Aruba Switching

4. VLANS

sean / May 4, 2024

VLANS

VLANs are used to isolate endpoints so you have better control over the traffic

Default VLAN is VLAN 1

Devices in the same VLAN can communicate without routing.

 

Collison Domains

On a Layer 1 Hub, only one ethernet host on a particular segment may transmit at a time, otherwise there is a collision. This is controlled by an algorithm on all Ethernet NICs called Carrier Sends Multiple Access/Collison Detection (CSMA/CD)

  • NIC detects others transmitting
  • Waits for a period
  • Then tries again to transmit

Thankfully Hubs are outdated and no longer used. They have been replaced by intelligent Layer 2 switches. On a properly configured Layer 2 switch, collisions do not occur.

 

Broadcast Domains

A Broadcast Domain is simply a group of devices that are on the same network, capable of receiving and responding to a broadcast frame from any device.

In the diagram above, when Host A sends a broadcast message, hosts B & C will receive it. None of the hosts in Domain 2 will receive it though because Layer 3 routers do not forward broadcasts.

Broadcast domain Issues

The main issue is Performance issues. All hosts must process the traffic and switches forward or flood broadcast frames causing increased resource utilisation and increase bandwidth utilisation.

Hackers can even write programs to generate millions of broadcast packets that flood the network, leaving no resources for valid traffic. This is called Denial Of Service (DoS) attack.

Smaller Broadcast domains mean better performance.

Virtual LAN

VLANs allow you to create separate Broadcast Domains on a single physical switch.

Benefits of VLANs

  • Security: e.g.: CCTV vlan
  • Control: who can access what
  • Decreasing size of broadcast domains.
  • Improved use of resources (due to decreased size of broadcast domains)

 

Untagged Vs Tagged

If you want to send packets for different VLANs over the same port, the VLANs must be tagged

The standard is IEEE 802.1Q

The 802.1Q standard allows only one VLAN on a port which has no tag or is “untagged”.

Forwarding Addresses

MAC Address Table

Layer-2 switches use the MAC address table to make forwarding decisions. The switch builds this table automatically based on the source MAC address of the frames that it receives.

The default table entries are maintained for 300 seconds. You view the MAC address table using the command: show mac-address

Address Resolution Protocol (ARP)

ARP maps layer 3 IP addresses to Layer-2 MAC addresses. The switch has an ARP table which maps IPs to MACs.

If the switch needs to send a packet and only has the IP but not the MAC of the destination, it sends a broadcast ARP request saying “Who is 172.16.5.24?”, only the device with this IP replies and it sends its MAC address. This is then added to the ARP table for the future.

 

VLAN Configuration

Create VLAN 1111 and name it EMPLOYEES

Conf
VLAN1111
Name EMPLOYEES
Exit

Assign VLAN 1111 to interfaces 1/1/1 and 1/1/3 as an access VLAN

Conf
Interface 1/1/1
VLAN access 1111
Interface 1/1/3
VLAN access 1111
Exit

Related Posts

7. IPv4 Routing Part 1

May 16, 2024

6. Link Aggregation

May 5, 2024

5. Spanning-Tree Protocol

May 4, 2024

About sean

View all posts by sean →

Leave a Reply

Your email address will not be published. Required fields are marked *