Activity Drag and Drop: VLAN Operation When the student has completed this activity, the student will learn the path packets take in a network with vlans. The student will predict the path a packet will take given the source host and the destination host. Web Links Virtual LAN http://www.zyxel.com/support/ supportnote/ves1012/ app/vlan.htm
Content 8.1 VLAN Concepts 8.1.4 Benefits of VLANs The key benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically. This means that an administrator is able to do all of the following: Web Links Virtual LANs http://www.intel.com/network/
connectivity/resources/doc_library/
tech_brief/virtual_lans.htm
Content 8.1 VLAN Concepts 8.1.5 VLAN types There are three basic VLAN memberships for determining and controlling how a packet gets assigned: - The frame headers are encapsulated or modified to reflect a VLAN ID before the frame is sent over the link between switches. Before forwarding to the destination device, the frame header is changed back to the original format. The number of VLANs in a switch vary depending on several factors: In addition, an important consideration in defining the size of the switch and the number of VLANs is the IP addressing scheme. For example, a network using a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet. Given this criterion, a total of 254 host addresses are allowed in one subnet. Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch. There are two major methods of frame tagging, Inter-Switch Link (ISL) and 802.1Q. ISL used to be the most common, but is now being replaced by 802.1Q frame tagging. LAN emulation (LANE) is a way to make an Asynchronous Transfer Mode (ATM) network simulate an Ethernet network. There is no tagging in LANE, but the virtual connection used implies a VLAN ID. As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address. Upon reaching the destination node the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device. Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications. Web Links Cisco VLAN Roadmap http://www.cisco.com/warp/
public/538/7.html
Content 8.2 VLAN Configuration 8.2.1 VLAN basics In a switched environment, a station will see only traffic destined for it. The switch filters traffic in the network allowing the workstation to have full, dedicated bandwidth for sending or receiving traffic. Unlike a shared-hub system where only one station can transmit at a time, the switched network allows many concurrent transmissions within a broadcast domain. The switched network does this without directly affecting other stations inside or outside of the broadcast domain. Station pairs A/B, C/D, and E/F can all communicate without affecting the other station pairs. Each VLAN must have a unique Layer 3 network address assigned. This enables routers to switch packets between VLANs. VLANs can exist either as end-to-end networks or they can exist inside of geographic boundaries. An end-to-end VLAN network comprises the following characteristics: Starting at the access layer, switch ports are provisioned for each user. Each color represents a subnet. Because people have moved around over time, each switch eventually becomes a member of all VLANs. Frame tagging is used to carry multiple VLAN information between the access layer wiring closets and the distribution layer switches. ISL is a Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers. IEEE 802.1Q is an open-standard (IEEE) VLAN tagging mechanism in switching installations. Catalyst 2950 switches do not support ISL trunking. Workgroup servers operate in a client/server model. For this reason, attempts have been made to keep users in the same VLAN as their server to maximize the performance of Layer 2 switching and keep traffic localized. In Figure , a core layer router is being used to route between subnets. The network is engineered, based on traffic flow patterns, to have 80 percent of the traffic contained within a VLAN. The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN.
Content 8.2 VLAN Configuration 8.2.2 Geographic VLANs End-to-end VLANs allow devices to be grouped based upon resource usage. This includes such parameters as server usage, project teams, and departments. The goal of end-to-end VLANs is to maintain 80 percent of the traffic on the local VLAN.As many corporate networks have moved to centralize their resources, end-to-end VLANs have become more difficult to maintain. Users are required to use many different resources, many of which are no longer in their VLAN. Because of this shift in placement and usage of resources, VLANs are now more frequently being created around geographic boundaries rather than commonality boundaries. This geographic location can be as large as an entire building or as small as a single switch inside a wiring closet. In a VLAN structure, it is typical to find the new 20/80 rule in effect. 80 percent of the traffic is remote to the user and 20 percent of the traffic is local to the user. Although this topology means that the user must cross a Layer 3 device in order to reach 80 percent of the resources, this design allows the network to provide for a deterministic, consistent method of accessing resources.
Content 8.2 VLAN Configuration 8.2.3 Configuring static VLANs Static VLANs are ports on a switch that are manually assigned to a VLAN by using a VLAN management application or by working directly within the switch. These ports maintain their assigned VLAN configuration until they are changed manually. This topology means that the user must cross a Layer 3 device in order to reach 80 percent of the resources. This design also allows the network to provide for a deterministic, consistent method of accessing resources. This type of VLAN works well in networks where the following is true: Dynamic VLANs do not rely on ports assigned to a specific VLAN. The following guidelines must be followed when configuring VLANs on Cisco 29xx switches: