Angelo Coiro

Laboratorio

Applicazioni Telematiche

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Virtual LAN (VLAN)

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Virtual LAN (VLAN)

Standard defined in IEEE 802.1Q
Virtual LAN: allows to define different virtual LANs on the same physical infrastructure
Each VLAN is a different broadcast domain Two stations not belonging to the same VLAN cannot communicate with each other

Why VLAN?
To limit broadcast and multicast traffic in the network.

To create different IP sub-network on the same physical infrastructure

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

VLAN: example
Vith VLAN
Two separeted Virtual LAN (Green and Red)
One Physical LAN (Gray)
One switch

Without VLAN

Two physical LANs (Green and Red)

Two switches

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

VLAN
IEEE 802.1Q standard defines two kinds of VLAN:

1. Port-based VLAN
Switch ports are explicitely assigned to a specifivc VLAN by means of the Port VLAN Identifier (PVID)

2. Protocol-based VLAN
Etherent frames are classified as belonging to a specific VLAN on the basis of the protocol they are carrying (Protocol Id) Each VLAN is a broadcast domain for a specific protocol

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Port-based VLAN: a simple example

Port-based VLAN

VLAN 10 (PVID=10)
Port 1 Port 2 Port 3 Port 4

VLAN 20 (PVID=20)
Port 5 Port 6

Ports 1, 2, and 3 are assigned to VLAN 10 Ports 4, 5, and 6 are assigned to VLAN 20 Devices attached to ports belonging to different VLANs cannot communicate with each other
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Definitions
Port VLAN Identifier (PVID): identifier that associates frames entering in a port of the switch to a specific VLAN
The PVID is used only if the frame is not a tagged frame

VLAN members: set of ports composing a VLAN

Untagged member: a port that is member of a specific VLAN from which frames are sent without adding the TAG

Tagged member: a port that is member of a specific VLAN from which frames are sent adding the TAG

Two parameters for each port

PVID: used to assign frames to a given VLAN when frames are untagged
VLAN memeber: used to identify ports belonging to a given VLAN A port can be member of more than one VLAN
Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012
INFOCOM Dept

VLAN Tagging
DA SA
VLAN

2 Bytes 2 Bytes

Payloa d

FCS

TPID
User Priority

TCI
CFI 1 bit VLAN ID 12 bits

3 bits

The Tag is used to distinguish which VLAN a frame belongs to

It is necessary to add the Tag in some situations

The Tag carries the VLAN Ientifier

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

VLAN Tagging: example

Port 7 Port 7

Switch1
Port 1 Port 2 Port 3 Port 4 Port 5 Port 6

Ethernet frames

Switch2
Port 1 Port 2 Port 3 Port 4 Port 5 Port 6

VLAN 20

VLAN 10

Ports 1,2,3 (4,5,6) of Switch1 (Switch2) are untagged members of VLAN 10 and have PVID=10

Ports 1,2,3 (4,5,6) of Switch2 (Switch1) are untagged members of VLAN 20 and have PVID=20
Ports 7 of both switches are Tagged members of both VLAN 10 and VLAN 20
Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

INFOCOM Dept

Port-based VLAN

prima

dopo

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

VLAN: default configuration

Default VLAN configuration: Every ports are untagged member of VLAN 1, and have PVID=1 All frames entering in a switch are classified as belonging to VLAN 1 (since PVID=1 on any port) Frames can be forwarded to any other port without adding the Tag

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

VLAN on CISCO devices

In CISCO a port can be:
Access: it is associated to only one VLAN and sends untagged traffic PVID=x untagged member of VLAN x Trunk: it can be associated to several VLANs and sends tagged traffic except for the Native VLAN PVID=Native Tagged member of VLANs x1, x2,, xn.

Untagged member of VLAN Native.

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Configuring VLAN on CISCO

First step: creating VLANs

Once a VLAN has been created we can name it or simply exit

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Configuring Switch Ports

Access the specifig interface configuration
Switch(config)# interface gigabitEthernet 0/1

All commnds related to VLAN begin with Switchport

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Configuring Switch Ports

Mode: sets the mode of a port (Access or Trunk)
Ex: Switch(config-if)# switchport mode access Access: sets parameters for that port when it is in access mode
Just one parameter (Vlan) that indicates the VLAN which the port belongs to

Ex: Switch(config-if)# switchport access vlan 10

Trunk: sets parameters for that port when it is in trunk mode

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Trunk parameters
Native: specifies the native VLAN for that port when it is in trunk mode
Ex.: Switch(config-if)# switchport trunk native vlan 10 It menas PVID=10 and untagged member of VLAN 10
Untagged frames received on that port are classified as belonging to VLAN 10 Frames belonging to VLAN 10 are sent without the tag on that port

Allowed: specifies the set of VLANs which the port belongs to

Ex.: Switch(config-if)# switchport trunk allowed vlan 10 By default all VLANs are allowed on a port in trunk mode
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Allowed VLANs
If we want to limit allowed VLANs:
Delete all allowed VLANs with the command:
Switch(config-if)# switchport trunk allowed vlan none

Add desired VLANs with the command:

Switch(config-if)# switchport trunk allowed vlan x1; x2;; xn
VLANs previously added are deleted

Switch(config-if)# switchport trunk allowed vlan add x1; x2;; xn

VLANs previously added are kept
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Example: Scenario 1
To do
Configure the two switch so as to obtain the two VLANs (Green and Red) Assign addresses to PCs and the two Servers

INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Adding a router (1/2)

Internet Internet

Port 1

Port 3

Port 4

Port 2

Switch2

Port 9

To interconnect the two VLANs with each other and with the Internet we need a router with two physical interfaces attached to the same switch
Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Switch1
Port 0 Port 1

Port 9

Port 2

Port 3

INFOCOM Dept

Adding a Router (2/2)

Internet Internet

Port 1

Port 3 Port 9

Port 2

Switch2

In this way we connect just one interface of the router to the sitch configuring port 3 of Switch2 as a Trunk port for Green and Red VLANs
Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Switch1
Port 0 Port 1

Port 9

Port 2

Port 3

INFOCOM Dept

Sub-interfaces on routers
The Router receives tagged frames on that interface
The physical interface must be divided in two logical su-interfaces belonging to two different IP sub-networks A physical Ethernet interface can be divided in several IP interfaces by using VLANs an sending tagged frames
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Configuring sub-interfaces (1/2)

To access sub-interface configuration:

Interface <interface-name>.<number of su-interface>

To specify the VLAN_ID

Encapsulation dot1q <VLAN_ID>
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Configuring sub-interfaces (2/2)

The sub-interface is automatycally up when is created
The ip address is configured exactly as in case of a standard interface Sub-interfaces and interfaces are IP interfaces
They cannot belong to the same IP sub-network

When a sub-interface is created on an interface x, the interface x can be still used

It sends untagged frames
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012

Sub-Interface: Protocol Vision

Higher Layer Protocols (e.g. ICMP, TCP, OSPF)

Relay Entity
V-LAN V-LAN

IP

IP

IP

MAC PHY

V-LAN V-LAN

IP

IP

IP

MAC PHY

VLAN allows a physical interface to be split in several logical IP intefaces The Relay entity interconnects all IP interfaces performing the forwarding operation
INFOCOM Dept

Lab. Applicazioni Telematiche - Prof. Marco Listanti - A.A. 2011/2012