290 likes | 594 Vues
VLAN Basic- VLAN switch principle. V1.2. All the devices in one collision domain All the devices in one broadcast domain All the devices share the same bandwidth. A. B. C. D. Hubs : Work at physical layer. Collision Domain. More terminals means more chances to collide CSMA/CD.
E N D
All the devices in one collision domain All the devices in one broadcast domain All the devices share the same bandwidth A B C D Hubs:Work at physical layer
Collision Domain • More terminals means more chances to collide • CSMA/CD
Each segment is a single collision domain All the segments are in one broadcast domain 4 Switch: Works At Data Link Layer 1 2 3
Every segment is a collision domain Broadcast packet will be forwarded to all the segments Switch Working Principles Switch Memory
Address learning Forward/filter decision Loop avoidance MAC table MAC address table A B 0260.8c01.1111 0260.8c01.3333 E0 E1 E2 E3 C D 0260.8c01.2222 0260.8c01.4444
Station A sends a frame to Station C Switch caches station A MAC address to port E0 by learning the source address of frame Frame from station A to station C is flooded out to all ports except port E0 Learning And Flooding MAC address table E0: 0260.8c01.1111 A B 0260.8c01.1111 0260.8c01.3333 E0 E1 C D E2 E3 0260.8c01.2222 0260.8c01.4444
Filtering • Station A sends a frame to station C • Destination is known, frame is not flooded MAC address table E0: 0260.8c01.1111 E2: 0260.8c01.2222 A B E1: 0260.8c01.3333 E3: 0260.8c01.4444 0260.8c01.1111 0260.8c01.3333 E0 E1 X X C D E2 E3 0260.8c01.2222 0260.8c01.4444
Broadcast storm Broadcast frame SALES Dept. ENG Dept. HR Dept.
Isolate different Dept.-physical ENG Dept. HR Dept. SALES Dept.
VLAN-logically isolate Dept. Port-based Broadcast domain 1 VLAN 10 Broadcast domain 3 VLAN 30 Broadcast domain 2 VLAN 20 SALES Dept. ENG Dept. HR Dept. A VLAN = A broadcast domain = Logical network (subnet)
Segmentation Flexibility Security VLAN advantages 3rd floor 2nd floor 1st floor SALES HR ENG span-switch interconnection?
Data Data CRC CRC DA DA SA SA tag Type Type TCI CFI VLAN ID TPID Priority VLAN frame format & types Standard ethernet frame:untagged frame VID IEEE802.1Q ethernet frame:tagged frame Question:When and where to add or strip tag ?
VLAN filtering MAC vlan IDPort mac-Avlan10P5 mac-Bvlan10P7 Port5 Port7 ARPrequest ARPreply A B 100.1.1.11mac-B 100.1.1.10mac-A
VLAN Link Types Trunk link PVID Access link VLAN-aware/unaware devices:devices that able/unable to understand VLAN membership and VLAN frame formats An access link is a LAN segment used to multiplex one or more VLAN-unaware devices into a port of a Switch A trunk link is a LAN segment used for multiplexing VLANs between Switch
Span-switch VLAN communication VLAN 20 VLAN 10 Tagged frame with VLAN ID 10 PVID=10 Untagged frame PVID=10 PVID=20 Untagged frame VLAN 20 VLAN 10
link Access Trunk direction Untagged frame Add tag(VID=PVID) In Tagged frame Forwarded according to MAC address table Strip tag and send out vid=pvid Out Allowed to pass? vid=pvid Y: forwarded N: discarded Discarded Summarization
Hybrid Link Server 1 2 3 4 5 A D B C
PVLAN: All Ports In One VLAN Uplink network 1 2 3 4 5 A D B C
QinQ: Layer 2 VPN Forwarded according to outer tag 100 VLAN 10 VLAN 10 100:10 200:10 Forwarded according to outer tag 100 VLAN 10 VLAN 10
10.1.1.1 mac-A vlan10 P10 CPU LPM 20.1.1.1 mac-B vlan20 P20 Routing engine 10.1.1.254 mac-L vlan10 Vif10 20.1.1.254 mac-N vlan10 Vif20 Vif 10: Mac-L,10.1.1.254 Vif 20: Mac-N,20.1.1.254 MAC vlan IDPort L3-flag mac-Lvlan10Vif10 1 mac-Nvlan20Vif20 1 Switching engine mac-Avlan10P5 0 mac-Bvlan10P7 0 Port20 Port10 A, 10.1.1.1 B, 20.1.1.1 Layer 3 Switching
Super VLAN 10: 10.1.1.254 Sub-VLAN2 Sub-VLAN3 VLAN3 A D B C Super VLAN
Review • Collision and Broadcast domain • How to isolate different Dept. logically? • VLAN advantages • Frame types • Link types • VLAN switching rules • Layer 3 switching