protocol-based. When the packet travels to other switches, the determination of VLAN membership for that packet can be either implicit (using the MAC address) or explicit (using a tag that was added by the first switch). Port-based and protocol-based VLANs use explicit tagging as their preferred indication method. MAC-based VLANs are almost always implicit. The bottom line is that the IEEE 802.1q specification is going to support port-based membership and explicit tagging, so these will be the default VLAN model in the future.

10

7

VLAN Memberships

Most of the time, VLANs are created by a sys admin who proceeds to assign switch ports to each VLAN. VLANs of this type are known as static VLANs. If you dont mind doing a little more work when you begin this process, assign all the host devices hardware addresses into a database so your switches can be configured to assign VLANs dynamically any time you plug a host into a switch. I hate saying things like obviously, but obviously, this type of VLAN is known as a dynamic VLAN. Ill be covering both static and dynamic VLANs in the next couple of sections. 1. Static VLANs Creating static VLANs is the most common way to create a VLAN, and one of the reasons for that is because static VLANs are the most secure. This security stems from the fact that any switch port youve assigned a VLAN association to will always maintain it unless you change the port assignment manually. Static VLAN configuration is pretty easy to set up and supervise, and it works really well in a networking environment where any user movement within the network needs to be con- trolled. It can be helpful to use network management software to configure the ports, but you dont have to use it if you dont want to. In Figure 9.4, each switch port was configured manually with a VLAN membership based upon which VLAN the host needed to be a member ofremember, the devices actual physical location doesnt matter a bit. Which broadcast domain your hosts become members of is purely up to you. And again, remember that each host also has to have the correct IP address information. For instance, you must configure each host in VLAN 2 into the 172.16.20.0/24 network for them to become members of that VLAN. Its also a good idea to keep in mind that if you plug a host into a switch, you have to verify the VLAN membership of that port. If the membership is different than whats needed for that host, the host wont be able to gain access to the network services that it needs, such as a workgroup server. 1. Dynamic VLANs On the other hand, a dynamic VLAN determines a nodes VLAN assignment automatically. Using intelligent management software, you can base VLAN assignments on hardware (MAC) addresses, protocols, or even applications that create dynamic VLANs. For example, lets say MAC addresses have been entered into a centralized

11

VLAN manage- ment application and you hook up a new node. If you attached it to an unassigned switch port, the VLAN management database can look up the hardware address and both assign and con- figure the switch port into the correct VLAN. Needless to say, this makes management and configuration much easier because if a user moves, the switch will simply assign them to the correct VLAN automatically. But here again, theres a catch: Youve got to do a lot more work initially setting up the database. It can be very worthwhile though! And heres some good news: You can use the VLAN Management Policy Server (VMPS) service to set up a database of MAC addresses to be used for the dynamic addressing of your VLANs. The VMPS database automatically maps MAC addresses to VLANs. A dynamic-access port can belong to one VLAN (VLAN ID 1 all the way up to 4094) and, as I said, is dynamically assigned by the VMPS. The Catalyst 2960 switch can be a VMPS client only. You can have dynamic-access ports and trunk ports on the same switch, but you have to connect the dynamic-access port to an end station or hubnot to another switch!

12

8

VLAN Identification Method

VLAN identification is what switches use to keep track of all those frames as theyre traversing a switch fabric. Its how switches identify which frames belong to which VLANs, and theres more than one trunking method. Inter-Switch Link (ISL) Inter-Switch Link (ISL) is a way of explicitly tagging VLAN information onto an Ethernet frame. This tagging information allows VLANs to be multiplexed over a trunk link through an external encapsulation method (ISL), which allows the switch to identify the VLAN mem- bership of a frame over the trunked link. By running ISL, you can interconnect multiple switches and still maintain VLAN informa- tion as traffic travels between switches on trunk links. ISL functions at layer 2 by encapsulat- ing a data frame with a new header and cyclic redundancy check (CRC). Of note is that this is proprietary to Cisco switches, and its used for Fast Ethernet and Gigabit Ethernet links only. ISL routing is pretty versatile and can be used on a switch port, router interfaces, and server interface cards to trunk a server.

13

IEEE 802.1Q Created by the IEEE as a standard method of frame tagging, IEEE 802.1Q actually inserts a field into the frame to identify the VLAN. If youre trunking between a Cisco switched link and a different brand of switch, youve got to use 802.1Q for the trunk to work. It works like this: You first designate each port that is going to be a trunk with 802.1Q encapsulation. The ports must be assigned a specific VLAN ID, which makes them the native VLAN, in order for them to communicate. The ports that populate the same trunk create a group with this native VLAN, and each port gets tagged with an identification number reflecting that, again the default being VLAN 1. The native VLAN allows the trunks to carry information that was received without any VLAN identification or frame tag. The 2960s support only the IEEE 802.1Q trunking protocol, but the 3560s will support both the ISL and IEEE methods.

14

9

VLAN Trunking Protocol (VTP)

Cisco created this one too. The basic goals of VLAN Trunking Protocol (VTP) are to manage all configured VLANs across a switched internetwork and to maintain consistency throughout that network VTP allows you to add, delete, and rename VLANsinformation that is then propagated to all other switches in the VTP domain. Heres a list of some of the cool features VTP has to offer: Consistent VLAN configuration across all switches in the network VLAN trunking over mixed networks, such as Ethernet to ATM LANE or even FDDI Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs to all switches in the VTP domain Plug and Play VLAN adding Very nice, but before you can get VTP to manage your VLANs across the network, you have to create a VTP server. All servers that need to share VLAN information must use the same domain name, and a switch can be in only one domain at a time. So basically, this means that a switch can only share VTP domain information with other switches if theyre configured into the same VTP domain. You can use a VTP domain if you have more than one switch connected in a network, but if youve got all your switches in only one VLAN, you just dont need to use VTP. Do keep in mind that VTP information is sent between switches only via a trunk port. Switches advertise VTP management domain information as well as a configuration revision number and all known VLANs with any specific parameters. But theres also something called VTP transparent mode. In it, you can configure switches to forward VTP information through trunk ports but not to accept information updates or update their VTP databases. If youve got sneaky users adding switches to your VTP domain behind your back, you can include passwords, but dont forgetevery switch must be set up with the same password. And as you can imagine, this little snag can be a real hassle administratively! Switches detect any added VLANs within a VTP advertisement, then prepare to send infor- mation on their trunk ports with the newly defined VLAN in tow. Updates are sent out as revi- sion numbers that consist of the notification plus 1. Any time a switch sees a higher revision number, it knows the information its getting is more current, so it will overwrite the existing database with the latest information. You should know these three requirements for VTP to communicate VLAN information between switches: The VTP management domain name of both switches must be set the same. One of the switches has to be

15

configured as a VTP server. No router is necessary. Now that youve got that down, were going to delve deeper in the world of VTP with VTP modes and VTP pruning.

10

VTP Modes of Operation

VTP Modes of Operation Figure 9.6 shows you all three different modes of operation within a VTP domain: Server This is the default mode for all Catalyst switches. You need at least one server in your VTP domain to propagate VLAN information throughout that domain. Also important: The switch must be in server mode to be able to create, add, and delete VLANs in a VTP domain. VTP information has to be changed in server mode, and any change made to a switch in server mode will be advertised to the entire VTP domain. In VTP server mode, VLAN configurations are saved in NVRAM. Client In client mode, switches receive information from VTP servers, but they also send and receive updates, so in this way, they behave like VTP servers. The difference is that they cant create, change, or delete VLANs. Plus, none of the ports on a client switch can be added to a new VLAN before the VTP server notifies the client switch of the new VLAN. Also good to know is that VLAN information sent from a VTP server isnt stored in NVRAM, which is important because it means that if the switch is reset or reloaded, the VLAN information will be deleted. Heres a hint: If you want a switch to become a server, first make it a client so it receives all the correct VLAN information, then change it to a serverso much easier! So basically, a switch in VTP client mode will forward VTP summary advertisements and pro- cess them. This switch will learn about but wont save the VTP configuration in the running configuration, and it wont save it in NVRAM. Switches that are in VTP client mode will only learn about and pass along VTP informationthats it! Transparent Switches in transparent mode dont participate in the VTP domain or share its VLAN database, but theyll still forward VTP advertisements through any configured trunk links. They can create, modify, and delete VLANs because they keep their own databaseone they keep secret from the other switches. Despite being kept in NVRAM, the VLAN database in transparent mode is actually only locally significant. The whole purpose of transparent mode is to allow remote switches to receive the VLAN database from a VTP server-configured switch through a

16

switch that is not participating in the same VLAN assignments. VTP only learns about normal-range VLANs, with VLAN IDs 1 to 1005; VLANs with IDs greater than 1005 are called extended-range VLANs and theyre not stored in the VLAN data- base. The switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094, so it would be pretty rare that youd ever use these VLANs. One other thing: VLAN IDs 1 and 1002 to 1005 are automatically created on all switches and cant be removed.

17

11

Configuring VLANs

It may come as a surprise to you, but configuring VLANs is actually pretty easy. Figuring out which users you want in each VLAN is not; its extremely time consuming. But once youve decided on the number of VLANs you want to create and established which users you want to belong to each one, its time to bring your first VLAN into the world. To configure VLANs on a Cisco Catalyst switch, use the global config vlan command. In the following example, Im going to demonstrate how to configure VLANs on the S1 switch by creating three VLANs for three different departmentsagain, remember that VLAN 1 is the native and administrative VLAN by default. From

18

the preceding above, you can see that you can create VLANs from 2 to 4094. This is only mostly true. As I said, VLANs can really only be created up to 1005, and you cant use, change, rename, or delete VLANs 1 and 1002 through 1005 because theyre reserved. The VLAN numbers above that are called extended VLANs and wont be saved in the database unless your switch is set to VTP transparent mode. You wont see these VLAN numbers used too often in production. Heres an example of setting my S1 switch to VLAN 4000 when my switch is set to VTP server mode . Extended VLAN(s) not allowed in current VTP mode. After you create the VLANs that you want, you can use the show vlan command to check them out. But notice that, by default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface and tell it which VLAN to be a part of. This may seem repetitive, but its important, and I want you to remember it: You cant change, delete, or rename VLAN 1 because its the default VLAN and you just cant change thatperiod. Its the native VLAN of all switches by default, and Cisco recommends that you use it as your administrative VLAN. Basically, any packets that arent specifically assigned to a different VLAN will be sent down to the native VLAN. In the preceding S1 output, you can see that ports Fa0/3 through Fa0/8 and the Gi0/1 uplink are all in VLAN 1, but where are ports 1 and 2? Remember that in the previous chapter I trunked and created an EtherChannel bundle. Any port that is a trunk port wont show up in the VLAN database. You have to use the show interface trunk command to see your trunked ports. Now that we can see the VLANs created, we can assign switch ports to specific ones. Each port can be part of only one VLAN, with the exception of our voice access ports. With the trunking we went over earlier, you can make a port available to traffic from all VLANs. Ill cover that next.

12

Advantages of VlANs

Flexible Network Segmentation Users and resources that communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is largely contained within the VLAN, reducing extraneous traffic and improving the ef-

19

ficiency of the whole network. Simple Management The addition of nodes, as well as moves and other changes can be dealt with quickly and conveniently from the management console rather than the wiring closet. Increased Performance VLANs free up bandwidth by limiting node-to-node and broadcast traffic throughout the network. In many network environments, an increasing number of routers are deployed to segment traffic into additional broadcast domains. However, as the router population grows, latency increasingly degrades network performance. This causes problems not only for legacy applications, but also for newer multimedia applications. Its also harder to assign network resources by groups unless each group is physically on the same LAN, so users can experience poor performance due to a number of causes. VLANs solve these issues by creating broadcast domains on their switches that ensure traffic from one user group doesnt impact the traffic from another. Plus, as network resources can be assigned by user groups, groups get what they need based on business requirements, and not according to how the users drive the network at any particular moment. Transferring high priority financial documents neednt be impacted by lower priority graphic arts file transfers. Moreover, performance is generally much greater using switches than it is using routers, so these switches forward traffic at higher rates as well. Better use of Server Resources With a VLAN-enabled adapter,

20

a server can be a member of multiple VLANs. This reduces the need to route traffic to and from the server. Reduced Costs Switches, not routers, typically implement VLANs. By reducing the dependency on routers, which are much more costly to deploy, organizations can reduce costs. In addition, the reduction in overhead costs associated with automated and simplified moves, additions and changes cuts costs even further. Network Resource Assignment VLAN tagging provides a new and effective method for grouping users by function, and defining the bandwidth and network resources that can be used by them. This allows administrators to dedicate network resources by business need rather than by some floating, arbitrary means. So, network resources, like bandwidth, can both be assigned and managed on a very granular level, ensuring that each group or department gets what they need or pay for. Enhanced Network Security VLANs create virtual boundaries that can only be crossed through a router. So standard, router-based security measures can be used to restrict access to each VLAN as required.

21

13

conclusion

This chapter introduced you to the world of virtual LANs and described how Cisco switches can use them. We talked about how VLANs break up broadcast domains in a switched inter- networka very important, necessary thing because layer 2 switches only break up collision domains and, by default, all switches make up one large broadcast domain. I also described access links to you and we went over how trunked VLANs work across a Fast Ethernet link.

22

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close