VLAN: How Does It Change Your Network Management?
VLAN (Virtual Local Area Network), plays an important role in basic networking like enterprise network and the campus network. VLAN empowers engineers with network system control while enhancing security and scalability. It serves as a foundation for effective management in virtualized environments, even amidst the complexities of migrating virtual machines. This article explores basic VLAN concepts including configuration, tagging, and inter VLAN routing.
What Is a VLAN and Why Is It Needed?
Virtual LAN enables the segmentation of LAN networks into distinct groups, enhancing network security and simplifying management. Data within one group, such as group A, remains isolated from other groups, preventing unauthorized access and improving overall network security.
Figure 1: Virtual Local Area Network
Why is Virtual LAN needed in networks? VLAN reduces broadcast traffic and enhances network efficiency by logically segmenting a large network into smaller ones.
You may be interested in Understanding Virtual LAN (VLAN) Technology.
VLAN Configurations
In Virtual LAN setups, two common approaches exist: static VLAN configuration and dynamic VLAN configuration. The choice of configuration is determined by specific VLAN requirements.
Static VLAN: It's established by assigning ports to a specific Virtual LAN. However, in larger networks, managing VLANs becomes challenging when access ports need to be reconfigured each time they are changed to a different VLAN.
Dynamic VLAN: It is much more flexible than static VLAN. It is often created using software or protocol. Dynamic VLANs are typically categorized into three types: MAC-based VLANs, IP subnet-based VLANs, and user-based VLANs.
| Type | Description |
| MAC-based VLAN | Control network access by authenticating a host sources MAC address, and mapping the incoming packet source MAC to a VLAN. That is to say, in a MAC based VLAN, the VLAN membership is on the basis of the MAC address of the device, not the switches port. |
| IP Subnet based VLAN | In an IP subnet based VLAN, all end workstations in an IP subnet are assigned to a same VLAN. If the IP does not be changed, users can move their workstations with no need to reconfigure their network address. |
| User-based VLAN | Switch ports can be assigned to one VLAN on the basis of the username used to log onto that device. |
Types of VLAN Connection Links
In the context of VLANs, trunk and access links play a crucial role. These two types of interfaces or links facilitate the connection of multiple switches and network devices, such as PCs, to the VLAN network.
Access Link
The access link is a common type of link found on VLAN switches, allowing network hosts to connect to local networks. These links, which are ordinary ports on Ethernet switches, are configured specially, enabling users to plug in their computers and gain network access. Access link ports on a VLAN switch can be configured for one or multiple VLANs, as depicted in the following picture (24x100/1000BASE-T Ports).
Figure 2: Access ports on FS.com S5850-48T4Q VLAN Switch
Trunk Link
Unlike access links, VLAN trunk links are configured to carry multiple VLANs and are commonly used in connections between switches. Trunk ports enable the extension of VLANs across entire networks. For instance, in an office building with users (A, B, C, and D) distributed across different floors, where A and C belong to one VLAN and B and D belong to another, an effective way to configure them in a single VLAN is by setting up a trunk port.
Figure 3: VLAN trunk port for different VLAN connections
In VLAN trunk links, traffic flows are distinguished by applying special tags to frames as they traverse between switches, a process known as VLAN tagging. In the given example, a frame from user A is tagged when it passes through the trunk port on switch 1. Upon reaching switch 2, the trunk port identifies the tag, determines the corresponding VLAN, removes the tag, and forwards the frame to user C.
VLAN Tagging
Here the common methods of VLAN tagging that can realize VLAN creation between switches.
IEEE 802.1Q: also known as “Dot One Q”, is the IEEE standard for VLAN trunk frame tagging, supporting a maximum of 4096 VLANs. In this method, a 4-byte tag is inserted into the original frame and recomputes the FCS (frame check sequence) before the frame is sent over the trunk link. And the tag will be removed at the receiving end, then the frame will be sent to assigned VLAN. Some layer 2 switches at FS.com support 4096 VLANs.
Figure 4: VLAN Tagging—IEEE 802.1Q
Notes: TPID stands for Tag Protocol Identifier, and TCI refers to Tag Control Information. User priority is a 3-bit field used to encode priority information in the frame. CFI is a 1-bit indicator that is always set to zero for Ethernet switches. The VID field involves the identifier of the VLAN.
ISL (Inter-Switch Link): ISL is a protocol similar to IEEE 802.1Q. And it is Cisco proprietary protocol for the interconnection of multiple switches and maintains VLAN information as traffic goes between switches. ISL supports up to 1000 VLANs. In ISL, an additional header is added before the frame passes through the trunk link. At the receiving side, the header is removed and the frame is sent to the assigned VLAN.
Figure 5: ISL (Inter-Switch Link)
Inter VLAN Routing: Bridge Between Different VLANs
As we have said above, each VLAN is independent and the data between different VLANs is non-interfering. Then how to realize information transmission across VLANs? It’s inter VLAN routing. Administrators can achieve inter VLAN routing by using a layer 3 switch or a router. In the following part, the post will focus on the inter VLAN routing by using routers.
We have known that each VLAN is a unique broadcast domain, when a router is connected with the switch, the traffic between various VLANs can be forwarded by the router. To save cost and simplify network management, trunk link is also applied for inter VLAN routing. Here takes an example to illustrate how this process works. As the following figure shows. The switch is segmented into two VLANs which are marked with different colors. And now communication between computer A and C is required.
Frame from computer A will go through the trunk port and be added special tag belongs to VLAN 1.The tagged frame will be recognized by the router and then received by the port that belongs to the VLAN 1 on the router. Inside the router, the destination MAC address of tagged frame will be changed to the address of computer C, and the special tag belongs to VLAN 1 will be removed.When the frame across the trunk port on the router, it will be tagged again, but the tag belongs to VLAN 2. since the computer C is connecting the common access port, the tag of the frame will be removed and then forwarded to the computer C.
Figure 6: Inter VLAN routing
If the inter VLAN routing lies in the same VLAN, the frame will not pass through the router and the routing will be finished in the switch. In addition, as the traffic between VLANs grows, layer 3 switches are a better choice for inter VLAN routing because of its high performance and capacity.
Summary
VLAN is an important technology in today’s network build and management. It keeps network users communicated with each other in different applications but being connected to the same physical network.
Related article:
Email Address
PoE vs PoE+ vs PoE++ Switch: How to Choose?
Mar 16, 2023
-