robert e. meyers ccna, ccai youngstown state university cisco regional academy instructor cisco...

Robert E. Meyers CCNA, CCAIYoungstown State UniversityCisco Regional Academy Instructor

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Semester 3, v. 2.1.2

Chapter 3: Virtual LANs

Curriculum ReviewCurriculum Review

Youngstown State University Youngstown State University Cisco Regional AcademyCisco Regional Academy


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

DisclaimerDisclaimer

This presentation is intended for review purposes by Cisco Networking Academy Program teachers and students only.This presentation is not a substitute for careful study of the Cisco Academy curriculum.Most of the text and graphics have been copied directly from the on-line curriculum, and remain the copyrighted property of Cisco Systems.CCNA 640-507 objectives are used for all YSU Regional authored reviews.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

ContentsContents

Part 1: VLANsPart 2: Segmenting with SwitchesPart 3: VLAN ImplementationPart 4:Benefits of VLANs


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Chapter Learning ObjectivesChapter Learning Objectives

You will be able to:– Define the role of a switch in creating VLANs.– Describe frame filtering and frame tagging.– Describe beneficial reasons for implementing

VLANs.– Explain port centric, static, and dynamic

VLANs.– Explain how VLANs control broadcasts.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Part 1Part 1

Virtual LANsVirtual LANs


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLAN: OverviewVLAN: Overview

Traditional LANs are:– Configured according to Layer 1

requirements.– Grouped by their location

relative to the hub and cable runs to the IDF/MDF.

– Not segmented by workgroup association or need for bandwidth.

– The “structure” is controlled by the physical layout, not the logical needs.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLANs: OverviewVLANs: Overview

A VLAN is a logical grouping of devices or users that can be grouped by: – function, – department, – or application,

Regardless of their physical segment location.

Logical requirements rule over the physical layout.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLANs: OverviewVLANs: Overview

A group of ports or users in the same broadcast domain.

Can be selected according to:– Port ID number– MAC address– Protocol– Application

Use switches and proprietary software.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Part 2Part 2

Segmenting with SwitchesSegmenting with Switches


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Removing the Physical BoundaryRemoving the Physical Boundary

Using VLANs, you can group switch ports and their users into logically defined workgroups, such as:– Coworkers in the

same department.– A cross-functional

product team.– User groups sharing the

same application.

Single or multiple switches can be used.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLAN’s Across the BackboneVLAN’s Across the Backbone

To eliminate the physical restriction:– VLAN information between interconnected switches

and routers, must be carried and reside on the corporate backbone.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Routers in the VLANRouters in the VLAN

Still provide:– Broadcast control– Route processing– Subnet connectivity

But now also:– Connect the VLANs

that are “logically” created but are not on the same “physical” location!


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLAN FramesVLAN Frames

Switches make filtering and forwarding decisions by frame, using VLAN metrics.– Frame filtering– Frame tagging

A frame is compared to the metrics and then is:– sent,– filtered, – or broadcast.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Frame FilteringFrame Filtering

Each switch develops a filtering table. Each frame can be filtered according to:

– MAC address, or– Layer 3 protocol type

• IP• IPX, etc.

Like routers, switches share address table data across the backbone.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Frame TaggingFrame Tagging

Places a unique ID in the header of each frame as it is moves through the network backbone.– ID is understood and examined by each switch prior

to any broadcasts or transmissions to other switches, routers, or hosts.

– Functions at Layer 2; low administration!– Selected by IEEE as

VLAN standard.• IEEE 802.1q


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Part 3Part 3

VLAN ImplementationVLAN Implementation


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLAN Ports and BroadcastsVLAN Ports and Broadcasts

Each switch port can be assigned to a VLAN.– Only ports assigned to the same VLAN share

broadcasts.– Switched VLANs can therefore segment broadcast

domains like routers.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Types of VLANsTypes of VLANs

Three types of VLAN implementation– Port-centric– Static– Dynamic


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Port CentricPort Centric

All nodes connected to ports in the same VLAN are assigned the same VLAN ID. – Users are assigned by port. – Easy administration. – Increased security

between VLANs. – Packets do not

"leak" into other domains.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Static VLANsStatic VLANs

Switch ports are assigned to a VLAN.– Any host that plugs into a port is automatically

a member of that port’s VLAN gorup.

Easy to configure and monitor.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Dynamic VLAN’sDynamic VLAN’s

Central database server maintains the VLAN assignments.– When a new host is connected to an open port, the

switch checks the database for VLAN assignment. – Assignment

based on:• MAC• Logical address• Protocol type.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Part 4Part 4

Benefits of VLANsBenefits of VLANs


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Moving HostsMoving Hosts

Physical moves are one of network managers biggest headache.– Moves and additions require the least amount of

reconfiguration when using VLANs.– Hosts can move without

changing IP or subnet membership as long as:

• They are connected to a VLAN switch.

• Retain their VLAN ID.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

VLANs Control BroadcastsVLANs Control Broadcasts

Switches not using VLANs, send broadcasts out every port just like a hub.

Broadcast traffic within one VLAN is not sent outside that VLAN.– The smaller the VLAN

membership, the less hosts have to deal with excess broadcast traffic.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Improved SecurityImproved Security

A network manager can: – Restrict the number of users in a VLAN group – Prevent a user from joining the VLAN without first

receiving approval.

Used with router ACL’s for tight control.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Save Money!Save Money!

Use existing hubs to connect many VLAN members to the same VLAN switch port.

Relocating a host to a new VLAN can be as easy as plugging into a different hub.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

SummarySummary

Switched VLANs are a secure, layer 2, cost effective way to group users regardless of physical location.

VLAN membership ID can travel the backbone. Common ID groupings are filtering, frame

tagging, and frame identification. VLAN’s provide

– Broadcast Control– Workgroup security– Cost effective additions or moving of hosts.


Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

Cis

co N

etw

ork

ing

Ac

ad

em

y P

rog

ram

End

robert e. meyers ccna, ccai youngstown state university cisco regional academy instructor cisco...

Documents

cisco academy curriculum

meyers ccna

benefits of vlans slide

switches slide

dynamic vlans

ysu regional authored

vlans control broadcasts

physical layout