SlideShare a Scribd company logo

W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf

G
gummybear37

This document provides an overview of VLANs (virtual local area networks) including defining what a VLAN is, listing the benefits of implementing VLANs, describing different types of VLANs such as data, native, management, and voice VLANs. It also explains VLAN trunks, how to configure VLANs and trunks, common problems that can occur with trunk configuration, and best practices for VLAN design and security.

Technology
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
IT212 Data Communications and Networking 2 (Cisco 2) Chapter 3 VLANs
Objectives • Define VLAN. • Identify the benefits provided by implementing VLAN. • Enumerate the different types of VLANs. • Explain the use of a trunk. • Explain the purpose of the native VLAN. • Demonstrate how to configure VLANs and trunks. • Define what DTP and explain when to use DTP. • List the commands to be used to troubleshoot VLANs and trunks. • Identify the types of security issues are related to VLANs and trunks and explain how to mitigate these issues. • Identify what are the best practices to use when implementing VLANs and trunks.
VLAN • Virtual local area network (VLAN) • can be created on a Layer 2 switch to reduce the size of broadcast domains, similar to a Layer 3 device. • provide a way to group devices within a LAN. A group of devices within a VLAN communicate as if they were attached to the same wire. • are based on logical connections, instead of physical connections. • allow an administrator to segment networks based on factors such as function, project team, or application, without regard for the physical location of the user or device. Devices within a VLAN act as if they are in their own independent network, even if they share a common infrastructure with other VLANs. • Each VLAN is considered a separate logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a device that supports routing.
Benefits of VLAN • Security: Groups that have sensitive data are separated from the rest of the network, decreasing the chances of confidential information breaches. • Cost reduction: Cost savings result from reduced need for expensive network upgrades and more efficient use of existing bandwidth and uplinks. • Better performance: Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. • Shrink broadcast domains: Dividing a network into VLANs reduces the number of devices in the broadcast domain. • Improved IT staff efficiency: VLANs make it easier to manage the network because users with similar network requirements share the same VLAN. When a new switch is provisioned, all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name.
Types of VLANs Data VLAN • A data VLAN is a VLAN that is configured to carry user-generated traffic. A VLAN carrying voice or management traffic would not be part of a data VLAN. It is common practice to separate voice and management traffic from data traffic. A data VLAN, is sometimes referred to as a user VLAN. Data VLANs are used to separate the network into groups of users or devices.
Types of VLANs • Native VLAN A native VLAN is assigned to an 802.1Q trunk port. Trunk ports are the links between switches that support the transmission of traffic associated with more than one VLAN. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.
Types of VLANs • Management VLAN A management VLAN is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.
Types of VLANs Voice VLANs A separate VLAN known as a voice VLAN is needed to support Voice over IP (VoIP). VoIP traffic requires: • Assured bandwidth to ensure voice quality • Transmission priority over other types of network traffic • Capability to be routed around congested areas on the network • Delay of less than 150 ms across the network
VLANs in a Multi switched Environment VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
VLANs in a Multi switched Environment VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
Creating a VLAN VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
Assigning Ports to VLANs • After creating a VLAN, the next step is to assign ports to the VLAN. An access port can belong to only one VLAN at a time; one exception to this rule is that of a port connected to an IP phone, in which case, there are two VLANs associated with the port: one for voice and one for data. Enter global configuration mode. S1# configure terminal Enter interface configuration mode for a particular port number S1(config)# interface interface_id Set the port to access mode. S1(config-if)# switchport mode access Assign the port to a particular VLAN. S1(config-if)# switchport access vlan vlan-id Return to the privileged EXEC mode. S1(config-if)# end
Common Problems with Trunks • When configuring VLANs and trunks on a switched infrastructure, the following types of configuration errors are the most common: Problem Result Example Native VLAN mismatch Poses a security risk and creates unintended results One port is defined as native VLAN 99 and the opposite trunk end is defined as native VLAN 100. Trunk mode mismatch Causes loss of network connectivity One end of the trunk is configured as trunk mode “off” and the other as trunk mode “on.” Allowed VLANs on trunks Causes unexpected traffic or no traffic to be sent over the trunk The list of allowed VLANs does not support current VLAN trunking requirements.
VLAN Security and Design Switch Spoofing Attack • VLAN hopping enables traffic from one VLAN to be seen by another VLAN. • Switch spoofing is a type of VLAN hopping attack that works by taking advantage of an incorrectly configured trunk port. By default, trunk ports have access to all VLANs and pass traffic for multiple VLANs across the same physical link, generally between switches.
Verifying VLAN Information • Double-Tagging Attack Another type of VLAN attack is a double-tagging (or double- encapsulated) VLAN hopping attack. This type of attack takes advantage of the way that hardware on most switches operates. Most switches perform only one level of 802.1Q de- encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk link.
Verifying VLAN Information After a VLAN is configured, VLAN configurations can be validated using Cisco IOS show commands. Display one line for each VLAN with the VLAN name, status, and associated ports. Brief Display information about a single VLAN identified by the VLAN ID number, which can be a number between 1 and 4094 id vlan-id Display information about a single VLAN identified by a VLAN name. The VLAN name is an ASCII string from 1 to 32 characters. name vlan-name Display VLAN summary information. Summary
Design Best Practices for VLANs • Shut down unused switch ports to prevent unauthorized access • Separate management and user data traffic. • Change the native VLAN to a different VLAN than VLAN 1 • Do not use the dynamic auto or dynamic desirable switch port modes • Separate VLANs for IP telephony and data traffic
THE END

More Related Content

PPTX
VLANS Routing and Protocols Chapter 12 of Routing
RodgersA
 
PPTX
LAN Switching and Wireless: Ch3 - Virtual Local Area Networks (VLANs)
Abdelkhalik Mosa
 
PPTX
VLAN
ISMT College
 
DOC
Vlan
Madhya Pradesh Madhya Kshetra Vidyut Vitran Co., Ltd.
 
PPTX
Virtual Local Area Network
Atakan ATAK
 
PPT
Vlan final
Veena Rao
 
PPT
Virtual local area network
Veena Rao
 
PDF
Chapter 8 .vlan.pdf
manojkumar595505
 
VLANS Routing and Protocols Chapter 12 of Routing
RodgersA
 
LAN Switching and Wireless: Ch3 - Virtual Local Area Networks (VLANs)
Abdelkhalik Mosa
 
VLAN
ISMT College
 
Vlan
Madhya Pradesh Madhya Kshetra Vidyut Vitran Co., Ltd.
 
Virtual Local Area Network
Atakan ATAK
 
Vlan final
Veena Rao
 
Virtual local area network
Veena Rao
 
Chapter 8 .vlan.pdf
manojkumar595505
 

Similar to W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf (20)

PDF
Virtual Local Area Network (VLAN)
Mohammad Javad Abdolmaleki
 
PPTX
VLAN (Virtual Local Area Network) Full details.pptx
Vignesh kumar
 
PPTX
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
SaqibAhmedKhan4
 
PPT
Vlan
sanss40
 
PPTX
Week 9 VLAN, SISTIM INFORMASI MANAGEMEN
Setyady Peace
 
PPT
mod8-VLANs.ppt
SAROORNAGARCMCORE
 
PDF
Vlan.pdf
itwkd
 
PPT
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
MR. VIKRAM SNEHI
 
PPTX
VLAN chapters for networking CCNA_RSE_Chp6.pptx
muhammadFaheem656405
 
PPT
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PPTX
CCNA_RSE_Chp6.pptx
santosh Kumar
 
PPTX
CCNA_RSE_Chp6 Virtual Local Area Network
MonchaiPhaichitchan1
 
PPTX
Vla ns
UDLA
 
PPT
Mod8 vlans
Mohan Kumaresan
 
PPT
Day 14.2 inter vlan
CYBERINTELLIGENTS
 
DOCX
Vlan Types
IT Tech
 
PPT
CCNA Presentation
Said Rahim Manandoy
 
PPT
Chapter9ccna
Lakshan Perera
 
PDF
Benefits of vlan
Logitrain
 
PPTX
CCNA2 Verson6 Chapter6
Chaing Ravuth
 
Virtual Local Area Network (VLAN)
Mohammad Javad Abdolmaleki
 
VLAN (Virtual Local Area Network) Full details.pptx
Vignesh kumar
 
Lecture_Network Design, InterVlan Routing and Trunking_.pptx
SaqibAhmedKhan4
 
Vlan
sanss40
 
Week 9 VLAN, SISTIM INFORMASI MANAGEMEN
Setyady Peace
 
mod8-VLANs.ppt
SAROORNAGARCMCORE
 
Vlan.pdf
itwkd
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
MR. VIKRAM SNEHI
 
VLAN chapters for networking CCNA_RSE_Chp6.pptx
muhammadFaheem656405
 
CCNA- part 9 vlan
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
CCNA_RSE_Chp6.pptx
santosh Kumar
 
CCNA_RSE_Chp6 Virtual Local Area Network
MonchaiPhaichitchan1
 
Vla ns
UDLA
 
Mod8 vlans
Mohan Kumaresan
 
Day 14.2 inter vlan
CYBERINTELLIGENTS
 
Vlan Types
IT Tech
 
CCNA Presentation
Said Rahim Manandoy
 
Chapter9ccna
Lakshan Perera
 
Benefits of vlan
Logitrain
 
CCNA2 Verson6 Chapter6
Chaing Ravuth
 
Ad

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Ad

W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf

  • 1. IT212 Data Communications and Networking 2 (Cisco 2) Chapter 3 VLANs
  • 2. Objectives • Define VLAN. • Identify the benefits provided by implementing VLAN. • Enumerate the different types of VLANs. • Explain the use of a trunk. • Explain the purpose of the native VLAN. • Demonstrate how to configure VLANs and trunks. • Define what DTP and explain when to use DTP. • List the commands to be used to troubleshoot VLANs and trunks. • Identify the types of security issues are related to VLANs and trunks and explain how to mitigate these issues. • Identify what are the best practices to use when implementing VLANs and trunks.
  • 3. VLAN • Virtual local area network (VLAN) • can be created on a Layer 2 switch to reduce the size of broadcast domains, similar to a Layer 3 device. • provide a way to group devices within a LAN. A group of devices within a VLAN communicate as if they were attached to the same wire. • are based on logical connections, instead of physical connections. • allow an administrator to segment networks based on factors such as function, project team, or application, without regard for the physical location of the user or device. Devices within a VLAN act as if they are in their own independent network, even if they share a common infrastructure with other VLANs. • Each VLAN is considered a separate logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a device that supports routing.
  • 4. Benefits of VLAN • Security: Groups that have sensitive data are separated from the rest of the network, decreasing the chances of confidential information breaches. • Cost reduction: Cost savings result from reduced need for expensive network upgrades and more efficient use of existing bandwidth and uplinks. • Better performance: Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. • Shrink broadcast domains: Dividing a network into VLANs reduces the number of devices in the broadcast domain. • Improved IT staff efficiency: VLANs make it easier to manage the network because users with similar network requirements share the same VLAN. When a new switch is provisioned, all the policies and procedures already configured for the particular VLAN are implemented when the ports are assigned. It is also easy for the IT staff to identify the function of a VLAN by giving it an appropriate name.
  • 5. Types of VLANs Data VLAN • A data VLAN is a VLAN that is configured to carry user-generated traffic. A VLAN carrying voice or management traffic would not be part of a data VLAN. It is common practice to separate voice and management traffic from data traffic. A data VLAN, is sometimes referred to as a user VLAN. Data VLANs are used to separate the network into groups of users or devices.
  • 6. Types of VLANs • Native VLAN A native VLAN is assigned to an 802.1Q trunk port. Trunk ports are the links between switches that support the transmission of traffic associated with more than one VLAN. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.
  • 7. Types of VLANs • Management VLAN A management VLAN is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.
  • 8. Types of VLANs Voice VLANs A separate VLAN known as a voice VLAN is needed to support Voice over IP (VoIP). VoIP traffic requires: • Assured bandwidth to ensure voice quality • Transmission priority over other types of network traffic • Capability to be routed around congested areas on the network • Delay of less than 150 ms across the network
  • 9. VLANs in a Multi switched Environment VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
  • 10. VLANs in a Multi switched Environment VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
  • 11. Creating a VLAN VLAN Trunks • A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices • VLANs would not be very useful without VLAN trunks. VLAN trunks allow all VLAN traffic to propagate between switches, so that devices which are in the same VLAN, but connected to different switches, can communicate without the intervention of a router.
  • 12. Assigning Ports to VLANs • After creating a VLAN, the next step is to assign ports to the VLAN. An access port can belong to only one VLAN at a time; one exception to this rule is that of a port connected to an IP phone, in which case, there are two VLANs associated with the port: one for voice and one for data. Enter global configuration mode. S1# configure terminal Enter interface configuration mode for a particular port number S1(config)# interface interface_id Set the port to access mode. S1(config-if)# switchport mode access Assign the port to a particular VLAN. S1(config-if)# switchport access vlan vlan-id Return to the privileged EXEC mode. S1(config-if)# end
  • 13. Common Problems with Trunks • When configuring VLANs and trunks on a switched infrastructure, the following types of configuration errors are the most common: Problem Result Example Native VLAN mismatch Poses a security risk and creates unintended results One port is defined as native VLAN 99 and the opposite trunk end is defined as native VLAN 100. Trunk mode mismatch Causes loss of network connectivity One end of the trunk is configured as trunk mode “off” and the other as trunk mode “on.” Allowed VLANs on trunks Causes unexpected traffic or no traffic to be sent over the trunk The list of allowed VLANs does not support current VLAN trunking requirements.
  • 14. VLAN Security and Design Switch Spoofing Attack • VLAN hopping enables traffic from one VLAN to be seen by another VLAN. • Switch spoofing is a type of VLAN hopping attack that works by taking advantage of an incorrectly configured trunk port. By default, trunk ports have access to all VLANs and pass traffic for multiple VLANs across the same physical link, generally between switches.
  • 15. Verifying VLAN Information • Double-Tagging Attack Another type of VLAN attack is a double-tagging (or double- encapsulated) VLAN hopping attack. This type of attack takes advantage of the way that hardware on most switches operates. Most switches perform only one level of 802.1Q de- encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk link.
  • 16. Verifying VLAN Information After a VLAN is configured, VLAN configurations can be validated using Cisco IOS show commands. Display one line for each VLAN with the VLAN name, status, and associated ports. Brief Display information about a single VLAN identified by the VLAN ID number, which can be a number between 1 and 4094 id vlan-id Display information about a single VLAN identified by a VLAN name. The VLAN name is an ASCII string from 1 to 32 characters. name vlan-name Display VLAN summary information. Summary
  • 17. Design Best Practices for VLANs • Shut down unused switch ports to prevent unauthorized access • Separate management and user data traffic. • Change the native VLAN to a different VLAN than VLAN 1 • Do not use the dynamic auto or dynamic desirable switch port modes • Separate VLANs for IP telephony and data traffic