VLAN Tutorial

tonwei139

　　From: http://www.computer-network.net/vlan-tutorial

　　In this VLAN tutorial discusses everything about VLAN including VLAN overview, the benefits, implementation, and issues.
　　By definition, in this VLAN tutorial, virtual LAN is a group of ports on an Ethernet switch that behaves like a separate network segment.
　　VLAN Tutorial – Overview
　　This VLAN tutorial starts from the usage of the hubs. The simplest form of a large Ethernet network is one built using only hubs arranged in a cascaded star topology. For example, in a building there might be one workgroup hub for each work area connected to a root hub in the wiring closet. Such a network has two drawbacks:

• The entire network is one collision domain, which causes the network to scale poorly as the number of hosts increases. Once a certain number of hosts are present on the network, collisions start to occur frequently and network bandwidth is wasted.
  
• The entire network is also one broadcast domain, which increases the probability of broadcast storms occurring and bringing down the network.
  

http://www.computer-network.net/wp-content/uploads/2009/12/436-vlan-tutorial-1.gif
　　The first problem is collisions, which is usually dealt with by replacing the main or root hub with an Ethernet switch, specifically a Layer 2 switch. This has the effect of partitioning the network into multiple smaller collision domains, which in this example means that each work area will be a separate collision domain. This reduces the overall effect of collisions on the network and isolates problems arising from too many collisions occurring in one area from other parts of the network.
　　Unfortunately, this simple solution does not solve the second problem, that of broadcasts. In a cascaded star topology where workgroup hubs are connected to a Layer 2 switch, the entire network is still one large broadcast domain, which increases the risk of broadcast storms. Furthermore, if network services are running that advertise themselves using broadcasts, then a significant amount of overall bandwidth might be consumed by these broadcasts, reducing the amount of available bandwidth for other forms of network communications.
　　See also computer network hardware and also slow network problem.
　　VLAN tutorial – Router solution
　　The traditional solution to this problem has been to use routers to partition the network into multiple smaller broadcast domains, insofar as routers generally do not forward broadcasts between their interfaces. This works well, but as the network increases in size, the number of network devices (hubs, routers, and switches) increases also, which leads to greater infrastructure costs.
　　Another problem with this traditional style of network is that when a user moves to a different work area and takes his or her computer along to the new area, then some re-cabling is usually necessary. For example, when the user connects the computer to the local area network (LAN) drop in the new work area, the administrator usually has to go to the wiring room and switch the ends of the old and new LAN drop plugs to make sure the user is connected to the right hub or switch. Because cabling is typically somewhat disorganized in wiring rooms, this task can be a nightmare and is prone to error.
　　VLAN Tutorial – VLAN solution
　　Virtual LAN (VLAN) technologies were developed to solve all these problems. VLANs allow networks to be segmented logically without having to be physically rewired. Instead of having all ports on a switch be equal and belong to the same network, ports can be segregated into groups, each belonging to a separate logical network. For example, on a 3-port switch you could configure ports 1 and 2 as belonging to network 10 and port 3 as belonging to network 20 (see the illustration on the following figure). Physically, all three ports seem to be on the same network, but in reality they are not-broadcasts sent to port 1 can only reach port 2 and not port 3. Administrators can easily make these port assignments indicating which VLANs are mapped to which ports by accessing the software for the switch. Note that VLAN ports do not have to be contiguous-for example, ports 1 and 3 could be on the same VLAN and port 2 on a different VLAN.
　　VLAN tutorial – the VLAN Benefits
　　The benefits of using VLAN-enabled switches include the following:

• The ability to segment networks into multiple smaller broadcast domains without needing additional network devices such as routers to do this. VLANs make switched Ethernet networks more bandwidth-efficient through this segmentation of broadcast domains.
  
• The ability to reconfigure ports logically without the need to unplug wires and move them around. If a user takes his or her computer to a new work area, no cables need to be swapped on the switch-just access the switch software and issue commands to change the VLAN assignments for the old and new ports. VLANs thus simplify the process of adding, moving, and deleting users on the network. They also improve network security by avoiding cabling mishaps that can arise when users are moved in traditional Ethernet networks.
  
• The ability to group users together according to function rather than physical location. In a traditional Ethernet network, all users in a given work area are on the same network segment regardless of their job description or department. Using VLANs, however, you could have one salesperson in each work area of the building sitting next to engineers in their work area, yet on a separate logical network segment.
  

