IES-612-51A User’s Guide
145
CHAPTER 16
VLAN
This chapter shows you how to configure IEEE 802.1Q tagged VLANs.
16.1 Introduction to VLANs
A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into
multiple logical networks. Devices on a logical network belong to one group. A device can
belong to more than one group. With VLAN, a device cannot directly talk to or hear from
devices that are not in the same group(s); the traffic must first go through a router.
In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and security
among the subscribers. When properly configured, VLAN prevents one subscriber from
accessing the network resources of another on the same LAN, thus a user will not see the
printers and hard disks of another user in the same building.
VLAN also increases network performance by limiting broadcasts to a smaller and more
manageable logical broadcast domain. In traditional switched environments, all broadcast
packets go to each and every individual port. With VLAN, all broadcasts are confined to a
specific broadcast domain.
Note that a VLAN is unidirectional, it only governs outgoing traffic.
16.2 Introduction to IEEE 802.1Q Tagged VLAN
Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN
membership of a frame across bridges - they are not confined to the device on which they were
created. The VLANs can be created statically by hand or configured dynamically using
GVRP.
1
The VLAN ID associates a frame with a specific VLAN and provides the information
that devices need to process the frame across the network. A tagged frame is four bytes longer
than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing
within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control
Information, starts after the source address field of the Ethernet frame).
The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet
switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not
be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN ID,
giving a possible maximum number of 4,096 (2
12
) VLANs. Note that user priority and VLAN
ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a
1. GVRP (GARP VLAN Registration Protocol) defines a way for switches to automatically configure switches in a
VLAN network.