Table of Contents
Advertisement
DES-7000/DES-7100 Layer 2 Switch User's Guide
VLANs
A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme
rather than the physical layout. VLANs can be used to combine any collection of LAN segments into
an autonomous user group that appears as a single LAN. VLANs also logically segment the network
into different broadcast domains so packets that are forwarded only between ports within the VLAN.
VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to
specific domains. Although VLANs are a function of Layer 2 networking, it is common on many
networks to coordinate the creation of VLANs with an IP addressing scheme, so that each subnet has
its own VLAN.
A VLAN is essentially a collection of end nodes grouped by logic instead of physical location. End
nodes that frequently communicate with each other are assigned to the same VLAN, regardless of
where they are physically on the network. Logically, a VLAN can be equated to a broadcast domain,
because broadcast packets are forwarded to only members of the VLAN on which the broadcast was
initiated.
Within the Layer 2 switching environment, all end nodes are identified on the network by their unique
MAC address. No matter what basis is used to uniquely identify end nodes and assign these nodes
VLAN membership, packets cannot cross VLANs without a network device performing a routing
function between the VLANs.
For VDSL applications, VLANs can be used for a group of ports used by a single subscriber. For
example, one client may have a company network of a size that requires more than one port on the
Switch. In this case, the Switch can be used to create one VLAN for the group of port leased the single
subscriber. The client can then administer VDSL access on the private network as desired. All the
ports within the client's VLAN can freely exchange packets through the VDSL Switch. Once the VLAN
has been created, there should not be any more configurations decisions for the VDSL Switch
manager, as long as there are no additional ports required by the client. If the client prefers to lease
additional bandwidth (i.e. more ports), these can be easily added to the client's VLAN if there are
unused ports available on the Switch.
The Switch supports only IEEE 802.1Q VLANs. The port untagging function can be used to remove
the 802.1Q tag from packet headers to maintain compatibility with devices that are tag-unaware.
By default the Switch assigns all ports to a single 802.1Q VLAN named "default". The VLAN "default"
has a VID = 1.
IEEE 802.1Q VLANs
To help you understand 802.1Q VLANs as implemented by the Switch, it is necessary to understand
the following:
Tagging - The act of putting 802.1Q VLAN information (a tag) into the header of a packet.
Untagging - The act of stripping 802.1Q VLAN information out of the packet header.
Ingress Port - A port on a switch where packets are flowing into the switch and VLAN decisions must
be made.
Egress Port - A port on a switch where packets are flowing out of the switch, either to another switch
or to an end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the Switch. 802.1Q VLANs require tagging, which
enables them to span the entire network (assuming all switches on the network are IEEE 802.1Q-
compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets
entering a VLAN will only be forwarded to the stations (over IEEE 802.1Q enabled switches) that are
members of that VLAN, and this includes broadcast, multicast and unicast packets from unknown
sources.
VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver
packets between stations that are members of the VLAN.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q
VLANs allow VLANs to work with legacy switches that don't recognize VLAN tags in packet headers.
Switch Management
41
Advertisement
Table of Contents
