18-Dec-18

Advanced
Computer Network

Virtual Local Area Networks

VLAN

1
 18-Dec-18

Lack of traffic isolation.

Although the hierarchy localizes group traffic to
within a single switch, broadcast traffic must
still traverse the entire institutional network.

Inefficient use of switches.

If instead of three groups, the institution had
10 groups, then 10 first-level switches would
be required. If each group were small, say
less than 10 people, then a single 96-port
switch would likely be large enough to
accommodate everyone, but this single
switch would not provide traffic isolation.
Managing users.
If an employee moves between
groups, the physical cabling must be
changed to connect the employee to
a different switch.
Employees belonging to two groups make the problem even harder. 3

Virtual Local Area Networks, or VLANs, are a very simple concept that has been very poorly defined by the
industry.
A VLAN is a group of devices on one or more LANs that
are configured to communicate as if they were attached to
the same wire, when in fact they are located on a number
of different LAN segments. Because VLANs are based on
logical instead of physical connections, they are extremely
flexible.
› vendor-specific solution and strategy, so defining
it is an issue.
› VLAN's allow a network manager to logically
segment a LAN into different broadcast
domains.(VLANs define broadcast domains in a
Layer 2 network. )
› multiple physical LAN segments independent of
physical location and can communicate as if they
were on a common LAN
4

2
 18-Dec-18

› Performance
› Formation of Virtual Workgroups
› Simplified Administration
› Reduced Cost
› Security

3
 18-Dec-18

ARP Request
Broadcast

A B C D

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

172.30.1.21
Switch 1
172.30.2.12
255.255.255.0
255.255.255.0
VLAN 1
VLAN 2

172.30.2.10 172.30.1.23
255.255.255.0 255.255.255.0
1 2 3 4 5 6 . Port VLAN 2 VLAN 1
1 2 1 2 2 1 . VLAN

Two VLANs
Ÿ Two Subnets
Important Note on VLAN:
› VLAN is configured on each port of the switch. Not on the host (PC)
› To make a host (PC) a member of a VLAN, it must be given an IP address
and subnet of one network with that VLAN.
8

4
 18-Dec-18

› Membership by Port port vlan

1 1
› Membership by MAC Address
2 1
› Membership by IP Subnet Address 3 2
4 1

disadvantage of this
method is that it
does not allow for
user mobility.

› Membership by Port MAC Address vlan

› Membership by MAC Address 1212354145121 1
2389234873743 1
› Membership by IP Subnet Address 3045834758445 2
5483573475843 1

Advantage :
• no reconfiguration needed
Disadvantage :
• VLAN membership must be
assigned initially.
• performance degradation as
members of different VLANs coexist
on a single switch port

10

5
 18-Dec-18

› Membership by Port
› Membership by MAC Address
IP Subnet vlan
› Membership by IP Subnet Address 23.2.24 1
26.21.35 2

Advantage:
• Good for application-based VLAN
strategy
• User can move workstations
• eliminate the need for frame tagging
Disadvantage :
• Performance/ looking for L3 address in
packet.

11

12

6
 18-Dec-18

13

Two cables

trunked

14

7
 18-Dec-18

One link per VLAN or single VLAN Trunk

10.0.0.0/8 10.1.0.0/16

10.2.0.0/16

10.3.0.0/16

With VLAN
Without VLAN
The switch is configured where each port can be specified
as a VLAN.
15

Role of Bridges
› bridge on receiving data determines to which VLAN the data belongs
either by implicit or explicit tagging [802.1Q].
› The bridge also keeps track of VLAN members in a filtering database
which it uses to determine where the data is to be sent
› all the bridges in the VLAN should contain the same information in their
respective filtering databases

16

8
 18-Dec-18

17

› Membership information for a VLAN is stored in a filtering database

– Static Entries
› Static Filtering Entries: for every port whether frames to be sent to a specific MAC address or
group address and on a specific VLAN should be forwarded or discarded, or follow dynamic
entry
› Static Registration Entries: whether frames to be sent to a specific VLAN are to be tagged or
untagged and which ports are registered for that VLAN
– Dynamic Entries (learnt by bridges)
› Dynamic Filtering Entries:
› Group Registration Entries: follows GVRP protocol.
› Dynamic Registration Entries:

18

9
 18-Dec-18

Original Ethernet frame (top), 802.1Q-tagged Ethernet VLAN frame (below)

Tag: Inserted 802.1Q tag (4 bytes, detailed here)

EtherType(TPID): Set to 0x8100 to specify that the 802.1Q tag follows. (two bytes)
PRI: 3-bit 802.1p priority field.
CFI: Canonical Format Identifier is always set to 0 for Ethernet switches and to 1 for Token Ring-
type networks. (one bit)
VLAN ID: 12-bit VLAN field. Of the 4096 possible VLAN IDs, the maximum number of possible
VLAN configurations is 4094. A VLAN ID of 0 indicates priority frames, and value 4095 (FFF) is 19
reserved

› Inter-Switch Link (ISL): A Cisco proprietary trunking encapsulation (Ignore…. Legacy)

› IEEE 802.1Q: An industry-standard trunking method 20

10