CHAPTER 17

Connecting Devices
and Virtual LANs

H osts or LANs do not normally operate in isolation. They are connected to one
another or to the Internet. To connect hosts or LANs, we use connecting devices.
Connecting devices can operate in different layers of the Internet model. After discuss-
ing some connecting devices, we show how they are used to create virtual local area
networks (VLANs).
The chapter is divided into two sections.
❑ The first section discusses connecting devices. It first describes hubs and their fea-
tures. The section then discusses link-layer switches (or simply switches, as they
are called), and shows how they can create loops if they connect LANs with broad-
cast domains.
❑ The second section discusses virtual LANs or VLANs. The section first shows
how membership in a VLAN can be defined. The section then discusses the VLAN
configuration. It next shows how switches can communicate in a VLAN. Finally,
the section mentions the advantages of a VLAN.

493
494 PART III DATA-LINK LAYER

17.1 CONNECTING DEVICES

Hosts and networks do not normally operate in isolation. We use connecting devices to
connect hosts together to make a network or to connect networks together to make an
internet. Connecting devices can operate in different layers of the Internet model. We
discuss three kinds of connecting devices: hubs, link-layer switches, and routers. Hubs
today operate in the first layer of the Internet model. Link-layer switches operate in the
first two layers. Routers operate in the first three layers. (See Figure 17.1.)

Figure 17.1 Three categories of connecting devices

Application Application
Transport Transport
Network Router Network
Data-link Link-layer switches Data-link
Physical Hub Physical

17.1.1 Hubs
A hub is a device that operates only in the physical layer. Signals that carry information
within a network can travel a fixed distance before attenuation endangers the integrity
of the data. A repeater receives a signal and, before it becomes too weak or corrupted,
regenerates and retimes the original bit pattern. The repeater then sends the refreshed
signal. In the past, when Ethernet LANs were using bus topology, a repeater was used
to connect two segments of a LAN to overcome the length restriction of the coaxial
cable. Today, however, Ethernet LANs use star topology. In a star topology, a repeater
is a multiport device, often called a hub, that can be used to serve as the connecting
point and at the same time function as a repeater. Figure 17.2 shows that when a
packet from station A to station B arrives at the hub, the signal representing the frame
is regenerated to remove any possible corrupting noise, but the hub forwards the

Figure 17.2 A hub

Hub

Sent
Maintained Discarded Discarded

A B C D
 CHAPTER 17 CONNECTING DEVICES AND VIRTUAL LANs 495

packet from all outgoing ports except the one from which the signal was received. In
other words, the frame is broadcast. All stations in the LAN receive the frame, but
only station B keeps it. The rest of the stations discard it. Figure 17.2 shows the role
of a repeater or a hub in a switched LAN.
The figure definitely shows that a hub does not have a filtering capability; it does
not have the intelligence to find from which port the frame should be sent out.

A repeater has no filtering capability.

A hub or a repeater is a physical-layer device. They do not have a link-layer

address and they do not check the link-layer address of the received frame. They just
regenerate the corrupted bits and send them out from every port.

17.1.2 Link-Layer Switches

A link-layer switch (or switch) operates in both the physical and the data-link layers.
As a physical-layer device, it regenerates the signal it receives. As a link-layer device,
the link-layer switch can check the MAC addresses (source and destination) contained
in the frame.
Filtering
One may ask what the difference in functionality is between a link-layer switch and a
hub. A link-layer switch has filtering capability. It can check the destination address of
a frame and can decide from which outgoing port the frame should be sent.

A link-layer switch has a table used in filtering decisions.

Let us give an example. In Figure 17.3, we have a LAN with four stations that are
connected to a link-layer switch. If a frame destined for station 71:2B:13:45:61:42
arrives at port 1, the link-layer switch consults its table to find the departing port.
According to its table, frames for 71:2B:13:45:61:42 should be sent out only through
port 2; therefore, there is no need for forwarding the frame through other ports.

Figure 17.3 Link-layer switch

Switch Switching table

Address Port
1 4
2 3 71:2B:13:45:61:41 1
71:2B:13:45:61:42 2
64:2B:13:45:61:12 3
64:2B:13:45:61:13 4
71:2B:13:45:61:41 71:2B:13:45:61:42 64:2B:13:45:61:12 64:2B:13:45:61:13
496 PART III DATA-LINK LAYER

A link-layer switch does not change the link-layer (MAC) addresses in a frame.

