networking:vlan
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| networking:vlan [2020/10/25 00:42] – hvillanueva | networking:vlan [2021/03/12 17:13] (current) – removed dgonzalez | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== VLAN (VIRTUAL AREA NETWORKS) ====== | ||
| - | A VLAN (802.1Q), an acronym for virtual LAN (virtual local area network), is a method of creating independent logical networks within the same physical network. | ||
| - | Multiple VLANs can coexist on a single physical switch or on a single physical network. | ||
| - | They are useful for reducing the size of the broadcast domain and help in network administration, | ||
| - | |||
| - | In itself, a VLAN can be formed by two computer networks that are connected, in a physical sense, to different segments of a LAN network, but which nevertheless act as if they were attached to the same port. This is because they have the same VLAN ID and make up a single Broadcast domain. The maximum number of VLAN IDs possible to implement is 4096. | ||
| - | |||
| - | There are several ways to establish a VLAN. Level 1 VLANs are those that are developed from the use of ports. Layer 2 VLANs are created through the assignment of MAC addresses or by protocol type and Layer 3 VLANs, which involve the creation of IP subnets. | ||
| - | |||
| - | There is also another type of VLAN called QinQ, it is an L2 technology for operators or large companies that have a backbone based on L2 allowing them to encapsulate a VLAN identifier (ID) (IEEE 802.1Q) in another 802.1Q identifier (ID). This is a practical approach to supporting clients with multiple VLANs using a single VLAN ID to be transported across a given backbone. QinQ offers from 4096 VLANs (12 bits), up to 16.8 million VLANs (4096 x 4096, 24 bits) in total. | ||
| - | |||
| - | ===== LABORATORY ===== | ||
| - | |||
| - | {{: | ||
| - | |||
| - | The demo was done with Cisco devices. Normally in a solution like this, the first thing that is always configured first is the layer 3 unit, which activates all inter-VLAN routing of all IDs tied to an IP subnet. In this case the Router. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | {{: | ||
| - | |||
| - | With the previous lines we activate the L3 interfaces that are in turn related to the VLAN ID L2. | ||
| - | |||
| - | Next, we proceed to configure the access switches, first creating the VLANs: | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Next we proceed to configure ports vs VLAN ID: | ||
| - | |||
| - | VLAN 10 configuration, | ||
| - | |||
| - | {{: | ||
| - | |||
| - | VLAN 20 configuration, | ||
| - | |||
| - | {{: | ||
| - | |||
| - | VLAN 30 configuration, | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Then we proceed to configure the ports of common use where more than one VLAN ID will pass. In this case, it would be the inter-switch connection and switch-router communication ports (homogeneous configuration for all switches): | ||
| - | |||
| - | {{: | ||
| - | |||
| - | The Trunk method allows all the VLAN IDs marked with the exception of VLAN 1. The latter is transmitted without TAG. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | After completing the basic configuration of L2 (VLAN) on each switch, we proceeded to the L3 configuration (IP address and Gateway within the range of said subnet), attached to a specific VLAN ID for each unit for its management. For this scenario, VLAN 1 was defined. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | **Note:** For all switches their default route is configured: | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Finally, the executed configuration is saved and displayed on the boot file. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | With the present configurations executed in the different devices that are part of this demo, the following characteristics could be evidenced: | ||
| - | The ARP tables that were reported by each PC attached to a specific VLAN, only register addresses from its own Broadcast domain. | ||
| - | |||
| - | If the router was disconnected from the network, it could only connect to PCs that were on the same VLAN ID. | ||
| - | |||
| - | When configuring and connecting the router to the network, the connection with the IP addresses of the different VLAN IDs (1, 10, 20 and 30) was evidenced. | ||
| - | |||
| - | It was evident that there is a Broadcast IP domain for each VLAN ID configured in the network. | ||
| - | |||
| - | A sniffer system called wireshark packet was started on a PC | ||
| - | determined, in order to be able to observe the Ethernet packets with their respective 802.1Q mark in each of them. In order to achieve this, it was necessary to configure a technical feature called: | ||
| - | Port Mirroring (accurately pass incoming and outgoing packets from port X to port Y): | ||
| - | |||
| - | {{: | ||
| - | |||
| - | The results were not as expected because the PCs that the laboratory has are Windows and Windows is not built to support mechanisms for VLANs. To resolve this impasse it is necessary to load a new driver on the network card of the PC in question to allow this feature. However, an example searched on the internet shows us how the VLAN ID (3900) would look in this scenario: | ||
| - | |||
| - | {{: | ||
networking/vlan.1603604535.txt.gz · Last modified: 2020/10/25 00:42 by hvillanueva