Page 20 of 20
APPENDIX B: IEEE 802.1Q VLAN
A Local Area Network (LAN) can generally be defined as a broadcast domain. Hubs, bridges or switches in
the same physical segment or segments connect all end node switches. End nodes can communicate with
each other without the need for a
router. Routers connect LANs together, routing the traffic to appropriate
port.
A virtual LAN (VLAN) is a local-area network with a definition that maps workstations on some other basis
than geographic location (for example, by department, type of user, or primary application). To
communicate between VLANs, traffic must go through a router, just as if they were on two separate LANs.
A VLAN is a group of PCs, servers and other network resources that behave as if they were connected to a
single, network segment — even though they may not be. For example, all marketing personnel may be
spread throughout a building. Yet if they are all assigned to a single VLAN, they can share resources and
bandwidth as if they were connected to the same segment. The resources of other departments can be
invisible to the marketing VLAN members, accessible to all, or accessible only to specified individuals,
depending on how the IT manager has set up the VLANs.
The Advantages of VLANs
Easy to do network segmentation
Users communicate most frequently with each other can be grouped into common VLANs, regardless of
physical location. Each group's traffic is largely contained within the VLAN, reducing extraneous traffic and
improving the efficiency of the whole network.
Easy to manage
The addition of nodes, as well as moves and other changes can be dealt with quickly and conveniently
from a management interface rather than the wiring closet.
Increased performance
VLANs free up bandwidth by limiting node-to-node and broadcast traffic throughout the network.
Enhanced network security
VLANs create virtual boundaries that can only be crossed through a router. So standard, router-based
security measures can be used to restrict access to each VLAN
IEEE 802.1Q VLANs
Packets received by the switch will be treated in the following way:
o When an untagged packet enters a port, it will be automatically tagged with the port’s default VLAN
ID tag number. Each port has a default VLAN ID setting that is user configurable (the default setting
is 1). The default VLAN ID setting for each port can be changed in PVID Setting page.
o When a tagged packet enters a port, the tag for that packet will be unaffected by the default VLAN
ID Setting.
o The packet will now proceed to the VLAN specified by its VLAN ID tag number.
o If the port in which the packet entered does not have membership with the VLAN specified by the
VLAN ID tag, the packet will be dropped.
o If the port has membership to the VLAN specified by the packet’s VLAN ID, the packet will be able
to be sent to other ports with the same VLAN ID membership.
To Next Page
Loading...
