Introduction
Local Area Network (LAN) was originally defined as
a network of computers located within the same area. Today, Local Area Networks
are defined as a single broadcast domain. This means that if a user broadcasts
information on his/her LAN, the broadcast will be received by every other user
on the LAN. Broadcasts are prevented from leaving a LAN by using a router. The
disadvantage of this method is routers
usually take more time to process incoming data compared to a bridge or a
switch. More importantly, the formation of broadcast domains depends on the
physical connection of the devices in the network. Virtual Local Area Networks
(VLAN's) were developed as an alternative solution to using routers to contain
broadcast traffic
What are VLANS
VLAN is simply an administratively defined subset
of switch ports that are in the same broadcast domain. Ports can be grouped into different VLANs on a
single switch, and on multiple interconnected switches as well
- Creating multiple
VLANs, the switches create multiple broadcast domains
- A broadcast sent by a
device in one VLAN is forwarded to the other devices in that same VLAN;
however, the broadcast is not forwarded to devices in the other VLANs
Layer 2 switches forward
frames between devices in the same VLAN, but they do not forward frames between
two devices in different VLANs. To forward data between two VLANs, a multilayer
switch (MLS) or router is needed.
Why use VLAN's
Performance:
In networks where traffic consists of a high
percentage of broadcasts and multicasts, VLAN's can reduce the need to send
such traffic to unnecessary destinations. Compared to switches, routers require
more processing of incoming traffic. As the volume of traffic passing through
the routers increases, so does the latency in the routers, which results in
reduced performance. The use of VLAN's reduces the number of routers needed,
since VLAN's create broadcast domains using switches instead of routers.
Formation of Virtual Workgroups:
To contain broadcasts and multicasts within the
workgroup, a VLAN can be set up for them. With VLAN's it is easier to place
members of a workgroup together
Simplified Administration:
Seventy percent of network costs are a result of
adds, moves, and changes of users in the network. Some of these tasks can be
simplified with the use of VLAN's. If a user is moved within a VLAN,
reconfiguration of routers is unnecessary.
Reduced Cost:
VLAN's can be used to create broadcast domains
which eliminate the need for expensive routers.
Security:
Periodically, sensitive data may be broadcast on a
network. In such cases, placing only those users who can have access to that
data on a VLAN can reduce the chances of an outsider gaining access to the data
Types of VLAN
There are
5 types of data traffic available.
- Layer1 VLAN – Membership by Port
Membership in a VLAN can be defined based on the
ports that belong to the VLAN. For example, in a bridge with four ports, ports
1, 2, and 4 belong to VLAN 1 and port 3 belongs to VLAN 2
- Layer2 VLAN – Membership by Mac address
·
Membership in a VLAN is based on the MAC address of
the workstation. Since MAC addresses form a part of the workstation's
network interface card, when a workstation is moved, no reconfiguration is
needed to allow the workstation to remain in the same VLAN
· The main problem with this method is that VLAN
membership must be assigned initially. In networks with thousands of users,
this is no easy task
- Layer2 VLAN – Membership by Protocol
·
VLAN membership for Layer 2 VLAN's can also be
based on the protocol type field found in the Layer 2 header
- Layer3 VLAN – Membership by IP subnet Address
· Membership is based on the Layer 3 header. The
network IP subnet address can be used to classify VLAN membership
- Higher Layer VLAN's
· Possible to define VLAN membership based on
applications or service, or any combination thereof. For example, file transfer
protocol (FTP) applications can be executed on one VLAN and telnet applications
on another VLAN
Types of Connection
VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware.
· Trunk Link
Devices connected to a trunk link, including workstations, must be VLAN-aware; all frames on a trunk link must have a special header attached. These special frames are called tagged frames (Explicitly)
·
Access Link
Access link connects a VLAN-unaware device to the
port of a VLAN-aware bridge. All frames on access links must be implicitly
tagged (untagged)
·
Hybrid Link
Combination of the previous two links. This is a
link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link
can have both tagged and untagged frames, but all the frames for a specific
VLAN must be either tagged or untagged.
Tagging
Two types of tagging available.
- Implicit tagging
- In this case the hosts are not VLAN-aware and now the switch has to build a tagged frame based on its knowledge of the sender's VLAN membership. Typically the VLAN membership is configured by ports or by MAC addresses.
- Explicit tagging
- VLAN-aware hosts generate tagged packets directly and the switches forward these tagged packets
As part of tagging a 4 bytes added addition with Ethernet frame format. Before going into the tagging part will understand the Ethernet frame and it's usage.
Ethernet Frame format
Start frame delimiter:
The Start frame delimiter is a single byte, 10101011,
which is a frame flag, indicating the start of a frame.
Designation MAC:
This is the MAC address of
the machine receiving data.
Source MAC:
This is the MAC address of
the machine transmitting data.
TYPE/length:
This is the length of the
entire Ethernet
frame
in bytes if it is type it will provide the higher layer protocol details. Ex:
if the upper layer protocol is IP it will show Type as 0x0800 and it is an ARP –
0x0806
Data:
The data is inserted here.
FCS:
This field contains the Frame
Check Sequence (FCS) which is calculated using a Cyclic
Redundancy Check (CRC).
VLAN Tag Frame format
Tag Protocol Identifier (TPID):
A 16-bit field set to a
value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame
Tag Control Information (TCI)
Priority Code Point (PCP): A 3-bit
field which refers to the IEEE 802.1p priority. It indicates the frame
priority level. Values are from 0 (best effort) to 7 (highest); 1 represents
the lowest priority.
CFI- Canonical
Format Indicator is always set to zero for Ethernet switches.
VID- VLAN ID
is the identification of the VLAN, which is basically used by the standard
802.1Q. It has 12 bits and allow the identification of 4096 (2^12) VLANs.
The below scenarios will provide you more insight to understand VLAN and it's packet forwarding.. start working on with Cisco packet tracer..
In the below scenarios blue links are access and green links are trunks
Scenario 1:
Scenario 2:
Scenario 3
Scenario 4
Scenario 5
Scenario 6
No comments:
Post a Comment