VLANa Chap 3 2nd Year
Transcript of VLANa Chap 3 2nd Year
-
8/16/2019 VLANa Chap 3 2nd Year
1/20
Chapter 3
VLANs
Introduction
Chapter 2, “LAN Switching,” discusses problems inherent in a LAN and possiblesolutions to improve LAN performance. You learned about the advantages and
disadvantages of using bridges, switches, and routers for LAN segmentation andthe effects of switching, bridging, and routing on network throughput. Finally,you briefly learned about the benefits of Fast Ethernet and virtual local-area net-works (VLANs).
This chapter provides an introduction to VLANs and switched internetworking,compares traditional shared LAN configurations with switched LAN configura-tions, and discusses the benefits of using a switched VLAN architecture.
VLAN Overview
A VLAN is a logical grouping of devices or users, as shown in Figure 3-1. Thesedevices or users can be grouped by function, department, application, and so on,regardless of their physical segment location. VLAN configuration is done at theswitch via software.
Existing Shared LAN ConfigurationsA typical LAN is configured according to the physical infrastructure it is connect-ing. Users are grouped based on their location in relation to the hub they areplugged in to and how the cable is run to the wiring closet. The router intercon-necting each shared hub typically provides segmentation and can act as a broad-cast firewall, whereas the segments created by switches do not. Traditional LANsegmentation does not group users according to their workgroup association orneed for bandwidth. Therefore, they share the same segment and contend for the
same bandwidth, although the bandwidth requirements might vary greatly by toworkgroup or department.
-
8/16/2019 VLANa Chap 3 2nd Year
2/20
74
Chapter 3 VLANs
Segmenting with Switching Architectures
LANs are increasingly being divided into workgroups connected via commonbackbones to form VLAN topologies. VLANs logically segment the physicalLAN infrastructure into different subnets (or broadcast domains, for Ether-net) so that broadcast frames are switched only between ports within the same
VLAN.
Initial VLAN implementations offered a port-mapping capability that estab-lished a broadcast domain between a default group of devices. Current net-work requirements demand VLAN functionality that covers the entirenetwork. This approach to VLANs allows you to group geographically sepa-rate users in networkwide virtual topologies. VLAN configurations groupusers by logical association rather than physical location.
FIGURE 3-1A VLAN is a
group of net-
work devices
or users that is
not restricted
to a physical
switch seg-
ment.
MOVIE 3.1
Broadcast Transmission
Source node to network.
Administration Engineering Marketing
-
8/16/2019 VLANa Chap 3 2nd Year
3/20
Segmenting with Switching Architectures
75
The majority of the networks currently installed provides very limited logicalsegmentation. Users are commonly grouped based on connections to the
shared hub and the router ports between the hubs. This topology provides seg-mentation only between the hubs, which are typically located on separatefloors, and not between users connected to the same hub. This imposes physi-cal constraints on the network and limits how users can be grouped. A fewshared-hub architectures have some grouping capability, but they restrict howyou configure logically defined workgroups.
VLANs and Physical Boundaries
In a LAN that utilizes LAN switching devices, VLAN technology is a cost-effective and efficient way of grouping network users into virtual workgroupsregardless of their physical location on the network. Figure 3-2 shows the dif-ference between LAN and VLAN segmentation. Some of the main differencesare as follows:
VLANs work at Layer 2 and Layer 3 of the OSI reference model.
Communication between VLANs is provided by Layer 3 routing.
VLANs provide a method of controlling network broadcasts.
The network administrator assigns users to a VLAN. VLANs can increase network security by defining which network nodes
can communicate with each other.
FIGURE 3-2
Within a
switched net-
work, VLANsprovide seg-
mentation and
organizational
flexibility.
Sharedhub
Floor 1
Communication between VLANS
Router
LAN 1
Catalyst 3000
Catalyst 5000
Catalyst 3000
VLAN 1
VLAN 2
VLAN 3
Router
Sharedhub
Floor 2
LAN 2
Shared
hub
Floor 3
LAN 3
Traditional LAN segmentation VLAN segmentation
-
8/16/2019 VLANa Chap 3 2nd Year
4/20
76
Chapter 3 VLANs
Using VLAN technology, you can group switch ports and their connected usersinto logically defined workgroups, such as the following:
Coworkers in the same department
A cross-functional product team
Diverse user groups sharing the same network application or software
You can group these ports and users into workgroups on a single switch or onconnected switches. By grouping ports and users together across multipleswitches, VLANs can span single-building infrastructures, interconnectedbuildings, or even wide-area networks (WANs), as shown in Figure 3-3.
Transporting VLANs Across Backbones
Important to any VLAN architecture is the ability to transport VLAN infor-
mation between interconnected switches and routers that reside on the corpo-rate backbone. These transport capabilities consist of the following:
Removing the physical boundaries between users
Increasing the configuration flexibility of a VLAN solution when usersmove
Providing mechanisms for interoperability between backbone systemcomponents.
FIGURE 3-3
VLANs remove
the physical
constraints of
workgroup
communica-
tions.
Catalyst 5000
AccountingVLAN
Floor 3
MarketingVLAN
EngineeringVLAN
Catalyst 5000
FastEthernet
Catalyst 5000
Floor 1
Floor 2
-
8/16/2019 VLANa Chap 3 2nd Year
5/20
Segmenting with Switching Architectures
77
The backbone commonly acts as the collection point for large volumes of traf-fic. It also carries end-user VLAN information and identification between
switches, routers, and directly attached servers. Within the backbone, high-bandwidth, high-capacity links are typically chosen to carry the trafficthroughout the enterprise.
Routers in VLANs
The traditional role of the router is to provide firewalls, broadcast manage-ment, and route processing and distribution. While switches take on some ofthese tasks, routers still remain vital in VLAN architectures because they pro-
vide connected routes between different VLANs. They also connect to otherparts of the network that are either logically segmented with the more tradi-tional subnet approach or require access to remote sites across wide-area links.Layer 3 communication, either embedded in the switch or provided externally,is an integral part of any high-performance switching architecture.
You can cost-effectively integrate external routers into the switching architec-ture by using one or more high-speed backbone connections. These are typi-
cally Fast Ethernet or ATM connections, and they provide benefits by Increasing the throughput between switches and routers
Consolidating the overall number of physical router ports required forcommunication between VLANs
VLAN architecture not only provides logical segmentation, but with carefulplanning, it can greatly enhance the efficiency of a network.
Switched Networking Configuration
The problems associated with shared LANs and the emergence of switches arecausing traditional LAN configurations to be replaced with switched VLANnetworking configurations. Switched VLAN configurations vary from tradi-tional LAN configurations in the following ways:
Switches remove the physical constraints imposed by a shared-hub archi-tecture because they logically group users and ports across the enterprise.Switches replace hubs in the wiring closet. Switches are easily installed with
little or no cabling changes, and can completely replace a shared hub withper-port service to each user.
Switches can be used to create VLANs in order to provide the segmentationservices traditionally provided by routers in LAN configurations.
Switches are one of the core components of VLAN communications. As shownin Figure 3-4, they perform critical VLAN functions by acting as the entrypoint for end-station devices into the switched fabric and for communication
across the enterprise.
-
8/16/2019 VLANa Chap 3 2nd Year
6/20
78
Chapter 3 VLANs
Each switch has the intelligence to make filtering and forwarding decisions byframe, based on VLAN metrics defined by network managers. The switch can
also communicate this information to other switches and routers within thenetwork.
The most common approaches for logically grouping users into distinctVLANs are frame filtering and frame identification. Both of these techniqueslook at the frame when it is either received or forwarded by the switch. Basedon the set of rules defined by the administrator, these techniques determinewhere the frame is to be sent, filtered, or broadcast. These control mechanisms
can be centrally administered (with network management software) and areeasily implemented throughout the network.
Frame filtering examines particular information about each frame. A filteringtable is developed for each switch; this provides a high level of administrativecontrol because it can examine many attributes of each frame. Depending onthe sophistication of the LAN switch, you can group users based on a station’s Media Access Control (MAC) addresses or network-layer protocol type. Theswitch compares the frames it filters with table entries, and it takes the appro-priate action based on the entries.
In their early days, VLANs were filter-based and they grouped users based on afiltering table. This model did not scale well because each frame had to be ref-erenced to a filtering table.
FIGURE 3-4
You can use
switches to
group users,
ports, or logical
addresses into
common com-
munities of
interest.
Layer 2MAC
address
Layer 3
network
DA SA IP
-
8/16/2019 VLANa Chap 3 2nd Year
7/20
VLAN Implementations
79
Frame tagging uniquely assigns a VLAN ID to each frame. The VLAN IDs areassigned to each VLAN in the switch configuration by the switch administra-
tor. This technique was chosen by the Institute of Electrical and Electronic Engineers (IEEE) standards group because of its scalability. Frame tagging isgaining recognition as the standard trunking mechanism; in comparison toframe filtering, it can provide a more scalable solution to VLAN deploymentthat can be implemented campus-wide. IEEE 802.1q states that frame taggingis the way to implement VLANs.
VLAN frame tagging is an approach that has been specifically developed for
switched communications. Frame tagging places a unique identifier in theheader of each frame as it is forwarded throughout the network backbone.The identifier is understood and examined by each switch prior to any broad-casts or transmissions to other switches, routers, or end-station devices. Whenthe frame exits the network backbone, the switch removes the identifier beforethe frame is transmitted to the target end station. Layer 2 frame identificationrequires little processing or administrative overhead.
VLAN Implementations
A VLAN makes up a switched network that is logically segmented by func-tions, project teams, or applications, without regard to the physical location ofusers. Each switch port can be assigned to a VLAN. Ports assigned to the sameVLAN share broadcasts. Ports that do not belong to that VLAN do not sharethese broadcasts. This improves the overall performance of the network. The
following sections discuss three VLAN implementation methods that can beused to assign a switch port to a VLAN. They are
Port-centric VLANs
Static
Dynamic
Port-Centric VLANs
In port-centric VLANs, all the nodes connected to ports in the same VLAN areassigned the same VLAN ID. Figure 3-5 shows VLAN membership by routerport, which make an administrator’s job easier and the network more efficientbecause
Users are assigned by port.
VLANs are easily administered.
It provides increased security between VLANs.
Packets do not “leak” into other domains.
-
8/16/2019 VLANa Chap 3 2nd Year
8/20
80
Chapter 3 VLANs
Static VLANs
Static VLANs are ports on a switch that you statically assign to a VLAN.
These ports maintain their assigned VLAN configurations until you changethem. Although static VLANs require the administrator to make changes, theyare secure, easy to configure, and straightforward to monitor. Static VLANswork well in networks in which moves are controlled and managed.
Dynamic VLANs
Dynamic VLANs are ports on a switch that can automatically determine theirVLAN assignments. Dynamic VLAN functions are based on MAC addresses,
SKILL BUILDER
Creating VLANsIn this lab, you work with Ethernet virtual local-area networks (VLANs). VLANscan separate groups of users based on function rather than physical location.
SKILL BUILDER
Switch Management VLANs
In this lab, you work with virtual local-area networks (VLANs). You console intothe switch and view the menu options available to manage VLANs and check thecurrent VLAN configuration.
FIGURE 3-5
In port-centricVLANs, mem-
bership is eas-
ily controlled
across the net-
work. Also, all
nodes attached
to the same
port must be in
the sameVLAN.
Routing function
interconnects VLANsNetwork layer
Data link layerbroadcastdomains
Physical layerLAN switch
Attachednodes
Floor 1 Floor 2 Floor 3
192.20.21.0 192.20.24.0 192.30.20.0
EngineeringVLAN
MarketingVLAN
SalesVLAN
-
8/16/2019 VLANa Chap 3 2nd Year
9/20
Benefits of VLANs
81
logical addressing, or protocol type of the data packets. When a station is ini-tially connected to an unassigned switch port, the appropriate switch checks
the MAC address entry in the VLAN management database and dynamicallyconfigures the port with the corresponding VLAN configuration. The majorbenefits of this approach are less administration within the wiring closet whena user is added or moved and centralized notification when an unrecognizeduser is added to the network. Typically, more administration is required upfront to set up the database within the VLAN management software and tomaintain an accurate database of all network users.
Benefits of VLANs
VLANs provide the following benefits:
They reduce administration costs related to solving problems associatedwith moves, additions, and changes.
They provide controlled broadcast activity.
They provide workgroup and network security.
They save money by using existing hubs.Adding, Moving, or Changing User Locations
Companies are continuously reorganizing. On average, 20% to 40% of theworkforce physically moves every year. These moves, additions, and changes areone of a network manager’s biggest headaches and one of the largest expensesrelated to managing the network. Many moves require recabling, and almost allmoves require new station addressing and hub and router reconfigurations.
VLANs provide an effective mechanism for controlling these changes and reduc-ing much of the cost associated with hub and router reconfigurations. Users in aVLAN can share the same network address space (that is, the IP subnet), regard-less of their location. When users in a VLAN are moved from one location toanother, as long as they remain within the same VLAN and are connected to aswitch port, their network addresses do not change. A location change can be assimple as plugging a user in to a port on a VLAN-capable switch and configur-ing the port on the switch to that VLAN, as shown in Figure 3-6.
VLANs are a significant improvement over the typical LAN-based techniquesused in wiring closets because they require less rewiring, configuration, anddebugging. Router configuration is left intact; a simple move for a user fromone location to another does not create any configuration modifications in therouter if the user stays in the same VLAN.
Controlling Broadcast Activity
Broadcast traffic occurs in every network. Broadcast frequency depends on thetypes of applications, the types of servers, the amount of logical segmentation,
-
8/16/2019 VLANa Chap 3 2nd Year
10/20
82
Chapter 3 VLANs
and how these network resources are used. Although applications have beenfine-tuned over the past few years to reduce the number of broadcasts they
send out, new multimedia applications are being developed that are broadcastand multicast intensive.
You need to take preventive measures to ensure against broadcast-related
problems. One of the most effective measures is to properly segment the net-work with protective firewalls that, as much as possible, prevent problems onone segment from damaging other parts of the network. Thus, although onesegment may have excessive broadcast conditions, the rest of the network isprotected with a firewall commonly provided by a router. Firewall segmenta-tion provides reliability and minimizes the overhead of broadcast traffic,allowing for greater throughput of application traffic.
When no routers are placed between the switches, broadcasts (Layer 2 trans-missions) are sent to every switched port. This is commonly referred to as aflat network, where there is one broadcast domain across the entire network.The advantage of a flat network is that it can provide both low-latency andhigh-throughput performance and it is easy to administer. The disadvantage isthat it increases vulnerability to broadcast traffic across all switches, ports,backbone links, and users.
FIGURE 3-6
VLAN-capable
switches
simplify the
rewiring,configuration,
moving of
users, and
debugging that
are required to
get a user back
online.
Catalyst 3000
Moved user
Sharedhub
Newlocation
Sameaddress
Floor 2
Floor 1
Router
-
8/16/2019 VLANa Chap 3 2nd Year
11/20
Benefits of VLANs
83
VLANs are an effective mechanism for extending firewalls from the routersto the switch fabric and protecting the network against potentially dangerous
broadcast problems. Additionally, VLANs maintain all the performancebenefits of switching.
You create firewalls by assigning switch ports or users to specific VLANgroups both within single switches and across multiple connected switches.Broadcast traffic within one VLAN is not transmitted outside the VLAN, asshown in Figure 3-7. Conversely, adjacent ports do not receive any of thebroadcast traffic generated from other VLANs. This type of configuration sub-
stantially reduces the overall broadcast traffic, frees bandwidth for real usertraffic, and lowers the overall vulnerability of the network to broadcaststorms.
The smaller the VLAN group, the smaller the number of users affected bybroadcast traffic activity within the VLAN group. You can also assign VLANsbased on the application type and the number of applications broadcasts. Youcan place users sharing a broadcast-intensive application in the same VLAN
group and distribute the application across the campus.Providing Better Network Security
The use of LANs has increased at a very high rate over the past several years.As a result, LANs often have confidential, mission-critical data moving acrossthem. Confidential data requires security through access restriction. One prob-lem of shared LANs is that they are relatively easy to penetrate. By plugging into a live port, an intrusive user has access to all traffic within the segment. The
larger the group, the greater the potential access.
FIGURE 3-7
Restricting
both the num-
ber of switch
ports within a
VLAN and the
users residing
on these ports
can easily con-
trol the size of
a broadcast
domain.
Broadcast Domain 2
Broadcast Domain 1
-
8/16/2019 VLANa Chap 3 2nd Year
12/20
84
Chapter 3 VLANs
One cost-effective and easy administrative technique to increase security is tosegment the network into multiple broadcast groups, as shown in Figure 3-8,
which allows the network manager to Restrict the number of users in a VLAN group
Disallow another user from joining without first receiving approval fromthe VLAN network management application
Configure all unused ports to a default low-service VLAN
Implementing this type of segmentation is relatively straightforward. Switchports are grouped together based on the type of applications and access privi-leges. Restricted applications and resources are commonly placed in a securedVLAN group. On the secured VLAN, the router restricts access into the groupas configured on both the switches and the routers. Restrictions can be placedbased on station addresses, application types, or protocol types.
You can add more security enhancements by using access control lists, whichwill be covered in Chapter 6, “ACLs.” These are especially useful when commu-
nicating between VLANs. On the secured VLAN, the router restricts access to theVLAN as configured on both switches and routers. You can place restrictions onstation addresses, application types, protocol types, or even by time of day.
Saving Money by Using Existing Hubs
Over the past several years, network administrators have installed a significantnumber of hubs. Many of these devices are being replaced with newer switch-ing technologies. Because network applications require more dedicated band-
width and performance directly to the desktop, these hubs still perform useful
FIGURE 3-8VLANs provide
security fire-
walls, restrict
individual user
access, and
flag any
unwanted
intrusion to
a network
manager.
SecuredVLAN
-
8/16/2019 VLANa Chap 3 2nd Year
13/20
Benefits of VLANs
85
functions in many existing installations. Network managers save money byconnecting existing hubs to switches.
Each hub segment connected to a switch port can be assigned to only oneVLAN, as shown in Figure 3-9. Stations that share a hub segment are allassigned to the same VLAN group. If an individual station needs to be reas-signed to another VLAN, the station must be relocated to the correspondinghub. The interconnected switch fabric handles the communication between theswitching ports and automatically determines the appropriate receiving seg-ments. The more the shared hub can be broken into smaller groups, the greaterthe microsegmentation and the greater the VLAN flexibility for assigning indi-
vidual users to VLAN groups.By connecting hubs to switches, you can configure hubs as part of the VLANarchitecture. You can also share traffic and network resources directlyattached to switching ports with VLAN designations.
SKILL BUILDER
Switch Firm Ware Update/TFTP
In this lab, you learn to display information about current Switch Firmware, learnabout switch memory and update options, and how to use a TFTP Server to updatea switch to a new version of the Firmware software.
SKILL BUILDER
Multi-Switch VLANs
In this lab, you work with Ethernet virtual local-area networks (VLANs). VLANscan separate groups of users based on function rather than physical location. Nor-mally, all the ports on a switch are in the same default VLAN 1.
FIGURE 3-9
The connec-tions between
hubs and
switches pro-
vide opportuni-
ties for VLAN
segmentation.
HubHub
Hub
Hub
Hub
Hub
Hub
VLAN1 VLAN1
VLAN2VLAN2
VLAN3 VLAN3
-
8/16/2019 VLANa Chap 3 2nd Year
14/20
86
Chapter 3 VLANs
Summary
An Ethernet switch is designed to physically segment a LAN into individualcollision domains.
A typical LAN is configured according to the physical infrastructure itconnects.
In a LAN that uses LAN switching devices, VLAN technology is acost-effective and efficient way of grouping network users into virtualworkgroups, regardless of their physical location on the network.
VLANs work at Layer 2 and Layer 3 of the OSI reference model. Important to any VLAN architecture is the ability to transport VLAN
information between interconnected switches and routers that reside on thecorporate backbone.
The problems associated with shared LANs and switches are causing tradi-tional LAN configurations to be replaced with switched VLAN networkingconfigurations.
The most common approaches for logically grouping users into distinctVLANs are frame filtering and frame identification (frame tagging).
There are three main types of VLANs: port-centric VLANs, static VLANs,and dynamic VLANs.
VLANs provide the following benefits:
— They reduce administration costs related to solving problemsassociated with moves, additions, and changes.
— They provide controlled broadcast activity.— They provide workgroup and network security.
— They save money by using existing hubs.
-
8/16/2019 VLANa Chap 3 2nd Year
15/20
Check Your Understanding
87
Check Your Understanding
Complete all the review questions to test your understanding of the topics andconcepts covered in this chapter. Answers are listed in Appendix B, “CheckYour Understanding Answer Key.”
1. Describe the benefits of VLANs.
2. What is the effect of VLANs on LAN broadcasts?
3. What are the three main VLAN implementations?
4. What is the purpose of VLAN frame tagging?
5. The phrase microsegmentation with scalability means which of thefollowing?
A. The ability to increase networks without creating collisions domains
B. The ability to put a huge number of hosts on one switch
C. The ability to broadcast to more nodes at once
D. All of the above
6. Switches, as the core element of VLANs, provide the intelligence to dowhich of the following?
A. They group users, ports, or logical addresses into a VLAN.
B. They make filtering and forwarding decisions.
C. They communicate with other switches and routers.D. All of the above.
7. Each _____ segment connected to a _____ port can be assigned to onlyone VLAN.
A. Switch; hub
B. Hub; router
C. Hub; switch
D. LAN; hub
-
8/16/2019 VLANa Chap 3 2nd Year
16/20
88
Chapter 3 VLANs
8. Which of the following is not an advantage of using static VLANS?
A. They are secure.
B. They are easy to configure.
C. They are easy to monitor.
D. They automatically configure ports when new stations are added.
9. Which of the following is not a criterion on which VLANs can be based?
A. Port ID
B. Protocol
C. MAC address
D. All of the above are criteria on which VLANs can be based
10. Which of the following is a beneficial effect of adding a VLAN?
A. Switches do not need to be configured.
B. Broadcasts can be controlled.C. Confidential data can be protected.
D. Physical boundaries that prevent user groupings can be removed.
11. Which of the following statements pertaining to virtual LANs is false?
A. The most common approaches for logically grouping users into dis-tinct VLANs are frame filtering and frame identification.
B. VLAN benefits include tighter network securtiy with establishment ofsecure user groups.
C. Bridges form one of the core components of VLAN communications.
D. VLANs help in distributing traffic load.
12. What Layer 3 function on a switch allows you to easily manipulatedevices that reside in different IP subnets?
A. Transparent bridging
B. Segmentation
C. Reduction of collision domains
D. VLANs
-
8/16/2019 VLANa Chap 3 2nd Year
17/20
Check Your Understanding
89
13. What device is needed for a packet to be passed from one VLAN toanother?
A. Bridge
B. Router
C. Switch
D. Hub
14. Which layer of the OSI model does frame tagging occur?
A. Layer 1B. Layer 2
C. Layer 3
D. Layer 4
15. __________ allows switches to share address tables while __________assigns a user-defined VLAN ID to each frame.
A. Frame tagging; frame forwarding
B. Frame identification; frame removal
C. Frame filtering; frame tagging
D. Frame tagging; frame filtering
16. Which of the following is not a beneficial effect of adding a VLAN?
A. Switches do need configuring.B. Nodes within a VLAN which are physically moved do not change net-
work addresses.
C. Confidential data can be protected.
D. Physical boundaries which prevent user grouppings can be removed.
17. True or False: VLANs are more flexible in handling moves and additions
of ports than routers.A. True
B. False
-
8/16/2019 VLANa Chap 3 2nd Year
18/20
90
Chapter 3 VLANs
18. Which of the following is not a benefit of VLANs?
A. Multicast control
B. Broadcast control
C. Reduce router interfaces required
D. None of the above
19. Why create VLANs?
A. Moves, adds, and changes are made simpler.
B. There is less administrative overhead.
C. The router can switch faster.
D. Both A and B.
Key Terms
access control list (ACL) A list kept by a Cisco router to control access to orfrom the router for a number of services (for example, to prevent packets witha certain IP address from leaving a particular interface on the router).
broadcast A data packet that is sent to all nodes on a network. Broadcastsare identified by a broadcast address.
broadcast domain The set of all devices that will receive broadcast framesoriginating from any device within the set. Broadcast domains are typically
bounded by routers because routers do not forward broadcast frames.
broadcast storm An undesirable network event in which many broadcastsare sent simultaneously across all network segments. A broadcast storm usessubstantial network bandwidth and, typically, causes network time-outs.
collision domain In Ethernet, the network area within which frames thathave collided are propagated. Repeaters and hubs propagate collisions; LANswitches, bridges, and routers do not.
dynamic VLAN A VLAN that is based on the MAC addresses, the logicaladdresses, or the protocol type of the data packets.
firewall A router or an access server, or several routers or access servers,designated as a buffer between any connected public networks and a privatenetwork. A firewall router uses access control lists and other methods toensure the security of the private network.
-
8/16/2019 VLANa Chap 3 2nd Year
19/20
Key Terms
91
flat network A network in which there are no routers placed between theswitches, broadcasts and Layer 2 transmissions are sent to every switched
port, and there is one broadcast domain across the entire network.frame A logical grouping of information sent as a data link–layer unit over atransmission medium. Often refers to the header and trailer, used for synchro-nization and error control, that surround the user data contained in the unit.The terms datagram, message, packet , and segment are also used to describelogical information groupings at various layers of the OSI reference model andin various technology circles.
hub A hardware or software device that contains multiple independent butconnected modules of network and internetwork equipment. Hubs can beactive (where they repeat signals sent through them) or passive (where they donot repeat, but merely split, signals sent through them).
Institute of Electrical and Electronic Engineers (IEEE) A professional orga-nization whose activities include the development of communications and net-work standards. IEEE LAN standards are the predominant LAN standards
today. LAN switch A high-speed switch that forwards packets between data-linksegments. Most LAN switches forward traffic based on MAC addresses. LANswitches are often categorized according to the method they use to forwardtraffic: cut-through packet switching or store-and-forward packet switching.An example of a LAN switch is the Cisco Catalyst 5000.
Media Access Control (MAC) address A standardized data link layer
address that is required for every port or device that connects to a LAN. Otherdevices in the network use these addresses to locate specific ports in the net-work and to create and update routing tables and data structures. A MACaddress is 6 bytes long. MAC addresses are controlled by the IEEE and arealso known as hardware addresses, MAC-layer addresses, and physicaladdresses.
microsegmentation The division of a network into smaller segments, usuallywith the intention of increasing aggregate bandwidth to network devices.
multicast Single packets copied by a network and sent out to a set of net-work addresses. These addresses are specified in the destination address field.
port An interface on an internetworking device (such as a router).
port-centric VLAN A VLAN in which all the nodes in the same VLAN areattached to the same switch port.
-
8/16/2019 VLANa Chap 3 2nd Year
20/20
92
Chapter 3 VLANs
protocol A formal description of a set of rules and conventions that governhow devices on a network exchange information.
router A network-layer device that uses one or more metrics to determine theoptimal path along which network traffic should be forwarded. Routers for-ward packets from one network to another based on network-layer informa-tion. Occasionally called a gateway (although this definition of gateway isbecoming increasingly outdated).
scalability The ability of a network to grow without any major changes tothe overall design.
segment A section of a network that is bounded by bridges, routers, orswitches.
static VLAN A VLAN in which the ports on a switch are statically assigned.
switch A network device that filters, forwards, and floods frames based onthe destination address of each frame. The switch operates at the data linklayer of the OSI reference model.
VLAN (virtual LAN) A group of devices on a LAN that are configured (usingmanagement software) so that they can communicate as if they were attachedto the same wire, when, in fact, they are located on a number of different LANsegments. Because VLANs are based on logical instead of physical connec-tions, they are extremely flexible.