Friday, 13 July 2012

Tutorial – VLANS, what they are and how they work

Tutorial – VLANS, what they are and how they work

Virtual Local Area Network (VLAN)What is a VLAN?Well Cisco defines a VLAN as:


A switched network that is logically segmented on an organizational basis, by functions, project teams, or applications rather than on a physical or geographical basis.
What this is saying is that a VLAN is not defined by any physical restrains or needs, it can span an entire country or can be in the same floor in an office. VLANs are formed for administrative purposes and not geographical purposes.
So what are they?
Well, in a nut shell a VLAN is a LAN that functions separately from the physical LAN it is located in.
Take this following example:
You have an office in London and an office in Manchester and you need to put a small network in place between both of them.
You find out there is already a Fibre Optic network linking the two of them up but this network needs to be completely separate from yours.
Do you buy your own fibre, routers, firewalls, switches etc and have a completely separate network? …..You could but it’s not a very cost effective solution for a small network.
What about ‘piggy backing’ on the existing network? It would cut cost’s down considerably and would make use of a network that is already in place and working perfectly. However you have been told the networks must remain separate from start to finish and not interfere with each other in anyway.
The simple solution is to designate a port on each switch to a VLAN – say VLAN 30 in this case.
Say your new network is a 192.168.200.0 network and the existing network is a 10.0.0.0 network. You speak to the network engineer who runs the existing one and ask him very nicely, whilst placing a crate of Fosters on his desk, if he can put a port on each switch in to VLAN 30.
Obviously he agrees and drops everything to do this for you.
Now in essence, there is as good as two different networks linking the two buildings together but in reality there is only one ‘set’ of hardware in place. The 10.0.0.0 network is completely separate from the 192.168.200.0 network as far a routing is concerned; they just share the same switches is all.
Or a smaller problem maybe you have different departments in your office that need to be segregated from each other. Say a finance dept and a sales dept.
The finance department deals with sensitive data that should not be seen by anyone in other dept’s. One way to get around this problem is to place the finance department in to their own VLAN. That way anyone not in this VLAN will not be able to have access to it without first going through a router – on the router you place Access Control Lists (ACL’s) to restrict who can use this VLAN and who can’t.
“In switched networks, routers perform broadcast management, route processing and distribution, and provide communications between VLANs. Routers provide VLAN access to shared resources and connect to other parts of the network that are either logically segmented with the more traditional subnet approach or require access to remote sites across wide-area links.”
Before switches the only way to have this functionality was with routers using different interfaces for different networks, now we can use ports on a switch to virtually place it in a different network!
Hopefully by now you get the gist of why we have VLANS, so now let’s take a look at how they work!
How VLANs Operate
So we know that we can assign a switch port in to a VLAN and this will keep all the data separate from other VLANS but how does this work?
This works by what is called VLAN Frame Tagging.
As we all know, once data has got to Layer 2 on the OSI Model it is known as a frame – switches live at layer two and switch frames – VLANs are defined at layer 2 on a switch – so Frames are what get routed by switches and what we need to route between VLANs.
To accomplish this fames are tagged with a ‘tag’ or a VLAN ID (VID, vID, V-id) This VLAN ID allows any switch that is may pass through to make the correct decision about which port to forward it out of.
So our frame gets tagged with the VLAN 30 ID as soon as it arrives at the first switch in the VLAN in, say, London.
That switch than takes a look to what port is in VLAN 30, if any. If there are no ports in VLAN 30 the frame is dropped. If there are frames in VLAN 30, the usual MAC address process takes place and the frame is forwarded out of the correct port accordingly, as long as the port is in VLAN 30. Notice this was done on a MAC level basis, which is why we can switch different IP addresses from different networks without the aid of a router.
From a Cisco point on view:
“The VLAN ID allows VLAN switches and routers to selectively forward packets to ports with the same VLAN ID. The switch that receives the frame from the source station inserts the VLAN ID and the packet is switched onto the shared backbone network. When the frame exits the switched LAN, a switch strips header and forwards the frame to interfaces that match the VLAN colour. If you are using a Cisco network management product such as VlanDirector, you can actually colour code the VLANs and monitor VLAN graphically.”
So this is how switches keep track of the frames, what VLAN they belong to and why they can switch packets from different networks.
If a frame arrives for a VLAN that has not been configured it is dropped. If a frame arrives for a VLAN that is configured it is only sent out of a port that is in the matching VLAN as what is in the header of the frame.
A port can be configured to allow only frames with a VLAN ID tag, frames with no VLAN ID tag or both. If a frame is received that is not what the port has been configured for, it is simply dropped.
A switch port can be statically assigned to a VLAN therefore no matter what is plugged in to the port it will always be in the relevant VLAN. This is known as a Static VLAN and is beneficial in a properly administered network where moves are properly planned and conducted.
Or you can populate a MAC table on a switch and tell it which MAC address belongs to which VLAN – know as a Dynamic VLAN, the benefit of this is that you can place a work station anywhere on the LAN and the switch will always place it in the correct VLAN – no further configuration of the switch is required.
So that’s a very basic look at how a VLAN operates.
Let’s take a brief look at one of the most significant side effects of a VLAN – Security.
Contrary to popular belief VLANs where not invented to improve network security – the added security is a bonus to implementing a VLAN.
Although I have said earlier that the only way to talk between two VLANS is via a router – like everything IT related someone will find a way to get around any security restriction sooner or later. It must be noted that this only works on older switches.
The following is knows as a ‘Temporary VLAN Cut-Through After VLAN Change’ and is taken from the Cisco web site:
“If systems have established TCP/IP communications on the same VLAN, then the switch gets configured so that one system’s port now belongs to a different VLAN. Communications continues between the two systems because each has the MAC address of the other in its ARP cache, and the bridge knows which destination MAC addresses gets directed to which port.
In the second example, someone wishing to hop VLANs manually enters a static ARP entry for the desired system. Doing so requires that the person somehow learns the MAC address of the target system, perhaps through physical access to the target system.
Each of these two examples can be blocked by using switch software that removes the information necessary for passing packets between VLANs. In higher end Cisco switches, separate spanning trees, the tables that map MAC addresses to ports, exist for each VLAN. Other switches either have similar features, or can use configuration to filter the bridging information available to members of each VLAN.”
As we all now spoofing an IP source addresses has been around for many years, and spoofing VLAN tags is no different. The 2.4 Linux kernels have support for acting as VLAN switches, and can generate any VLAN tag that the user wants to. Other software exists for spoofing VLAN tags such as Sniffer Pro v.2.0.01.
More information about VLAN ID spoofing with Linux here:
http://www.candelatech.com/~greear/vlan.html
Certain conditions have to be meet for VLAN Hopping to be successful:
The MAC addresses of the target system have to be known in advance.
The attacker must belong to the same VLAN as the trunk used to connect the switches.
You can easily prevent VLAN hopping by configuring trunk ports so their VLANs do not match the VLAN ID of any other VLANs that you have configured.
By default, the native VLAN for a trunk will be VLAN ID one, the default for any VLAN. You can choose to set the native VLAN for trunks to be 99, or any value that your switch supports and is not used for any other VLAN to prevent VLAN Hopping.
Well that is a very basic overview of VLANs – what they are and how they work. There is more to VLANs and I have left a lot out as this did seem to get rather lengthy very quickly!
I may do a more advanced one in the upcoming months!

