VLAN (Virtual Local Area Network) is a logical LAN that have separate broadcast domain. VLAN is often called LAN virtualization. VLAN groups ports of the switch and each group are given different VLAN-ID and VLAN name. Before getting deep into VLANs, we need to have understanding of broadcast domains and collision domains. Understanding VLANs in switching world is a very basic step that will get you into networking world.
Understanding VLANs in Switching World
Broadcast Domains and Collision Domains
In the figure shown below, we take a look at simple broadcast network. If one device sends a broadcast frame out on one interface then switch forwards the copy of the frame out all the interfaces except the one that it came from. All the devices are fed that broadcast message regardless of whether a device needs to receive that data or not. This implies whichever PCs received the broadcast message; they all are in one broadcast domain.
The size of the broadcast domain increases with the increase in the number of the network devices. The increase in the number of PC and switches will obviously result in more broadcast messages being flooded out into the network. And thus one thing leads to another; these broadcast messages consume the major portion of the network bandwidth in the same ratio in which the devices were populated. Hence we should make an effort to limit the size of the broadcast domain so that we can manage our network in an efficient manner. There is a way to segment the broadcast domain by introducing router. What router does is, it breaks the broadcast domain as every interface in the router act as an individual broadcast domain. This often helps a lot to manage the networks as it reduces the number of broadcast messages that circulate in a network. However it’s not an ultimate solution, let’s say the no. of devices exceed above 100 or 1000, which demand as many broadcast domains to optimize network.
This requires the router with the same amount of interfaces which is obviously not a viable solution. And this is where the VLAN comes into play. What VLAN does is it controls the broadcast without the use of layer 3 devices. It breaks up an entire LAN into several small logical LAN or VLANs with layer 2 switching. Each LAN in itself is an individual broadcast domain and so is VLAN. The broadcast generated on one VLAN is forwarded to PCs only associated with that VLAN.
Let’s say in the figure, sales team want to communicate with each other while completely isolating the marketing team, the broadcast message sent from sales dept. will only be received by the sales team. And that’s not even all – the beauty of VLAN is that one VLAN simply doesn’t need to get associated with particular switch in order to communicate. Regardless of their physical location PC’s within the same VLAN can easily communication without obstruction. Physically they might be separate but logically they are one switch. This offers flexibility and scalability in optimizing the network.
Switch ports are operate in 2 different modes; Access and Trunks.
Access ports are those which carry the traffic of only one VLAN. When a switch receives the frame on one interface and forwards to other, it doesn’t make any changes in the frame (no VLAN information tagging) it forwards the frame just the way it came. Also, this VLAN information if ever existed is stripped off by a switch before forwarding out to an access-link device.
Voice access ports: There’s another type of access port which adds second VLAN to access port called voice VLAN. The voice VLAN is called auxiliary VLAN overlaid on top of data VLAN, enabling both types of traffic through the same port. It basically happens while connecting an IP phone, IP phone acts as a mini switch which connects to PC. VLAN tagging occurs in this link to distinguish the traffic from one another and treat them accordingly.
Trunk ports: Trunk ports act as a telephone system trunks. It carries multiple VLANs at a time. Unlike access ports when the switch forwards a frame out the trunk interface it adds VLAN tagging information. As soon as a frame leaves the trunk interface it needs to have some sort of identifier to instruct the other switch which VLAN it belongs to. It’s because of the trunk interface that has made it possible to establish communication between VLANs scattered in different geographical location.
VLAN tagging may use one of two available protocol for tagging frames, ISL and 802.1Q.
ISL (Inter-Switch Link) is a cisco proprietary protocol. It was used in early cisco switches long before the 802.1Q came into existence. Nowadays some cisco switches do not even support ISL, instead the only standardized alternative i.e. 802.1Q. ISL encapsulates the original frame in an ISL header and trailer. It doesn’t change the original frame. It adds 30 bytes information in each frame which creates lot of overhead.
IEEE 802.1Q is an open standard. Unlike ISL, dot1Q doesn’t make use of header and trailer. It simply encloses a new field Tag of 4bytes in original frame as shown in figure below. The concept of native VLAN is supported here in dot1Q. Native VLANs are those in which frame tagging doesn’t happen by default.
Digging deeper into native VLAN, the untagged traffic in the trunk link is called native VLANs. The switches while forwarding frame through trunk interface tags the frame with VLAN ID of the respective VLAN. But in case of native, frame tagging simply doesn’t take place, just like traffic between access ports. Native VLANs are by default VLAN 1 in Cisco Catalyst switches, but can be changed as per need.
By default hosts of one VLAN can’t communicate with host of other VLAN. So here we are, back where we started, communication between multiple VLANs still require a router to be in place. It’s connected with one of the switch, and the link should allow multiple VLANs to pass through thus allowing all the routing between VLANs. This kind of setup is also called router-on-a-stick. A sub-interface created on the router end, one for each VLAN. Normally VLANs map one to one with IP subnet. Each sub-interface IP addresses on the router would then become the default gateway address for each host in each respective VLAN.