Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
229
Visites
1
Compliment
5
Réponses

Clarifications needed on two specific points about a VLAN article

LetMePass
Spotlight
Spotlight

le ‎10-04-2024 12:43 PM

Hello Cisco Community,

May you please take a look at these two sections, and share your thoughts?

  • VLANs are cost-effective, because workstations on VLANs communicate with one another through VLAN switches and don’t require routers unless they are sending data outside the VLAN. This empowers the VLAN to manage an increased data load because, while switches have fewer capabilities than a router, routers cause bottlenecks. VLANs do not need to forward information through a router to communicate with devices within the network, decreasing overall network latency.

During my CCNA preparation, I learned it's better to have a router when making VLAN. I also read it's fault to consider VLAN without router, I don't really get it. Any diagram to make it clearer? Or perhaps we, in a subtle way, points to switch layer 3? It's a bit vague..

*****************************************************************************************************************

  • VLANs decrease the amount of administrative oversight required by network overseers like managed services providers (MSPs). VLANs allow network administrators to automatically limit access to a specified group of users by dividing workstations into different isolated LAN segments. When users move their workstations, administrators don’t need to reconfigure the network or change VLAN groups. These factors decrease the amount of time and energy administrators must devote to configuration and security measures.

Not sure to follow, when you move out, you take your workstation, you go to your new desk, (let's say 500 meters away), you plug the ethernet into the switch, and you can start immediately. What was the matter before? What administrators had to reconfigure? How painful it was?

https://www.n-able.com/blog/what-are-vlans

Étiquettes :
0 Compliments
5 RÉPONSES 5

Maren Mahoney
VIP
VIP

le ‎11-04-2024 06:21 AM

During my CCNA preparation, I learned it's better to have a router when making VLAN. I also read it's fault to consider VLAN without router, I don't really get it. Any diagram to make it clearer? Or perhaps we, in a subtle way, points to switch layer 3? It's a bit vague.

It's not that it's 'better' to have a router, it's that you can't pass traffic between two VLANs without a routing process. That routing process can be provided by a router or by the routing process on a multi-layer switch.

Not sure to follow, when you move out, you take your workstation, you go to your new desk, (let's say 500 meters away), you plug the ethernet into the switch, and you can start immediately. What was the matter before? What administrators had to reconfigure? How painful it was?

The network drops, of course, connect back to a switch. If the configuration of the switchport - specifically the "switchport access vlan XXX" - is the same on the old switchport and the new switchport then the two ports connect the laptop in exactly the same way on the same network/ip subnet. If the old switchport and the new switchport have different vlans configured then the laptop has moved to a different network/ip subnet.

Both subnets will probably have DHCP and DNS and so it is entirely possible that even moving VLANs the laptop will function identically from the user's perspective. But there may be different security or other policies applied to the different networks that the user may or may not be aware of.

I hope that helps answer your direct questions.

---------------------------

Here is how I explain VLANs to folks:

If you think about a port on a router, that starts a new IP subnet which also starts a new broadcast domain. A switch that is connected to that router port would have it's ports in that same broadcast domain and any device connected to those switchports would get IP addresses on that IP subnet. They can, therefore, find each other using ARP and sending traffic direct to each other using each others' MAC addresses.

Each port on the router gets to start a new subnet/broadcast-domain in this same way. Picture a simple hub and spoke with the router in the middle, connected to switches, and then PCs off of the switches. In order for traffic to get from one ip subnet (on one switch) to get to another device on another ip subnet (on a different switch) it would have to pass through the router.

So here's the thing: What if I only have one switch but I need ports on the switch to connect the Executive staff (which has particular security and policy concerns) and also the IT staff (which has different security and policy concerns). I need the two groups to be on different IP subnets so that I can implement security policy on the router level between the two subnets. BUT...again I only have one switch.

What I can do is implement VLANs. The thing to understand is that an IP subnet and a broadcast domain are the same in scope as far as what endpoints belong to the group....AND....that is the same group as a VLAN. The three things (ip subnet, broadcast domain, VLAN) describe the same set of endpoints as a group. All ports in a VLAN are in the same IP subnet and therefore also the same broadcast domain.

VLANs allow a single physical switch to pretend it is multiple physical switches.

So what I can do is configure the switch to declare one group of ports to be in VLAN 10 (which puts them in their own broadcast domain and also their own IP subnet), and another group of ports to be in VLAN 20 (which puts them into their own broadcast domain and also their own IP subnet). 

Devices on VLAN 10 can send traffic to other devices on VLAN 10 just like before. They are on the same broadcast domain and so can ARP for a MAC address and send traffic direct. Ditto with devices on VLAN 20. BUT...if a device on VLAN 10 wants to send traffic to a device on VLAN 20 that traffic has to pass through a router because, remember, that because the devices are in two different VLANs this means that the devices are on two different IP subnets.

In our scenario, we'd need to have a port on the switch that is in VLAN 10 have a cable to the correct port on the router for that subnet. And that same switch would have to have a port on the switch that is in VLAN 20 have a cable to a different port on the router for THAT subnet. (No, we really don't do this but from a 'picture it in your head' standpoint just go with it for now.)

So picture that same hub-and-spoke from before, but this time picture it where downstream of two router ports you have a single switch rather than two, but that switch is divided in half where half the ports are in one VLAN and the other half of the ports are in the other VLAN. 

VLANs allow a single physical switch to pretend it is multiple physical switches.

There is more, like trunks and router-on-a-stick, and access VLANs with supplementary VLANs, and yet more after that. But as an introduction to what a VLAN is and how to think about them, I hope this helps.

Please let me know if you have questions or if any of this doesn't make sense.

Maren

0 Compliments

LetMePass
Spotlight
Spotlight
En réponse à Maren Mahoney

le ‎15-04-2024 05:48 AM

Yes, VLAN as a concept is clear to me, what is less are the points I read from the article. 

VLANs do not need to forward information through a router to communicate with devices within the network, decreasing overall network latency.

I read that when a LAN gets very big a Router is needed, but perhaps it's not related to that.

When users move their workstations, administrators don’t need to reconfigure the network or change VLAN groups. These factors decrease the amount of time and energy administrators must devote to configuration and security measures.

Why admin had to reconfigure the network when users moved their workstations?

0 Compliments

Maren Mahoney
VIP
VIP
En réponse à LetMePass

le ‎15-04-2024 08:02 AM

VLANs do not need to forward information through a router to communicate with devices within the network, decreasing overall network latency.

This is addressing the idea that devices within the same VLAN do not need to pass through a router to communicate with each other, even if the devices are connected to different switches. The sentence you quoted is unclear on this point, although it may have been clearer in-context.

When users move their workstations, administrators don’t need to reconfigure the network or change VLAN groups. These factors decrease the amount of time and energy administrators must devote to configuration and security measures.

I *think* that is trying to say that VLANs and networks themselves do not need to be reconfigured when users move their workstations. (As in: You don't have to reconfigure the whole network to get that one workstation to still work.) Rather, that as long as the switchport at the new location has the same VLAN configuration as the original that everything will continue to work as it had before the move.

I wrote a tech book a long time ago and after it passed through the editors some of what I had written came out like what you quoted (with 'pretty' language'). I had to work with them to make the language pretty like they wanted, but also be clear about what I was saying. It wasn't easy.

I apologize for explaining something you already knew. I was unclear about what your knowledge level was of the topic based on your questions and erred on the side of thoroughness. (And I suppose it's good reading for someone who does not know yet....)

Please let me know if you have more follow up questions!

Maren

0 Compliments

LetMePass
Spotlight
Spotlight
En réponse à Maren Mahoney

le ‎18-04-2024 03:07 PM

No offense taken! I understand the concept, but still has to grasp subtleties. The important thing to certainly remember is that indeed a VLAN allows you to take one physical switch, and break it up into smaller mini-switches.

For instance, trunk ports are used for connecting other switches, servers and routers. Trunk ports can carry frames of multiple VLANs simultaneously. Trunk ports supports both tagged and untagged frames. The native VLAN in trunk ports is used to accept untagged frames. But something that hit me recently is trunk port is necessary when a switch houses more than one VLAN. Said like that, tagged frames sounds absolutely logical.

 

LetMePass_0-1713477606129.png

Exercises are also important for developing a good comprehension. Sometimes information is understood, but when confronted with actual practical cases, it is evident that learning was not so efficient, and connections between "dots" have yet to be established.

https://www.youtube.com/watch?v=m9GMJ3KMUpg&ab_channel=BalramShekhawat

LetMePass_2-1713477738119.png

 

 

VLAN with different case studies
VLAN with different case studies
youtube.com/watch?v=m9GMJ3KMUpg&ab_channel=Balr...
For more information, please visit to https://www.evanetworktech.com/course/vlan/ .

Maren Mahoney
VIP
VIP
En réponse à LetMePass

le ‎19-04-2024 06:03 AM

It sounds to me like you have this topic very much under control! Well done.

Please feel free to reach out if there is another topic that needs clarification. I was a teacher for many years and enjoy helping folks move forward in their tech journey.

Maren

0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos R&S
Customers Also Viewed These Support Documents