In recent years, the advent of virtualization and cloud computing networking enhance the awareness that understanding VLAN implementation is more important. And most smart switches support VLAN which is an essential function. VLAN, also called virtual LAN (local area network) is playing an important role in basic networking like enterprise network and the campus network. VLAN not only enables engineers to have a good control of their network systems but improves network security and scalability.
Those who have experiences of networking management may have a profound understanding of VLAN. It’s the foundation to provide management in the world of virtualization, even where virtual machines are constantly migrating, challenging the very basics of network management. In this tutorial, the basic knowledge like VLAN configuration, VLAN routing will be explored.
What Is a VLAN and Why It Is Needed?
It’s known that a LAN (local area network) consists of one or numbers of computers in a limited area like office buildings and university campus. A VLAN, or virtual LAN is a logical area that contains one or more LANs. As the explanation of Wikipedia, a VLAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2 network). Since VLANs are based on logical layer instead of physical connections, they are more flexible than LANs. With VLAN, a LAN network can be segmented into different groups, and data in group A cannot be forwarded to group B or other groups, which improves network security and simplify management. As the following figure shows.
Figure 1: VLAN Segments
Then why VLAN is needed in networks? With the number of devices in a broadcast increasing, the frequency of broadcasts also increases, which potentially occupy the network time and capacity by sending unnecessary broadcasts to all members. VLAN reduces these exclusively broadcasts by logically segmenting a large network into many smaller ones, controlling broadcast traffic as well as improving network efficiency.
What’s the Way to Configure VLAN?
Usually, there are two ways for VLAN configuration—static VLAN and dynamic VLAN. And the configuration depends on the needs of the VLAN.
Static VLAN: static VLAN is also called port-based VLAN. As its name shows, this type of VLAN is created by assigning ports to one VLAN. And if users change the access port to the VLAN, the port should be configured again, which is difficult to manage for those larger networks.
Dynamic VLAN: this way of VLAN configuration is much flexible when compared with static VLAN. It often created using software or protocol. The following video shows how to configure VLAN via CLI (Command-Line) & Web Interface:
According to the information pass through switches ports, administrators can assign the switch port to VLAN dynamically with a VMPS (VLAN management policy server). Usually, dynamic VLAN can be classified into three categories: MAC-based VLAN, IP subnet-based VLAN and user-based VLAN.
Control network access by authenticating a host sources MAC address, and mapping the incoming packet source MAC to a VLAN. That is to say, in a MAC based VLAN, the VLAN membership is on the basis of the MAC address of the device, not the switches port.
IP Subnet based VLAN
In an IP subnet based VLAN, all end workstations in an IP subnet are assigned to a same VLAN. If the IP does not be changed, users can move their workstations with no need to reconfigure their network address.
Switch ports can be assigned to one VLAN on the basis of the username used to log onto that device.
Notes: the protocols in IP subnet based VLAN and user-based VLAN may vary from vendors to vendors. To avoid the problem of compatibility, make a confirmation before buying switches.
VLAN Access Link and Trunk Link
When it comes to VLAN, trunk and access links cannot be ignored. There are two types of interfaces or links in the world of VLANs. These links enable administrators to connect multiple switches together or just simple network device like PC which will access to the VLAN network.
Access link is the most common types of links and it can be seen on any VLAN switch. To gain access to local networks, all network hosts need to connect the switch’s access links. These links are very ordinary ports found on every Ethernet switch and configured in a special way. Therefore users are able to plug a computer and get access to the network. Access link ports (24x100/1000BASE-T Ports in the following picture) on one VLAN switch can be configured for one or several VLANs.
Figure 2: Access ports on FS.COM S3900-24T4S VLAN Switch
Different from access links, VLAN trunk link is often configured to carry more than one VLANs. The trunk port is usually found in connections between switches. With VLAN trunking, users can extend VLAN across the entire networks. For example, there are four users (marked as A, B, C and D) lies in different floors in one office building. User A and C belong to one VLAN, B and D are in another VLAN. How to configure them in one VLAN in an effective way? It’s to set a trunk port.
Figure 3: VLAN trunk port for different VLAN connections
To distinguish the traffic flows, all frames through trunk link are marked with special tags as they pass between the switches. It called VLAN tagging. In the example above, frame from user A will be added a special tag when passing through trunk port on switch 1. when it reaches at switch 2, the trunk port identifies the special tag and tells from to which VLAN it belongs. Then the special tag will be removed and the frame will be forwarded to user C.
Here the common methods of VLAN tagging that can realize VLAN creation between switches.
IEEE 802.1Q: also called “Dot One Q”, it is the IEEE standard for tagging frames on a VLAN trunk and supports up to 4096 VLANs. In this method, a 4-byte tag is inserted into the original frame and recomputes the FCS (frame check sequence) before the frame is sent over the trunk link. And the tag will be removed at the receiving end, then the frame will be sent to assigned VLAN. All layer 2 switches in FS.COM support 4096 VLANs.
Figure 4: VLAN Tagging—IEEE 802.1Q
Notes: TPID refers to Tag Protocol Identifier; TCI refers to Tag Control Information. User priority is a 3-bit field that allows priority information to be encoded in the frame. The CFI is a 1-bit indicator that is always set to zero for Ethernet switches. The VID field involves the identifier of the VLAN.
ISL (Inter-Switch Link): ISL is a protocol similar to IEEE 802.1Q. And it is Cisco proprietary protocol for the interconnection of multiple switches and maintains VLAN information as traffic goes between switches. ISL supports up to 1000 VLANs. In ISL, an additional header is added before the frame passing through the trunk link. At the receiving side, the header is removed and the frame is sent to the assigned VLAN.
Figure 5: ISL (Inter-Switch Link)
Inter VLAN Routing: Bridge Between Different VLANs
As we have said above, each VLAN is independent and the data between different VLANs is non-interfering. Then how to realize information transmission across VLANs? It’s inter VLAN routing. Administrators can achieve inter VLAN routing by using a layer 3 switch or a router. In the following part, the post will focus on the inter VLAN routing by using routers.
We have known that each VLAN is a unique broadcast domain, when a router is connected with the switch, the traffic between various VLANs can be forwarded by the router. To save cost and simplify network management, trunk link is also applied for inter VLAN routing. Here takes an example to illustrate how this process works. As the following figure shows. The switch is segmented into two VLANs which are marked with different colors. And now communication between computer A and C is required.
Frame from computer A will go through the trunk port and be added special tag belongs to VLAN 1. The tagged frame will be recognized by the router and then received by the port that belongs to the VLAN 1 on the router. Inside the router, the destination MAC address of tagged frame will be changed to the address of computer C, and the special tag belongs to VLAN 1 will be removed.When the frame across the trunk port on the router, it will be tagged again, but the tag belongs to VLAN 2. since the computer C is connecting the common access port, the tag of the frame will be removed and then forwarded to the computer C.
Figure 6: Inter VLAN routing
If the inter VLAN routing lies in the same VLAN, the frame will not pass through the router and the routing will be finished in the switch. In addition, as the traffic between VLANs grows, layer 3 switches are a better choice for inter VLAN routing because of its high performance and capacity.
VLAN is an important technology in today’s network build and management. It keeps network users communicated with each other in different applications but being connected to the same physical network. And VLAN technology is still developing at present. In this tutorial, the definition of VLAN, VLAN configuration, VLAN tagging and inter VLAN routing are explained. Other technologies like QinQ and VXLAN will be explored in FS.COM blogs. for more information, please visit our blog page.
25G SFP28 LWDM transceiver delivers a stable transmission and saves a lot of fiber resources in 5G front-haul transmission. A comprehensive introduction on 25G SFP28 LWDM transceiver module will be discussed in this article, which covers its features, advantages, and applications.
What are Hyper-Converged Infrastructure (HCI) and Converged Infrastructure (CI)? What differentiates HCI and CI? A comprehensive comparison between hyper-converged infrastructure and converged infrastructure will be illustrated here.
FS.COM High Performance Server for Virtualization and Hyper-Convergence Networks seem to be everywhere, and the quest for it keeps up-swinging each and every day. Resemble much of the human network, computer networks let us share data and resources. In this information era, our reliance on networks is bound to be more pervasive in homes, schools, business, etc. Severs, as the backbone of the network, determine the performance, reliability and scalability of a network.