|
VLANs Explained
VLAN: Virtual Local Area
Network and IEEE 802.1Q
A Virtual LAN (VLAN) is a group
of devices on one or more LANs that are configured so that they can
communicate as if they were attached to the same wire, when in fact
they are located on a number of different LAN segments. Because
VLANs are based on logical instead of physical connections, it is
very flexible for user/host management, bandwidth allocation and
resource optimization. Most home or small office networks will not
find it necessary to use this method of network management. But a
business with, say, a networked point of sale system, a public
network (like a wi-fi hotspot), and an internal office network will
want to keep these systems separate for security reasons, but yet
still have them all on the same physical network for ease of
management. Here's how it works.
Virtual LANs fall into
the following categories:
-
Port-Based VLAN:
each physical switch port is configured with an access list
specifying membership in a set of VLANs.
-
MAC-based VLAN: a
switch is configured with an access list mapping individual MAC
addresses to VLAN membership.
-
Protocol-based VLAN:
a switch is configured with a list of mapping layer 3 protocol
types to VLAN membership ¡§C thereby filtering IP traffic from
nearby end-stations using a particular protocol such as IPX.
-
ATM VLAN using
LAN Emulation (LANE) protocol to map Ethernet packets into ATM
cells and deliver them to their destination by converting an
Ethernet MAC address into an ATM address.
The IEEE 802.1Q
specification establishes a standard method for tagging Ethernet
frames with VLAN membership information. The IEEE 802.1Q standard
defines the operation of VLAN Bridges that permit the definition,
operation and administration of Virtual LAN topologies within a
Bridged LAN infrastructure. The 802.1Q standard is intended to
address the problem of how to break large networks into smaller
parts so broadcast and multicast traffic would not grab more
bandwidth than necessary. The standard also helps provide a higher
level of security between segments of internal networks.
The key for the IEEE
802.1Q to perform the above functions is in its tags.
802.1Q-compliant switch ports can be configured to transmit tagged
or untagged frames. A tag field containing VLAN (and/or 802.1p
priority) information can be inserted into an Ethernet frame. If a
port has an 802.1Q-compliant device attached (such as another
switch), these tagged frames can carry VLAN membership information
between switches, thus letting a VLAN span multiple switches.
However, it is important to ensure ports with non-802.1Q-compliant
devices attached are configured to transmit untagged frames. Many
NICs for PCs and printers are not 802.1Q-compliant. If they receive
a tagged frame, they will not understand the VLAN tag and will drop
the frame. Also, the maximum legal Ethernet frame size for tagged
frames was increased in 802.1Q (and its companion, 802.3ac) from
1,518 to 1,522 bytes. This could cause network interface cards and
older switches to drop tagged frames as "oversized."
Protocol Structure -
VLAN: Virtual Local Area Network and the IEEE 802.1Q
IEEE 802.1Q Tagged Frame
for Ethernet:
| 7 |
1 |
6 |
6 |
2 |
2 |
2 |
42-1496 |
4 |
| Preamble |
SFD |
DA |
SA |
TPID |
TCI |
Type Length |
Data |
CRC |
- Preamble (PRE) 7 bytes. The
PRE is an alternating pattern of ones and zeros that tells
receiving stations that a frame is coming, and that provides
a means to synchronize the frame-reception portions of
receiving physical layers with the incoming bit stream.
- Start-of-frame delimiter (SFD)
1 byte. The SOF is an alternating pattern of ones and zeros,
ending with two consecutive 1-bits indicating that the next
bit is the left-most bit in the left-most byte of the
destination address.
- Destination address (DA) 6
bytes. The DA field identifies which station(s) should
receive the frame.
- Source addresses (SA) 6
bytes. The SA field identifies the sending station.
- TPID - defined value of 8100
in hex. When a frame has the EtherType equal to 8100, this
frame carries the tag IEEE 802.1Q / 802.1P.
- TCI Tag Control Information
field including user priority, Canonical format indicator
and VLAN ID.
|
| 3 bits |
1 bit |
12 bits |
| User Priority |
CFI |
Bits of VLAN ID (VIDI) to
identify possible VLANs |
- User Priority : Defines user
priority, giving eight (2^3) priority levels. IEEE 802.1P
defines the operation for these 3 user priority bits.
- CFI : Canonical Format
Indicator is always set to zero for Ethernet switches. CFI
is used for compatibility reason between Ethernet type
network and Token Ring type network. If a frame received at
an Ethernet port has a CFI set to 1, then that frame should
not be forwarded as it is to an untagged port.
- VID : VLAN ID is the
identification of the VLAN, which is basically used by the
standard 802.1Q. It has 12 bits and allow the identification
of 4096 (2^12) VLANs. Of the 4096 possible VIDs, a VID of 0
is used to identify priority frames and value 4095 (FFF) is
reserved, so the maximum possible VLAN configurations are
4,094.
- Length/Type 2 bytes. This
field indicates either the number of MAC-client data bytes
that are contained in the data field of the frame, or the
frame type ID if the frame is assembled using an optional
format.
- Data as a sequence of n
bytes (42=< n =<1496) of any value. The total frame minimum
is 64 bytes.
- Frame check sequence (FCS)?a
4 bytes. This sequence contains a 32-bit cyclic redundancy
check (CRC) value, which is created by the sending MAC and
is recalculated by the receiving MAC to check for damaged
frames.
|
|
