Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Router and VLAN operations

    Încărcat de

    Murali Daren
    41 vizualizări13 pagini
    VLAN

    Titlu original

    22 03 Why We Have VLANs

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    VLAN

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    41 vizualizări13 pagini

    Router and VLAN operations

    Încărcat de

    Murali Daren
    VLAN

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 13

    Router Operations

    Routers operate at Layer 3 of the OSI stack


    Hosts in separate IP subnets must send traffic via a router to
    communicate
    Security rules on routers or firewalls can be used to easily control what
    traffic is allowed between different IP subnets at Layer 3
    Routers do not forward broadcast traffic by default
    They provide performance and security by splitting networks into
    smaller domains at Layer 3
    Switch Operations

    Switches operate at Layer 2 of the OSI stack


    They do forward broadcast traffic by default
    By default a campus switched network is one large broadcast domain
    Switches flood broadcast traffic everywhere, including between
    different IP subnets
    This raises performance and security concerns
    LAN Networks
    ROUTER
    Wide Area
    Network
    ENG Default Gateway SALES Default Gateway
    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    Ethernet Switch

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Unicast Traffic within same IP subnet
    ROUTER
    Wide Area
    Network
    ENG Default Gateway SALES Default Gateway
    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    Ethernet Switch

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Unicast Traffic between different IP subnets
    ROUTER
    You can implement security
    Wide Area
    policies on the router to limit
    Network
    traffic between IP subnets ENG Default Gateway SALES Default Gateway
    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    Ethernet Switch

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Broadcast Traffic
    ROUTER
    Wide Area
    Network
    ENG Default Gateway SALES Default Gateway
    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    Ethernet Switch

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    The Problem

    Switches flood broadcast traffic everywhere, including between


    different IP subnets
    This affects security because the traffic bypasses router or firewall
    Layer 3 security policies
    It affects performance because every end host has to process the
    traffic
    It also affects performance by using bandwidth on links where the
    traffic is not required
    Broadcast Traffic

    ACCOUNTS PC1 ACCOUNTS PC2


    IP Address: 10.10.30.11
    IP Address: 10.10.30.11
    ENG PC3
    IP Address: 10.10.10.12

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    VLAN Virtual Local Area Networks

    We can increase performance and security in the LAN by implementing


    VLANs on our switches
    VLANs segment the LAN into separate broadcast domains at Layer 2
    There is typically a one-to-one relationship between an IP subnet and
    a VLAN
    VLAN Virtual Local Area Networks
    ROUTER
    ENG VLAN Wide Area
    SALES VLAN ENG Default Gateway SALES Default Gateway
    Network

    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    Switches only
    F0/3 F0/1 F0/2 Ethernet Switch allow traffic within
    F0/4
    F0/6
    F0/7 the same VLAN
    F0/5

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Unicast Traffic within same IP subnet
    ROUTER
    ENG VLAN Wide Area
    SALES VLAN ENG Default Gateway SALES Default Gateway
    Network

    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    F0/3 F0/1 F0/2 Ethernet Switch


    F0/4 F0/7
    F0/5 F0/6

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Unicast Traffic between different IP subnets
    ROUTER
    ENG VLAN Wide Area
    SALES VLAN ENG Default Gateway SALES Default Gateway
    Network

    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    F0/3 F0/1 F0/2 Ethernet Switch


    F0/4 F0/7
    F0/5 F0/6

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10
    Broadcast Traffic
    ROUTER
    ENG VLAN Wide Area
    SALES VLAN ENG Default Gateway SALES Default Gateway
    Network

    IP Address: 10.10.10.1 IP Address: 10.10.20.1

    ENG PC3
    IP Address: 10.10.10.12

    F0/3 F0/1 F0/2 Ethernet Switch


    F0/4 F0/7
    F0/5 F0/6

    ENG PC1 ENG PC2 SALES PC1 SALES PC2


    IP Address: 10.10.10.10 IP Address: 10.10.10.11 IP Address: 10.10.20.11 IP Address: 10.10.20.10

    S-ar putea să vă placă și