ajout VLAN (part1) brouillon
This commit is contained in:
85
16. VLAN (Part 1).md
Normal file
85
16. VLAN (Part 1).md
Normal file
@@ -0,0 +1,85 @@
|
||||
---
|
||||
id: 16. VLAN (Part 1)
|
||||
aliases: []
|
||||
tags: []
|
||||
---
|
||||
|
||||
# VLAN (Part 1)
|
||||
|
||||
## What is a [[LAN]]?
|
||||
|
||||
Previously i said that a LAN is a group of devices (PCs, servers, routers, switches) in a single
|
||||
location (home office, etc.)
|
||||
|
||||
A more specific definition: A LAN is a single [[broadcast domain]], including all devices in that
|
||||
broadcast domain.
|
||||
|
||||
## Broadcast domains
|
||||
|
||||
A broadcast domain is the group of devices which will receive a broadcast frame (destination [[MAC]]
|
||||
FFFF.FFFF.FFFF) sent by any one of the members.
|
||||
|
||||
Perfomance: lots of unnecessary broadcast traffic can reduce network performance
|
||||
Security : Even within the same office you want to limit who has access to what. You can apply
|
||||
security policies on a [[router]]/[[firewall]]
|
||||
|
||||
Because this is one LAN, PCs can reach each other directly, without traffic passing through the router
|
||||
So even if you configure security policies, they won't have any effect.
|
||||
|
||||
Although we separated the three departments into three subnets ([[OSI|Layer 3]]), they are still in
|
||||
the same broadcast domain ([[OSI|Layer 2]])
|
||||
|
||||
## What is a [[VLAN]]
|
||||
|
||||
A [[switch]] will not forward traffic between VLANs, including broadcast/unknown unicast traffic
|
||||
|
||||
- VLANs are configured on switches on a **per-interface** basis.
|
||||
- logically separate end hosts at Layer 2.
|
||||
|
||||
The switch does not perform inter-Vlan routing. It must send the traffic through the router
|
||||
|
||||
### VLAN configuration
|
||||
|
||||
to display all the VLAN's available you can do the command
|
||||
|
||||
```Cisco
|
||||
SW1#show vlan brief
|
||||
```
|
||||
|
||||
By default all interfaces are set to VLAN 1
|
||||
|
||||
But VLANs1, 10002-1005 exist by default and *cannot be deleted*
|
||||
|
||||
to assign interfaces to a VLAN
|
||||
|
||||
```Cisco
|
||||
SW1(config)#interface range g1/0 - 3
|
||||
SW1(config)#switchport mode access
|
||||
SW1(config)#switchport access vlan 10
|
||||
% Access VLAN does not exist. Creating vlan 10
|
||||
```
|
||||
|
||||
An access port is a switchport which belongs to asingle VLAN, and usually connects to end hosts
|
||||
like PCs
|
||||
|
||||
Switchports which carry multiple VLANs are called 'trunk ports' (More information on trunks in
|
||||
the next lesson)
|
||||
|
||||
You can change the name of the VLAN with the command :
|
||||
|
||||
```Cisco
|
||||
SW1(config)#vlan 10
|
||||
SW1(config-vlan)#name ENGINEERING
|
||||
```
|
||||
|
||||
This Commang creates a VLAN.
|
||||
(In this case it was already automatically created when we assigned the interfaces)
|
||||
|
||||
## Review
|
||||
|
||||
- What is a (LAN)?
|
||||
- Broadcast domains
|
||||
- What is a Vlan
|
||||
- What is the purpose of VLANs?
|
||||
- How to configure VLANs on Cisco switches
|
||||
|
||||
Reference in New Issue
Block a user