University Journal of Applied Science and Information Technology 2020, Vol-02

A STUDY AND IMPLEMENTATION OF VIRTUAL LOCAL AREA NETWORK AND TRUNKING TECHNOLOGY

1Ruby Naung, 2Yin Yin Htay, 3Thaw Thaw Soe

1Lecturer, 2Lecturer, 3Tutor

1Faculty of Computer Systems and Technology,

University of Computer Studies, Myeik, Myanmar, 2 Faculty of Computer Systems and Technology,

University of Computer Studies, Thaton, Myanmar, 3Faculty of Computer Systems and Technology,

University of Computer Studies, Myeik, Myanmar

Abstract: The more effective method for LAN creation is Virtual Local Area Network (VLAN). VLANs provide the ability for any organization to be physically dispersed throughout the campus while maintaining its group identity. In this paper we used Cisco Packet Tracer simulation software for our demonstration. The MikroTik router and the managed switches in the LAN will be configured to implement the virtual LAN. Each VLAN is assigned a different name and valid VLAN ID number. Because we need to easily identify the VLAN’s present inside the campus network. Information can be communicated only within the stations present inside the VLAN. Other stations present outside VLAN cannot receive the data which means that security is evident. In real world system, we used cisco catalyst 3750 L3 switch and another six L3 managed switches to configure VLANs.

Index Terms- VLAN, VLAN tagging, MAC, Trunking

I. Introduction

The most prevalent problem is that Switch has only one broadcast domain [4]. So, all devices can receive broadcast frames from each other in the same LAN. In many cases, using a broadcast frame has the purpose for network management or the transmission of some type of alert. A VLAN is a logical subgroup within a LAN that is created by software rather than by physically moving and separating devices. When we use 24 ports, layer 2 switch, if someone deliver the broadcast packets, all other stations in the same LAN has to listen and capture these packets even though it’s not destined to them. Also, the network suffers bandwidth consumption and CPU usage. To come out this problem, we can break virtually this larger broadcast domain into multiple smaller domains. The VLAN logic is implemented in LAN switches and functions at the MAC layer. A switch that supports VLANs allows multiple VLANs to be defined over a single physical local area network infrastructure.

II. Defining VLANs

We consider VLANs because of the need for traditional LANs which are lack of traffic isolation, inefficient use of switches and managing users. Using VLAN, we can reduce the size of broadcast domain on layer 2 switch as well as layer 3 device. Any switch port can belong to a VLAN, and multicast, unicast and broadcast packets are forwarded and flooded only to end stations in the VLAN [3]. Using VLANs, the organizations can easily accomplish in making their network design goals. While VLANs are primarily used within switched local area networks, modern implementations of VLANs allow them to span MANs and WANs.

First of all, all workstations which included in LANs are connected to the switch and their ports are active state. A number of different approaches have been used for defining VLAN membership. These approaches are:

1. Membership by port group: Each switch in the LAN configuration contains two types of ports. They are a trunk port and an access port. A trunk port is used to connect multiple switches and an access port is used for end user. An access port can possess a specific VLAN ID. This method is easy to configure and disadvantage is that the network manager must reconfigure VLAN membership when an end system moves from one port to another.

2. Membership by MAC address: Since MAC addresses are built in NIC (network interface card) card, VLANs based on MAC addresses enable network manager to move a workstation to automatically retain its VLAN membership. [1]

3. Membership based on protocol information: VLAN membership can be assigned based on IP address, transport protocol information, or even higher layer protocol information.

Switches need to understanding VLAN membership when network traffic arrives from other switches. A more common approach is frame tagging or VLAN tagging and use IEEE 802.1q frame format is shown in fig.1. The VLAN frame encapsulation is usually done by the trunk port.

Figure 1. IEEE 802.3 tagged frame

III. VLAN Tagging

We can use VLANs to assemble many types of physical network into only single BD (broadcast domain) by creating numerous virtual switches. The aid of this assembling is that the users can be grouped in their associated area. We can configure VLANs on managed switches. The network manager defines that which ports will be assigned to which types of VLANs. Many types of VLANs is included in a switch such as native VLAN, manage VLAN, Access VLAN etc. To configure switch, at least only one native VLAN interface is needed know as Port VLAN identification. In IP level, creation of VLAN is accomplished by frame tagging or placing the field (VLAN ID) into the header of packet. The VLAN tagging is essential, anyway VLANs cross on numerous switches, the moving of packets across switches tagged and then the later switch will notice the target VLAN of this packet. When the information packet is redirected to other switches, the other switch decide which VLAN belongs the packet to modify the VLAN ID into packet header.

When the tagged packet is arrived to the receiving switch, the switch sends this packet to the appropriate port related with VLAN ID. VLAN tag field is the length of four byte and is added by the switch at the sending side. And then it is removed by the receiving side of the trunk link. A trunk link is required between the managed switches when VLANs span numerous switches.

