What is a VLAN?

VLAN is the short form of Virtual LAN. They allow for logical segmentation of a LAN in to different broadcast domains. So, they can also be defined as a broadcast domain. They help create multiple physical LAN segments using the same network infrastructure.

Why are VLAN’s required?

When an IP host or a router wants to find the physical destination of an IP address, it generates an ARP (Address Resolution Protocol) to all the nodes but requesting only a particular node with the above mentioned IP address reply back with its MAC (Physical) address, so that the data packets could be sent to it. Notice that it wanted to communicate with only one node, but addresses the request to all the nodes in that network, which is also broadcasted duly by the switch. If the network is huge, these broadcast messages could fill up the network with little space for genuine packets to propagate, with all the nodes sending requests. So, VLAN’s primary objective is to divide the network in to multiple smaller networks so that the broadcast domain (and perhaps the no. of nodes) would decrease and hence the network efficiency would increase.

VLAN’s also provide security by physically separating a group of nodes from another group. This is useful when confidential financial data of an organization needs to be kept away from the other departments, and hence there is a separate VLAN for the finance department so that such sensitive information would not be exposed to everyone in the organization. Also, servers are usually kept in their own VLAN, so that they cannot be easily found out by intruders checking for live nodes in the general network.

What are the types of VLAN?

VLAN’s can be created by three ways:

Membership by port: This is the most common VLAN. In this, each port of a network switch is assigned with some VLAN ID so that the node connecting to that port can be put in to the corresponding VLAN.
Membership by MAC address: Well, if you don’t want to tie every port to a user, you could leave the ports aside and group the users according to their MAC (physical) address which is the permanent address of their NIC card. This way, where ever the user connects in the network, he still gets in to the VLAN designated to him.
IP Subnet address: While allocating the IP address of a node (Static), then you could set the range of IP addresses of each group so that the IP addresses of a particular group cannot communicate with another group.

Trunk Link: When you are provisioning each port of a switch to come under a particular VLAN, then the problem arises when a company has deployed more than one switch (Most of them do). So, to propagate these VLAN’s throughout the whole network, certain ports of a switch can be configured as a trunk which is used for interconnecting these switches and allows the VLAN’s created in every switch to propagate to the whole network.

What is IEEE 802.1q tagging?

This is a VLAN tagging methodology and it is based on open standards. When an Ethernet frame traverses a trunk link of its source switch, a special VLAN tag is added to the frame and sent across the trunk link. When it arrives at the trunk link of its destination switch, the VLAN tag added above is removed and sent to the correct access link. This is required because, there are several packets going around in the trunk link (belonging to various VLAN’s). But for these packets to run through the trunk links and the network backbone, to eventually find their way to the destination port, the VLAN tagging method is followed. It makes it easier to identify the packets and their VLAN’s as the trunk lines are designed to pass frames from all VLAN’s allowing to connect multiple switches together.

A large scale network is also interconnected by the fiber modules in addition to Ethernet modules. So, VLAN frames need to be tagged and work through such Fiber Distributed Data Interface Networks (FDDI) too. So, with the use of 802.10 SAID field, a mapping between the Ethernet VLAN and 802.10 FDDI network is created, and as such, all Ethernet VLAN’s are able to run over FDDI networks.

Inter VLAN Routing:

In many organizations, the file servers and other servers are mostly kept in a separate VLAN for security purposes. So, when the nodes from a different VLAN want to communicate with such servers, and other resources of other VLAN’s, Inter VLAN Routing is used.

Inter VLAN Routing is enabled by placing a Layer 3 Switch at the Core (Which enables routing) and all the Layer 2 Access Switches need to connect to this Layer 3 Switch. So, the members of one VLAN can be routed through this Layer 3 Switch to access the services of, or connect to another VLAN. The rules for such Inter VLAN routing needs to be written in the Layer 3 Core switch.

Access Lists could be formed in the Layer 3 switch which specifices which node can access which service or station. This is usually enabled by packet filtering.

What is VTP – Virtual Trunk Protocol?

In a bigger network with many access switches, the VLAN configuration and the changes often needs to be done on each switch. But that can get time consuming on a large network. So, to simplify that we have VTP – Virtual Trunk Protocol. This involves setting up at least one switch (Core) to be configured as a VTP Server and multiple switches could be set up as VTP clients, which connect to the core switch. All the info on VLAN’s are stored in the VTP server from which all clients are updated. Any change in the VLAN database will trigger an update from the VTP server towards all VTP clients so that they could update their VLAN database. This simplifies the configuration in a big network.

How is QOS enabled in a VLAN?

IEEE 802.1D is the standard specifying the QOS parameters for a VLAN. VLAN ID and User Priority can be used to set up the QOS in a VLAN so that delay sensitive packets like voice, video and network control packets can be transmitted out of the switches first (when they arrive), before the other packets are transmitted. User priority can be in the range of 7 to 1 with Network Control, Voice and Video being 7, 6, and 5 respectively. This ensures that delay sensitive real time application packets are transmitted before the other normal packets in the LAN, improving the performance.

excITingIP.com