VLAN
VLAN
· Jomplair · Lexicon Lab

VLAN (Virtual Local Area Network)

VLAN (Virtual Local Area Network) is a logical segmentation of a physical network into multiple broadcast domains. It allows devices to be grouped together even if they are not physically connected to the same switch. VLANs improve network performance, security, and manageability by isolating traffic and reducing broadcast domains.

Basic Concepts of VLAN

  1. Broadcast Domain:
    • A VLAN creates a separate broadcast domain, meaning devices in one VLAN cannot directly communicate with devices in another VLAN without routing.
  2. VLAN ID:
    • Each VLAN is identified by a unique VLAN ID (a number between 1 and 4094).
  3. Tagged vs. Untagged Frames:
    • Tagged Frames: Include a VLAN tag (802.1Q header) to indicate which VLAN the frame belongs to.
    • Untagged Frames: Do not include a VLAN tag and are assumed to belong to the native VLAN (default VLAN).
  4. Default VLAN:
    • By default, all switch ports belong to VLAN 1 (the default VLAN). This can be changed by the network administrator.

VLAN Frame Format

To support VLANs, Ethernet frames are modified to include a VLAN tag. The VLAN tag is inserted after the source MAC address and consists of the following fields:

Field

Size

Description

TPID (Tag Protocol Identifier)

2 bytes

Always set to 0x8100 to indicate an 802.1Q VLAN tag.

PCP (Priority Code Point)

3 bits

Used for QoS (Quality of Service) to prioritize traffic.

DEI (Drop Eligible Indicator)

1 bit

Indicates whether the frame can be dropped in case of congestion.

VID (VLAN Identifier)

12 bits

The VLAN ID (1–4094) that identifies the VLAN to which the frame belongs.

Example of a Tagged Ethernet Frame

| Preamble | SFD | Destination MAC | Source MAC | TPID (0x8100) | PCP | DEI | VID | EtherType | Payload | FCS |

How VLANs Work

  1. VLAN Creation:
    • A network administrator creates VLANs on a switch and assigns ports to specific VLANs.
    • Example: Ports 1–10 are assigned to VLAN 10, and ports 11–20 are assigned to VLAN 20.
  2. VLAN Tagging:
    • When a device sends a frame, the switch adds a VLAN tag to the frame if the port is configured as a tagged port (trunk port).
    • Example: A frame from a device in VLAN 10 is tagged with VID=10.
  3. VLAN Untagging:
    • When a frame reaches its destination VLAN, the switch removes the VLAN tag before forwarding the frame to the destination device.

Inter-VLAN Communication

Devices in different VLANs cannot communicate directly because they are in separate broadcast domains. To enable communication between VLANs, a Layer 3 device (such as a router or Layer 3 switch) is required. Here’s how it works:

  1. Router-on-a-Stick:
    • A router is connected to a switch via a trunk port.
    • The router has sub-interfaces, each configured with an IP address for a specific VLAN.
    • The router forwards traffic between VLANs based on IP addresses.
  2. Layer 3 Switch:
    • A Layer 3 switch can perform both switching and routing.
    • It uses Switched Virtual Interfaces (SVIs) to route traffic between VLANs.

VLAN Implementation Mechanisms

  1. Port-Based VLAN:
    • Ports on a switch are manually assigned to specific VLANs.
    • Example: Ports 1–10 are assigned to VLAN 10, and ports 11–20 are assigned to VLAN 20.
  2. Dynamic VLAN:
    • VLAN membership is dynamically assigned based on criteria such as MAC address, IP address, or user authentication.
    • Example: A device with MAC address 00:1A:2B:3C:4D:5E is automatically assigned to VLAN 10.
  3. Protocol-Based VLAN:
    • VLAN membership is determined by the protocol type (e.g., IPv4, IPv6, IPX).
  4. MAC-Based VLAN:
    • VLAN membership is determined by the source MAC address of the device.

VLAN Benefits

  1. Improved Security:
    • Isolates sensitive traffic (e.g., finance or HR) from other departments.
  2. Reduced Broadcast Traffic:
    • Limits broadcast domains, reducing unnecessary traffic and improving performance.
  3. Simplified Network Management:
    • Allows logical grouping of devices regardless of their physical location.
  4. Flexibility:
    • Devices can be easily moved to different VLANs without changing their physical location.

VLAN Configuration Example

Port-Based VLAN Configuration (Cisco Switch)

Switch(config)# vlan 10

Switch(config-vlan)# name Sales

Switch(config-vlan)# exit

Switch(config)# interface range GigabitEthernet0/1 - 10

Switch(config-if-range)# switchport mode access

Switch(config-if-range)# switchport access vlan 10

Dynamic VLAN Configuration (Using MAC Address)

Switch(config)# vlan 10

Switch(config-vlan)# name Engineering

Switch(config-vlan)# exit

Switch(config)# mac-address-table static 00:1A:2B:3C:4D:5E vlan 10

Default VLAN

  • By default, all switch ports belong to VLAN 1 (the default VLAN).
  • The default VLAN can be changed, but it is recommended to keep VLAN 1 for management purposes.

VLAN Tagging and Trunking

  • Access Port: A port that belongs to a single VLAN and does not tag frames.
  • Trunk Port: A port that carries traffic for multiple VLANs and tags frames with VLAN IDs.

Trunk Port Configuration (Cisco Switch)

Switch(config)# interface GigabitEthernet0/24

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk allowed vlan 10,20,30

Latest posts