A VLAN is a logical grouping of devices or users. These devices or users can be grouped by function, department, or application, regardless of their physical segment location. VLAN configuration is done at the switch via software. VLANs are not standardized and require the use of proprietary software from the switch vendor.
A typical LAN is configured according to the physical infrastructure it is connecting. Users are grouped based on their location in relation to the hub they are plugged in to and how the cable is run to the wiring closet. The router interconnecting each shared hub typically provides segmentation and can act as a broadcast firewall. The segments created by switches do not. Traditional LAN segmentation does not group users according to their workgroup association or need for bandwidth. Therefore, they share the same segment and contend for the same bandwidth, although the bandwidth requirements may vary greatly by workgroup or department.
LANs are increasingly being divided into workgroups connected via common backbones to form VLAN topologies. VLANs logically segment the physical LAN infrastructure into different subnets (or broadcast domains for Ethernet) so that broadcast frames are switched only between ports within the same VLAN.
Initial VLAN implementations offered a port-mapping capability that established a broadcast domain between a default group of devices. Current network requirements demand VLAN functionality that covers the entire network. This approach to VLANs allows you to group geographically separate users in network wide virtual topologies. VLAN configurations group users by logical association rather than physical location.
The traditional role of a router is to provide firewalls, broadcast management and route processing and distribution. While VLAN switches take on some of these tasks, routers still remain vital in VLAN architectures because they provide connected routes between different VLANs. They also connect to other parts of the network that are either logically segmented with the more traditional subnet approach or require access to remote sites across wide-area links. Layer 3 communication, either embedded in the switch or provided externally, is an integral part of any high-performance switching architecture.
A VLAN makes up a switched network that is logically segmented by functions, project teams, or applications, without regard to the physical location of users. Each switch port can be assigned to a VLAN. Ports assigned to the same VLAN share broadcasts. Ports that do not belong to that VLAN do not share these broadcasts. This improves the overall performance of the network.
Important to any VLAN architecture is the ability to transport VLAN information between interconnected switches and routers that reside on the corporate backbone. The backbone commonly acts as the collection point for large volumes of traffic. It also carries end-user VLAN information and identification between switches, routers, and directly attached servers. Within the backbone, high-bandwidth, high-capacity links are typically chosen to carry the traffic throughout the enterprise.
The traditional role of a router is to provide firewalls, broadcast management and route processing and distribution. While VLAN switches take on some of these tasks, routers still remain vital in VLAN architectures because they provide connected routes between different VLANs. They also connect to other parts of the network that are either logically segmented with the more traditional subnet approach or require access to remote sites across wide-area links. Layer 3 communication, either embedded in the switch or provided externally, is an integral part of any high-performance switching architecture.
You can cost-effectively integrate external routers into the switching architecture by using one or more high-speed backbone connections. These are typically Fast Ethernet, or ATM connections. VLAN architecture not only provides logical segmentation, but, with careful planning, it can greatly enhance the efficiency of a network.
Switches are one of the core components of VLAN communications. Each switch has the intelligence to make filtering and forwarding decisions by frame, based on VLAN metrics defined by network managers. The switch can also communicate this information to other switches and routers within the network.
The most common approaches for logically grouping users into distinct VLANs are frame filtering and frame identification (frame tagging). Both of these techniques look at the frame when it is either received or forwarded by the switch. Based on the set of rules defined by the administrator, these techniques determine where the frame is to be sent, filtered, or broadcast. These control mechanisms can be centrally administered (with network management software) and are easily implemented throughout the network.
Frame filtering examines particular information about each frame. A filtering table is developed for each switch; this provides a high level of administrative control because it can examine many attributes of each frame. Depending on the sophistication of the LAN switch, you can group users based on a station's Media Access Control (MAC) addresses or network-layer protocol type. The switch compares the frames it filters with table entries, and it takes the appropriate action based on the entries.
In their early days, VLANs were filter-based and they grouped users based on a filtering table. This model did not scale well because each frame had to be referenced to a filtering table. Frame tagging uniquely assigns a VLAN ID to each frame. The VLAN IDs are assigned to each VLAN in the switch configuration by the switch administrator. This technique was chosen by the Institute of Electrical and Electronic Engineers (IEEE) standards group because of its scalability. Frame tagging is gaining recognition as the standard trunking mechanism; in comparison to frame filtering, it can provide a more scalable solution to VLAN deployment that can be implemented campus-wide.
VLAN frame tagging is an approach that has been specifically developed for switched communications. Frame tagging places a unique identifier in the header of each frame as it is forwarded throughout the network backbone. The identifier is understood and examined by each switch prior to any broadcasts or transmissions to other switches, routers, or end-station devices. When the frame exits the network backbone, the switch removes the identifier before the frame is transmitted to the target end station. Frame identification functions at Layer 2 and requires little processing or administrative overhead.
Dynamic VLANs are ports on a switch that can automatically determine their VLAN assignments. Dynamic VLAN functions are based on MAC addresses, logical addressing, or protocol type of the data packets. When a station is initially connected to an unassigned switch port, the appropriate switch checks the MAC address entry in the VLAN management database and dynamically configures the port with the corresponding VLAN configuration. The major benefits of this approach are less administration within the wiring closet when a user is added or moved and centralized notification when an unrecognized user is added to the network. Typically, more administration is required up front to set up the database within the VLAN management software and to maintain an accurate database of all network users.