Understanding VLANS b y Understanding M AC T ab l e O p eratio n

In order to clarify how VLANs are created, it is u sefu l to u nderstand how the m odification m ade to the orig inal M AC filtering and forwarding ru les allows for the im plem entation of VLANs. The following processes and ru les are hig h-lev el and, therefore, are not intended to represent ex actly how they m ay be im plem ented.

Non-V L A N-Ca p a b l e Sw i t c h M A C Rul e s

C onsider a switch consisting of fou r ports. The M AC address table is u sed to store M AC addresses and the associated port where each M AC address was learned. The switches then flood, filter, or forward fram es, as described in these scenarios. W h e n a f ra m e i s re c e i v e d o n a p o rt , t h i s p ro c e ss a n d t h e se ru l e s a re a p p l i e d . The sou rce M AC address is placed in the M AC address table, along with the port ID of the port on which it was receiv ed. If the M AC address was already in the table, its associated ag ing cou ntdown tim er is reset ( 30 0 seconds by defau lt). Then the M AC address table is searched u sing the destination M AC address to determ ine which action to tak e. ( The appropriate action for each scenario is shown in brack ets.) A. If the destination M AC address is a broadcast or m u lticast address, then the fram e is sent to all ports, ex clu ding the receiv ed port. [ Flood]

B . If the destination M AC address com es from the sam e port on which it was receiv ed, then there is no need to forward it, and it is discarded. [ Filter] C . If the destination M AC address com es from another port within the switch, then the fram e is sent to the identified port for transm ission. [ Forward] D. If the destination M AC address is not in the M AC address table, then the fram e needs to be flooded and is sent to all ports ex cept for the port throu g h which it arriv ed. This action is k nown as u nicast flooding . [ Flood] T a b l e 1: M A C P o rt 4 2 3 3 1 2 1 3 4 A d d M 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 re ss T a b l e A C A d d re ss 0 0 .0 0 1c.ac5 2 0 0 .0 0 ac.37 8 3 0 0 .0 0 cc.17 0 9 0 0 .0 0 dc.1bc5 0 0 .0 0 ec.29 ae 0 0 .0 0 fc.7 6 fb 0 0 .0 20 c.1234 1a.6 c5 9 .0 d6 0 34.0 0 bc.146 7

U n d e r s ta n d in g V L A N S b y U n d e r s ta n d in g M A C

T a b le O p e r a tio n

20 0 8 C i s c o S y s t e m s , I n c .

V L A N-Ca p a b l e Sw i t c h M A C Rul e s
C onsider the sam e physical switch consisting of fou r ports, ex cept now with VLAN-capable switch M AC address table ru les. In order to im plem ent VLANs, a new param eter called VLAN ID is associated with each entry. W h e n a f ra m e i s re c e i v e d , t h i s p ro c e ss a n d t h e se ru l e s a re a p p l i e d . The sou rce M AC address is copied into the M AC address table, along with the port ID and port VLAN ID of the port on which it was receiv ed. If an entry already ex ists, its associated ag ing cou ntdown tim er is reset ( 30 0 seconds by defau lt). The M AC address table is searched for an entry m atch, and only the table entries that m atch the port VLAN ID will be inspected. ( The appropriate action for each scenario is shown in brack ets.) A. If the destination M AC address is a broadcast or m u lticast address, then the fram e is sent to all ports with the sam e VLAN ID, ex clu ding the receiv ed port. [ Flood]

B . If the destination M AC address com es from the sam e port on which it was receiv ed, then there is no need to forward it, and it is discarded. [ Filter] C . If the destination M AC address com es from another port within the switch, then the fram e is sent to the identified port for transm ission. ( Du e to the prev iou s ru le reg arding VLAN ID m atching , this port can O NLY be a port in the sam e VLAN as the sou rce port of the fram e.) [ Forward] D. If the destination M AC address is not in the M AC address table, then the fram e needs to be flooded and is sent to all ports with m atching VLAN ID, ex cept for the port throu g h which it arriv ed. This action is k nown as u nicast flooding . [ Flood]