Figure 2. Creating VLANs in a switch

IV. VLAN ID Number Assignments

There is a maximum of 4096 possible VLAN ID values ranging from 0 to 4095. Some of these values are reserved as shown below:

Value Meaning VLAN ID ‘0’ Contains user priority data (802.1q), ‘1’ is Default Port VLAN ID (802.1q) and ‘4095’ Reserved (802.1Q). To minimize wasted address space in VLAN ID field, fragmenting the 12-bit VLAN ID along bit boundaries:

0000

0000

0000

nnss

ssss

ssvv

Where nn =

Network (00 == 128.111/16, other values may not be network-dependent)

ss =

Subnet (Class C, e.g. 0001 0000 == 16)

vv =

Subnet VLAN IDs (00-11)

Class C subnet on 128.111 could use up to four VLAN IDs. These VLAN IDs calculation is as: [(subnet*4) + 4] through ((subnet*4) + 4 + 3). Because the numbering begins at 4, no conflicts with fixed values assigned by 802.1q are anticipated.[5]

V. Inter VLAN Routing

VLAN provides a high power of performance, manageability and security. Trunk links can be used to transfer information across multiple VLANs between devices. However, because these VLANs have divided the network, the network layer process is required to forward traffic from one network to another. This network layer routing process can be configured in any layer 3 devices such as router or L3 switch.

We used VLANs to segment switched network. A network professional with over 4000 VLANs can configure with Layer 2 devices such as the Cisco Catalyst 2960 switches. While Layer 2 switches are gaining more IP functionality, such as the ability to perform static routing, these switches do not support dynamic routing. When VLANs number are very large, static routing is insufficient. In our campus, cisco catalyst 3750 is used to provide VLANs. However which device is used in network, the process of creating packet traffic between VLANs is known as inter-VLAN routing.

VI. Configuration

Our campus needs to split internet access from ISP to many types of LAN such as Lab, Rector, Wireless etc. The following figures show our configuration to discuss the concept of VLAN, and to demonstrate Inter VLAN routing. Our campus got internet service from the ISP of MPT. We used spanning-tree portfast command to allow the devices to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state. Before configuration is completed in other related switches such as Lab1, Lab2, Lab3 and Student_Affair, the notification message “CDP-4-Native_VLAN_Mismatch” displays on Main_Switch . CDP stand for Cisco Discover Protocol. We configured default route on Main_Switch and MikroTik router. We used cisco 1941 router instead of MikroTik router and cisco 3560 multilayer switch instead of Cisco catalyst 3750 to demonstrate our results. For internet access, we configured loopback interface with IP address 192.31.7.1 in ISP router. The successful configuration results are shown in the following figures. In the outside world, we first surveyed the campus structure for our configuration. And then we simulated many times with packet tracer and finally we got successful connection. We created four VLANs (10,11,12,13) for students and one (14) for both teachers and other departments and the last one (18) for wireless access.

Figure 3. Topology Design for Campus

Figure 3. Topology Design for campus network

Figure 4. VLANs Configuration on cisco catalyst 3560(Main Switch)

Figure 5. Configuration on MikroTik Router

Figure 6. Configuration on Student_Affair switch

Figure 7. Configuration on ISP router

Figure 8. VLANs information on Main_Switch

Figure 9. Configuration on Lab4 switch

VII. Conclusion

For the sake of VLANs, our campus got the more security between the different role of people in university. Students never get teacher’s data without permission. We think this implementation is a bit helpful for the people who interested about VLANs.

Table 1. List of commands used in discussion

Description

Commands

To change hostname in global configuration mode

Switch(config)# hostname Main_Switch

Create VLANs

Main_Switch(config)# vlan 10 (! 10 is vlan_id)

Main_Switch (config)# name Management

Assigning ports to access vlans

(In global configuration mode)

Main_Switch (config)# interface int_id

#switchport access vlan vlan_id #switchport mode access

#spanning-tree portfast

Back to the privileged executive mode

Main_Switch(config)#end

Configure trunk ports

(In global configuration mode)

Main_Switch(config)#interface int_id

#description trunk link to Student_Affair switch port 11

#switchport trunk encapsulation dot1q

# switchport trunk native vlan 1000 (1000 is native vlan interface)

# switchport trunk allowed vlan vlan_ids

#switchport mode trunk

To configure default route on Main_Switch and router

Main_Switch(config)#ip route 0.0.0.0 0.0.0.0 10.5.50.1

ISP (configure)#ip route 0.0.0.0 0.0.0.0 209.165.201.17

MikroTik(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.18

REFERENCES

[1] William Stallings, Data and Computer Communications, 9th edition, PEARSON

[2] James F. Kurose and Keith W. Ross, Computer Networking, A Top Down Approach, six edition PEARSON

[3] Mr J. Ramprasath, Dr S. Ramakrishnan, P. Saravana Perumal, M. Sivaprakasam, Vishnuraj, U. Manokaran, “Secure Network Implementation using VLAN and ACL”, International Journal of Advanced Engineering Research and Science (IJAERS), Vol-3, Issue-1 , Jan- 2016]ISSN: 2349-6495

[4] A.Inigo Mathew and Dr.S.R.Boselin Prabhu, “A STUDY ON VIRTUAL LOCAL AREA NETWORK (VLAN) AND INTER-VLAN ROUTING”, INTERNATIONAL JOURNAL OF CURRENT ENGINEERING AND SCIENTIFIC RESEARCH (IJCESR), VOLUME-4, ISSUE-10, 2017

[5] http://oitweb1.commserv.ucsb.edu/committees/ CNC-BEG/vlan_id.asp