Virtual LANs (VLANs)
VLANs can segregate traffic flowing through a switch to improve bandwidth utilization or
security. Segregation is done based on membership in a group of ports (port-based VLANs)
or on IEEE 802.1Q tags which include a VLAN ID (tag-based VLANs).
A port-based VLAN limits forwarding traffic coming in a port to the group of ports to which
that port belongs. For example, on a 10-port switch if ports 1, 3, 5, 7, and 9 were placed
in a port-based VLAN, broadcast frames coming in port 3 would be sent to ports 1, 5, 7,
and 9 (which are members of port 3’s VLAN) but not to ports 2, 4, 6, and 8 (which are not
members).
A port may be a member of two port-based VLANs, although results of this configuration
are not always desirable or easily predictable. When initializing port-based VLANs the switch
configures each port to be able to send data to all ports in all the port-based VLANs in which
it is a member. For example, if one VLAN had ports 1-5 and another had ports 5-9, traffic
from port 1-4 could go to ports 1-5, traffic from ports 6-9 could go to ports 5-9, and traffic
from port 5 could go to all ports.
A tag-based VLAN is more common. A tag-based VLAN limits traffic based on the VLAN
ID in a ‘tag’ associated with the frame. VLAN tags may be explicitly placed in frames by
applications or switching equipment, or implicitly assigned to frames based on the switch
port where they arrive.
VLAN IDs are 12-bits long providing 4096 possible IDs but several values are reserved:
• 0 = Indicates that the tag is not being used for VLAN routing but only to carry priority
information. (See QoS/CoS topic).
• 1 = Used for switch configuration and management.
• 4095 = Not allowed by the 802.1Q standard.
4-40
Chapter 4 - Managed Switch Software Setup
Stride Industrial Ethernet Switches User Manual 2nd Ed. Rev. A
To Next Page
Loading...