Transparent Switches
A transparent switch is a switch in which the stations are completely unaware of the
switch’s existence. If a switch is added or deleted from the system, reconfiguration of
the stations is unnecessary. According to the IEEE 802.1d specification, a system
equipped with transparent switches must meet three criteria:
❑ Frames must be forwarded from one station to another.
❑ The forwarding table is automatically made by learning frame movements in the
network.
❑ Loops in the system must be prevented.
Forwarding
A transparent switch must correctly forward the frames, as discussed in the previous section.
Learning
The earliest switches had switching tables that were static. The system administrator
would manually enter each table entry during switch setup. Although the process was
simple, it was not practical. If a station was added or deleted, the table had to be modified
manually. The same was true if a station’s MAC address changed, which is not a rare
event. For example, putting in a new network card means a new MAC address.
A better solution to the static table is a dynamic table that maps addresses to ports
(interfaces) automatically. To make a table dynamic, we need a switch that gradually
learns from the frames’ movements. To do this, the switch inspects both the destination
and the source addresses in each frame that passes through the switch. The destination
address is used for the forwarding decision (table lookup); the source address is used
for adding entries to the table and for updating purposes. Let us elaborate on this pro-
cess using Figure 17.4.
1. When station A sends a frame to station D, the switch does not have an entry for either
D or A. The frame goes out from all three ports; the frame floods the network. How-
ever, by looking at the source address, the switch learns that station A must be con-
nected to port 1. This means that frames destined for A, in the future, must be sent out
through port 1. The switch adds this entry to its table. The table has its first entry now.
2. When station D sends a frame to station B, the switch has no entry for B, so it floods
the network again. However, it adds one more entry to the table related to station D.
3. The learning process continues until the table has information about every port.
However, note that the learning process may take a long time. For example, if a
station does not send out a frame (a rare situation), the station will never have an
entry in the table.
Loop Problem
Transparent switches work fine as long as there are no redundant switches in the sys-
tem. Systems administrators, however, like to have redundant switches (more than one
switch between a pair of LANs) to make the system more reliable. If a switch fails,
another switch takes over until the failed one is repaired or replaced. Redundancy can
create loops in the system, which is very undesirable. Loops can be created only when
 CHAPTER 17 CONNECTING DEVICES AND VIRTUAL LANs 497

Figure 17.4 Learning switch

Gradual building of table

Address Port Address Port

a. Original 71:2B:13:45:61:41 1
b. After A sends a frame to D

Address Port Address Port Address Port

71:2B:13:45:61:41 1 71:2B:13:45:61:41 1 71:2B:13:45:61:41 1
64:2B:13:45:61:13 4 64:2B:13:45:61:13 4 64:2B:13:45:61:13 4
c. After D sends a frame to B 71:2B:13:45:61:42 2 71:2B:13:45:61:42 2
d. After B sends a frame to A 64:2B:13:45:61:12 3
e. After C sends a frame to D

Switch

1 4
2 3

A B C D

71:2B:13:45:61:41 71:2B:13:45:61:42 64:2B:13:45:61:12 64:2B:13:45:61:13

two or more broadcasting LANs (those using hubs, for example) are connected by more
than one switch.
Figure 17.5 shows a very simple example of a loop created in a system with two
LANs connected by two switches.
1. Station A sends a frame to station D. The tables of both switches are empty. Both
forward the frame and update their tables based on the source address A.
2. Now there are two copies of the frame on LAN 2. The copy sent out by the left
switch is received by the right switch, which does not have any information about
the destination address D; it forwards the frame. The copy sent out by the right
switch is received by the left switch and is sent out for lack of information about D.
Note that each frame is handled separately because switches, as two nodes on a
broadcast network sharing the medium, use an access method such as CSMA/CD.
The tables of both switches are updated, but still there is no information for
destination D.
3. Now there are two copies of the frame on LAN 1. Step 2 is repeated, and both copies
are sent to LAN2.
4. The process continues on and on. Note that switches are also repeaters and regen-
erate frames. So in each iteration, there are newly generated fresh copies of the
frames.
Spanning Tree Algorithm
To solve the looping problem, the IEEE specification requires that switches use the
spanning tree algorithm to create a loopless topology. In graph theory, a spanning
498 PART III DATA-LINK LAYER

Figure 17.5 Loop problem in a learning switch

a. Station A sends a frame to station D b. Both switches forward the frame

LAN 1 A AD LAN 1 A

B C B C

1 1 1 1
Addr Port Addr Port Addr Port Addr Port
Switches A 1
Switches A 1
2 2 2 2

E F E F

D D AD Two copies
of the frame
AD on LAN 2
LAN 2 LAN 2

LAN 1 A AD Two copies LAN 1 A

AD of the frame
B on LAN 1 B
C C

1 1 1 1
Addr Port Addr Port Addr Port Addr Port
A 2
Switches Switches
A 2 A 1 A 1
2
2 2 2
E F E F

D D AD Two copies
of the frame
LAN 2 LAN 2 AD on LAN 2
c. Both switches forward the frame c. Both switches forward the frame

tree is a graph in which there is no loop. In a switched LAN, this means creating a
topology in which each LAN can be reached from any other LAN through one path
only (no loop). We cannot change the physical topology of the system because of
physical connections between cables and switches, but we can create a logical topol-
ogy that overlays the physical one. Figure 17.6 shows a system with four LANs and
five switches. We have shown the physical system and its representation in graph the-
ory. Although some textbooks represent the LANs as nodes and the switches as the
connecting arcs, we have shown both LANs and switches as nodes. The connecting
arcs show the connection of a LAN to a switch and vice versa. To find the spanning
tree, we need to assign a cost (metric) to each arc. The interpretation of the cost is left
up to the systems administrator. We have chosen the minimum hops. However, as we
will see in Chapter 20, the hop count is normally 1 from a switch to the LAN and 0 in
the reverse direction.
The process for finding the spanning tree involves three steps:
1. Every switch has a built-in ID (normally the serial number, which is unique). Each
switch broadcasts this ID so that all switches know which one has the smallest ID.
The switch with the smallest ID is selected as the root switch (root of the tree). We
 CHAPTER 17 CONNECTING DEVICES AND VIRTUAL LANs 499

Figure 17.6 A system of connected LANs and its graph representation

S1 LAN 1 S2
1 1

2 2

LAN 2 S3 LAN 3
1 2

3
1 1
2 2

S4 LAN 4 S5
a. Actual system

1 0
S1 LAN 1 S2
0 1
1 0 1 0
0 1
LAN 2 S3 LAN 3
1 0

0 1 0 1

1 0
S4 LAN 4 S5
0 1

b. Graph representation with cost assigned to each arc

assume that switch S1 has the smallest ID. It is, therefore, selected as the root
switch.
2. The algorithm tries to find the shortest path (a path with the shortest cost) from the root
switch to every other switch or LAN. The shortest path can be found by examining the
total cost from the root switch to the destination. Figure 17.7 shows the shortest paths.
We have used the Dijkstra algorithm described in Chapter 20.

Figure 17.7 Finding the shortest paths and the spanning tree in a system of switches

Root 1 1
0 S1 LAN 1 S2

1
1 LAN 2 S3 LAN 3 2

1 S4 LAN 4 S5
2 2
500 PART III DATA-LINK LAYER

3. The combination of the shortest paths creates the shortest tree, which is also shown
in Figure 17.7.
4. Based on the spanning tree, we mark the ports that are part of it, the forwarding
ports, which forward a frame that the switch receives. We also mark those ports
that are not part of the spanning tree, the blocking ports, which block the frames
received by the switch. Figure 17.8 shows the logical systems of LANs with for-
warding ports (solid lines) and blocking ports (broken lines).

Figure 17.8 Forwarding and blocking ports after using spanning tree algorithm

Ports 2 and 3 of bridge S3 are blocking ports (no frame is sent out of these ports).
Port 1 of bridge S5 is also a blocking port (no frame is sent out of this port).

Root bridge
S1 LAN 1 S2
1 1

2 2

LAN 2 S3 LAN 3
1 2 Blocking Blocking

3
Blocking Blocking
1 1
2 2

S4 LAN 4 S5

Note that there is only one path from any LAN to any other LAN in the spanning
tree system. This means there is only one path from one LAN to any other LAN. No
loops are created. You can prove to yourself that there is only one path from LAN 1 to
LAN 2, LAN 3, or LAN 4. Similarly, there is only one path from LAN 2 to LAN 1, LAN 3,
and LAN 4. The same is true for LAN 3 and LAN 4.
We have described the spanning tree algorithm as though it required manual
entries. This is not true. Each switch is equipped with a software package that carries
out this process dynamically.
Advantages of Switches
A link-layer switch has several advantages over a hub. We discuss only two of them
here.
Collision Elimination
As we mentioned in Chapter 13, a link-layer switch eliminates the collision. This
means increasing the average bandwidth available to a host in the network. In a
switched LAN, there is no need for carrier sensing and collision detection; each host
can transmit at any time.
Connecting Heterogenous Devices
A link-layer switch can connect devices that use different protocols at the physical
layer (data rates) and different transmission media. As long as the format of the frame
 CHAPTER 17 CONNECTING DEVICES AND VIRTUAL LANs 501

at the data-link layer does not change, a switch can receive a frame from a device that
uses twisted-pair cable and sends data at 10 Mbps and deliver the frame to another
device that uses fiber-optic cable and can receive data at 100 Mbps.

17.1.3 Routers
We will discuss routers in Part IV of the book when we discuss the network layer. In
this section, we mention routers to compare them with a two-layer switch and a hub. A
router is a three-layer device; it operates in the physical, data-link, and network layers.
As a physical-layer device, it regenerates the signal it receives. As a link-layer device,
the router checks the physical addresses (source and destination) contained in the
packet. As a network-layer device, a router checks the network-layer addresses.

A router is a three-layer (physical, data-link, and network) device.

A router can connect networks. In other words, a router is an internetworking

device; it connects independent networks to form an internetwork. According to this
definition, two networks connected by a router become an internetwork or an internet.
There are three major differences between a router and a repeater or a switch.
1. A router has a physical and logical (IP) address for each of its interfaces.
2. A router acts only on those packets in which the link-layer destination address
matches the address of the interface at which the packet arrives.
3. A router changes the link-layer address of the packet (both source and destination)
when it forwards the packet.
Let us give an example. In Figure 17.9, assume an organization has two separate buildings
with a Gigabit Ethernet LAN installed in each building. The organization uses switches in
each LAN. The two LANs can be connected to form a larger LAN using 10 Gigabit Ether-
net technology that speeds up the connection to the Ethernet and the connection to the
organization server. A router then can connect the whole system to the Internet.

Figure 17.9 Routing example

To the rest of the Internet

Router

10 Gigabit LAN

Gigabit LAN Gigabit LAN

Switch Switch