How are routers with respect to MAC addresses?
They are L3 devices so they are not transparent with respect to them.
they separate broadcast domains
Is there a router in a LAN?
It is not required but is better to divide a LAN into multiple LAN’s when it becomes too big
Which are the benefits of having different LANs (and VLANs)?
The broadcast network is reduced so it is more secure
There cannot be broadcast between different LANs so attackers can perform MAC flooding and ARP spoofing only in a specific LAN and not through more LANs
Why VLANs?
It is better to divide a LAN into multiple LAN’s when it becomes too big and to not wast resources having N LANs each one with a physical infrastructure, fibers and port not used, we can divide single LAN into multiple VLANs
Which is the architecture of a switch that implements VLANs? Which protocol does it use?
- Spanning Tree Protocol
For each VLAN it has a FILTERING DATABASE based on backward learning.
THESE DATABASES IMPLEMENT FILTERING ON MAC ADDRESSES
VLAN example on the notes
How can we associate a frame to a specific VLAN?
- VLANs on a single switch: we mark the ports of the switch by associating each port to a specific VLAN
(port, VLAN) - VLANs on different switches ?????
Which port types can a VLAN have?
- Access: they receive and forward UNTAGGED frames. Typically this is the default configuration of hosts, routers,…
These ports are used to connect end stations to the network (= by using Ethernet) - Trunk: they receive and forward TAGGED frames and for this reason they have to be EXPLICITLY configured.
They are often used to connect switches, servers
How can be switches with respect to a VLAN?
- VLAN aware: both tagged and untagged frames
- VLAN unaware: only for untagged frames. They can have two possible behaviours
1. they forward tagged packets to devices that know have to handle them
2. they discard frames that are > 4B
Do professional and domestic products support VLAN in general?
professional: yes
domestic: no
Is VLAN P6P?
Generally no in fact domestic routers do not support the VLAN technology by default
How is network isolation with a VLAN?
- better but not perfect because even if frames cannot cross the VLAN which they belong to, a VLAN is part of a physical network that have links that can be problems that may propagate to the VLAN
+
VLANs do not protect from a broadcast storm
Main concepts to implement a VLAN
- An host can partecipate to multiple VLANs.
- if we have a VLAN we have tagged frames so we need trunk ports
- we need associations with MAC addresses
- better if the host cooperates by tagging its own packet
What is a broadcast storm?
A VLAN broadcast packet is not forwarded to other VLANs but it goes to the same router that is shared between multiple VLANs.
If a VLAN sends too much broadcast traffic then the router is congested and other VLANs will not receive their own traffic
How to improve network isolation even if there are VLANs?
QoS with Round Robin based on VLAN ID that ensures a minimum amount of bandwidth for each VLAN