Notice that the table has now been effectiv ely split into two parts; each part is a separate broadcast dom ain. As IP end stations locate each other u sing the Address R esolu tion P rotocol ( AR P ) process, this in tu rn u ses a broadcast. If an end station is NO T in the sam e broadcast dom ain, it will not be reachable ( ru le A). Indeed, ev en if an end station had statically config u red an entry in its AR P table, reachability wou ld not tak e place becau se the M AC address is not in the VLAN of the receiv ing port ( ru le D). T a b l e 2: M a c A d d re ss T a b l e w P o rt V L A N I D P o rt 1 4 0 1 3 0 1 3 0 1 3 0 1 4 0 2 2 0 2 1 0 2 2 0 2 1 0 ith V L M 0 0 0 .0 0 0 0 .0 0 0 0 .0 0 1a.6 0 34.0 0 0 0 .0 0 0 0 .0 0 0 0 .0 0 0 0 .0 A N s A C A d d re ss 0 1c.ac5 2 0 cc.17 0 9 0 dc.1bc5 c5 9 .0 d6 0 0 bc.146 7 0 ac.37 8 3 0 ec.29 ae 0 fc.7 6 fb 20 c.1234

This article has shown how VLANs are created and how they operate by assig ning VLAN IDs to ports within a switch. Now test you r u nderstanding with the self-check q u estions on the nex t pag e.

U n d e r s ta n d in g V L A N S b y U n d e r s ta n d in g M A C

T a b le O p e r a tio n

20 0 8 C i s c o S y s t e m s , I n c .

Se l f -Ch e c k Q ue s t i ons
A l l q u e st i o n s re f e r t o T a b l e 2 o n p a g e 2. C om plete the inform ation for each q u estion. Also, wou ld the fram e be forwarded, flooded, or filtered, and wou ld the fram e be receiv ed by the destination end station? E x am ple) S o u rc e M A C A d d re ss 0 0 0 0 .0 0 fc.7 6 fb VLAN# 2 P O R T# 2 | 1) S o u rc e M A C A d d re ss 0 0 0 0 .0 0 cc.17 0 9 VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 1a.6 c5 9 .0 d6 0 VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ec.29 ae VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 0 0 .0 20 c.1234 VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 1c.ac5 2 VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# _ _ _ P O R T# _ _ _ | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# _ _ _ P O R T# _ _ _ | D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 20 c.1234 VLAN# 2 P O R T# 1 D e st i n a t i o n M A C A d d re ss 0 0 34.0 0 bc.146 7 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 dc.1bc5 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 20 c.1234 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 2d.5 c37 VLAN# _ _ _ P O R T# _ _ _ D e st i n a t i o n M A C A d d re ss 0 0 34.0 0 bc.146 7 VLAN# _ _ _ P O R T# _ _ _

F o rw a rd e d

Y e s

_ _ _ _ _ _ _ _ _

_ _ _ _

2)

_ _ _ _ _ _ _ _ _

_ _ _ _

3)

_ _ _ _ _ _ _ _ _

_ _ _ _

4)

_ _ _ _ _ _ _ _ _

_ _ _ _

5 )

_ _ _ _ _ _ _ _ _

_ _ _ _

6 )

_ _ _ _ _ _ _ _ _

_ _ _ _

7 )

_ _ _ _ _ _ _ _ _

_ _ _ _

U n d e r s ta n d in g V L A N S b y U n d e r s ta n d in g M A C

T a b le O p e r a tio n

20 0 8 C i s c o S y s t e m s , I n c .

Se l f -Ch e c k A ns w e r s
1) S o u rc e M A C A d d re ss 0 0 0 0 .0 0 cc.17 0 9 VLAN# 1 P O R T# 3 | S o u rc e M A C A d d re ss 0 0 1a.6 c5 9 .0 d6 0 VLAN# 1 P O R T# 3 | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ec.29 ae VLAN# 2 P O R T# 1 | S o u rc e M A C A d d re ss 0 0 0 0 .0 20 c.1234 VLAN# 2 P O R T# 1 | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 1c.ac5 2 VLAN# 1 P O R T# 4 | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# 2 P O R T# 2 | S o u rc e M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# 2 P O R T# 2 | D e st i n a t i o n M A C A d d re ss 0 0 34.0 0 bc.146 7 VLAN# 1 P O R T# 4 D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 dc.1bc5 VLAN# 1 P O R T# 3 D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 20 c.1234 VLAN# 2 P O R T# 1 D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# 2 P O R T# 2 D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 ac.37 8 3 VLAN# 2 P O R T# 2 D e st i n a t i o n M A C A d d re ss 0 0 0 0 .0 0 2d.5 c37 VLAN# 2 P O R T# ? D e st i n a t i o n M A C A d d re ss 0 0 34.0 0 bc.146 7 VLAN# 1 P O R T# 4

Forward Y es

2)

Filter

Y es

3)

Filter

Y es

4)

Forward Y es

5 )

Flood

No

6 )

Flood

U nk nown

7 )

Flood

No

U n d e r s ta n d in g V L A N S b y U n d e r s ta n d in g M A C

T a b le O p e r a tio n

20 0 8 C i s c o S y s t e m s , I n c .