Friday, 13 July 2012 by My Fitness Bucket · 0

Monday, 11 June 2012

World IPv6 Launch

Major Internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are coming together to permanently enable IPv6 for their products and services by 6 June 2012.
Organized by the Internet Society, and building on the successful one-day World IPv6 Day event held on 8 June 2011, World IPv6 Launch represents a major milestone in the global deployment of IPv6.  As the successor to the current Internet Protocol, IPv4, IPv6 is critical to the Internet's continued growth as a platform for innovation and economic development.



This Time It is For Real

Major Internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are uniting to redefine the global Internet and permanently enable IPv6 for their products and services on 6 June 2012.



Monday, 11 June 2012 by My Fitness Bucket · 0

Tuesday, 8 May 2012

Hi, we all know that facebook founder Mark Zuckerberg stole the idea of facebook from two twin brothers in harvard university in 2001


Hi,
we all know that facebook founder Mark Zuckerberg stole the idea of facebook from two twin brothers in harvard university in 2001..... later on they sued and got 65 million dollars. in 2009 they started a new project(ZURKER) and launched the beta version in dec 2011.u can join it now and become a share holder of this website.this feature of share is added by them.currently thousands of members are joining this web site in uk alone.its totally free. join today and become share holder now from india. dont use different country ip to join because as beta it is limited to 7 countries only.India n US ppl can create their account.facebook is worth 50 billion today but its users getting 0%. so this new idea is conceived by the twins where the users r the actual owners.For every new friend referral, you will get 2 vshares. and you can join only through invitation.Click on the below link to join.you can only join thru referral.




http://www.zurker.in/i-104202-hxnvwvkryh

Tuesday, 8 May 2012 by My Fitness Bucket · 0

Friday, 10 February 2012

List of Websites which can starts your Freelancing writing career over the internet.


 


The content writing is the process of posting your thought and blog or any type of the writing contents over the internet through the website and messengers. And there are a lot of website available on the internet which can provide you content writing job where you can put up your own contents and redeem the balance.
So, Today I'm giving you some of the special website's name where you can find and place the web contents and get more to more profit online with the minimum time efforts.


Freelancer
Freelancer (previously GetAFreelancer) is a freelance job board offers for the IT person, writing, programming, design and so much more – if you have the skill for it, Freelancer can help you find a client. Freelancer is great for writers to get started by providing massive jobs – some require over 500+ articles to be written!


oDesk
oDesk offers a wide variety of jobs which can easily be accomplished online. Although the pay isn’t always the best, the sheer amount of jobs available will always give you something to do.

ELance
eLance is one of the best and world's leading platform for online employment, Elance helps businesses hire and manage in the cloud You will need to register to view more details and bid on jobs but the eLance community is very mature and bridges the gap between clients and those seeking online pay.

ArticleMe is a fairly new article marketplace which allows you to write and submit articles to directly sell to clients. Unlike other websites for finding freelancing writing gigs, ArticleMe puts you in control from the subject of your content to the price you charge per article.


Constant-Content
Constant-Content is one of the premiere article marketplaces for serious freelance writers to make money online. Because Constant-Content is so mature, writers can demand top dollar for their articles (charging upward of $100+ each article!). Constant-Content has a strict editorial process but the large marketplace and demand for writing makes this marketplace one of the best.

Friday, 10 February 2012 by My Fitness Bucket · 0

All Rights Reserved Hacking Tricks | Blogger Template by Bloggermint
Sponsored by Florida Phone Book, Florida Accountants, Optician Jobs