2. What is LAN ?
A LAN is a local area network and is
defined as all devices in the same
broadcast domain.
It works within campus or building of up
to 5 km.
Its speed is 10mbps to 100mbps.
3.
4. What is VLAN?
• A VLAN is a grouping of
computers that is logically
segmented by functions, project
teams, or applications without
regard to the physical location
of users.
5. As I said, a VLAN is a virtual LAN.
In technical terms, a VLAN is a broadcast
domain created by switches.
Normally, it is a router creating that
broadcast domain.
With VLAN’s, a switch can create the
broadcast domain
6. Broadcast Domain?
A broadcast domain is a network segment in
which any network device can transmit data
directly to another device without going
through a router
A layer 3 device breaks up a broadcast
domain
6
7. Traditional LAN
A traditional LAN
would require all
users of the same
requirements and
same IP subnet
(broadcast domain)
be connected to the
same equipment.
7
8. How can devices on different VLAN’s
communicate ?
Devices on different VLAN’s can
communicate with a router or a Layer 3
switch.
As each VLAN is its own subnet, a router or
Layer 3 switch must be used to route
between the subnets.
9.
10.
11. How VLANs Work?
VLANs are identified by a number
Valid ranges 1-4094
On a VLAN-capable switch, you assign ports
with the appropriate VLAN number
The switch then only allows data to be sent
between ports with the same VLAN
11
12. How VLANs Work?
Since almost every network is larger than a
single switch, there needs to be a way to
have traffic sent between two different
switches
One way to do it is to assign a port on each
switch with a VLAN and run a cable between
the switches
12
13. How VLANs work?
For example, if there were 6 hosts on each
switch on 6 different vlans, you would need 6
ports on each switch to connect the switches
together. This would mean that if you had 24
different vlans you could only have 24 hosts
on a 48 port switch
13
14. How VLANs work?
There was a standard develop to make it so
that a single connection between two
switches could be used to send traffic for all
vlans
802.1q – Provides a VLAN tag in front of the
Layer 2 frame
14
16. Benefits of VLANs
Geographically separated users on the same IP
subnet (broadcast domain)
Limit the size of broadcast domains and limit
broadcast activity
Security benefits by keep hosts separated by
VLAN and limiting what devices can talk to those
hosts
16
17. Benefits of VLANs
Cost savings as you don’t need additional
hardware and cabling
Operational benefits because changing a user’s
IP subnet (Broadcast Domain) is in software
17
18. Need for VLAN
By the 1980's, most networks consisted
of a simple, hierarchical arrangement in
which multiple, shared-media networks
were connected by a router.
Unfortunately, traditional routers were
slow, complicated and expensive.
19. As the need for faster networks emerged, a new
solution was Needed
You need to consider using VLAN’s in any of the
following situations:
You have more than 200 devices on your LAN
Groups of users need to be on the same broadcast
domain because they are running the same
applications.
Or, just to make a single switch into multiple virtual
switches.
20. VLANs: Different Models
Port-based VLANs
In this implementation the administrator
assigns each port of a switch to a vLAN
.
The switch determines the VLAN membership of
each packet by noting the port on which it arrives
21. When a user is moved to a different port of the switch, the
administrator can simply reassign the new port to the user's old
VLAN.
The network change is then completely transparent to the
user, and the administrator saves a trip to the wiring closet.
However, this method has one significant drawback.
If a repeater is attached to a port on the switch, all of the users
connected to that repeater must be members of the same
VLAN.
22. MAC address-based VLANs-
The VLAN membership of a packet in this case
Is determined by its source or destination MAC
address.
Each switch maintains a table of MAC addresses and
their corresponding VLAN memberships.
A key advantage of this method is that the switch
doesn't need to be reconfigured when a user moves
to a different port
23. Layer 3 (or protocol)-based
VLANs
With this method, the VLAN membership of a
packet is based on protocols (IP, IPX,
NetBIOS, etc.) and Layer 3 addresses.
Thisis the most flexible method and provides
the most logical grouping of users.
Additionally, protocol-based membership allows
the
administrator to assign non-routable
protocols, such as
NetBIOS or DECnet, to larger VLANs than
routable
protocols like IPX or IP.
24. What do VLAN’s offer?
VLAN’s offer higher performance for medium
and large LAN’s because they limit broadcasts.
As the amount of traffic and the number of
devices grow, so does the number of broadcast
packets.
By using VLAN’s you are containing broadcasts
25. Advantages of VLANs
Number of devices for a specific network
topology reduced.
Managing of physical devices becomes less
complex.
Increased security options by separation and
specific frame delivery
26. Disadvantages / Security Issues
VLANs rely on switches to do the right thing.
Packet leaks from one VLAN to the next.
Injected packet meant for an attack.
Solved by IPsec