VLANs

Question 1

How are routers with respect to MAC addresses?

Answer 1

They are L3 devices so they are not transparent with respect to them.

they separate broadcast domains

Question 2

Is there a router in a LAN?

Answer 2

It is not required but is better to divide a LAN into multiple LAN’s when it becomes too big

Question 3

Which are the benefits of having different LANs (and VLANs)?

Answer 3

The broadcast network is reduced so it is more secure

There cannot be broadcast between different LANs so attackers can perform MAC flooding and ARP spoofing only in a specific LAN and not through more LANs

Question 4

Why VLANs?

Answer 4

It is better to divide a LAN into multiple LAN’s when it becomes too big and to not wast resources having N LANs each one with a physical infrastructure, fibers and port not used, we can divide single LAN into multiple VLANs

Question 5

Which is the architecture of a switch that implements VLANs? Which protocol does it use?

Answer 5

• Spanning Tree Protocol

For each VLAN it has a FILTERING DATABASE based on backward learning.
THESE DATABASES IMPLEMENT FILTERING ON MAC ADDRESSES

Question 6

VLAN example on the notes

Question 7

How can we associate a frame to a specific VLAN?

Answer 7

1. VLANs on a single switch: we mark the ports of the switch by associating each port to a specific VLAN
   (port, VLAN)
2. VLANs on different switches ?????

Question 8

Which port types can a VLAN have?

Answer 8

• Access: they receive and forward UNTAGGED frames. Typically this is the default configuration of hosts, routers,…
  These ports are used to connect end stations to the network (= by using Ethernet)
• Trunk: they receive and forward TAGGED frames and for this reason they have to be EXPLICITLY configured.
  They are often used to connect switches, servers

Question 9

How can be switches with respect to a VLAN?

Answer 9

• VLAN aware: both tagged and untagged frames
• VLAN unaware: only for untagged frames. They can have two possible behaviours
  1. they forward tagged packets to devices that know have to handle them
  2. they discard frames that are > 4B

Question 10

Do professional and domestic products support VLAN in general?

Answer 10

professional: yes
domestic: no

Question 11

Is VLAN P6P?

Answer 11

Generally no in fact domestic routers do not support the VLAN technology by default

Question 12

How is network isolation with a VLAN?

Answer 12

• better but not perfect because even if frames cannot cross the VLAN which they belong to, a VLAN is part of a physical network that have links that can be problems that may propagate to the VLAN

+

VLANs do not protect from a broadcast storm

Question 13

Main concepts to implement a VLAN

Answer 13

• An host can partecipate to multiple VLANs.
• if we have a VLAN we have tagged frames so we need trunk ports
• we need associations with MAC addresses
• better if the host cooperates by tagging its own packet

Question 14

What is a broadcast storm?

Answer 14

A VLAN broadcast packet is not forwarded to other VLANs but it goes to the same router that is shared between multiple VLANs.
If a VLAN sends too much broadcast traffic then the router is congested and other VLANs will not receive their own traffic

Question 15

How to improve network isolation even if there are VLANs?

Answer 15

QoS with Round Robin based on VLAN ID that ensures a minimum amount of bandwidth for each VLAN