Understanding Virtual LANs (VLANs) for Network Segmentation, Study notes of Network and System Administration

Download Understanding Virtual LANs (VLANs) for Network Segmentation and more Study notes Network and System Administration in PDF only on Docsity!

Virtual LANs

VLAN introduction

VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network. All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

VLAN introduction

VLANs function by logically segmenting the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.

VLAN introduction

VLANs address scalability, security, and network management. Switches may not bridge any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain. Traffic should only be routed between VLANs.

Broadcast domains with VLANs and routers

Layer 3 routing allows the router to send packets to the three different broadcast domains.

Broadcast domains with VLANs and routers

Implementing VLANs on a switch causes the following to occur:  The switch maintains a separate bridging table for each VLAN.  If the frame comes in on a port in VLAN 1 , the switch searches the bridging table for VLAN 1.  When the frame is received, the switch adds the source address to the bridging table if it is currently unknown.  The destination is checked so a forwarding decision can be made.  For learning and forwarding the search is made against the address table for that VLAN only.

VLAN operation

Users attached to the same shared segment, share the bandwidth of that segment. Each additional user attached to the shared medium means less bandwidth and deterioration of network performance. VLANs offer more bandwidth to users than a shared network. The default VLAN for every port in the switch is the management VLAN. The management VLAN is always VLAN 1 and may not be deleted. All other ports on the switch may be reassigned to alternate VLANs.

VLAN operation

Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, it queries a database within the switch for a VLAN membership.

VLAN operation

Network administrators are responsible for configuring VLANs both manually and statically.

Benefits of VLANs

The key benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically.

VLAN types

Port-based VLANs MAC address based VLANs Protocol based VLANs

Membership by Port

VLAN types

The number of VLANs in a switch vary depending on several factors:  Traffic patterns  Types of applications  Network management needs  Group commonality

VLAN types

An important consideration in defining the size of the switch and the number of VLANs is the IP addressing scheme. Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch.