Implementation of the Virtual LAN

Virtual LANs (VLANs) are used to break up broadcast domains in a Layer 2 switched internetwork. As VLANs promote efficient use of network resources, it is wise to beef up your knowledge of this technology. n this !aily !rill !own, it will e"plain how to implement the VLAN technology using #isco routers and Layer 2 switches. A common LAN network design implemented in the last $% years or so is called a collapsed backbone. &asically, it connected all floors or rooms in a building to a network where the company's shared ser(ers were located. )he typical collapsed*backbone network would look something like +igure A.

)he popular solution to this dilemma was the practice of installing bridges on each floor. )he new design looked like Figure B.

,ach floor is now a separate collision domain, which really helped-for a while. &ut look again-this network is still one immense broadcast domain. As networks grew and more and more network ser(ices became a(ailable to users, this design became saturated, resulting in lame response time for the users. #isco routers became more cost*effecti(e. (.rior to that, they were cost prohibiti(e for smaller companies, e(en though they had been a(ailable. /ith the ad(ent of router affordability, the solution to the monstrous broadcast domain issue was to use a #isco router to break up both collision and broadcast domains. )he new and cool network now looked like the one shown in Figure C. )he fiber was not discarded but used in point*to*point connections from each floor to the router.

n this network, a single router has replaced the bridges. )hat the router breaks up collision and broadcast domains and that this replaces bridges0 it doesn't 1ust add to their functionality. n fact, the bridge, if left in the network, only slowed the network down (created latency issues). A single router connecting all the floors really worked. As long as users kept their data on the local network. )his type of network design was implemented worldwide, and ,thernet became the de facto standard that ran to each desktop.

)his type of network has been discussed, worked, and reworked. 2ost of the problems that typically surface ha(e to do with physical location. n other words, for the network to work as designed, you create physical networks and assign subnets to these physical networks. 3sers are then placed in a physical location by 1ob function. As long as e(eryone on the same floor performed the same 1ob and shared the same network resources, the network sang. &ut flies land in the ointment en masse when users with disparate functions and needs are placed on the same floor. )he problems created by this scenario can include4

3sers with different 1ob functions sharing the same broadcast domain. Anomaly users (those with needs and5or functions not common to a gi(en broadcast domain) re6uired that all their data (packets) cross a Layer 7 de(ice to communicate with the network resources they needed. &andwidth usage 6uickly became an issue because too many users were placed in the same broadcast5collision domain.

A good solution to this dilemma really didn't e"ist. )here are a few solutions (workarounds) typically configured on the network4 Adding another broadcast domain by configuring another router port with another hub connected to the floor4 )his keeps the new users off the e"isting broadcast domain, but all these new users must still cross a Layer 7 de(ice to get to the network ser(ices they use. 8unning a cable from the workstations to the correct broadcast domain4 )his one actually works pretty well (as long as you don't e"ceed the distance constraints), but there are dollars in(ol(ed in running the cables. 2o(ing the whole group to another part of the building that has enough room for e(eryone4 &elie(e it or not, this was the most common solution.

Enter Layer 2 switching and VLANs

&ridges were the precursor to Layer 2 LAN switching. 9witches were basically designed to perform the same function as a bridge but with more ports. A typical bridge only had two ports, although you could buy bridges that had up to $:. A LAN switch can ha(e hundreds of ports, and LAN switches are more intelligent. LAN switches filter the network by hardware address, break up collision domains, pro(ide port security, and can create VLANs. )his has changed network design $%% percent from the world of collapsed backbones. nstead of ha(ing to worry about creating networks by physical location, VLANs turned the network*design world on its ear by pro(iding options and fle"ibility like ne(er before to fit any business model. )he only design constraint in this type of network is the network administrator's lack of imagination. Let's take a look at our pre(ious network design and use VLANs instead of routers to break up our networks. )wo VLANs were created for this e"ample (see Figure D).

)his network is easy to maintain and create security on, and best of all, the physical location of a user is completely irrele(ant. 8egardless of where users are located, they can be placed in any broadcast domain (VLAN). After studying the customer's business re6uirements by talking with both users and management, was able to come up with a (ery cool network that took only a few hours to implement. Figure F shows the new network.

n +igure + are the names of the rooms in the building0 and named the VLANs after the rooms. )his allowed the administrators to easily identify and locate the VLANs. Also, the . subnet scheme was designed after the floor and room numbers, since the rooms were also numbered. &y looking at an . address on a machine, the network administrator could tell which floor, room, and VLAN this de(ice. )he used of switches connects rooms of all the users and then assigned each port to a specific VLAN. ;ne 2<%% switch in the first floor and configured it as the Virtual )runk .rotocol (V).) 9er(er and

placed the other 2<%% on the second floor and put it to work as a V). #lient. )hat way, the second floor 2<%% would learn about VLANs from the V). ser(er. (V). is a protocol that sends VLAN information between switches.) !oing this really streamlined implementation because it meant only had to create my VLANs on the first loor 2<%%, which would then broadcast the information to the second floor switch. #reating VLANs by location more than 6uadrupled the customer's response time. ()his makes you (ery popular.) .lus, since they already had the switches, this network cost my client (ery little, was elegantly easy to implement, and was designed to make it (ery simple for the administrators to add new users. ()his makes you e"tremely popular.) Need selling points for this type of design= t can help4

9ol(e your client's problem efficiently. >i(e your client better*than*e"pected results. 9a(e time and money. #reate something the client can readily understand, control, and scale for growth (making him5her feel competent and confident).

An important thing to understand in this e"ample is that all users need to get to VLAN $ because of a shared database. )his means that the users must lea(e their broadcast domain (VLAN) and get information from the 9er(er hosting the database. )o do this, we must configure a router. Luckily, the building already had some good switches and routers ?ere's the output from a 2:2$ router that shows the 9L configuration4 @output cutA interface +ast,thernet%5% ip address $%.$.$.$ 2BB.2BB.2BB.% C interface +ast,thernet%5%.$$ encapsulation isl $$ ip address $%.$.$$.$ 2BB.2BB.2BB.% C interface +ast,thernet%5%.$2 encapsulation isl $2 ip address $%.$.$2.$ 2BB.2BB.2BB.% C interface +ast,thernet%5%.$7 encapsulation isl $7 ip address $%.$.$7.$ 2BB.2BB.2BB.% @output cutA n this configuration, subinterfaces were used to allow all VLANs to be connected to one router interface. n this e"ample, the interface used is +ast,thernet %5% to make the subinterfaces the same number as the VLAN number for easy identification. )he first command under the subinterface is the encapsulation command, which is used to direct the router to the VLAN number of the subinterface and to use inter*VLAN routing. After the encapsulation command was used to define the VLAN and inter*VLAN routing type and

added the . address assigned to the subinterface. )he hosts in each VLAN would use the . address assigned to this interface as their default gateway. +or e"ample, users in VLAN $2 would be configured to use $%.$.$2.$ as their default gateway. )his allowed the users to get out of their own VLAN and to access company shared ser(ices, as well as the nternet.

Conclusion
)his helped you to understand how (aluable using VLAN technology in an internetwork can be and that you now ha(e a clearer picture of how to create them. ,(en though the largest benefit of creating VLANs in an internetwork is that you are no longer confined to a physical location, this real*life e"ample in(ol(ed creating VLANs by physical location because that was what was best for the customer.