Professional Documents
Culture Documents
Chapter 1 Network Design
Chapter 1 Network Design
Security
However, the cornerstone of any good network is the hierarchical
model, which is made up of three pieces, or layers, as illustrated in
Figure 1. It is important to keep in mind that the hierarchical model
refers to conceptual layers providing functionality in your network,
not an actual physical separation.
Figure 1
The hierarchical network design model serves to help you develop a
network topology in separate layers.
For example, in Figure 1, high-speed WAN routers carry traffic
across the enterprise backbone, (Core) medium-speed routers
connect buildings at each campus,(Distribution) and switches and
hubs connect user devices and servers within buildings. (Access)
Figure 1
It is important to keep in mind that the hierarchical model refers to
conceptual layers providing functionality in a network, NOT an
actual physical separation as shown below.
The core layer is a high-speed switching and routing backbone and
should be designed to pass network traffic as fast as possible. This layer
of the network should not perform any frame or packet manipulation,
such as access lists and filtering, which would slow down the switching
of traffic and in turn result in less than a "high-speed" environment.
The modular nature of the hierarchical design model also enables you
to accurately plan network capacity within each layer of the hierarchy,
which means you can reduce wasted bandwidth in your network
That keeps your financial people happy because you are not paying for
something you're not using. Network management responsibility and
network management systems can also be applied to the different
layers of your network to control costs. Again, this is made possible
because of the modular architecture of your network.
Network modularity enables you to keep each design element simple
and easy to manage. Testing a network design is made easy because
there is clear functionality at each layer. Fault isolation is improved
because network transition points are easily identified.
It was mentioned in the slide above that, the access layer is the point at
which local end users are allowed into the network, and that the access
layer might also use access lists or filters and VLANS to further meet the
needs of a particular set of users. Let us now discuss the benefits of
VLANS.
Definition: A virtual LAN, or VLAN, is a group of computers,
network printers, network servers, and other network devices that
behave as if they were connected to a single network.
In its basic form, a VLAN is a broadcast domain but the difference
between a traditional broadcast domain and one defined by a
VLAN is that a broadcast domain is seen as a distinct physical
entity while a VLAN is a logical topology, meaning that the
VLAN hosts are not grouped within the physical confines of a
traditional broadcast domain, such as an Ethernet LAN.
VLANs
Benefits
There are benefits for using VLANs. Users might be spread throughout
different floors of a building, so a VLAN would enable you to make all
these users part of the same broadcast domain. This can also be a
security feature.
Types of Membership
There are several different types of memberships associated with
VLANs:
•Static VLANs
•Dynamic VLANs
Static VLANs are specified by switch port. For example, a 12 port fast
ethernet switch is split for the creation of 2 VLANs. The first 6 ports are
associated with VLAN1 and the last 6 ports are associated with VLAN2.
If a machine is moved from port 3 to port 11, it will effectively change
VLANs.
Dynamic VLANs are specified by MAC address. Assuming the same
scenario, a system administrator will enter MAC addresses for all
machines connecting to the switch. These addresses will be stored in a
memory chip inside the switch that forms a database of local MAC
addresses. Each MAC address can then be associated with a certain
VLAN. This way, if a machine is moved, it will retain the original
VLAN membership reguardless of it's port number.
VLAN Tagging
Moving VLAN data over multiple switches uses a method called VLAN
tagging. The act of VLAN tagging simply adds extra information in the
packet header of ethernet frames so routers know how to pass along the
data.
VLAN Enabled Switches
Not all switches support VLANs. Most "managed" switches including
Dell, Netgear, HP, and others all support vlans. Remember that because
VLAN tagging is a universal standard, different brands of switches can
accomplish the same thing. Data centers are large enivronments should
standardize on a specific platform. Cisco has created proprietary
protocols to manage VLANs called VLAN Trunking Protocol or VTP
which enables Cisco switches to advertise VLAN routes to other VTP
enabled switches. This also allows a system administrator to manage all
VLANs from a central point and order all switches to update the VLAN
information along the entire network. Most orgainizations using VLANs
have figured out it is worth shelling out the extra cash to go with Cisco
equipment and get the extra features and fuctionality
VLAN Configuration
VLANs are broadcast domains defined within switches to allow control of broadcast,
multicast, unicast, and unknown unicast within a Layer 2 device.
VLANs are defined on a switch in an internal database known as the VLAN Trunking
Protocol (VTP) database. After a VLAN has been created, ports are assigned to the VLAN.
VLANs are assigned numbers for identification within and between switches. Cisco
switches have two ranges of VLANs, the normal range and extended range.
VLANs have a variety of configurable parameters, including name, type, and state.
Several VLANs are reserved, and some can be used for internal purposes within the
switch.
Creation of an Ethernet VLAN
VLANs are created on Layer 2 switches to control broadcasts and enforce the use of a
Layer 3 device for communications. Each VLAN is created in the local switch's database
for use. If a VLAN is not known to a switch, that switch cannot transfer traffic across
any of its ports for that VLAN. VLANs are created by number, and there are two ranges
of usable VLAN numbers (normal range 1–1000 and extended range 1025–4096). When a
VLAN is created, you can also give it certain attributes such as a VLAN name, VLAN
type, and its operational state. To create a VLAN, use the following steps.
Configure VTP.
VTP is a protocol used by Cisco switches to maintain a consistent database between
switches for trunking purposes. VTP is not required to create VLANs; however, Cisco
has set it up to act as a conduit for VLAN configuration between switches as a default to
make administration of VLANs easier. Because of this, you must first either configure
VTP with a domain name or disable VTP on the switch.
An example of the Catalyst OS configuration for Distribution 1 follows: