Post on 04-Jun-2018
8/13/2019 Applicazioni Telematiche
1/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Angelo Coiro
Laboratorio
Applicazioni Telematiche
8/13/2019 Applicazioni Telematiche
2/24
INFOCOMDept
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012
Virtual LAN (VLAN)
8/13/2019 Applicazioni Telematiche
3/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Virtual LAN (VLAN)
Standard defined in IEEE 802.1Q
Virtual LAN: allows to define different virtual
LANs on the same physical infrastructureEach VLAN is a different broadcast domain
Two stations not belonging to the same VLAN cannot communicatewith each other
Why VLAN?To limit broadcast and multicast traffic in the network.
To create different IP sub-network on the same physicalinfrastructure
8/13/2019 Applicazioni Telematiche
4/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN: example
Vith VLANTwo separeted VirtualLAN (Green and Red)
One Physical LAN (Gray)
One switch
Without VLANTwo physical LANs (Greenand Red)
Two switches
8/13/2019 Applicazioni Telematiche
5/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN
IEEE 802.1Q standard defines two kinds of VLAN:
1. Port-based VLAN
Switch ports are explicitely assigned to a specifivc VLAN by means of the
Port VLAN Identifier (PVID)
2. Protocol-based VLAN
Etherent frames are classified as belonging to a specific VLAN on thebasis of the protocol they are carrying (Protocol Id)
Each VLAN is a broadcast domain for a specific protocol
8/13/2019 Applicazioni Telematiche
6/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Port-based VLAN: a simple example
Ports 1, 2, and 3 are assigned to VLAN 10
Ports 4, 5, and 6 are assigned to VLAN 20
Devices attached to ports belonging todifferent VLANs cannot communicate witheach other
Port-based VLANPort 1 Port 2 Port 3 Port 4 Port 5 Port 6
VLAN 10(PVID=10)
VLAN 20(PVID=20)
8/13/2019 Applicazioni Telematiche
7/24Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012
INFOCOMDept
Definitions
Port VLAN Identifier (PVID):identifier that associatesframes entering in a port of the switch to a specific VLAN
The PVID is used only if the frame is not a tagged frame
VLAN members:set of ports composing a VLAN
Untagged member:a port that is member of a specific VLAN fromwhich frames are sent without adding the TAG
Tagged member:a port that is member of a specific VLAN from whichframes are sent adding the TAG
Two parameters for each portPVID:used to assign frames to a given VLAN when frames areuntagged
VLAN memeber: used to identify ports belonging to a given VLAN
A port can be member of more than one VLAN
8/13/2019 Applicazioni Telematiche
8/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN Tagging
DA SA VLAN Payload
FCS
TPID TCI
User
Priority CFI VLAN ID
2 Bytes 2 Bytes
3 bits 1 bit 12 bits
The Tag is used to distinguish which VLAN a framebelongs to
It is necessary to add the Tag in some situations
The Tag carries the VLAN Ientifier
8/13/2019 Applicazioni Telematiche
9/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN Tagging: example
Ports 1,2,3 (4,5,6) of Switch1 (Switch2) are untagged members
of VLAN 10 and have PVID=10Ports 1,2,3 (4,5,6) of Switch2 (Switch1) are untagged membersof VLAN 20 and have PVID=20
Ports 7 of both switches are Tagged members of both VLAN 10
and VLAN 20
VLAN 10
VLAN 20
Port 1 Port 2 Port 3 Port 4 Port 5 Port 6Port
7
Switch1
Port 1 Port 2 Port 3 Port 4 Port 5 Port 6Port
7
Switch2Ethernetframes
8/13/2019 Applicazioni Telematiche
10/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Port-based VLAN
prima
dopo
8/13/2019 Applicazioni Telematiche
11/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN: default configuration
Default VLAN configuration:
Every ports are untaggedmember of VLAN 1, and
have PVID=1
All frames entering in aswitch are classified as
belonging to VLAN 1 (sincePVID=1 on any port)
Frames can be forwardedto any other port without
adding the Tag
8/13/2019 Applicazioni Telematiche
12/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
VLAN on CISCO devices
In CISCO a port can be:
Access:it is associated to only one VLAN and sendsuntagged traffic
PVID=x
untagged member of VLAN x
Trunk:it can be associated to several VLANs and sendstagged traffic except for the Native VLAN
PVID=Native
Tagged member of VLANs x1, x2,, xn.
