VLAN: How Does It Change Your Network Management?

Updated on Oct 8, 2021

 17.8k

VLAN is playing an important role in basic networking like enterprise network and the campus network. VLAN not only enables engineers to have a good control of their network systems but improves network security and scalability. It’s the foundation to provide management in the world of virtualization, even where virtual machines are constantly migrating, challenging the very basics of network management. In this tutorial, the basic knowledge like VLAN configuration, VLAN Tagging and inter VLAN routing will be explored.

What Is a VLAN and Why Is It Needed?

With VLAN, a LAN network can be segmented into different groups, and data in group A cannot be forwarded to group B or other groups, which improves network security and simplify management. As the following figure shows.

Figure 1: VLAN Networking

Then why VLAN is needed in networks? VLAN reduces the exclusively broadcasts by logically segmenting a large network into many smaller ones, controlling broadcast traffic as well as improving network efficiency.

You can learn more about VLAN technology in Understanding Virtual LAN (VLAN) Technology.

VLAN Configurations

Usually, there are two ways for VLAN configuration—static VLAN and dynamic VLAN. And the configuration depends on the needs of the VLAN.

Static VLAN: it is created by assigning ports to one VLAN. And if users change the access port to the VLAN, the port should be configured again, which is difficult to manage for those larger networks.

Dynamic VLAN: it is much flexible than static VLAN. It often created using software or protocol.

Usually, dynamic VLAN can be classified into three categories: MAC-based VLAN, IP subnet-based VLAN and user-based VLAN.

Type	Description
MAC-based VLAN	Control network access by authenticating a host sources MAC address, and mapping the incoming packet source MAC to a VLAN. That is to say, in a MAC based VLAN, the VLAN membership is on the basis of the MAC address of the device, not the switches port.
IP Subnet based VLAN	In an IP subnet based VLAN, all end workstations in an IP subnet are assigned to a same VLAN. If the IP does not be changed, users can move their workstations with no need to reconfigure their network address.
User-based VLAN	Switch ports can be assigned to one VLAN on the basis of the username used to log onto that device.

You can know more about VLAN types in Understanding Virtual LAN (VLAN) Technology.

Types of VLAN Connection Links

When it comes to VLAN, trunk and access links cannot be ignored. There are two types of interfaces or links in the world of VLANs. These links enable administrators to connect multiple switches together or just simple network device like PC which will access to the VLAN network.

Access Link

Access link is the most common types of links and it can be seen on any VLAN switch. To gain access to local networks, all network hosts need to connect the switch’s access links. These links are very ordinary ports found on every Ethernet switch and configured in a special way. Therefore users are able to plug a computer and get access to the network. Access link ports (24x100/1000BASE-T Ports in the following picture) on one VLAN switch can be configured for one or several VLANs.

Figure 2: Access ports on FS.com S5850-48T4Q VLAN Switch

Trunk Link

Different from access links, VLAN trunk link is often configured to carry more than one VLAN. The trunk port is usually found in connections between switches. With VLAN trunking, users can extend VLAN across the entire networks. For example, there are four users (marked as A, B, C and D) lies in different floors in one office building. User A and C belong to one VLAN, B and D are in another VLAN. How to configure them in one VLAN in an effective way? It’s to set a trunk port.

Figure 3: VLAN trunk port for different VLAN connections

To distinguish the traffic flows, all frames through trunk link are marked with special tags as they pass between the switches. It called VLAN tagging. In the example above, frame from user A will be added a special tag when passing through trunk port on switch 1. when it reaches at switch 2, the trunk port identifies the special tag and tells from to which VLAN it belongs. Then the special tag will be removed and the frame will be forwarded to user C.

VLAN Tagging

Here the common methods of VLAN tagging that can realize VLAN creation between switches.

IEEE 802.1Q: also called “Dot One Q”, it is the IEEE standard for tagging frames on a VLAN trunk and supports up to 4096 VLANs. In this method, a 4-byte tag is inserted into the original frame and recomputes the FCS (frame check sequence) before the frame is sent over the trunk link. And the tag will be removed at the receiving end, then the frame will be sent to assigned VLAN. All layer 2 switches in FS.com support 4096 VLANs.

Figure 4: VLAN Tagging—IEEE 802.1Q

Notes: TPID refers to Tag Protocol Identifier; TCI refers to Tag Control Information. User priority is a 3-bit field that allows priority information to be encoded in the frame. The CFI is a 1-bit indicator that is always set to zero for Ethernet switches. The VID field involves the identifier of the VLAN.

ISL (Inter-Switch Link): ISL is a protocol similar to IEEE 802.1Q. And it is Cisco proprietary protocol for the interconnection of multiple switches and maintains VLAN information as traffic goes between switches. ISL supports up to 1000 VLANs. In ISL, an additional header is added before the frame passing through the trunk link. At the receiving side, the header is removed and the frame is sent to the assigned VLAN.

Figure 5: ISL (Inter-Switch Link)

Inter VLAN Routing: Bridge Between Different VLANs

As we have said above, each VLAN is independent and the data between different VLANs is non-interfering. Then how to realize information transmission across VLANs? It’s inter VLAN routing. Administrators can achieve inter VLAN routing by using a layer 3 switch or a router. In the following part, the post will focus on the inter VLAN routing by using routers.

We have known that each VLAN is a unique broadcast domain, when a router is connected with the switch, the traffic between various VLANs can be forwarded by the router. To save cost and simplify network management, trunk link is also applied for inter VLAN routing. Here takes an example to illustrate how this process works. As the following figure shows. The switch is segmented into two VLANs which are marked with different colors. And now communication between computer A and C is required.

Frame from computer A will go through the trunk port and be added special tag belongs to VLAN 1.The tagged frame will be recognized by the router and then received by the port that belongs to the VLAN 1 on the router. Inside the router, the destination MAC address of tagged frame will be changed to the address of computer C, and the special tag belongs to VLAN 1 will be removed.When the frame across the trunk port on the router, it will be tagged again, but the tag belongs to VLAN 2. since the computer C is connecting the common access port, the tag of the frame will be removed and then forwarded to the computer C.

Figure 6: Inter VLAN routing

If the inter VLAN routing lies in the same VLAN, the frame will not pass through the router and the routing will be finished in the switch. In addition, as the traffic between VLANs grows, layer 3 switches are a better choice for inter VLAN routing because of its high performance and capacity.

Summary

VLAN is an important technology in today’s network build and management. It keeps network users communicated with each other in different applications but being connected to the same physical network. And VLAN technology is still developing at present.