Uploaded by Noor Shams

Report for Opnet khulood

advertisement
Simulation of Virtual LANs (VLANs) Using OPNET
Khulood Salem Mohammed ALwasabi
Faculty of Engineering, Computers and Control Engineering Department,
Abstract: Virtual LANs (VLANs) offer a method of dividing one physical network into multiple
broadcast domains. This paper simulates a VLAN using OPNET. Different scenarios are designed
and simulated, where a step-by-step procedure using the workspace of OPNET is given. The first
scenario will build a network for a university with two departments. Each department has three
local area networks. One LAN is for the professors, the second is for the staff members, and the
third is for the students. The university has three servers: one server is for research, the second is
for human resources databases, and the third server is for online courses (e-learning). The second
scenario uses VLANs to allow access to the research server only by professors. The staff members
are allowed to access only the human resources server. The students can only access the e-learning
server. The VLANs settings will not allow a hacker to have access to any of the servers.
In the third scenario, a router is added to allow for communication between different VLANs.
Here we will allow both the professors and students to communicate with each other and to
have access to both the research and e-learning servers. The simulation results show us that
VLANs also decrease the load on some of the links in the networks.
Introduction
Virtual LANs (VLANs) have recently developed into an integral feature of switched LAN solutions
from every major LAN equipment vendor. A virtual LAN (VLAN) is any broadcast domain that is
partitioned and isolated in a computer network at the data link layer (OSI layer 2). This is usually
achieved on switch or router devices. Simpler devices only support partitioning on a port level (if
at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More
sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may
be used to transport data for various VLANs. Grouping hosts with a common set of requirements
regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the
same attributes as a physical local area network (LAN), but it allows for end stations to be grouped
together more easily even if they are not on the same network switch. VLAN membership can be
configured through software instead of physically relocating devices or connections. Most
enterprise-level networks today use the concept of virtual LANs. Without VLANs, a switch
considers all interfaces on the switch to be in the same broadcast domain. In this lab, we will build
a network for a university with two departments. Each department has three local area networks.
One LAN is for the professors, the second is for the staff members, and the third is for the students.
The university has three servers: one server is for research, the second is for human resources
databases, and the third server is for online courses (e-learning).
VLAN TYPES
1. No_VLAN Scenario :
the setting of the network allows all members of computer into any of the network switches
can also have access to the network servers.
2. VLAN Scenario:
scenario uses VLANs to allow access to the research server only by professors. The
staff members are allowed to access only the human resources server. The students can
only access the e-learning server. The VLANs settings will not allow a hacker to have access
to any of the servers. both departments to have access to all three servers. Even a hacker
who plugs his or her.
3. The VLAN_Comm Scenario:
Scenario a router is added to allow for communication between different VLANs. Here we
will allow both the professors and students to communicate with each other and to have
access to both the research and e-learning servers. The simulation results show us
that VLANs also decrease the load on some of the links in the networks.
VLAN Identifier (VID)
VLAN Members
1111
Professors_A LAN, Professors_B LAN, and Research_Server.
2222
Staff_A LAN, Staff_B LAN, and HR_Server.
3333
Students_A LAN, Students_B LAN, and ELearning_Server.
Table (1): shows the VLANs we plan to create and the members of each VLAN.
|P age 1
Simulated Model Design
Network Configuration :
Each object in the VLAN Model (server, node, and application) has a specific set of parameters. In
general those parameters can be classified as follows:
•
•
Application Parameter: Application Attribute definition will be used to create user
profiles; these profiles can be specified on different nodes in a network designed to
generate the application traffic.
Profile Parameter: Profile Attribute definition is used to specify/choose the required
application among the available applications such as FTP, HTTP, Video, Voices, and Print
etc.
Figure 1: Configuration Profile different applications
• Server Parameters: In each server, supported services are based on the user profiles that
may support FTP, HTTP, VoIP, Video, etc....
