Dwight Reifsnyder

1
Virtual LANS
Dwight Reifsnyder
2
Whats the Point? Why Bother?

• IEEE 802.1Q tagging (VLAN) is a useful method of
  managing VoIP traffic in your LAN.
• Avaya recommends that you establish a voice VLAN,
  set L2QVLAN to that VLAN and provide voice
  traffic with priority over other traffic.
• IP Phones LAN Admin Guide, Feb 2007

3
EYAWTK Session Overview

• Provide a basic understanding of VLANS
• Discuss IP phone VLAN implementation
• We might accidentally learn some other useful
  information if we are not careful

4
Broadway Suites

• Service Provider for downtown Boulder office
  buildings, including Executive Suites
• Multiple, diverse businesses in one space
• Fortune 500 services on a small company budget

5
Broadway Suites
6
What is a Virtual LAN?

• A virtual LAN, commonly known as a VLAN, is a
  method of creating independent logical networks
  within a physical network.
• Virtual LANs operate at Layer 2 (the data link
  layer) of the OSI model.
• Wikipedia

7
Background The 7 layer burrito

• OSI Model
• Squishy, not specific
• VLANs are in
• Layer 2

8
What Lives at Layer 2?

• Software
• Ethernet Protocol
• End Points
• Ethernet Hubs
• Ethernet Switches

9
L2 Hardware Endpoints

• Phones and PCs are multi layer devices
• We will talk about them at layer 2 today

10
L2 Hardware Network Hub

• Network Hubs
• broadcast traffic
• not very efficient

11
L2 Hardware Network Switch

• Network Switches
• Starts like a hub
• Gradually directs traffic to specific ports
  instead of broadcast
• How do they do that?

12
Detour - L2 MAC Addresses

• Like a VIN Number on a car
• Unique to each and every network device
• 00-07-E9-55-64-4D
• MAC addresses are used to identify the sender and
  recipient of an ethernet packet

13
Network Switch

• Stores MAC addresses and associated port numbers
  in a table
• Makes network more efficient!

14
Evolution - Managed Switches

• Have a user console that can show -
• If a port is connected or not
• Port speed (10MB, 100MB, 1000MB)
• MAC address table
• Calls out with alarms
• Best solution for Administrators
• Cost more !

15
Segregation Sorry Dr. King..

• Sometimes we need to have departments separated
  
• HR, confidentiality
• Marketing, high bandwidth usage
• Operations
• Each department needs its own LAN

16
Segregation The Old Way

• Multiple Managed Network Switches
• Costly
• Complex

17
Segregation The New Idea

• Multiple MAC Address Tables
• One switch, divided into 'Virtual LANs
• Great idea, how would it work?

18
Detour - RFCs (secret recipes)

• Request for Comments
• Internet Engineering Task Force (IETF)
• Institute of Electrical and Electronics Engineers
  (IEEE)

19
Some Common RFCs
802.1a,b,g,etc Wireless Ethernet (WiFi)
854 Telnet
802.1x Network Access Control
1719 Private Class IP numbers
821 SMTP (Simple Mail Transport Protocol)
1939 POP3 (Post Office Protocol 3)
802.3AF Power Over Ethernet
2131 DHCP (Dynamic Host Configuration)
20
RFC 802.1q - VLANs

• Defines how to segregate a single L2 network
  switch into multiple virtual' LANs or networks
  with multiple MAC tables
• One managed network witch can now serve multiple
  departments without losing security or performance

21
Layer 2 Switch with VLANs

• Logical evolution from switching table
• Port based VLAN identification every port
  belongs to a VLAN
• Separate broadcast domains

VLAN 2 Human Resources
VLAN 3 Marketing
VLAN 1 Operations
22
VLANs Across Switches
23
VLAN Tags Don't Lose my Bag

• DEN
• CHI
• NYC
• ELM
• SAT

24
VLAN Tags Ethernet Packets

• Ethernet packet fields
• Header
• Payload
• End
• VLAN tagging information is added to the header,
  making it slightly longer

25
VLAN Trunking Across Switches
The ports which join the switches are defined as
belonging to native VLAN and a secondary VLAN.
The secondary VLAN sends tagged packets so they
can be segregated
26
Read you loud and clear

• VLAN compliant devices can accept tagged or
  untagged packets
• Packets without tags stay in the native VLAN
  (port based VLAN)
• Packets with tags go into the VLAN defined by the
  tag (if that VLAN is allowed on that port)

27
Eh? What was that?

• Non VLAN compliant devices discard tagged packets
  they have an invalid header length!

28
What Devices Read Tags?

• VLAN compliant switches
• VLAN compliant IP phones
• Microsoft Windows ?

X
29
Review - Who Sends Tags?
Devices are all in Port Based VLANs no tags
Trunk between switches must send and receive tags
30
802.1q VLAN Port Parameters

• Native VLAN (port based VLAN)
• Secondary VLANs
• Tagging

31
IP Phone Deployment

• Avaya suggests that phones should always be in
  their own VLAN
• Increases security
• Cuts down on broadcast traffic
• Increases voice quality
• Makes troubleshooting easier

32
VLAN Deployment Options
2 VLANs, 2 Ports
2 VLANs, 1 Port!
33
IP Phones have a Network Switch!
2 VLANs, 1 Port!
The phone contains a VLAN compliant 3 port
network switch!!
34
Detour Phones DHCP VLANs

• DHCP is an ethernet broadcast request used by
  devices to get an IP number
• Broadcast packets do not cross VLANs
• Each VLAN needs its own DHCP Server

35
Detour Phones DHCP VLANs

• On bootup, the phone sends a DHCP request in the
  native VLAN (port VLAN)
• The phone is notified if there is a specific
  voice VLAN
• The phone sends a new DHCP request with the
  correct VLAN tag

36
Review Who Sends Tags?
The green VLAN is the native VLAN for both
network switch ports
The blue VLAN is a secondary VLAN for both
network switch ports
37
Broadway Suites, 100 VLANs
38
Do You Understand VLANs?

• You don't really understand something unless you
  can explain it to your grandmother...

Albert Einstein
39
Final Reminders

• Please remember to turn in session evaluations
• The session number is 706

40
Thank You
Thank You