IT312- Networking 2

Chapter 2- Virtual Local Area Network

Virtual Local Area Network

Review on Typical LAN Setup

LAN Connection using switch

IP Addressing

Page 1 of 4
IT312- Networking 2
Chapter 2- Virtual Local Area Network

VLAN introduction

VLANs logically segment switched networks based on

the functions, project teams, or applications of the organization
regardless of the physical location or connections to the
network.

All workstations and servers used by a particular

workgroup share the same VLAN, regardless of the physical
connection or location.

A workstation in a VLAN group is restricted to

communicating with file servers in the same VLAN group.

A group of ports or users in the same broadcast domain can be based on port ID, MAC
address, protocol or application.

LAN switches and network management software provide a mechanism to create VLANs

VLANs function by logically segmenting the network into different broadcast domains so that
packets are only switched between ports that are designated for the same VLAN.

Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.

VLANs address scalability, security, and network management.

Switches may not bridge any traffic between VLANs, as this would violate the integrity of the
VLAN broadcast domain.

Traffic should only be routed between VLANs

A broadcast domain is a collection of network devices that receive broadcast traffic from each
other. For example, here’s our network with three switches again

A VLAN is a broadcast domain created by one or more switches.

Layer 3 routing allows the router to send packets to the three different broadcast domains.

Page 2 of 4
IT312- Networking 2
Chapter 2- Virtual Local Area Network

Broadcast domains with VLANs and routers

Implementing VLANs on a switch causes the following to occur:

 The switch maintains a separate bridging table for each VLAN.

 If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1.
 When the frame is received, the switch adds the source address to the bridging table if it is
currently unknown.
 The destination is checked so a forwarding decision can be made.
 For learning and forwarding the search is made against the address table for that VLAN only.

VLAN operation
 Each switch port could be assigned to a different VLAN.
 Ports assigned to the same VLAN share broadcasts.
 Ports that do not belong to that VLAN do not share these broadcasts.
 Users attached to the same shared segment, share the bandwidth of that segment.
 Each additional user attached to the shared medium means less bandwidth and deterioration of
network performance.
 VLANs offer more bandwidth to users than a shared network.
 The default VLAN for every port in the switch is the management VLAN.
 The management VLAN is always VLAN 1 and may not be deleted. All other ports on the switch
may be reassigned to alternate VLANs.
 Dynamic VLANs allow for membership based on the MAC address of the device connected to
the switch port.
 As a device enters the network, it queries a database within the switch for a VLAN membership.
 All users of the same port must be in the same VLAN.
 Network administrators are responsible for configuring VLANs both manually and statically.

VLAN Configuration
Statically – Network administrators configure port-by-port
- Each port is associated with a specific VLAN
- The Network Administrator is responsible for keying in the mappings between the ports and
VLANs.
Dynamically. – The ports are able to dynamically work out their VLAN configuration
- It uses a software database of MAC Address to VLAN Mappings

Benefits of VLANs
- It permits the network administrator to organize the LAN logically instead of physically.

VLAN types
- Port-based VLANs
- MAC address based
- Protocol based VLANs

• The frame headers are encapsulated or modified to reflect a VLAN ID before the frame is sent
over the link between switches.
• Before forwarding to the destination device, the frame header is changed back to the original
format.

Membership by Port
- Users assigned by port association

Page 3 of 4
IT312- Networking 2
Chapter 2- Virtual Local Area Network

- Requires no lookup if don in ASICs (An ASIC (application-specific integrated circuit) is a

microchip designed for a special application, such as a particular kind of transmission
protocol or a hand-held computer.)
- Easily administered via GUIs
- Maximizes Security between VLANs
- Packet do not “leak” into other domains
- Easily controlled across network.

Factors that affects number of VLANs in a switch

 Traffic patterns
 Types of applications
 Network management needs
 Group commonality

- An important consideration in defining the size of the switch and the number of VLANs is
the IP addressing scheme

- Because a one-to-one correspondence between VLANs and IP subnets is strongly

recommended, there can be no more than 254 devices in any one VLAN.
- VLANs should not extend outside of the Layer 2 domain of the distribution switch.

Two major methods of frame tagging

1. Inter-Switch Link (ISL) and

2. 802.1Q

Page 4 of 4