• Nodes Parameters (PC): Network parameters are set for all nodes, such as workstations
as shown in figure 2.
Figure 2: Configuration node with applications
|P age 3
Scenarios:
Scenario #1: "NO_VLAN"
This scenario generates network traffic without any separation between departments (classical
network). To configure no VLANs, specify "NO_vlan" as the value for the "VLAN scheme" attribute
on the switch devices which support VLANs. Switch devices, connected to gather by 100baseT links
and each port in switch connection with several PC and the server. In the first case three network
department is shown in figure 3.
Figure 3: First scenario "No_vlan" with three Departments.
• Scenario
#2:" Vlan"
The previous network has been modified and configured in order to generate three VLAN (1111,
2222, and 3333) as shown in figure 5. The procedure configuring VLAN is as follows:
1. Select Duplicate Scenario from the Scenarios menu and name it VLAN.
2. In the new scenario, select Switch_A , Switch_B , and ServersSwitch simultaneously .
3. Expand the VLAN Parameters hierarchy.
Figure4: Edit the Supported VLANs attribute
4. Connected all the node with other,groub1(Professors_A LAN, Professors_B LAN, and
Research_Server) the cables connected between them yellow color as shown figure 5.
Figure 5: Group1
|P age 5
group2(Staff_A LAN, Staff_B LAN, and HR_Server.) the cables connected between them
white color as shown figure 6.
Figure 6: Group2
group3(Students_A LAN, Students_B LAN, and ELearning_Server.) the cables connected
between them blue color as shown figure 7.
Figure 7: Group3
• Scenario
#3:" Vlan_Comm"
The VLAN scenario members of each VLAN are not allowed to communicate with members
of any other VLAN. Assume that we need students to have access to the Research_Server and
we need the professors to have access to the ELearning_Server. In this case, we need VLAN1111
to communicate with VLAN3333. This can be done on the IP layer by configuring a router to
forward traffic between the two VLANs. Each VLAN will be assigned its own IP subnetwork.
Figure 8:vlan with router
Now we need to assign the members of each VLAN to the same IP subnetwork.
Figure 9: IP subnetwork
|P age 7
Results – Evaluation
This section introduces the results for the scenarios that highlight comparison between with and
without VLAN mechanism on the network have different types of traffic. The results related to
these scenarios are presented and analyzed in the following subsections.
Figure 10: Show Animations
Figure 11: Simulation Speed
Figure 12: Simulation(ServerSwitch<->CenterSwitch)
|P age 9
Figure 13: Simulation (Research_Server<->ServerSwitch)
Figure 14: Simulation(Elearning_Server<>ServerSwitch)
Figure15: Ethernet delay between three VLAN
conclusion:
When the number of PCs increased in a local area network, the need for configuring VLANs
becomes necessary in order to reduce the traffic handled by the main switch. As it had been shown
in the analysis Performed in this paper, increasing the number of VLANs reduce the traffic rapidly,
can also control the size and composition of the broadcast domain by controlling the size and
composition of a VLAN.This is due to the fact that VLANs creates many broadcast domains. The
other conclusion is related to security. VLAN groups, many PCs into multiples LANs as if they are
physically separated. The reduction in traffic using 3_vlans is around 50% with NO-vlan and
increase reduced when moving to 6_vlans 60% with NO–VLAN. This means that a gain of an extra
can be added to the overall network. Finally, the results also show that, advice on a VLAN is
restricted to only communicate with devices that are on their own VLAN. Just as a router
Reference:
1. Tambe, S. S., (2015) “Wireless technology in networks”, International Journal of Scientific and Research
Publications
2. Rik Farrow, "VLAN INSECURITY on 2014-04-21http:// rikfarrow.com/Network/net0103.html.".
3. AlliedWare Plus™ OS, "Overview of |VLANs (Virtual LANs)", 2008 Allied T ele sis, Inc.
| P a g e 11
Download