VLAN:
VLAN is called as virtual local area network, used in Switches and it operates
at layer2( Normally Switches operate at layer 2, May be some switches operates at layer 3 also ).
A virtual local area network, virtual LAN or VLAN, is a
group of hosts which communicate as if they were attached to the same broadcast
domain, regardless of their physical location.
Vlan can make “Separate Broadcast domains”
1 VLAN
= 1 Separate BROADCAST domain.
VLAN Header ( Called as 802.1q
header)
In the Ethernet packet, if the ether type is 0x8100, then it indicates there is
a VLAN Header in Ethernet header. VLAN Header is of 4 bytes.
The Default VLAN ID is 1, The maximum VLAN’s can be
configured is 4094. 2 ^12 = 4096
VLANs, But 0 and 4095 are reserved.
Tagged Packets Vs Untagged
Packets
Many of the people are confused with Tagged and untagged
packets. The below explanation may remove your confusion.
Tagged packets means “The packet carrying VLAN Information
between switches or Switch and Router”. In other words, Packet contains the
VLAN header.
Generally Tagged packets were carried on TRUNK lines( refer
below for Trunk explanation).
Untagged packets means “The packet carrying without
VLAN Information(VLAN header) between PC and switch ”.
Generally untagged packets were carried on ACCESS lines(
refer below for Access explanation).
Access Link( Access Mode)
The Access links are between PC and SWITCH. PC sends
the untagged packet to switch port it is connected.
The switch port is configured with 1 VLAN ID. Hence, switch
will tag the packet while sending on trunk line to reach to the
destination.
All packets
arriving, entering or exiting the port are standard Ethernet II type packets
which are understood by the network device connected to the port.
There is nothing
special about these packets, other than the fact that they belong only to the
VLAN the port is configured for. If, for example, we
configured the port shown above for VLAN 1, then any packets entering/exiting
this port would be for that VLAN only.
In addition, if we
decided to use a logical network such as 192.168.0.0 with a default subnet mask
of 255.255.255.0 (/24), then all network
devices connecting to ports assigned to VLAN 1 must be configured with the
appropriate network address so they may communicate with all other hosts in the
same VLAN.
Trunk Mode ( Trunk Link)
What
we've seen so far is a switch port configured to carry only one VLAN, that is,
an Access Link port. There is, however, one more type of port configuration
which we mentioned in the introductory section on this page - the Trunk Link.
A
Trunk Link, or 'Trunk' is a port configured to carry packets for any VLAN.
These type of ports are usually found in connections between switches. These
links require the ability to carry packets from all available VLANs because
VLANs span over multiple switches.
The
diagram below shows multiple switches connected throughout a network and the
Trunk Links are marked in purple color to help you identify them:
What is Native VLAN:
Native VLAN means carrying untagged frames over the trunk
lines. VLAN 1 is the native VLAN of that switch - means, all the frames
leaving this switch are untagged.
Native VLAN is the VLAN that is same on 2 or more switches.
any traffic not labeled with VLAN is by default assigned to NATIVE VLAN. as we
know that over 2 Switches that are connected to each other, all traffic must be
VLAN Tagged, untagged traffic is by default assigned to NATIVE VLAN.
When you now start configuring additional VLAN’s on that switch, like VLAN 2, VLAN 3 and so on, and you want to make it possible that over ONE physical link or port the traffic of different vlans can be transmitted, then the " VLAN tagging" starts. All the frames which don’t belong to the "native" VLAN (VLAN 1) and leave the switch via a 802.1Q trunk port will be tagged, the frames will have a "VLAN Tag".
But - on that trunkport you can also CHANGE the native VLAN for THAT port.
So the native VLAN of the whole switch will still be VLAN1 ,but on for example port FastEthernet 0/2 you can configure a trunk port, and configure that e.g. VLAN 2 should be the native VLAN on THAT port.
interface FastEthernet0/2
switchport mode trunk
switchport trunk native vlan 2
That means - when frames which belong to VLAN 2 leave this trunk port (FastEthernet0/2), then they will NOT have VLAN Tags.
But if in the same time frames which belong to VLAN 1 leave this trunk port, then they MUST be tagged, as there can ONLY be ONE native VLAN configured on a port - or how should the uplink switch be able to differ between the VLAN’s - the uplink switch can only differ between frames which have NO VLAN tag, or frames which HAVE a VLAN Tag with the VLAN ID as value.
If we have a trunk port, and we connect a PC to it, then the PC will be able to read the Ethernet frames coming out of the trunk port - but only that frames which belong to the native vlan, as they dont carry the vlan-tag, which the pc network card cannot deal with..
The native VLAN is always needed if we want to connect devices to a switch which cannot deal with 802.1Q
When you now start configuring additional VLAN’s on that switch, like VLAN 2, VLAN 3 and so on, and you want to make it possible that over ONE physical link or port the traffic of different vlans can be transmitted, then the " VLAN tagging" starts. All the frames which don’t belong to the "native" VLAN (VLAN 1) and leave the switch via a 802.1Q trunk port will be tagged, the frames will have a "VLAN Tag".
But - on that trunkport you can also CHANGE the native VLAN for THAT port.
So the native VLAN of the whole switch will still be VLAN1 ,but on for example port FastEthernet 0/2 you can configure a trunk port, and configure that e.g. VLAN 2 should be the native VLAN on THAT port.
interface FastEthernet0/2
switchport mode trunk
switchport trunk native vlan 2
That means - when frames which belong to VLAN 2 leave this trunk port (FastEthernet0/2), then they will NOT have VLAN Tags.
But if in the same time frames which belong to VLAN 1 leave this trunk port, then they MUST be tagged, as there can ONLY be ONE native VLAN configured on a port - or how should the uplink switch be able to differ between the VLAN’s - the uplink switch can only differ between frames which have NO VLAN tag, or frames which HAVE a VLAN Tag with the VLAN ID as value.
If we have a trunk port, and we connect a PC to it, then the PC will be able to read the Ethernet frames coming out of the trunk port - but only that frames which belong to the native vlan, as they dont carry the vlan-tag, which the pc network card cannot deal with..
The native VLAN is always needed if we want to connect devices to a switch which cannot deal with 802.1Q
Types of VLAN:
Virtual LANs fall into
the following categories:
-
Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.
-
MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership.
How many types of VLAN Configuration?
There are two types of configuration of VLANS:
1.
Static VLAN
2.
Dynamic VLAN
Static VLAN:
Static
VLANs, requires administrator to configure each port with some VLAN ID. This is
like configuring manually the VLANID to each switch port.
To
configure, administrator should have the idea about the network.
Dynamic VLAN:
Dynamic VLANs, as opposed to Static VLANs, do not require
the administrator to individually configure each port, but instead, a central
server called the VMPS (VLAN Member Policy Server). The VMPS is used to handle
the on-the-spot port configuration of every switch participating on the VLAN
network.
The VMPS server(VLAN AWARE SWITCH) configures the
unaware VLAN switch ports with some VLAN ID as present in the database.
