Cisco Systems RJ-45-to-AUX manual Scaling with VLANs, Vlan Boundaries

This setup allows for a more secure network. In addition, network administrators now have more control over each port as well as the ability to deny the user based on the Layer 2 or Layer 3 address the user is using to access the port. Users no longer have the ability to just plug their workstation into any network port in the office and access network resources. The administrator controls each port and the resources the user may access.

The best way to design a switched network and implement VLANs is to either assign VLANs to ports based on the network resources a user requires or group them according to departments such as Engineering and Accounting. Switches can also be configured to inform a network management station of any unauthorized access to the network resources. If interVLAN communication needs to take place, a Layer 3 device such as a router is required, but it allows for restrictions to be placed on ports based on the hardware addresses, protocols, or applications.

Scaling with VLANs

A switch block consists of all the equipment found in the hierarchical network model. By taking multiple blocks and connecting them, you can create larger and larger networks. By connecting more blocks, you can create networks that are virtually unrestricted in how large they can become. The Access layer is the point in the network that connects servers, workstations, and other nodes to the network and then connects to the Distribution layer switches, which handle routing and security issues for VLAN distribution.

You need to understand many issues when configuring VLANs within a switch block. Let’s look at the concerns you need to address in determining how you should design and scale your VLAN infrastructure. We’ve already discussed access to resources and group commonality; now let’s take a look at the following:

∙VLAN boundaries

∙VLAN membership types

∙Traffic patterns flowing through the network

∙IP addressing used in the network

∙Cisco’s VLAN recommendations

VLAN Boundaries

VLANs can be broken into two different types of boundaries: local and end−to−end. A local VLAN is configured in one local geographical location. This type of VLAN is the most common and the least difficult to maintain in corporations with centralized server and mainframe blocks.

Local VLANs are designed around the fact that the business or corporation is using centralized resources, like a server farm. Users will spend most of their time utilizing these centralized resources, which are local to the users and not located on the other side of the router that connects their network to the outside world or other parts of the company.

Networks are becoming faster. Because this is the case, the Layer 3 devices in your network must be able to keep up with the number of packets being switched through the local network and out to the rest of the world. As the administrator, you must take into account the number of packets your network’s Layer 3 devices must handle or implement multiple Layer 3 devices to handle load balancing.

An end−to−end VLAN spans the entire switch fabric from one end of the network to the other. With this type of VLAN boundary, all the switches in the network know about all the configured VLANs in the network. End−to−end VLANs are configured to allow membership based on a project, a department, or many other groupings.

One of the best features of end−to−end VLANs is that users can be placed in a VLAN regardless of their physical location. The VLAN the port becomes a member of is defined by an administrator and assigned by a

92