Untagged member of VLAN Native.
8/13/2019 Applicazioni Telematiche
13/24
8/13/2019 Applicazioni Telematiche
14/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Configuring Switch Ports
Access the specifig interface configuration
Switch(config)# interface gigabitEthernet 0/1
All commnds related to VLAN begin withSwitchport
8/13/2019 Applicazioni Telematiche
15/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Configuring Switch Ports
Mode:sets the mode of a port (Access or Trunk)
Ex:Switch(config-if)# switchport mode access
Access:
sets parameters for that port when it is inaccess mode
Just one parameter (Vlan) that indicates the VLAN whichthe port belongs to
Ex:Switch(config-if)# switchport access vlan 10
Trunk: sets parameters for that port when it is intrunk mode
8/13/2019 Applicazioni Telematiche
16/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Trunk parameters
Native:specifies the native VLAN for that port whenit is in trunk mode
Ex.: Switch(config-if)# switchport trunk native vlan 10
It menas PVID=10 and untagged member of VLAN 10Untagged frames received on that port are classified asbelonging to VLAN 10
Frames belonging to VLAN 10 are sent without the tag on that port
Allowed:specifies the set of VLANs which the portbelongs to
Ex.: Switch(config-if)# switchport trunk allowed vlan 10
By default all VLANs are allowed on a port in trunk mode
8/13/2019 Applicazioni Telematiche
17/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Allowed VLANs
If we want to limit allowed VLANs:
Delete all allowed VLANs with the command:
Switch(config-if)# switchport trunk allowed vlan none
Add desired VLANs with the command:
Switch(config-if)# switchport trunk allowed vlan x1; x2;; xn
VLANs previously added are deletedSwitch(config-if)# switchport trunk allowed vlan add x1;
x2;; xn
VLANs previously added are kept
8/13/2019 Applicazioni Telematiche
18/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Example: Scenario 1
To do
Configure the two switchso as to obtain the two
VLANs (Green and Red)
Assign addresses to PCsand the two Servers
8/13/2019 Applicazioni Telematiche
19/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Adding a router (1/2)
To interconnect the two VLANs with
each other and with the Internet weneed a router with two physicalinterfaces attached to the sameswitch
Internet Internet
Port 1 Port 3 Port 4 Port 2
Port 9Switch2
Port 0 Port 1 Port 2 Port 3
Port 9Switch1
8/13/2019 Applicazioni Telematiche
20/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Adding a Router (2/2)
In this way we connect just one
interface of the router to the sitchconfiguring port 3 of Switch2 as aTrunk port for Green and RedVLANs
Internet Internet
Port 1 Port 2
Port 9
Port 3
Switch2
Port 0 Port 1 Port 2 Port 3
Port 9Switch1
8/13/2019 Applicazioni Telematiche
21/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Sub-interfaces on routers
The Router receives tagged frames on thatinterface
The physical interface must be divided intwo logical su-interfaces belonging to twodifferent IP sub-networks
A physical Ethernet interface can be dividedin several IP interfaces by using VLANs ansending tagged frames
8/13/2019 Applicazioni Telematiche
22/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Configuring sub-interfaces (1/2)
To access sub-interface configuration:
Interface .
To specify the VLAN_ID
Encapsulation dot1q
8/13/2019 Applicazioni Telematiche
23/24
8/13/2019 Applicazioni Telematiche
24/24
Lab. App licazioni Telematich e - Prof. Marco Listant i - A.A. 2011/2012INFOCOMDept
Sub-Interface: Protocol Vision
VLAN allows a physical interface to be split
in several logical IP intefacesThe Relay entity interconnects all IPinterfaces performing the forwardingoperation
IP
PHYMAC
V-LANV-LAN
IP IP IP
PHYMAC
V-LAN V-LAN
IP IP
Relay Entity
Higher Layer Protocols (e.g. ICMP, TCP, OSPF)