[ Pobierz całość w formacie PDF ]

that frames shorter than 64 bytes, which may be mistaken for collision fragments, arenÇt transmitted.
Time-Saver You really need to know store-and-forward and cut-through switching techniques for the
CCNA exam. You arenÇt likely to run into fragment-free switching, which is a hybrid switching method
anyway, on the exam.
Instant Answer Cisco Catalyst 5000 series switches use store-and-forward switching only.
Virtually Segmenting the LAN
A VLAN (virtual LAN) is a logical grouping of networked nodes that communicate directly with each other
on Layers 2 and 3. VLANs are also called logical LANs because they arenÇt created physically using Layer 1
media and devices. Instead, theyÇre created logically or virtually through the configuration on a router or
switch. A VLAN is not geographically or functionally fixed in place (such as within a single department of a
company or for all account representatives). ItÇs created and managed on either a router or switch, which
serves as the VLAN controller.
VLANs are created usually in the process of segmenting a network with the objective of load-balancing
traffic over the network and managing bandwidth allocations more easily than with the physical management
of a LAN. Each station port on a switch can host a separate VLAN with its own data speeds, modes,
technologies, and other characteristics.
Reaping the benefits of a VLAN
Remember The primary benefits offered by VLANs are:
" Functional workgroups
197
" Broadcast control
"
Enhanced security
Building workgroups
Time-Saver Study Figure 16-1 and remember the following scenario for the test.
Figure 16-1 shows an example of a VLAN implementation. In this example, Switch A is located in the MDF
(Main Distribution Frame) and Switches B and C are located in IDFs (Intermediate Distribution Frames) on
two different floors, connected by fiber optic media through a trunking protocol. The alpha character on the
workstation represents the switch to which each node is connected, and the numeral indicates a workgroup.
Because members of workgroups tend to communicate more with other members of the workgroup than with
outsiders, it makes sense to group them logically into VLAN1, VLAN2, and VLAN3 despite the fact that
theyÇre physically located on different floors.
Tip Distribution frames are where the physical wiring from multiple network components is concentrated. A
main distribution frame is the central wiring location for a network, such as the telephone closet in a
building. An intermediate distribution frame is a connecting point located between the main distribution
frame and network workstations.
Broadcasting to smaller domains
Remember A VLAN can be looked upon as a broadcast domain with logically defined perimeters that are
unconstrained by physical location, media, addressing, or transmission rates. The virtual broadcast domain
created by the VLAN may contain workstations with different characteristics, including its location, network
medium, its MAC addressing scheme (IP versus IPX), and bandwidth. By limiting broadcast messages to
smaller and more manageable logical broadcast domains or virtual workgroups, or VLANs, the performance
of the entire non-virtual network is improved.
Figure 16-1: A VLAN workgroup created across three physical LAN segments.
Improving security
Implementing a VLAN improves a networkÇs security automatically. Members of one VLAN canÇt access
data being transmitted on other VLANs or on any circuits outside the VLAN. This means that in Figure 16-1,
the users of the workgroup on VLAN3 are in their own virtual network and are prevented from seeing any of
the data being transmitted across either VLAN1 or VLAN2.
198
Configuring the VLAN one way or another
Remember The assignment of a VLAN can be made in four different ways on the switch:
" Port address: Port-assigned VLANs are the most commonly implemented. The ports of a switch can
be assigned individually, in groups, in rows, or even across two or more switches, provided the
switches are properly connected through a trunking protocol. Port-based VLANs are the simplest to
implement and are typically used in situations where DHCP (Dynamic Host Control Protocol) is used
to assign IP addresses to network hosts.
"
MAC address: MAC address-assigned VLANs are rare, primarily due to the increased popularity
and use of DHCP on networks. MAC-based VLANs enable a user to belong to the same VLAN at all
times, even when connecting to the network with a different MAC address or through a different port
on the switch. The MAC addresses in a MAC-based VLAN must be entered into the switch and
configured as a part of a specific VLAN. While great for users that may move about, this type of
VLAN can be very complex and difficult for the administrator to manage and troubleshoot.
"
User ID: User ID-assigned VLANs are also quite rare because they are complex to set up,
administer, and troubleshoot. All VLAN users must be identified and entered into the switch and
configured as a part of a specific VLAN. On a user-based VLAN, the user remains a part of the same
VLAN regardless of where on the network or on which host they log onto the network.
"
Network address: Network address-assigned VLANs are configured much like a MAC-based
VLAN with the exception that nodes are registered using their logical or IP addresses. Network
address-based VLANs are uncommon primarily because of the use of DHCP to assign workstation IP
addresses. Like the MAC-based VLAN, this type of VLAN allows the user to remain part of the [ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • fopke.keep.pl