1 hour 53 minutes

Video Description

In this section we make the leap into a more intelligent layer of the OSI model with the addition of IP addressing at layer 3. This introduction includes both the protocols that reside at layer 3, as well as the more complex - and expensive - layer 3 devices, most notably, routers. As we saw in the previous section, there is only so much that can be accomplished towards reducing data collisions even with the move to layer 2 switches from old fashioned hubs. The issue of multiple broadcast domains and the traffic congestion they cause can be effectively dealt with by taking advantage of IP addressing at layer 3. We'll examine an enhanced feature available on some layer 2 switches known as VLANs (Virtual LANs). VLANs provide isolated broadcast domains on switches supporting this feature. Just keep in mind that even with this feature, these are still layer 2 devices natively and as such, don't possess the ability to understand IP addressing. For this level of addressing, we need to look to routers, which are layer 3 devices. We point out in this section that routers come with a price both in the form of higher cost and more complex configurations. We make the important note that routers are required in order to interconnect VLANs since this can only be accomplished via IP addressing. Finally, we emphasize that these subtle distinctions are important to know for the CISSP exam.

Video Transcription

Now we just talked about with switches that we don't get broadcast isolation, and the reason for that is broadcast isolation is kind of a layer three function, or at least it certainly has very strong elements of later. Three. Because to broadcast, there's a specific I P address that's used.
So, for instance, if you're on the 10 Network, the broadcast addresses
10 not 255255255 So it's It's a layer three function in switches. Natively
don't provide that functionality. Okay, so traditionally to get broadcast isolation what we've used a routers layer three devices that are able to understand that this domain to the left, maybe the 10 network in this domain to the right might be the $10.8 network or
the 1921680 network, whatever that may be.
So traditionally broadcast isolation has been done on Layer three devices, and that's what rounders do. So the two things routers do. They use I P addresses to direct traffic, and they use their able to isolate broadcast traffic.
But robbers are expensive,
and you know when we talk about routers being expensive, it's not even necessarily that when you look at the price tag on a router, it's that much different than the price tag on a switch. But when you go out and get a switch, you're gonna get 24 ports for 36 ports or 48 port. When you go out and buy a router is forest land ports go. You're gonna get one,
maybe two.
Okay, so on a port by port basis routers are very expensive. So what we'd like to be able to do is to get that broadcast isolation on a switch to save money.
Not all switches do this natively, but most switches today provide an operating system function of, ah, virtual land of the land. And what a villain does is it creates broadcast remains on a switch.
So the nice thing about that is they're very easy to configure. They're very easy to reconfigure that could be logically grouped, much more so than being physically group.
It's a very good environment, tohave so ultimately I'll create assuming the switch allows it. I'll create virtual lands and I'll assign port one D virtual land to the sales, the land or the finance feeling under the H R V Land.
And the nice thing is, is multiple villains could be on a switch.
Were a single villain conspire and multiple switches. So again, you get a lot of flexibility here, and it's much cheaper than doing this on a router. However, switch is still our layer two devices natively.
So if you create billions on a layer to switch, you have true isolation
between the finance villain in this case in the H R V land.
Okay, and what I mean by that is users and HR can't contact finance and finance can't contact a jar because in order to do so, we would need a device in the middle that understands that the finance domain is on the 10.0 network in the h ours on the 10.8 and a switch doesn't have that understand.
So what we need is a layer three device, and that's why if you've ah, you're familiar with layer three switches, we bring layer three switches in, not just so that we can have the lands, but so that we can have inner villain communication. Okay,
so the point I want to stress to you here certainly for testing purposes, but also just true and in the world
but switches a layer to device. What it does natively is it uses Mac addresses to direct traffic, and it isolates collision domains.
Routers layer three device isolates broadcast traffic and uses I P addresses.
V lands can be implemented on some switches to get broadcast isolation on a switch,
and then a layer three switch would be necessary to have the villains communicate. So I hope that makes sense. There really are some fine distinctions there, and I would certainly want you to know those for the purpose of the exam.

Up Next

Communication & Network Security

Domain 4 focuses specifically on the basic network and telecommunications concepts. This includes, but is not limited to: secure network architecture design ...

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor