Virtual LANs (VLANs) are a feature of special switches, known as managed switches,
which allow the administrator to group ports on a switch to a “virtual LAN.” When
a port is configured for a particular VLAN, it is unable to communicate with systems
that are not on that VLAN without the use of a routing device such as a router. This
is similar to the fact that, if we had two physical networks, a machine cannot send
data from one network to the other without the use of a router.
which allow the administrator to group ports on a switch to a “virtual LAN.” When
a port is configured for a particular VLAN, it is unable to communicate with systems
that are not on that VLAN without the use of a routing device such as a router. This
is similar to the fact that, if we had two physical networks, a machine cannot send
data from one network to the other without the use of a router.
The purpose of a VLAN is to cut down on broadcast traffic through the use of
what are known as broadcast domains. A VLAN acts as a broadcast domain—let’s
look at how this works. Normally, if we had a 24-port hub or switch and a computer
wanted to send data to all systems, it would “broadcast” the data out onto the
network. A broadcast will hit every port on that switch or hub. With a VLANsupported
switch, you can create VLANs that act as “broadcast” domains. This
means that if Workstation A is on VLAN1, which is made up of ports 1 through
12 on the 24-port switch, when Workstation A sends broadcast traffic (traffic
intended for all systems), it will be sent only to ports 1 through 12 because the
virtual LAN is acting as a boundary for traffic. The benefit of this is that you are
now able to minimize traffic within or across switches, which increases network
what are known as broadcast domains. A VLAN acts as a broadcast domain—let’s
look at how this works. Normally, if we had a 24-port hub or switch and a computer
wanted to send data to all systems, it would “broadcast” the data out onto the
network. A broadcast will hit every port on that switch or hub. With a VLANsupported
switch, you can create VLANs that act as “broadcast” domains. This
means that if Workstation A is on VLAN1, which is made up of ports 1 through
12 on the 24-port switch, when Workstation A sends broadcast traffic (traffic
intended for all systems), it will be sent only to ports 1 through 12 because the
virtual LAN is acting as a boundary for traffic. The benefit of this is that you are
now able to minimize traffic within or across switches, which increases network
How you implement your VLAN depends on what type of switch you have. There
are a number of different types of switches:
are a number of different types of switches:
Layer-1 switch A layer-1 switch implements what is known as port
switching. Port switching means that the network administrator associates
the ports on the switch as being members of a particular VLAN. With port
switching, you need to ensure that you are satisfied with the fact that if
you move a computer from one port to another, the system may become a
member of a different VLAN, because the port is the member of the VLAN,
not the network card connected to it. Layer-1 switches do offer benefits;
they are great for increasing security and isolation. They also allow an
administrator to move a system to a new VLAN by reconfiguring the port
for the new VLAN. The benefit is that there is no need to move the system
physically.
switching. Port switching means that the network administrator associates
the ports on the switch as being members of a particular VLAN. With port
switching, you need to ensure that you are satisfied with the fact that if
you move a computer from one port to another, the system may become a
member of a different VLAN, because the port is the member of the VLAN,
not the network card connected to it. Layer-1 switches do offer benefits;
they are great for increasing security and isolation. They also allow an
administrator to move a system to a new VLAN by reconfiguring the port
for the new VLAN. The benefit is that there is no need to move the system
physically.
Layer-2 switch A layer-2 switch doesn’t associate the port with the VLAN,
but the MAC addresses of systems are associated with the VLAN. The
network administrator is responsible for listing all the MAC addresses for
each VLAN on the switch. When a packet is sent by a system and reaches
the switch, the switch tags the packet as being a member of the VLAN, and
it will be sent only to other systems in the VLAN. The benefit of layer-2
switches is that, because the MAC address is associated with the VLAN, it
doesn’t matter what port the system is plugged into. This is a great feature for
laptop users who typically roam around on the network—they will always be
a member of the same VLAN unless the switch is reconfigured.
but the MAC addresses of systems are associated with the VLAN. The
network administrator is responsible for listing all the MAC addresses for
each VLAN on the switch. When a packet is sent by a system and reaches
the switch, the switch tags the packet as being a member of the VLAN, and
it will be sent only to other systems in the VLAN. The benefit of layer-2
switches is that, because the MAC address is associated with the VLAN, it
doesn’t matter what port the system is plugged into. This is a great feature for
laptop users who typically roam around on the network—they will always be
a member of the same VLAN unless the switch is reconfigured.
Layer-3 Switch A layer-3 switch bases membership to a VLAN on the subnet ID of
the layer-3 address of a packet. With layer-3 switches, the workstations do not actually
the layer-3 address of a packet. With layer-3 switches, the workstations do not actually
belong to the VLAN, but the packets that are being sent do belong, because they have the
source address information which contains the network ID in them.To create the VLANs,
source address information which contains the network ID in them.To create the VLANs,
the network administrator will need to run the configuration utility on the VLAN-supported switch. Also note that with a layer-1 switch, if a system needs to be moved from VLAN1 to VLAN2,
there is no needto move systems around; you simply need to configure the port that the system is
connected to from one VLAN to the other on the switch.
Switch Features
Most enterprise-capable switches have a number of features that make the switch
attractive for large organizations. The following is a listing of popular features
incorporated into big-name switches such as those from Cisco and Juniper Networks.
Spanning Tree Protocol (STP)
The Spanning Tree Protocol (STP) runs at layer
2 and is designed to prevent loops on a network that could occur if you connect a
number of switches together. For example, a loop is created if you connect Switch1
to Switch2 and then turn around and connect Switch2 back to Switch1 using a different
cable and ports on the switches.
Having a loop on the network could cause the network to go down and creates
instability in the switches. To prevent this, STP was designed. STP is a protocol that
looks at all of the ports used to create a loop and then places one of those ports in a
blocking state so that no data traffic can pass through the port. Once the port is in a
blocking state, the loop is broken and the network becomes more stable.
The fact that the port is in a blocking state instead of being disabled means that if
one of the other links go down, then the port is transitioned into a forwarding state
automatically. When a port is in a forwarding state, it is allowed to send and receive
data on the port.
Trunking
Trunking is a feature on Cisco switches that allows you to connect the
switches together and then assign one of the ports as a trunk port. The trunk port is
the port that is used to carry VLAN traffic to the other switch. VLANs are allowed
to contain ports as members that are from multiple switches. If data is destined for
all systems in the VLAN, the VLAN identification information is added to the data
packet and then the switch sends the packet out the trunk port. When another
switch receives the packet, it checks the VLAN identification information and then
sends the data to all of its ports that are a member of that particular VLAN.
ISL and 802.1Q When a switch assigns the VLAN identification information to
a packet, this is known as tagging. Two popular protocols for tagging are the Inter-
Switch Link (ISL) and the IEEE 802.1Q protocol.
ISL is the Cisco proprietary protocol for tagging packets and associating them
with a particular VLAN on older switches, while 802.1Q is the IEEE standard for
VLAN trunking. Newer Cisco and Juniper Networks switches use 802.1Q as the tagging method.
Switch Features
Most enterprise-capable switches have a number of features that make the switch
attractive for large organizations. The following is a listing of popular features
incorporated into big-name switches such as those from Cisco and Juniper Networks.
Spanning Tree Protocol (STP)
The Spanning Tree Protocol (STP) runs at layer
2 and is designed to prevent loops on a network that could occur if you connect a
number of switches together. For example, a loop is created if you connect Switch1
to Switch2 and then turn around and connect Switch2 back to Switch1 using a different
cable and ports on the switches.
Having a loop on the network could cause the network to go down and creates
instability in the switches. To prevent this, STP was designed. STP is a protocol that
looks at all of the ports used to create a loop and then places one of those ports in a
blocking state so that no data traffic can pass through the port. Once the port is in a
blocking state, the loop is broken and the network becomes more stable.
The fact that the port is in a blocking state instead of being disabled means that if
one of the other links go down, then the port is transitioned into a forwarding state
automatically. When a port is in a forwarding state, it is allowed to send and receive
data on the port.
Trunking
Trunking is a feature on Cisco switches that allows you to connect the
switches together and then assign one of the ports as a trunk port. The trunk port is
the port that is used to carry VLAN traffic to the other switch. VLANs are allowed
to contain ports as members that are from multiple switches. If data is destined for
all systems in the VLAN, the VLAN identification information is added to the data
packet and then the switch sends the packet out the trunk port. When another
switch receives the packet, it checks the VLAN identification information and then
sends the data to all of its ports that are a member of that particular VLAN.
ISL and 802.1Q When a switch assigns the VLAN identification information to
a packet, this is known as tagging. Two popular protocols for tagging are the Inter-
Switch Link (ISL) and the IEEE 802.1Q protocol.
ISL is the Cisco proprietary protocol for tagging packets and associating them
with a particular VLAN on older switches, while 802.1Q is the IEEE standard for
VLAN trunking. Newer Cisco and Juniper Networks switches use 802.1Q as the tagging method.
Port mirroring,
also known as port monitoring, is a feature that
allows the switch to send a copy of data that reaches certain ports to the mirrored, or
monitored, port. Port monitoring allows an administrator to plug his/her workstation
into the port that the copy of the data is being sent to, and monitor the network
traffic.
Port mirroring is an important feature of a switch because by default the switch
filters traffic by only sending the data to the port that the destination system resides
on. The switch’s filtering feature will prevent the monitoring of traffic, and as a
result the administrator will have to enable port mirroring (monitoring) and specify
the port that receives the copy of data.
Port Authentication
Port authentication is another important feature of the
switch that allows the administrator to associate the MAC address of the system that
will connect to the port. The administrator can also specify that if a system with a
different MAC address connects to the port, the port is to be automatically disabled.
Port authentication will help increase the security of the network by allowing
only authorized systems to connect to the network—a critical feature of any switch!
Content Switch A content switch is a special switch that is designed for optimizing
data delivery to clients by incorporating features to improve performance such
as data caching or load balancing features on the switch. Here is an example of how
the switch can load-balance traffic: if you connect two servers into the switch, the
switch creates a virtual server using a virtual IP, and when a request comes in to the
virtual IP, the switch then forwards the request to one of the servers connected to
the switch. The result is that the load is balanced across both servers and performance
is increased.
Comments
Post a Comment