Table of Contents
Advertisement
Linksys
Linksys
Chapter 6 VLAN Management
VLAN Management
This section covers the following topics:
Overview
•
VLANs
•
VLAN Groupss
•
Voice VLAN
•
Overview
A VLAN is a logical group of ports that enables devices associated with it to
communicate with each other over the Ethernet MAC layer, regardless of the
physical LAN segment of the bridged network to which they are connected
VLAN Description
Each VLAN is configured with a unique VID (VLAN ID) with a value from 1 to
4094 A port on a device in a bridged network is a member of a VLAN if it can
send data to and receive data from the VLAN A port is an untagged member
of a VLAN if all packets destined for that port into the VLAN have no VLAN tag
A port is a tagged member of a VLAN if all packets destined for that port into
the VLAN have a VLAN tag A port can be a member of one untagged VLAN and
can be a member of several tagged VLANs
A port in VLAN Access Mode can be part of only one VLAN If it is in Trunk Mode,
the port can be part of one or more VLANs
VLANs address security and scalability issues Traffic from a VLAN stays
within the VLAN, and terminates at devices in the VLAN It also eases network
configuration by logically connecting devices without physically relocating
those devices
If a frame is VLAN-tagged, a four-byte VLAN tag is added to each Ethernet
frame The tag contains a VLAN ID between 1 and 4094, and a VLAN Priority Tag
(VPT) between 0 and 7 See Quality of Service for details about VPT
When a frame enters a VLAN-aware device, it is classified as belonging to a
VLAN, based on the four-byte VLAN tag in the frame
If there is no VLAN tag in the frame or the frame is priority-tagged only,
the frame is classified to the VLAN based on the PVID (Port VLAN Identifier)
configured at the ingress port where the frame is received
The frame is discarded at the ingress port if Ingress Filtering is enabled and the
ingress port is not a member of the VLAN to which the packet belongs A frame
is regarded as priority-tagged only if the VID in its VLAN tag is 0
Frames belonging to a VLAN remain within the VLAN This is achieved by
sending or forwarding a frame only to egress ports that are members of the
target VLAN An egress port may be a tagged or untagged member of a VLAN
The egress port peforms the following actions:
The egress port:
Adds a VLAN tag to the frame if the egress port is a tagged member of the
•
target VLAN, and the original frame does not have a VLAN tag
Removes the VLAN tag from the frame if the egress port is an untagged
•
member of the target VLAN, and the original frame has a VLAN tag
VLAN Roles
VLANs function at Layer 2 All VLAN traffic (Unicast/Broadcast/ Multicast)
remains within its VLAN Devices attached to different VLANs do not have direct
connectivity to each other over the Ethernet MAC layer Devices from different
VLANs can communicate with each other only through Layer 3 routers An IP
router, for example, is required to route IP traffic between VLANs if each VLAN
represents an IP subnet
The IP router might be a traditional router, where each of its interfaces
connects to only one VLAN Traffic to and from a traditional IP router must be
VLAN untagged The IP router can be a VLAN-aware router, where each of its
interfaces can connect to one or more VLANs Traffic to and from a VLAN-aware
IP router can be VLAN tagged or untagged
Adjacent VLAN-aware devices exchange VLAN information with each other by
using Generic VLAN Registration Protocol (GVRP) As a result, VLAN information
is propagated through a bridged network
Some VLANs can have additional roles, including:
Voice VLAN—For more information refer to Voice VLAN
•
Table of Contents
Table of Contents
39
39
39
Advertisement
Table of Contents
