VLAN 1

Running head: VLAN

VLAN

David “Toby” Meyers

NTC/242 - Intro to WAN Technologies

Amr Elchouemi
 VLAN 2

March 8, 2011VLAN

This is a plan to create a Virtual Local Area Network (VLAN) over several remote

locations to connect to a decentralized management location. A VLAN makes the topology

conform to the organizational structure instead of the physical structure of the network. It

provides privacy and security while using a public network for its backbone like the Internet.

This plan segments the network into different broadcast domains to avoid bandwidth

consumption and that ensures the network is not flooded with packets.

A VLAN is a network that allows network components spread over different geographic

locations to communicate as if they were part of a LAN. “A VLAN is a logical local area

network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments,

given specific configurations. Because a VLAN is a logical entity, its creation and configuration

is done completely in software,” (Sharma, 2010, p. 1).

Client switches and management switches will comprise this VLAN. The management

switch will identify all client switches. A random character string will identify each segment

differently. Client Switches forward to the correct Network Segment by the segment

identification. Packets filtered to network segments so the network will be less chance of

collision and network traffic.

The VTP mode used to configure the switches is transparent. Transparent schemes do not

broadcast their configuration (Cisco, 2009). Once configured, they will not attempt to

reconfigure. This means that a tech will reprogram every switch when it expands. This will

provide an extra level of security in case of a compromised network segment. The type of switch

is a multilayer switch that will be able to read further into the packets to ensure correct

addressing and only authorized content.

 VLAN 3

Simple identification by IP address and MAC address is not sufficient. When spoofed,

the switches and routers will not be able to tell the difference. To improve security an open

source encryption system with a proprietary set of keys. Encryption systems configured to give

only certain keys to certain network segments so that management has control over information.

This way if employees or outside interference compromise locations, only authorized

information is at that location, preventing further security breaches.

VLAN membership by MAC address shall be the protocol of the Network. The value of

this type of membership is near positive identification; one has to know a MAC address and its

component function in order to spoof it. Backing up the vlan.dat file of the switches to save the

configuration of each network so incase of switch failure reconfiguration only takes as long as

replacement or it takes to reboot the switch or the rest of the network.

 VLAN 4

Conclusion

This plan segments the network into different broadcast domains to avoid bandwidth

consumption and that ensures the network is not flooded with packets. It creates a VLAN over

several remote locations to connect to a decentralized management location. The improved

security plan calls for an open source encryption system with a proprietary set of keys. VLAN

membership by MAC address shall be the protocol of the Network.

 VLAN 5

References

Sharma, (2010). What is VLAN?

Retrieved on February 18, 2011 from: Articles Base

http://www.articlesbase.com/networks-articles/what-is-vlan-3017766.html.