Chapter 10: Virtual LAN Concepts
A virtual LAN (VLAN) is a broadcast domain created by one or more switches:
- To group users by department, or by groups that work together, instead of by physical location
- To reduce overhead by limiting the size of each broadcast domain
- To enforce better security by keeping sensitive devices on a separate VLAN
- To separate specialized traffic from mainstream traffic—for example, putting IP telephones on a separate VLAN from user PCs
- Port-based VLANs, the typical choice for configuring VLANs in a switch, can be done very easily, without needing to know the MAC address of the device. However, you need good documentation to make sure that you cable the right devices into the right switch port, thereby putting them in the right VLANs.
-
A rarely used alternative for creating VLANs is to group devices into a VLAN based on MAC address. The engineer would discover all the MAC addresses of all the devices and then would configure the MAC addresses in the various switches, associating each MAC address with a VLAN. When a device moves to a different switch port and sends a frame, the device stays in the same VLAN.
When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. When sending a frame to another switch, the switches need a way to identify the VLAN from which the frame was sent. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows which VLAN the frame belongs to.
Trunking protocols:
- Inter-Switch Link (ISL)
- IEEE 802.1q.
with the encapsulated original Ethernet frame being unchanged
Because the original header is now longer, 802.1q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer because the FCS is based on the contents of the entire frame.
both allow the use of a 12-bit-long VLAN ID field.
both support a separate instance of spanning tree for each VLAN.
802.1q did not support multiple spanning trees:
Although the concept of a VLAN and a subnet are indeed different concepts, they have a one-to-one relationship.
You might be thinking that using three interfaces on the router in Figure 10-7 seems wasteful—and it is. Alternately, you can use a router with a Fast Ethernet port that supports trunking and use a single physical connection from the router to the switch (trunking is not supported on 10 Mbps Ethernet interfaces).
You might be thinking that using three interfaces on the router in Figure 10-7 seems
wasteful—and it is. Alternately, you can use a router with a Fast Ethernet port that supports
trunking and use a single physical connection from the router to the switch (trunking is not
supported on 10 Mbps Ethernet interfaces).
The only difference between routing using a router and using a Layer 3 switch lies in the internal processing. Outwardly, nothing is different.
The switch ASICs (Application Specific Integrated Circuits) on an L3 switch have been built
Layer 4 Switching
The term Layer 4 switches (L4 switches) refers to a type of switching in which the switch considers the information in the Layer 4 headers when forwarding the packet. In some cases, the forwarding decision is based upon information inside the Layer 4 headers. In other cases, L3 forwarding is used, but the switch does accounting based on the Layer 4 headers. Both are considered to be Layer 4 switching.
it can also simply keep track of the numbers of packets and bytes sent per TCP port number, while still performing Layer 3 forwarding.
L4 switching does not always imply a change in how packets are forwarded. A switch can perform accounting to track the volumes of traffic per TCP and UDP port number but still make the decisions based on L3 switching logic. With Cisco switches, you can enable a feature called NetFlow switching, which performs the accounting based on Layer 4 information while forwarding traffic like a Layer 3 switch.
Layer 5-7 switching typically falls into a category of features and products that Cisco calls Content Delivery Networks (CDN).
