VLANs and Trunking - N10-008 CompTIA Network+ : 2.3
Summary
TLDRThis script discusses the use of VLANs for network segmentation to enhance security and organization. It explains how VLANs allow logical separation within a single switch, reducing the need for multiple physical switches and wasted interfaces. The concept of VLAN trunking, or IEEE 802.1Q, is introduced as a method to extend VLANs across switches efficiently. The script also touches on the practical application of VLANs in managing devices like computers and VoIP phones on a single network cable, ensuring quality of service for voice communications.
Takeaways
- đ **Network Segmentation**: Network administrators use VLANs to segment networks into different broadcast domains for enhanced security and organization.
- đ ïž **Physical vs. Logical Separation**: Separating networks can be done physically with separate switches or logically within a single switch using VLANs.
- đ« **Isolation of Broadcast Domains**: VLANs prevent devices in one VLAN from communicating with devices in another, maintaining network isolation.
- đ **Efficient Use of Resources**: Using VLANs within a single switch reduces the number of unused interfaces compared to having separate switches for each VLAN.
- đ **Trunking VLANs**: VLAN trunking, or IEEE 802.1Q, allows multiple VLANs to be sent across a single link, simplifying the inter-switch connections.
- đ **Scalability**: VLAN trunking is scalable and more efficient than using separate Ethernet cables for each VLAN, which would be impractical with a large number of VLANs.
- đ·ïž **VLAN Header**: An 802.1Q trunk adds a VLAN header to Ethernet frames to indicate the VLAN ID, allowing multiple VLANs to be distinguished on a single link.
- đ **VLAN Ranges**: VLANs are numbered in a range from 1 to 4094, with 0 and 4095 reserved, and are often divided into normal and extended ranges.
- đ **Voice and Data Integration**: VLANs can be used to segregate voice (VoIP) and data traffic on a single physical link, ensuring quality of service for voice communications.
- đ **Inter-Switch Communication**: Devices on the same VLAN across different switches can communicate with each other through trunked links, maintaining VLAN integrity.
Q & A
Why do network administrators segment networks into different broadcast domains?
-Network administrators segment networks into different broadcast domains to enhance security features and to keep the network organized.
What is one way to segment a network into different broadcast domains?
-One way to segment a network is by using completely separate switches, each with its own broadcast domain.
What challenge arises from using separate switches for different broadcast domains?
-Using separate switches results in a lot of wasted interfaces, as many interfaces are powered and managed but are not connected to any devices.
How do VLANs help in reducing the challenge of wasted interfaces?
-VLANs allow for logical separation of networks within a single switch, thus reducing the need for multiple physical switches and minimizing wasted interfaces.
What is the IEEE 802.1Q standard and how does it relate to VLANs?
-The IEEE 802.1Q standard, also known as dot1Q, is an Ethernet trunking standard that allows multiple VLANs to be sent across a single connection, streamlining communication between switches.
How does VLAN trunking simplify the connection between switches with multiple VLANs?
-VLAN trunking simplifies connections by allowing all VLANs to be communicated across a single link, instead of requiring separate Ethernet cables for each VLAN.
What is the maximum number of VLANs that can be supported within a trunk connection?
-A trunk connection can support up to 4,094 VLANs, as the VLAN ID is 12 bits long.
What is the purpose of the VLAN header added to an Ethernet frame when it hits a trunk?
-The VLAN header, added when an Ethernet frame hits a trunk, contains information about which VLAN the data is associated with, allowing for proper routing and separation of traffic.
Why might a network administrator choose to separate voice and data traffic onto different VLANs?
-Separating voice and data traffic onto different VLANs ensures quality of service for voice communications by preventing data traffic from overwhelming the time-sensitive voice over IP connections.
How does the 802.1Q standard handle the configuration for a single network link used by both a computer and a phone?
-The 802.1Q standard allows for a single network link to be used by both a computer and a phone by designating each switch interface with both a data VLAN and a voice VLAN, enabling prioritization of voice traffic.
Outlines
đ Network Segmentation and VLANs
This paragraph discusses the practice of segmenting networks into different broadcast domains for enhanced security and organization. It explains the concept of using separate switches for each broadcast domain and the inefficiency of this method due to wasted interfaces. The paragraph introduces Virtual Local Area Networks (VLANs) as a solution to logically separate networks within a single switch, reducing the need for multiple physical switches. It also touches on the scalability issue of connecting VLANs across multiple switches and the introduction of VLAN trunking as a method to transmit multiple VLANs over a single link, adhering to the IEEE 802.1Q standard.
đ VLAN Trunking and Practical Applications
The second paragraph delves into the practical implementation of VLAN trunking, explaining how it allows communication between devices on the same VLAN across different switches. It contrasts the older Inter-Switch Link (ISL) method with the more widely adopted IEEE 802.1Q standard. The paragraph also explores the practical use of VLANs in office environments, where a single Ethernet cable can serve both data and voice devices by leveraging VLAN trunking. It discusses the configuration of a trunk link between two switches and the advantages of using VLANs for quality of service, particularly for voice communications over IP phones, ensuring that voice traffic is prioritized over data traffic.
đ Prioritizing Voice Communications with VLANs
The final paragraph focuses on the application of VLANs to prioritize voice communications in a network environment. It describes how a single network link can be used for both data and voice traffic by assigning them to different VLANs. The paragraph explains the process of tagging voice traffic with an 802.1Q header to ensure it is prioritized on the network, thus maintaining the quality of voice communications. It also touches on the configuration of switches to recognize both data and voice VLANs on a single interface, allowing for the segregation and prioritization of voice traffic to prevent disruptions from data communication.
Mindmap
Keywords
đĄNetwork Segmentation
đĄBroadcast Domain
đĄVLAN (Virtual Local Area Network)
đĄVLAN Trunking
đĄIEEE 802.1Q
đĄVLAN Header
đĄInter-Switch Link (ISL)
đĄQuality of Service (QoS)
đĄVoice over IP (VoIP)
đĄPrivate Branch Exchange (PBX)
Highlights
Network administrators segment networks into different broadcast domains for security and organization.
Separate switches can be used to create distinct broadcast domains, but this leads to wasted interfaces.
VLANs provide logical segmentation within a single switch, reducing the need for multiple physical switches.
VLANs maintain separation of broadcast domains while allowing more efficient use of switch interfaces.
Trunking allows extending VLANs across a single connection, streamlining communication between switches.
IEEE 802.1Q standard, also known as dot1Q, enables VLAN trunking for efficient network communication.
VLAN header is added to Ethernet frames when sent across a trunk, identifying the VLAN.
VLAN ID is 12 bits long, supporting up to 4,094 VLANs within a trunk connection.
VLANs 0 and 4,095 are reserved, not used for separate VLAN configurations.
Inter-Switch Link (ISL) was a method for trunking before the 802.1Q standard but is less commonly used today.
Trunking simplifies network cabling by allowing multiple VLANs to be transmitted over a single link.
VLANs can be extended to manage devices like computers and VoIP phones on a single network cable.
Using 802.1Q trunking, a single network cable can support both data and voice VLANs for a computer and phone.
Quality of service can be maintained by assigning different priorities to data and voice VLANs.
VLANs help in organizing networks and optimizing the use of network resources.
Trunking and VLANs are key to modern network design, providing flexibility and efficiency.
Transcripts
Many network administrators like to segment the network
into different broadcast domains.
This is sometimes done to allow additional security features
or we may need to provide separation just
to keep the network organized.
One way you could do this is to have
completely separate switches.
We would have one switch with one broadcast domain,
and you can see there are devices
connected to this red network.
And we have a completely separate switch
on a blue broadcast domain, and we have devices
connecting into that switch.
Because these are physically separated
switches there's no way for anyone on the red network
to communicate to the blue network and vice versa.
One challenge that we have with separating things out
into these separate local area networks
is that there are certainly a lot of wasted interfaces
on the front of these switches.
Since we have only a few devices,
we have a number of interfaces that we've paid for,
that we are powering, and that we're
managing but nothing is ever going
to connect to those interfaces.
It would make a lot more sense if we
could combine these switches together, but still
maintain the separation between the two networks.
Fortunately, there's a way to accomplish this using Virtual
Local Area Networks, or VLANs.
VLANs still provide segmentation within the switch.
We have some interfaces that are configured for the red VLAN,
and we have other interfaces that are
configured for the blue VLAN.
This still maintains separation of the broadcast domains.
The red devices can't communicate
to the blue devices, and vice versa,
but the separation is now done logically inside
of the switch rather than physically
across multiple switches.
If you were to look at a physical switch configuration,
here's one where three separate VLANs are configured-- a VLAN
1, a VLAN 2, and a VLAN 3.
There are devices connected to each one of these VLANs,
and the devices on a single VLAN can't
communicate to any of the other VLANs on the switch.
In most organizations, of course,
there will be more than a single switch
that is connecting the users together.
In fact, there may be tens or hundreds of switches.
And we may need to connect devices
that are on one VLAN on one switch
to the same VLAN on a separate physical switch.
In this example we have two switches.
This ethernet switch on the top has a VLAN 100 and 200.
And the switch on the bottom also
has a VLAN 100 and VLAN 200.
It would be great if we could connect VLAN 100 on one switch
to VLAN 100 on the other, and VLAN 200 on one
switch to VLAN 200 on the other.
One way to accomplish this would be
to simply extend an ethernet cable from VLAN 100
on one switch to a VLAN 100 interface on the other switch.
We could then connect another cable
from a VLAN 200 interface on one switch
to a VLAN 200 interface on the other switch.
Of course, this obviously won't scale very well.
What if there were 20 VLANs on each of these switches?
We would need 20 separate ethernet cables going
between these two switches.
Although that functionally could be used,
it certainly adds a lot of additional overhead
and uses a lot of interfaces on each switch.
Instead of extending separate ethernet links
for each individual VLAN, we can extend a single connection
and communicate all VLANs across that single connection.
We refer to this as VLAN trunking.
You might also see this referred to as the IEEE 802.1Q standard
for ethernet trunking or dot1Q.
When we have a dot1Q trunk, we can send multiple VLANs
across that trunk and then break them out
into the appropriate VLAN on the other side.
So someone on VLAN 100 on the top switch
can communicate to someone with VLAN 100 on the bottom switch
by sending information into the dot1Q trunk.
That would then be put onto the trunk to the other switch,
broken out of the trunk, and then placed
onto the original VLAN 100 network.
We're still logically segmenting these VLANs,
we're just sending them over a single link when we're
communicating between switches.
The process of adding and removing this frame
to an 802.1Q trunk is relatively straightforward.
We have our normal ethernet frame
that we're sending across.
When that hits the trunk, we're going
to add an additional field into this ethernet frame called
a VLAN header.
This VLAN header will contain information about which VLAN
is associated with this data.
So if we add a VLAN 100 frame into the trunk,
VLAN 100 will be embedded within this VLAN header.
And we can have many VLANs extending
across this dot1Q trunk.
This VLAN ID is 12 bits long and allows
us to have 4,094 VLANs inside of that trunk connection.
Some switches will separate these VLANs
into what's called a normal range and an extended range,
where the normal range are VLANs between 1 and 1,005
and the extended range is between 1,006 and 4,094.
You'll notice that the first and last VLANs are reserved.
So VLAN 0 and VLAN 4,095 are reserved values
that you would not normally configure as a separate VLAN.
Before this 802.1Q standard existed,
there was another method to trunk information between
switches called Inter-Switch Link, or ISL.
You may see a reference to ISL when looking through a switch
configuration, but practically everyone uses the IEEE standard
of 802.1Q because that standard is understood and recognized
by switches from multiple manufacturers.
Now that we know the process for adding that VLAN information,
let's see how it would work in a practical form.
Let's take a device on VLAN 200 and have
that device communicate with another device on VLAN 200
that's on a separate ethernet switch.
This device on VLAN 200 will start
by sending this information over the network.
Since this has to go to a device on a separate switch,
it will be directed towards the 802.1Q trunked interface.
That interface will add a VLAN header inside
of that ethernet frame that designates
that it began on VLAN 200.
And it sends that information to the other 802.1Q interface
on the other switch.
That switch examines the VLAN header,
sees that it originated on VLAN 200, removes the VLAN header,
and then places that frame onto the VLAN 200 network.
On two physical switches, the configuration
is relatively straightforward.
This is the original switch we started
with that has a VLAN 1, VLAN 2, and VLAN 3.
And you can see there are devices connected
to each of those VLANs.
We've added a separate switch B that
also has VLAN 1, VLAN 2, and VLAN 3,
but we've added a trunk link between both of those.
And on that trunk, we're sending information
that includes data from VLAN 1, VLAN 2, and VLAN 3.
We've been able to extend this idea of trunking
to better manage the devices that are currently
on our desks.
Specifically, the voice over IP phone and the computer
that we might have on our desk.
Traditionally, we would run one ethernet cable
from the computer that's on our desk
to a switch that exists in a closet nearby.
We would then have a completely separate cable
run for the analog telephone that's
on our desk that usually connects to a PBX,
or Private Branch Exchange switch that's inside
of our organization.
This means we have two separate cables going
to every single desk.
And each one of those cables is using
a different type of technology.
Of course, these days we're using voice over IP phones
which use data connections-- the same data connections
that we would use for our computer.
So we would have all devices on our desk connecting ultimately
to the ethernet switch that's in the closet.
To simplify this, we now only need one single network cable
for both the computer on our desk and the phone.
Physically, this is the way it would connect.
We would have the computer on our desk.
We would plug a computer into our phone.
There would be a separate ethernet connection
that would run from our phone to the switch that's located
inside of a closet nearby.
This means we would only need one cable or one
run between our desk and the switch that's in the closet.
If you've ever used a voice over IP phone that's on a computer
and tried to use the both at the same time,
you may notice that this is not an optimal configuration.
Our computers can send a lot of data
down these network connections, and it's very easy
to overwhelm the time-sensitive communication used
for voice over IP.
One way to resolve this is you would have the computer operate
on one VLAN, and we would have our phone communicating
on a completely separate VLAN.
Since we have a single network link from our desk
to the switch, we would use 802.1Q trunking to accomplish
this.
This is a specialized configuration
that's available in many switches that recognizes
that people will be using a phone and a computer
at the same time from their desk,
and it designates each switch interface
as having both a data VLAN and a voice VLAN.
And since you can configure them separately,
you can provide additional priority
for your voice configuration so that none
of your data communication will ever disrupt your phone calls.
Functionally, this is the way it would work.
Our computer would be on one VLAN--
let's say, VLAN 100--
and our phone would be on a separate phone VLAN,
and we'll call that VLAN 200.
When we send information from our computer,
it's sent across the ethernet link as a normal access
ethernet frame without any type of VLAN trunking.
But if we're ever communicating from our phone,
we'll tag all of the communication between our phone
and the switch with an 802.1Q header that designates that it
came from VLAN 200.
That allows us to set priorities in the switch
and assure that the quality of service
is maintained for all of our voice communication.
Voir Plus de Vidéos Connexes
5.0 / 5 (0 votes)