Sunday 13 October 2019

What Is VLAN and How It Works | BENEFITS OF VLAN

What Is VLAN and How It Works | BENEFITS OF VLAN 

The first part of this post we describes What Is VLAN an introduction to VLANs, How It Works : benefits, types and VLANs in a multiple switched environment.
One of the technologies that contribute to improving network performance is the division of large broadcast domains into smaller domains . For a design issue, routers block broadcast traffic on an interface. However, routers generally have a limited number of LAN interfaces.
The main function of a router is to transfer information between networks, while the function of providing access to a LAN is usually reserved for access layer switches. A virtual local area network (VLAN) can be created on a Layer 2 switch to reduce the size of broadcast domains, similar to Layer 3 devices. Although VLANs are primarily used within local area networks switched, modern VLAN implementations allow them to span MAN and WAN networks.
Because VLANs segment the network, a layer 3 process is necessary to allow traffic to pass from one network segment to another.
This layer 3 routing process can be implemented using a router or a layer 3 switch interface. The use of a layer 3 device provides a method to control the flow of traffic between network segments, including network segments created by VLANs

VLANs provide a way to group devices within a LAN. A group of devices within a VLAN communicates as if they were connected to the same cable. VLANs are based on logical connections , rather than physical connections.

What Is VLAN? 

A virtual local area network (VLAN) allows the administrator to divide the networks into segments according to factors such as function, project team or application, regardless of the physical location of the user or device. Devices within a VLAN work as if they were on their own independent network, even if they share the same infrastructure with other VLANs. Any switch port can belong to a VLAN, and the unicast, broadcast and multicast packets are forwarded and saturate only the terminal stations within the VLAN where the packets originate. Each VLAN is considered a different logical network . Packets destined for stations that do not belong to the VLAN must be forwarded through a device that supports routing.

How VLANs Works


  • Several IP subnets can exist in a switched network, without the use of several VLANs . However, the devices will be in the same Layer 2 broadcast domain. This means that all Layer 2 broadcasts, such as an ARP request, will be received by all devices in the switched network, even those that are not He wants them to receive the broadcast.
  • A VLAN creates a logical broadcast domain that can span several physical LAN segments. VLANs improve network performance by dividing large broadcast domains into smaller ones. If a device in one VLAN sends a broadcast Ethernet frame, all devices in the VLAN receive the frame, but the devices in other VLANs do not receive it.
  • VLANs enable the implementation of access and security policies according to specific groups of users . Each switch port can be assigned to a single VLAN (except for a port connected to an IP phone or another switch).

BENEFITS OF VLAN 

VLAN networks facilitate the design of a network to support the objectives of an organization. The main benefits of using VLANs are the following:


  1. Security : groups that have sensitive data are separated from the rest of the network, reducing the chances of violations of confidential information. As shown in Image 2, faculty computers are in VLAN 10 and completely separated from the data traffic of students and Guests.
  2. Cost reduction: cost  savings are due to the low need for expensive network updates and the more efficient use of existing links and bandwidth.
  3. Better performance:  The division of layer 2 flat networks into several logical workgroups (broadcast domains) reduces unnecessary traffic on the network and improves performance.
  4. Reduction of the size of broadcast domains : dividing a network into VLAN networks reduces the number of devices in the broadcast domain. As shown in Image 2, there are six computers on this network, but there are three broadcast domains: Teaching staff, Students and Guests.
  5. Greater efficiency of IT staff : VLANs facilitate network management because users with similar network requirements share the same VLAN. It is also easy for IT staff to identify the function of a VLAN by giving it a name.
  6. Simpler administration of applications and projects:  VLANs add network devices and users to support geographical or commercial requirements. Having different characteristics, it facilitates the administration of a project or work with a specialized application.

 VLAN TYPES

There are different types of VLAN networks, which are used in modern networks. Some types of VLANs are defined according to traffic classes. Other types of VLANs are defined according to the specific function they fulfill.

  • DATA VLAN

A data VLAN is a VLAN configured to transport user-generated traffic. A VLAN that carries administration or voice traffic would not be a data VLAN. It is a common practice to separate voice traffic and data traffic management. Sometimes a data VLAN is called a user VLAN. Data VLANs are used to divide the network into groups of users or devices.

  •  DEFAULT VLAN

All switch ports become part of the default VLAN after the initial startup of a switch that loads the default configuration. Switch ports that participate in the default VLAN are part of the same broadcast domain. This supports any device connected to any switch port to communicate with other devices on other switch ports. The default VLAN for Cisco switches is VLAN 1. In the illustration, the show vlan brief command was issued   on a switch that runs the default configuration. Note that all ports are assigned to VLAN 1 by default.
VLAN 1 has all the features of any VLAN, except that it cannot be renamed or deleted. All Layer 2 control traffic is associated with VLAN 1 by default.

  • NATIVE VLAN

A native VLAN is assigned to an 802.1Q trunk port. Trunk link ports are links between switches that support the transmission of traffic associated with more than one VLAN. 802.1Q trunk link ports support traffic from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). Tagged traffic refers to traffic that has a 4-byte tag inserted in the original Ethernet frame header, which specifies the VLAN to which the frame belongs. The 802.1Q trunk link port places unlabeled traffic on the native VLAN, which is VLAN 1 by default.
Native VLANs are defined in the IEEE 802.1Q specification to maintain compatibility with unlabeled traffic from previous models common to older LAN situations. A native VLAN functions as a common identifier at opposite ends of a trunk link.
It is recommended to configure the native VLAN as an unused VLAN, independent of VLAN 1 and other VLANs. In fact, it is common to use a fixed VLAN to function as a native VLAN for all trunk link ports in the switched domain.

  •  ADMINISTRATION VLAN

An administration VLAN is any VLAN that is configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, an IP address and a subnet mask are assigned to the switch virtual interface (SVI) of that VLAN, which allows the switch to be managed using HTTP, Telnet, SSH or SNMP. Since in the factory configuration of a Cisco switch VLAN 1 is set as the default VLAN, VLAN 1 is not a suitable choice for the management VLAN.
In the past, the management VLAN for the 2960 switches was the only active SVI. In Cisco IOS versions 15.x for Catalyst 2960 series switches, it is possible to have more than one active SVI. Cisco IOS 15.x requires the registration of the specific active SVI assigned for remote administration. While, in theory, a switch can have more than one management VLAN, this increases exposure to network attacks.
In the illustration, all ports are currently assigned to the default VLAN 1. There is no explicitly assigned native VLAN or other active VLANs; therefore, the native VLAN of the network that was designed is the management VLAN. This is considered a security risk.

Switch # show vlan brief

 VLAN Name Status Ports
---- ------------------- --------- ------------------ -----
1 default active Fa0 / 1, Fa0 / 2, Fa0 / 3, Fa0 / 4
                                   Fa0 / 5, Fa0 / 6, Fa0 / 7, Fa0 / 8
                                   Fa0 / 9, Fa0 / 10, Fa0 / 11, Fa0 / 12
                                   Fa0 / 13, Fa0 / 14, Fa0 / 15, Fa0 / 16
                                   Fa0 / 17, Fa0 / 18, Fa0 / 19, Fa0 / 20
                                   Fa0 / 21, Fa0 / 22, Fa0 / 23, Fa0 / 24
                                   Gi0 / 1, Gi0 / 2
1002 fddi-default act / unsup 
1003 token-ring-default act / unsup 
1004 fddinet-default act / unsup 
1005 trnet-default act / unsup

  • VOICE VLAN

A separate VLAN is needed to support voice over IP (VoIP) technology. VoIP traffic requires:

  • Guaranteed bandwidth to ensure voice quality
  • Priority of transmission over network traffic types
  • Ability to be routed in congested areas of the network
  • A delay of less than 150 ms over the network

To meet these requirements, the entire network must be designed to support VoIP. Details on how to configure a network to support VoIP exceed the scope of this course, but it is useful to summarize how a voice VLAN works between a switch, a Cisco IP phone and a computer.

What is VLAN Trunks

A trunk link is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across the entire network. Cisco supports IEEE 802.1Q to coordinate trunks on the Fast Ethernet, Gigabit Ethernet and 10-Gigabit Ethernet interfaces.
VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches , so that devices that are on the same VLAN but connected to different switches can communicate without the intervention of a router.
A VLAN trunk does not belong to a specific VLAN, but is a conduit for several VLANs between switches and routers. You can also use a trunk link between a network device and a server or other device that has an NIC with 802.1Q capability. On Cisco Catalyst switches, all VLANs on a trunk link port are supported by default.

In Image, the links between switches S1 and S2, and S1 and S3 were configured to transmit traffic from VLANs 10, 20, 30 and 99 over the network. This network could not work without VLAN trunks.

VOICE VLAN TAGGING

Remember that, to support VoIP, a separate voice VLAN is required.

An access port used to connect a Cisco IP phone can be configured to use two separate VLANs: one VLAN for voice traffic and another VLAN for data traffic from a device connected to the phone. The link between the switch and the IP phone functions as a trunk link to transport both voice VLAN traffic and data VLAN traffic.
The Cisco IP phone contains a 10/100 integrated three-port switch. The ports provide dedicated connections for these devices:

  1. Port 1 connects to the switch or another VoIP device.
  2. Port 2 is an internal 10/100 interface that sends IP phone traffic.
  3. Port 3 (access port) connects to a PC or other device.

On the switch, access is configured to send Cisco Discovery Protocol (CDP) packets that instruct a connected IP phone to send voice traffic to the switch in one of three possible ways, depending on the type of traffic:

  • On a voice VLAN with a Layer 2 class of service (CoS) priority value label
  • In an access VLAN with a Layer 2 CoS priority value label
  • In an unlabeled access VLAN (no Layer 2 CoS priority value)


on
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)