Professional Documents
Culture Documents
Vlans Come in A Variety of Shapes and Sizes
Vlans Come in A Variety of Shapes and Sizes
ECET515LA
Laboratory Exercise 6 Building a Small Wired and Wireless Network using ISR
Introduction
A VLAN (virtual local area network) is a subnetwork that can connect devices on different physical
local area networks (LANs). A local area network (LAN) is a collection of computers and devices
that share a communications line or wireless link with a server located within the same geographic
area. Without having to lay additional cables or make large changes to their current network
architecture, network administrators may easily partition a single switched network to fulfill the
functional and security requirements of their systems using VLANs. Larger enterprises frequently use
VLANs are also essential because they can improve a network's overall performance by grouping
together devices that communicate the most. VLANs also improve network security by allowing for
more control over which devices have access to each other on larger networks. VLANs are more
flexible than physical connections because they are based on logical connections. Multiple,
independent VLANs can be supported by one or more network switches, resulting in Layer 2 (data
link) subnet implementations. A broadcast domain is linked to a VLAN. Typically, it consists of one
Discussion
A network administrator must assign the ports on a network switch to a virtual network in static VLAN,
also known as port-based VLAN; however, in dynamic VLAN, a network administrator must assign the
ports on a network switch to a virtual network; and in dynamic VLAN, a network administrator must assign
A network administrator can determine network membership based on device characteristics rather than
Switch ports (interfaces) can be allocated to one or more VLANs, allowing systems to be separated into
logical groups based on which department they belong to and establishing rules for how systems in the
different groups can communicate with one another. These groups can range from the simple and
practical (computers in one VLAN can see the printer on that VLAN, but computers outside that VLAN
cannot) to the sophisticated and legal (computers in one VLAN can see the printer on that VLAN, but
computers beyond that VLAN cannot) (for example, computers in the retail banking departments cannot
All hosts connected to switch ports configured with the same VLAN ID have data link access to each VLAN.
The VLAN tag is a 12-bit field in the Ethernet header that allows a switching domain to have up to 4,096
VLANs. IEEE (Institute of Electrical and Electronics Engineers) 802.1Q defines VLAN tagging, which is also
known as Dot1Q.
When an untagged frame is received from an associated host, the 802.1Q format is used to append the
VLAN ID tag set on that interface to the data link frame header. After that, the 802.1Q frame is forwarded
to the destination. The tag is used by each switch to keep each VLAN's traffic separate from that of other
VLANs, only forwarding it where the VLAN is specified. Multiple VLANs are handled through trunk links
between switches, which use the tag to keep them apart. Before the frame is sent to the destination
device, the VLAN tag is removed when it reaches the destination switch port.
A trunk setup, in which each frame sent across the port is tagged with the VLAN ID, can be used to setup
many VLANs on a single port, as mentioned above. To send and receive tagged frames, the neighboring
device's interface, which could be on another switch or on a host that supports 802.1Q tagging, must
enable trunk mode configuration. Any Ethernet frames that are not tagged are assigned to a default VLAN
A VLAN-enabled switch adds the VLAN tag allocated to the ingress interface to an untagged Ethernet
frame received from an associated host. The frame is forwarded to the host's port with the MAC address
of the destination (media access control address). BUM traffic (broadcast, unknown unicast, and
multicast) is transmitted to all VLAN ports. When an unknown host responds to an unknown unicast
frame, the switches learn its position and do not flood subsequent frames targeted to that host. Two
mechanisms keep the switch-forwarding tables up to date. To begin, outdated forwarding entries are
Second, every topology change reduces the forwarding table refresh timer, causing a refresh to occur. To
build a loop-free topology among the switches in each Layer 2 domain, the Spanning Tree Protocol (STP)
is employed. If the topology is the same across several VLANs, a per-VLAN STP instance can be used to
enable different Layer 2 topologies, or a multi-instance STP (MISTP) can be used to reduce STP overhead.
STP creates a spanning tree from a selected root switch by blocking forwarding on links that may cause
forwarding loops. This means that some links will not be used for forwarding until another section of the
A switch domain with four switches and two VLANs is depicted in the diagram above. A ring topology is
used to connect the switches. STP causes one port to become blocked, resulting in the formation of a tree
topology (i.e., no forwarding loops). The red bar across the link indicates that the port on switch D to
switch C is blocked. Trunking VLAN 10 (orange) and VLAN 20 (green) lines connect the switches to the
router (green). The hosts in VLAN 10 are able to communicate with server O. Server G can communicate
with hosts connected to VLAN 20. On each VLAN, the router has an IPv4 subnet configured to allow
Advantages to VLAN include reduced broadcast traffic, security, ease of administration and
problems for large hosting providers, which often need to allocate tens or hundreds of VLANs for each
LAN), NVGRE (Network Virtualization using Generic Routing Encapsulation) and Geneve, support larger
tags and the ability to tunnel Layer 2 frames within Layer 3 (network) packets.
Finally, data communications between VLANs is performed by routers. Modern switches often
Reflection
A virtual LAN (VLAN) is a method of establishing several virtual switches within a single physical
switch. As a result, ports set for VLAN 10 behave as if they're all connected to the same switch.
VLAN 20 ports cannot communicate directly with VLAN 10 ports. They need to be routed between
the two of them (or have a link that bridges the two VLANs).
VLANs are virtual local area networks (VLANs) that are built within a physical network. Their major
function is to provide isolation, which is frequently used to reduce the size of a network's broadcast
domain, but they can also be used for a variety of other purposes. They are a tool that every
network engineer should be familiar with, yet they, like any tool, can be misused and/or employed
at inopportune moments. Because no single tool is appropriate for all networks and scenarios, the
more tools you have, the more environments you can work in. Knowing more about VLANs will
enable you to use them when you need them and do it correctly.
I presently work in an environment where SCADA (supervisory control and data acquisition) devices
are commonly employed as an example of how they might be employed. SCADA devices are often
simplistic and have a lengthy history of shoddy software development, which frequently exposes
severe security flaws. We've put the SCADA devices on their own VLAN, with no L3 gateway. The
only way into their logical network is through the server they connect with (which has two interfaces,
one of which is in the SCADA VLAN), which may be secured using host-based security, which is not
possible on the SCADA devices. The SCADA devices are separated from the rest of the network by
a firewall.
In terms of design concepts, the most frequent application is to align your VLANs with your
organizational structure, for example, engineering personnel in one VLAN, marketing personnel in
another, IP phones in yet another, and so on. VLANs can also be used to "transport" various network
functions across one (or more) cores in other systems. Layer 3 termination of VLANs ('SVI' in Cisco
lingo, 'VE' in Brocade lingo, etc.) is also achievable on some devices, obviating the requirement for
At scale, VLANs become difficult to administer and maintain, as you've undoubtedly already seen
on NESE. In the service provider world, there's PB (Provider Bridging - also known as "QinQ," double
tagging, stacked tags, and so on), PBB (Provider Backbone Bridging - "MAC-in-MAC"), and PBB-TE,
all of which were created to address the issue of the limited number of VLAN IDs. PBB-TE aspires
to do away with dynamic learning, flooding, and spanning tree. The 4,094 limitation originates
from the fact that there are only 12 bits available for use as a VLAN ID in a C-TAG/S-TAG (0x000
VPLS or PBB can be used to eliminate the traditional scaling ceilings involved with PB.
The fundamental use case for VLANs is nearly identical to the fundamental use case for segmenting
a network into numerous data link broadcast domains. The fundamental distinction is that in a
physical LAN, each broadcast domain requires at least one device (usually a switch), whereas in a
virtual LAN, broadcast domain membership is determined port-by-port and can be changed without
Trunking - A trunk link is any connection that transmits frames from multiple VLANs. Trunk links are
When sending to a trunk connection, the device must tag each frame with the numeric VLAN ID to
which it belongs so that the receiving device can confine it to the relevant broadcast domain. Host-
facing ports are often untagged, although switch- and router-facing ports are. The data link
For simple applications, VLANs should be constructed similarly to PLANs. To accomplish so, you'll
Trunking - Any connection that transports frames from numerous VLANs is referred to as a trunk link.
Switch-to-switch and switch-to-router links are the most common types of trunk connectivity.
When sending to a trunk connection, the device must assign a numeric VLAN ID to each frame so
that the receiving device can confine it to the appropriate broadcast domain. Switch and router-
facing ports are frequently untagged, although host-facing ports are frequently tagged. A tag is
https://networkengineering.stackexchange.com/questions/732/introductory-level-explanation-
of-vlans
https://searchnetworking.techtarget.com/definition/virtual-LAN