|
|
VlanDirector network management software is an application in the CiscoWorks for Switched Internetworks (CWSI) suite of network management applications. CWSI applications enable you to configure, monitor, and manage a switched internetwork. CWSI includes the following applications:
The VlanDirector application provides virtual LAN management for Catalyst and LightStream ATM switches. It enables you to configure and modify virtual LANs (VLANs), including those that span ATM networks using LAN Emulation (LANE). Using a graphical user interface (GUI), you can create, discover, and display VLANs and the LANE components in your network. VlanDirector superimposes the VLAN and LANE components you choose on the CWSI topology map.
For information about getting started with CWSI and the other CWSI applications refer to the following:
You can create VLANs using the command line interface (CLI) on your switch, using CiscoView, or using VlanDirector.
VlanDirector simplifies the creation and management of VLANs, enabling you to easily perform configuration operations. You can create, modify, and delete VLANs and VLAN ports from a central point.
VlanDirector provides the following features:
A traditional LAN is configured according to the physical infrastructure it is connecting. Users are grouped based on their location in relation to the hub they are connected to and how the cable is run to the wiring closet. Segmentation is typically provided by the routers that connect each shared hub.
A virtual LAN (VLAN) is a switched network that is logically segmented by functions, project teams, or applications regardless of the physical location of users. Each switch port can be assigned to a different VLAN. Ports in a VLAN share broadcasts; ports that do not belong to that VLAN do not share these broadcasts.
Switches remove the physical constraints imposed by a shared-hub architecture because they logically group users and ports across the enterprise. As a replacement for shared hubs, switches remove the physical barriers imposed in each wiring closet.
Figure 1-1 illustrates the difference between LAN and VLAN segmentation.
VLANs provide the following features:
A VLAN-segmented network comprises the following elements:
In order to implement VLANs in your network, you need to turn on VLAN Trunk Protocol (VTP) on all switches that will participate in the VLAN-segmented network.
Using VTP, each switch advertises its management domain on its trunk ports, its configuration revision number, and its known VLANs and their specific parameters. A VTP domain is made up of one or more interconnected devices that share the same VTP domain name; it defines the boundary of the specified VLAN. A switch can be configured to be in only one VTP domain.
When you create a VLAN, you must select the VTP domain (represented as a folder in the VlanDirector Names window) of which the VLAN will be a member. Using VlanDirector, you establish a name for the VLAN and an index number. This information is used to identify the VLAN throughout the VTP domain.
After creating the VLAN, you add ports to it, thereby adding end users to the VLAN.
VlanDirector is a real-time application, so additions, changes, or deletions are immediately applied to devices in the network and are reflected in network operation.
Adds, moves, and changes are one of the greatest expenses in managing a network. Many moves require recabling and almost all moves require new station addressing and hub and router reconfiguration.
VLANs simplify adds, moves, and changes (Figure 1-2). VLAN users can share the same network address space regardless of their location. If a group of VLAN users move but remain in the same VLAN connected to a switch port, their network addresses do not change. If a user moves from one location to another but stays in the same VLAN, the router configuration does not need to be modified.
Broadcast traffic occurs in every network. If incorrectly managed, broadcasts can seriously degrade network performance or even bring down an entire network. Broadcast traffic in one VLAN is not transmitted outside that VLAN, which substantially reduces overall broadcast traffic, frees bandwidth for real user traffic, and lowers the vulnerability of the network to broadcast storms.
You can control the size of broadcast domains by regulating the size of their associated VLANs and by restricting both the number of switch ports in a VLAN and the number of people using these ports.
You can also assign VLANs based on the application type and the amount of application broadcasts. You can place users sharing a broadcast-intensive application in the same VLAN group and distribute the application across the campus.
You can use VLANs to provide security firewalls, restrict individual user access, flag any unwanted intrusion to the network, and control the size and composition of the broadcast domain.
You can increase security by segmenting the network into distinct broadcast groups. Doing this has the following advantages:
|
|