|CCNA Cisco Certification boot camp.|
Virtual Local Area Networks
A virtual LAN (VLAN) is a group of hosts or network devices, such as routers (running transparent bridging) and bridges, that forms a single bridging domain. There can be several VLANs defined on a single switch. A VLAN can also span multiple switches. Using layer 2 protocols such as IEEE 802.1q and ISL (Inter-Switch Link) allow a VLAN to span across multiple switches. VLANs are formed to group related users together regardless of the physical connections of their hosts to the network. The users can be spread across a campus network or even across geographically isolated locations. Users can be organized into separate VLANs according to their department, location, function, application, address (logical or physical), or protocol used. The goal with VLANs is to group users into separate VLANs so their traffic will stay within the VLAN. When you configure VLANs, the network can take advantage of the following benefits:Benefits of using VLANs
Routers by default only send broadcasts within the originating network, but switches forward them to all segments. This is known as a flat network because it's one big broadcast domain. Switches and VLANs are used to replace the flat network. All members of a VLAN are in the same broadcast domain and receive all broadcasts. By default the broadcasts are filtered from all ports on a switch that aren't in the same VLAN. Routers, layer 3 switches, or Route Switch Modules (RSM) must be used in conjunction with switches to provide connections between networks (VLANs), which can stop broadcasts from propagating throughout the entire internetwork.
A traditional collapsed backbone consists of a router with separate networks attached to its interfaces. Each node attached to the physical network need to have the same network number in order to communicate on the internetwork. On switches you can group users into communities of interest called VLAN Organizations. In a VLAN, network nodes of each VLAN can communicate with other nodes in the same VLAN, the nodes in one VLAN need to go through a router or other layer 3 device in order to communicate with other VLANs.VLAN Memberships
VLANs are usually created by administrators who assign switch ports to VLANs. These are called static VLANs. Dynamic VLANs are configured by assigning all the host devices' hardware addresses into a database.Static VLAN
Static VLANs are the typical method of creating VLANs and are the most secure. The switch port you assign a VLAN association to always maintains that association until an administrator changes the port assignment.Dynamic VLAN
Dynamic VLANs determine a node's VLAN assignment automatically. Using intelligent management software, you can enable MAC addresses, protocols, or even applications to create dynamic VLANs. For example, if the MAC address is in a centralized database, and if it connects to a switch port, the VLAN management database can lookup the address and configure the port for the correct VLAN. If the user moves, the switch will automatically assign them to their correct VLAN.
Links in a Switched Environment
VLANs can span multiple connected switches by using frame tagging and trunk connections. Switches in the switch fabric must keep track of frames and which VLAN the frame belongs to. Frame tagging performs this function. Switches can then direct frames to the appropriate port.Frame Tagging
Switches use frame tagging to keep track of users and frames as they travel the switch fabric and VLANs. Switch fabric is a group of connected switches. Frame tagging assigns a unique user-defined ID to each frame, also called VLAN ID or color. Frame tagging is to be used when an Ethernet frame traverses a trunked link. Each switch the frame traverses must identify the VLAN ID and then determine what to do with the frame based on its filter table. Once the frame reaches the exit to the access link, the VLAN ID is removed and the end device receives the frame without having to understand the VLAN ID. A VLAN interface can have only one VLAN ID, and VLAN trunk interfaces support multiple VLANs across them.There are two types of links:
Links that are only part of one VLAN are referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN membership. This device just assumes that it is part of a broadcast domain, without any understanding of the physical network. Switches remove any VLAN information before it is sent to an access link device. Access link devices can't communicate with any devices outside their VLAN without a router or layer 3 device.Trunk Links
Trunks can carry multiple VLANs and are used to connect switches to other switches, to routers, or servers. Trunk links are only supported on Fast or Gigabit Ethernet (100 or 1000Mbps). Cisco switches support two ways to identify which VLAN a frame belongs to: ISL and 802.1q. If no trunk encapsulation type is specified when configuring an Ethernet trunk, ISL is used as the default. Trunk links have a native or default VLAN that is used if the trunk link fails. Trunked links carry the traffic of multiple VLANs from 1 to 1005 at a time. Trunking allows you to make a single port a part of multiple VLANs, so you can be in more than one broadcast domain at a time. When connecting switches together, trunk links can carry some or all VLAN information across the link. If you don't trunk the links then the switch will only carry VLAN 1 information across the link. Cisco switches use the Dynamic Trunking Protocol (DTP) to manage trunks. DTP is a PPP that was created to send trunk information across 802.1q trunks.Trunking Methods
More about LAN Emulation (LANE)
LANE is a standard defined by the ATM Forum that gives to stations attached via ATM the same capabilities they normally obtain from legacy LANs, such as Ethernet and Token Ring. As the name suggests, the function of the LANE protocol is to emulate a LAN on top of an ATM network. Specifically, the LANE protocol defines mechanisms for emulating either an IEEE 802.3 Ethernet or an 802.5 Token Ring LAN. The current LANE protocol does not define a separate encapsulation for FDDI. (FDDI packets must be mapped into either Ethernet or Token Ring emulated LANs [ELANs] by using existing translational bridging techniques.) Fast Ethernet (100BaseT) and IEEE 802.12 (100VG-AnyLAN) both can be mapped unchanged because they use the same packet formats.
The LANE protocol defines a service interface for higher-layer (network layer) protocols that is identical to that of existing LANs. Data sent across the ATM network is encapsulated in the appropriate LAN MAC packet format. In other words, the LANE protocols make an ATM network look and behave like an Ethernet or Token Ring LAN---albeit one operating much faster than an actual Ethernet or Token Ring LAN network.
It is important to note that LANE does not attempt to emulate the actual MAC protocol of the specific LAN concerned (CSMA/CD for Ethernet or token passing for IEEE 802.5). LANE requires no modifications to higher-layer protocols to enable their operation over an ATM network. Because the LANE service presents the same service interface of existing MAC protocols to network-layer drivers.LANE Protocol
The basic function of the LANE protocol is to resolve MAC addresses to ATM addresses. The goal is to resolve such address mappings so that LANE end systems can set up direct connections between themselves and then forward data. The LANE protocol is deployed in two types of ATM-attached equipment: ATM network interface cards (NICs) and internetworking and LAN switching equipment.
ATM NICs implement the LANE protocol and interface to the ATM network but present the current LAN service interface to the higher-level protocol drivers within the attached end system. The network-layer protocols on the end system continue to communicate as if they were on a known LAN by using known procedures. However, they are able to use the vastly greater bandwidth of ATM networks.
The second class of network gear to implement LANE consists of ATM-attached LAN switches and routers. These devices, together with directly attached ATM hosts equipped with ATM NICs, are used to provide a virtual LAN (VLAN) service in which ports on the LAN switches are assigned to particular VLANs independently of physical location.
Communicating between VLANs
To communicate between VLANs you need to have a router with an interface for each VLAN or a router that supports ISL routing. The lowest Cisco router that supports ISL routing is the 2600 series. If you're using a router with one interface and ISL, the interface should be at least 100Mbps (Fast Ethernet).
VLAN Trunking Protocol (VTP)
VTP is a protocol used between switches to simplify the management of VLANs. With VTP, you can make configuration changes centrally on a single Catalyst series switch and have those changes automatically communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Developed by Cisco, it is the industry's first protocol implementation specifically designed for large VLAN deployments. VTP enhances VLAN deployment by providing the following:
To allow VTP to manage your VLANs across the network, you must first create a VTP server. All servers that need to share VLAN information must use the same domain name, and a switch can only be in one domain at a time. If all your switches are in the same VLAN then you don't need to use VTP. VTP information is sent via a trunk port. Switches advertise VTP management domain information, as well as configuration revision number and all known VLANs with any specific parameters. Switches detect the additional VLANs within a VTP advertisement and then prepare to receive information on their trunk ports. The information would be VLAN ID, 802.10 SAID fields, or LANE information. Updates are sent out as revision numbers that are notification +1. Anytime a switch sees a higher revision number, it knows the information is newer and overwrites the database with the newer one.Three modes of operation within a VTP
Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary.
The following global configuration information is distributed in VTP advertisements:
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled. VTP pruning only sends broadcasts to trunk links that must have the information. Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned. VLAN 1 can never prune because it is an administrative VLAN.
Certification boot camp back to back.