A virtual LAN, commonly known as a vLAN or as a VLAN, is a method of creating independent logical networks within a physical network. Several VLANs can co-exist within such a network. This helps in reducing the broadcast domain and aids in network administration by separating logical segments of a LAN (like company departments) that should not exchange data using a LAN (they still can exchange data by routing). Local area network scheme A local area network is a computer network covering a small geographic area, like a home, office, or group of buildings. ... This article or section is in need of attention from an expert on the subject. ... A broadcast domain is a logical area in a computer network where any computer connected to the network can directly transmit to any other in the domain without having to go through a routing device, providing they share the same subnet and gateway address and are in the same VLAN... Routing Schemes anycast broadcast multicast unicast In computer networking the term routing (or routeing) refers to selecting paths in a computer network along which to send data. ...

A VLAN consists of a network of computers that behave as if connected to the same wire - even though they may actually be physically connected to different segments of a LAN. Network administrators configure VLANs through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs emerges when physically moving a computer to another location: it can stay on the same VLAN without the need for any hardware reconfiguration. A network segment is a portion of a computer network separated by a computer networking device, including: Repeater or hub (both OSI layer 1 devices) Bridge or switch (OSI layer 2 devices) Router (OSI layer 3 device) A bridge separates collision domains while a router separates both collision domains and...

Advantages of VLANs

• Increase the number of broadcast domains but reduce the size of each broadcast domain, which in turn reduces network traffic and increases network security (both of which are hampered in cases of single large broadcast domains).
• Reduce management effort to create subnetworks.
• Reduce hardware requirement, as networks can be logically instead of physically separated.
• Increase control over multiple traffic types.

Protocols and design

The primary protocol currently used in configuring virtual LANs is IEEE 802.1Q, which describes how traffic on a single physical network can be partitioned into virtual LANs by tagging each frame or packet with extra bytes to denote which virtual network the packet belongs to. IEEE 802. ...

Prior to the introduction of the 802.1Q standard, several proprietary protocols existed, such as Cisco's ISL (Inter-Switch Link, a variant of IEEE 802.10) and 3Com's VLT (Virtual LAN Trunk). ISL is no longer supported by Cisco. A Cisco ASM/2-32EM router deployed at CERN in 1987. ... Cisco Inter-Switch Link (ISL) is a Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers. ... IEEE 802. ... 3Com (NASDAQ: COMS) is a manufacturer best known for its computer network infrastructure products. ...

Early network designers often configured VLANs with the aim of reducing the size of the collision domain in a large single Ethernet segment and thus improving performance. When Ethernet switches made this a non-issue (because they have no collision domain), attention turned to reducing the size of the broadcast domain at the MAC layer. Virtual networks can also serve to restrict access to network resources without regard to physical topology of the network, although the strength of this method remains debatable as VLAN Hopping is a common means of bypassing such security measures. A collision domain is a gay logical area in a computer network where data packets can collide with one another, in particular in the Ethernet networking protocol. ... Ethernet is a large, diverse family of frame-based computer networking technologies that operates at many speeds for local area networks (LANs). ... A modular network switch with 3 network modules (a total of 24 Ethernet and 14 Fast Ethernet ports) and one power supply. ... A broadcast domain is a logical area in a computer network where any computer connected to the network can directly transmit to any other in the domain without having to go through a routing device, providing they share the same subnet and gateway address and are in the same VLAN... The Media Access Control (MAC) data communication protocol sub-layer is a part of the data link layer specified in the seven-layer OSI model (layer 2). ... VLAN hopping (virtual local area network hopping) is a hacking method. ...

Virtual LANs operate at Layer 2 (the data link layer) of the OSI model. However, administrators often configure a VLAN to map directly to an IP network, or subnet, which gives the appearance of involving Layer 3 (the network layer). The data link layer is layer two of the seven-layer OSI model as well as of the five-layer TCP/IP reference model. ... The Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model for short) is a layered, abstract description for communications and computer network protocol design, developed as part of Open Systems Interconnection initiative. ... A graphic representation of relationships and source of the various variables representing a chunk of C subnets In computer networks, a subnetwork or subnet is a range of logical addresses within the address space that is assigned to an organization. ... The network layer is level three of the seven level OSI model. ...

In the context of VLANs, the term "trunk" denotes a network link carrying multiple VLANs, which are identified by labels (or "tags") inserted into their packets. Such trunks must run between "tagged ports" of VLAN-aware devices, so they are often switch-to-switch or switch-to-router links rather than links to hosts. (Confusingly, the term 'trunk' is also used for what Cisco calls "channels" : Link Aggregation or Port Trunking). A router (Layer 3 switch) serves as the backbone for network traffic going across different VLANs. This article is about a computer networking device. ... Link aggregation is a computer networking term which describes using multiple Ethernet network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port. ... This article is about a computer networking device. ... The Internet backbone refers to the main trunk connections of the Internet. ...

On Cisco devices, VTP (VLAN Trunking Protocol) allows for VLAN domains, which can aid in administrative tasks. VTP also allows "pruning", which involves directing specific VLAN traffic only to switches which have ports on the target VLAN. VTP stands for VLAN Trunking Protocol, a protocol used for configuring and administering VLANs on Cisco network devices. ...

Assigning VLAN Memberships

The four methods of assigning VLAN memberships that are in use are:

• Port-based: A switch port is manually configured to be a member of a VLAN. In order to connect a port to several VLANs (for example, a link with VLANs spanning over several switches) the port has to be member of a trunk. Only one VLAN on a port can be set untagged; the switch will add this VLAN's tags to untagged received frames and remove this VLAN's tag from transmitted frames.
• MAC-based: VLAN membership is based on the MAC address of the workstation. The switch has a table listing the MAC address of each machine, along with the VLAN to which it belongs.
• Protocol-based: Layer 3 data within the frame is used to determine VLAN membership. For example, IP machines can be classified as the first VLAN, and AppleTalk machines as the second. The major disadvantage of this method is that it violates the independence of the layers, so an upgrade from IPv4 to IPv6, for example, will cause the switch to fail.
• Authentication based: Devices can be automatically placed into VLANs based on the authentication credentials of a user or device using the 802.1x protocol.

// In computer networking, trunking describes using multiple network cables or ports in parallel to increase the link speed beyond the limits of any one single cable or port. ... AppleTalk is a proprietary suite of protocols developed by Apple Computer for computer networking. ... Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ... Internet Protocol version 6 (IPv6) is a network layer protocol for packet-switched internetworks. ... IEEE 802. ...

Port Based VLANs

A port based VLAN switch determines the membership of a data frame by examining the configuration of the port that received the transmission or reading a portion of the data frame’s tag header. A four-byte field in the header is used to identify the VLAN. This VLAN identification indicates what VLAN the frame belongs to. If the frame has no tag header, the switch checks the VLAN setting of the port that received the frame. If the switch has been configured for port based VLAN support, it assigns the port’s VLAN identification to the new frame.

References

• Andrew S. Tanenbaum, 2003, "Computer Networks", Pearson Education International, New Jersey.

Dr. Andrew Stuart Andy Tanenbaum (born 1944) is a professor of Computer Science at Vrije Universiteit, Amsterdam in the Netherlands. ...

External links

• IEEE's 802.1Q standard 1998 version (2003 version)
• Cisco's Overview of Routing between Virtual LANs
• Cisco's Bridging Between IEEE 802.1Q VLANs white paper
• University of California's VLAN Information
• OpenWRT guide to VLANs: Provides a good beginners guide to all VLANS
• Some FAQ about the VLANs