1 / 21

VLAN

VLAN. CK NG Technical Marketing. Speaker 2006/XX/XX. Speaker 2007/XX/XX. WWW.Edge-Core.com. www.Edge-Core.com. Broadcast Domain. Broadcast Domain. Broadcasts, Multicast & Unknown unicast flood to every switch port, they consume bandwidth

zita
Télécharger la présentation

VLAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VLAN CK NG Technical Marketing Speaker 2006/XX/XX Speaker 2007/XX/XX WWW.Edge-Core.com www.Edge-Core.com

  2. Broadcast Domain Broadcast Domain • Broadcasts, Multicast & Unknown unicast flood to every switch port, they consume bandwidth • When the number of the end devices increases, the broadcast storm tend to occur and reduce the network performance Broadcast Multicast Unknown Unicast

  3. Virtual LAN Finance Department Finance Department Sales Department R&D Department R&D Department Sales Department • VLAN segments broadcast domain, reduce broadcast traffic • VLAN provides LAN security

  4. Inter-switch VLAN Finance Department • For users located in different switches but same VLAN to communicate, extra links for each VLAN need to be created which consume switch ports Finance Department Sales Department R&D Department Sales Department R&D Department

  5. 802.1Q VLAN tagging Finance Department 2 4 3 • By adding a tag in the packet, switch can differentiate which vlan the packet belong to, so only one link is needed for inter-switch vlan communication Finance Department Sales Department R&D Department Sales Department R&D Department

  6. 802.1Q Tagged Packet Format data User Priority CFI VLAN Identifier (VID) Preamble Tag Type T C I Length/Type S F D D A SA F C S 1 3 4 5 8 12 15 TCI 1 octet 7 octets 6 octets 6 octets 2 octets 2 octets 2 octets 4 octets 42-1500 octets 81-00 Tag 12 bit VID 2 12 =0~4095 802.1p Priority ID 3 bit 23=0~7

  7. Ingress Rules • Acceptable frame types • Admit only VLAN-tagged frames • Admit all frames • Port VLAN Identifier • Provides the VID for untagged and Priority tagged frames received • Enable Ingress Filtering • The ingress rules shall discard any frame received on the port whose VLAN classification does not include that port in its member set

  8. Egress Rules • Determine for a given VLAN, through which ports frames may be transmitted • Determine in what format (tagged or untagged) should the frames be transmitted

  9. Port-Based VLAN DA SA FF-FF-FF-FF-FF-FF 00-1C-CF-0D-15-BF 2 2 DA SA Data Data DA DA DA DA DA SA SA SA SA SA Data Data Data Data Data VID=2 Untag Egress Rule PVID=2 Ingress Rule PVID=2 PVID=2 Ingress Rule VID=2 Untag Egress Rule VID=2 Untag Egress Rule VLAN Table VID MAC Tagged 1 1,3…23 u,u…u Untag frame ARP Reply 2 2,14,24 u, u,u ARP Request MAC Address Table Port MAC VID 2 Mac A 2 Server Host A Host B 24 Mac C 2

  10. Port-Based VLAN DA SA MAC D 01-00-5E-01-01-01 00-1C-CF-0D-15-BF 00-1C-CF-0D-15-BF 2 Data DA DA DA DA DA DA SA SA SA SA SA SA Data Data Data Data Data Data VID=2 Untag Egress Rule PVID=2 Ingress Rule PVID=2 PVID=2 Ingress Rule VID=2 Untag Egress Rule VID=2 Untag Egress Rule VLAN Table VID MAC Tagged 1 1,3…23 u,u…u Untag frame Unknown Unicast 2 2,14,24 u, u,u MAC Address Table Multicast Port MAC VID 2 Mac A 2 Server Host A Host B 24 Mac C 2

  11. Port-Based VLAN Overlapping DA DA SA SA 3 2 99 99 DA DA SA SA Data Data Data Data DA DA DA DA DA DA DA DA SA SA SA SA SA SA SA SA Data Data Data Data Data Data Data Data Mode Link VID=2 Untag VID=3 Untag Egress Rule PVID=2 Ingress Rule PVID=3 PVID=99 Ingress Rule VID=2 VID=99 UNTAG Egress Rule VID=3 VID=99 UNTAG Egress Rule Port 2 14 24 Untag frame Vlan 2 Vlan 3 Vlan 99 Server Host A Host B

  12. 802.1Q Tagged VLAN DA DA DA DA SA SA SA SA 3 3 2 2 2 3 2 3 DA DA DA DA SA SA SA SA Data Data Data Data Data Data Data Data DA DA DA DA SA SA SA SA Data Data Data Data PVID=3 VID=2 TAG VID=3 TAG Egress Rule PVID=2 Ingress Rule PVID=1 Ingress Rule VID=2 UNTAG Egress Rule VID=3 UNTAG Port 2 14 24 TAG frame Vlan 2 Vlan 3 Server Host A Host B Q-aware Server Port, uplink Port

  13. VLAN Trunk Configuration Finance Department 2 4 3 PVID=4 VID=4 Untagged PVID=1 VID=1 Untagged VID=2,3,4 Tagged ( Port mode trunk VID=1 Tagged ) PVID=3 VID=3 Untagged PVID=2 VID=2 Untagged Finance Department Sales Department R&D Department Sales Department R&D Department

  14. VLAN Configuration

  15. Private VLAN CK NG Technical Marketing Speaker 2006/XX/XX Speaker 2007/XX/XX WWW.Edge-Core.com www.Edge-Core.com

  16. Private VLAN • Private VLAN was initially designed for large ISPs hosting several server farms for several customers • Private VLAN provides segregation of traffic at Layer 2 for security • Host in the same broadcast segment are unable to talk to each other and they are only able to communicate with the designated server

  17. Traffic Segmentation • Uplink Port • Connect to switch, router or server • Be able to communicate with another uplink port and any other downlink port(s) • Downlink port • Connect to PC (end user) • Only be able to communicate with uplink port(s) • Hosts or servers can send untagged or tagged packets.

  18. Private VLAN Notebook Internet Router Pvlan uplink Ethernet 1/24 Pvlan Downlink Ethernet 1/1-23

  19. Private VLAN Configuration

  20. Private VLAN PSTN Vlan 2 Vlan 3 Internet Pvlan uplink Ethernet 1/25 Sw all vlan add 2,3,4 tagged Router Vlan 4 Pvlan Downlink Ethernet 1/1-24 Sw all vlan add 2,3,4 tagged IP-TV Server Isolated VLAN 2 downlink ports Data_Subscribers VLAN 4 IPTV VLAN 2 Data VLAN 4 IPTV VLAN 2 Data VLAN 3 Voice Triple Play_Subscribers

  21. Private VLAN Configuration

More Related