　　VLAN Tutorial – VLAN Implementation
　　VLANs have the following characteristics:
　　One switch may have several VLANs defined on it. A VLAN is identified using a special identification number called a VLAN ID. Stations attached to switch ports having the same VLAN ID act and function as though they are all on the same physical network segment. In other words, broadcasts sent by one host are received only by hosts connected to ports having the same VLAN ID as the sending host.
　　Administrators typically assign VLAN IDs manually at the port level, although port assignments can also be managed dynamically for some switches (the switch does this by maintaining an internal table mapping the media access control [MAC] addresses of connected stations to their VLAN ID). When a host is moved to another department, the only change needed is the assignment of a different VLAN ID to the port to which the host is connected-no switching of patch cables is required.
http://www.computer-network.net/wp-content/uploads/2009/12/436-vlan-tutorial-3.gif
　　VLAN Tutorial example on the above figure shows VLAN of a network designed using VLAN-enabled switches.
　　A single VLAN can span multiple switches connected together. By using a method called trunking, VLAN-enabled switches can be connected to form large VLANs spanning switches right across the enterprise. To do this, a port on the switch must be designated a trunk port, and trunk ports on different switches are connected using trunk lines. For example, when Fast Ethernet ports are used as trunk ports, trunking can be accomplished by connecting such ports on different switches using enhanced Category 5 (Cat5e) crossover cables.
　　Switch vendors have traditionally developed their own proprietary VLAN technologies, so implementing a VLAN typically means buying all your switching gear from a single vendor. Cisco Systems is the market leader in VLAN-enabled switches, and many of their Catalyst line of switches support VLANs. Cisco Catalyst switches employs several types of technologies in order to implement enterprise VLANs, namely:
　　1. Frame Tagging
　　When an Ethernet frame enters a port on a VLAN-enabled switch, the switch encapsulates the frame by adding a special header or tag that contains the VLAN ID of the port at which the frame arrived. The switch uses the frame tag to determine which ports it can be forwarded to (ports having the same VLAN ID). The tag is then stripped off at the destination ports on the switch, or in the case of traffic moving across multiple switches using trunked connections, it is stripped off when it reaches the destination ports on other connected switches.
　　2. Inter-switch link (ISL)
　　This is a proprietary Cisco technology that enables a single port to belong to multiple VLANs-that is, to have multiple VLAN IDs assigned to it. ISL is used for trunking and is also available on special network interface cards (NICs) for servers. When a server has an ISL- supporting NIC installed, it behaves as if it had multiple physical NICs, one for each VLAN. This enables workstations on different VLANs to access the same server, eliminating the need to have separate servers for each VLAN.
　　3. VLAN Trunking Protocol (VTP)
　　This is a proprietary Cisco technology that simplifies the task of configuring VLANs across a network. By making any necessary configuration changes to settings on a VTP server, these changes are then propagated across the network to all VLAN-enabled switches that are defined as belonging to the same VTP management domain.
　　VLAN Tutorial – The Issues
　　Three main issues have slowed the acceptance of VLANs in the enterprise:

• Standards
  
• Dynamic Host Configuration Protocol (DHCP),
  
• and Layer 3 switches.
  

　　The problem of standards arises from the proprietary nature of VLAN implementations from different switch vendors. This has resulted in interoperability issues where equipment from one vendor fails to work with that from another vendor. There has been some progress toward standardizing VLAN technologies, however.
　　The second issue is that of address management of stations on the network. VLANs were originally designed to simplify the management of hosts on the network by using their Layer 2 MAC addresses to identify them to switches. When a computer is unplugged from a LAN drop and moved to a different physical location and plugged in to a different drop, VLAN switches can automatically detect the computer’s new location by its MAC address and reconfigure themselves dynamically. The problem is that DHCP was designed for the very same job of dynamic address management but uses Layer 3 (IP) addresses instead. Being a much simpler system, most network managers have chosen DHCP instead of VLANs to ensure that computers can be physically moved around the network if needed. As a result, most VLAN administration is performed manually by assigning VLAN IDs to ports using a command- line interface, a difficult chore in a large enterprise.
　　The third issue that has slowed the adoption of VLANs has been the emergence of Layer 3 switches, which can perform both bridging (Layer 2) and routing (Layer 3) functions in one box. Layer 3 switches have almost eliminated the need for VLANs in most enterprises. Instead of creating multiple VLANs to segment the network into smaller broadcast domains, the same thing can be accomplished by replacing the root Layer 2 switch with a Layer 3 switch. Each port on the Layer 3 switch represents a separate routed subnet, and the network is thus automatically partitioned into separate broadcast domains.
　　VLAN Tutorial – the Prospects
　　Because of the above issues, the future of VLANs is cloudy. Most enterprise network architects see little point in deploying VLANs when Layer 3 switches can accomplish the same result with less effort. And DHCP manages addresses at Layer 3 more easily than VLANs do it at Layer 2, making it simple to move users around the network. 　　Compiled from CCNA Materials