Networking And Security Technologies Computer Science
A local area network (LAN) was first defined as a group of computers connected within the same area. Local area networks (LANs) are today defined as broadcast domains. This means that if a user broadcasts information on the LAN, everyone on LAN would receive it. Layer 3 devices e.g. a router prevent broadcasts from leaving a LAN. The disadvantage of using routers is they usually take more time to process incoming data compared to layer 2 devices e.g. a switch. Also Layer 3 devices are more expensive than layer 2 devices.
A good example of a network topology with the above type of LAN is Global Phoenix Distributions Ltd network topology (see fig 1).
Fig 1: Global Phoenix Distributions Ltd. - Network Topology
Virtual Local Area Networks (VLANs) are an alternative solution to routers for containing broadcast traffic.
Why use VLAN's on a network?A VLAN is a logical local area network with its own logically separate internet protocol (IP) subnetwork (broadcast domain). It is wholly created and configured in software and lets a network administrator create independent networks with their own groups of logically networked devices even if they share the same infrastructure with other VLAN's
VLAN's allow a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users/devices in different physical locations can belong to the same VLAN.
In order for communication to occur between computers on the same VLAN each must have the same network address and subnet mask. The VLAN must be configured on a switch with ports assigned to it.
VLANs permit several networks or broadcast domains to coexist on the same switched network. Devices on separate VLANs attached to the same switched network cannot communicate with each other unless a router or a layer 3 device is used.
A good example of the above is illustrated by the diagram below depicting a college network with VLANs (See fig 2).
Fig 2: College network with VLANs:
VLANs offer a number of advantages over traditional LANs and Global Phoenix Distributions Ltd (GPD) network topology would most likely benefit from it through:-
Reduced network cost:
VLANs can be used to create broadcast domains which eliminate the need for expensive routers. This could potentially reduce the cost of separating the different traffic, i.e. stock information and CCTV footage, on GPD's Ltd network significantly.
Enhanced network Performance:
In a network with high traffic, VLAN's can trim down traffic to unnecessary destinations by separating different types of traffic. E.g. in a broadcast domain consisting of 8 devices with different traffic requirements, if video traffic is intended for only 4 devices, then putting those devices on a separate VLAN will reduce traffic. This helps reduce unnecessary network traffic and boosts performance.
Routers use more processing power than switches and as the traffic passing through the router increases, so does its latency resulting in reduced performance. By using VLAN's the number of routers needed reduces, as they use switches to create broadcast domains
Simplified network administration:
VLAN's simplify administrative work as reconfiguration of routers is not necessary when a device is moved or added within it. This saves both time and money
Mitigation of broadcast storms:
VLAN's divide a network into smaller broadcast domains thereby, preventing a broadcast storm from spreading across the whole network by localising it to one area.
Simplified application management:
A VLAN helps to support the geographical and business need of a user. For example, creating a VLAN specifically to cater for the application software that manages GPD's Ltd CCTV's that monitors security on each of the warehouses.
Improved IT staff efficiency:
Once a port is assigned to a VLAN on a preconfigured switch, managing the users / devices on that VLAN is easy because they share common network requirements set in the VLAN's policies and procedures
Enhanced network security:
As Sensitive data may be broadcast on a network, placing only users / devices that have access to it on a VLAN can reduce the chances of an outsider gaining access. Therefore by separating them from the rest of the network, the chances of confidential information breaches are reduced. This would enhance security at each of GPD's Ltd the warehouses (LANs) by having all stock traffic separated from CCTV traffic. Using port sticky would also prevent an unauthorised PC from joining a VLAN.
Security can be further enhanced by using traffic and protocol Access Control Lists (ACLs) or filters, Virtual private networks (VPNs), firewalls, encryption and authentication to restrict and secure traffic across GPD's Ltd entire network topology.
Using a combination of the above security features would ensure that only the necessary users have access to their respective resource i.e. in each of the warehouses only the stock control staff would have access to their respective stock VLAN and the security staff access to their respective CCTV VLAN. The headquarters' management staff would have access to the Management VLAN and both the stock VLAN and CCTV VLAN on all the warehouses while the admin staff would only have access to the admin VLAN (see appendix 1.1).
Task 2: VLAN Trunking Protocol (VTP)VTP is a Cisco-proprietary protocol (with an Inter-Switch Link or 802.1Q Frame format), layer 2 feature that allows a network manager to configure a Cisco switch so that it will propagate VLAN configurations across the trunks links to other Cisco switches in the network. The switch can be configured as a VTP server or VTP client. The VTP server minimizes the problems caused by incorrect manual configurations and configuration inconsistencies by distributing and synchronizing VLAN information to VTP-enabled switches throughout the switched network. VTP stores VLAN configurations in the VLAN database called vlan.dat. VTP only supports normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (IDs greater than 1005) are not supported.
VTP has three versions, 1, 2, and 3. Only one VTP version is allowed in a VTP domain. The default is VTP version 1.
VTP uses advertisements to distribute and synchronize information about domains and VLAN configurations. There are three main VTP advertisements i.e. Summary, Subset and Request.
Why use VTP:VLAN's are a more affordable, efficient and secure alternative to creating and managing broadcast domains on modern day Cisco switched networks. The main challenge to administering VLANs is keeping the switches up to date with the most current VLAN information. This is achieved either manually by configuring VLANs on all the participating switches or using VLAN Trunking protocol (VTP). Manual configuration works well on small networks with very few participating switches but as the number of switches increases, the overall VLAN administrative requirements on a network becomes a challenge and in turn the management involved in maintaining the network grows as the network increases in size. VLAN Trunking Protocol (VTP) helps simplify management of the VLAN database across multiple switches. A VLAN is distributed through all switches in a broadcast domain when a new VLAN is configured on a VTP server. This automates the VLAN distribution process thus removing or reducing the manual VLAN administrative process.
VTP therefore enables individual Cisco catalyst switches in a VTP management domain to be managed as a group for VLAN configuration purposes. E.g. the creation of a new VLAN on one switch makes that VLAN available on all switches within the same VTP management domain when VTP is enabled on all Cisco switches.
A group of switches that participate in sharing VTP information is known as a VTP management domain. A switch does not belong to any VTP management domain by default and can be only be part of one VTP management domain at any given time. Each domain's boundary is defined by a layer 3 device e.g. a router (see fig 3).
Fig 3: VTP domains separated by router
To recognize how VTP works on a VTP domain, it is important to know the different VTP modes a Cisco catalyst switch can be configured into, to become part of a VTP management domain. The three VTP modes are server mode, client mode, and transparent mode. Take the example of 8 Cisco switches that share the same VTP management domain. For VTP to work effectively one of the switches should be left in the default server mode while the rest need to be configured for client mode. This enables any VLAN changes on the VTP Server Mode switch to be propagated automatically to all client mode switches. If a stand alone switch is required on the VTP domain or you do not want a switch to propagate its VLAN information, set the VTP mode to transparent. The VTP mode switch
Article name: Networking And Security Technologies Computer Science essay, research paper, dissertation