CS 158B – Project report
Name: Elaine Lim & Allison Nham
Due date: March 25, 2005
VIRTUAL LOCAL AREA NETWORKS
1.Overview:
The Virtual Local Area Networks (VLAN) is a switch network technology that enables workstations or devices from different LAN segments logically grouped together regardless of their geographical location. In this paper, we will introduce some key aspects of VLAN and discuss the benefits of VLAN and why it is worthwhile.
2. How VLAN works:
A virtual LAN is no different from a traditional LAN, because it is considered as a broadcast domain. This means every broadcast packet propagates through the network will be seen by every host on the network. In the traditional network, if user wants to send a packet to the network, his broadcast packet will have to travel to all other users on the LAN. While this makes sense for some users within aworkgroup to see each other’s messages, it is unlikely that all users in a company would want to receive other’s messages. As a result, aVLAN is designed to define smaller broadcast domains within a switch. This means each VLAN is assigned an identifier and any packet can only travel from one broadcast domain to another if both domains have the same identifier.
3. Requirements to set up VLAN:
In order to implement VLAN in a network environment, we need VLAN-aware switching devices that must either comply with IEEE 802.1Q standards or must have a vendor-specific implementation of VLAN. These devices can be intelligent switches, which operate at the MAC layer, or routers, which operate at the network layer of the OSI reference model. Although a switching device is required to handle a VLAN formation, in reality it is the software that provides VLAN capabilities. With VLAN management software, the network manager will be able to reconfigure VLAN infrastructure, regardless of where the resources or users are located.
4. Types of VLAN:
Depending on the vendors, VLAN grouping method can be divided into three general categories: port-based grouping, MAC address-based grouping and protocol-based grouping.
A. Port-based grouping:
Port-based grouping is the most common technique in defining VLAN membership.As its name implies, a port-based VLAN allows us to haveseparate VLANs among ports on the same switch. This means the network manager can definea mapping of VLANs to a bunch of interconnected switch ports. For example, in a switch with five ports, ports 1, 3, and 4 belong to VLAN 1, ports 2 and 5 belong to VLAN 2. If the user moves, the network manager simply defines their new port as a member of their existing VLANs. This method is easy for setting up and monitoring a VLAN group because it works well in a network where the movement of users is high. However, one drawback of VLAN membership defining by port is that the network manager needs to reconfigure the membership as the user migrates from one port to another.
B. MAC address-based grouping:
In this case, the network manager groups all members in a VLAN together by means of MAC addresses. Each switch tracks the MAC addresses which belong to each VLAN. The key advantage of this method is the network manager does not need to reconfigure the switch when the user moves to a different port. However, there are some limitations with MAC address-based grouping. First, all users must be configured initially at least in one VLAN and this clearly becomes a huge workload for a large network with thousands of users. In a shared media environment, VLAN membership defined by MAC address encountersa serious performance issue due to the coexistence of members of different VLANs inthe same switch port. To the end, for those Notebook PC users, they need to constantly update their VLAN membership as the users move around.
C. Protocol-based grouping:
In a protocol-based grouping, the VLAN formation is based on IP address prefix, meaning it must be based on the source address in the IP header. Each switch must determine that the packet based on the protocol type provided in the Layer-3 IP header.One of the advantages of protocol-based grouping is that it allows partitioning per protocol type. It also allows the users to physically move without loosing their membership. However, one of the disadvantages is that it can affect the network performance due to the need for inspecting the Network layer address in the packet. Finally, the other limitation of the protocol-based VLAN grouping is that workstations will be running non-routable protocols that the Layer-3 VLANcannot handle, like NetBIOS.
5. VLANS memberships:
In order to determinethe VLAN membership among switches across a network, three methods have been implemented: table maintenance over signaling, frame tagging and time-division multiplexing (TDM).
In the table maintenance over signaling, when a host broadcasts its first frame, the switch retains the workstation's MAC address together with its VLAN membership in a cached address table. Then this information will be broadcast continuously to all other switches on the network. However, the network managerstill needs to update the address table manually if there is a change in VLAN membership. Moreover, the cached address tableneeds to be updated when the network expands or new switches are added into the network.
When a switch wants to talk to another switch, a frame tagging method is used so that the switch can know which VLAN a packet is intended for.The broadcast packet is transmitted like any other packet over the network. However, when the switch receives the packet, it will extract the tag to obtain VLAN information.
In a TDM method, channels are reserved for each VLAN to support multiple network environments. Although it reduces some of the overhead caused by the two methods above, it wastes bandwidth since a dedicated time slot of one VLAN cannot be used by another when the channel is not busy.
6. Type of links in VLANs:
Depends on what kind of environment, there are two types of links in a VLAN. A switched port can run on either access link or trunk link mode. When a need of connecting users within a single VLAN group arises, the access link method would be used. The access link is normally a switched port in access mode that is attached to a workstation. The broadcast frame transmitted on an access link is similar to any other Ethernet frame.
In a case where we have multiple VLANs on a switch, we cannot simply connect them with one another via a switch. To get from one VLAN to the other, the network manager needs to establish a trunk link to connect two switches to a router. For example, if user A on VLANs1 wanted to talk to user B on VLANs2, he must travel from the switch to the router and then return to the switch. Because switches and routers are logically constructed, users may think that they are talkingin the same physical LAN segment.
7. Benefits of VLANs:
Having discussed some of the basic concepts behind VLANs, we now focus on some promising advantages that this technology has contributed in the network environment.
A. Increasing performance:
VLAN helps to increase performance by partitioning the network into smaller broadcast domains. By grouping the users into a logical network, it improves the performance by limiting the broadcast traffic to a specific network. As a result, there will be less traffic for the network as a whole.
B. Improving manageability:
VLAN also reduces the cost of moving and changing workstations. Since VLANmembership is not bounded to a particular location in the network, it allows users to keep their original IP addresses even when they moved to a different physical location without the need of reconfiguration the IP address. This provides the network manager with the ability to manage today's dynamic networks. And by grouping the physically scattered workstations into a logical workgroup, this would lead to a more manageable network.
C. More security:
VLAN also provides increased security option. Since a switch only sends packets to designated recipients in the same subnet, the administrator can group these users who require access to sensitive information into one separate VLAN to separate them from the general users.
D. Flexibility and scalability:
By allowing the specific resources to obtain the membership in more than one VLAN, users on particular VLANs can share resources with other users from different logical VLANs without the need of adding additional switches or routers.
8. Conclusion:
We have discussed the topic of VLANs, a new technology that serves as a networked work group of users sitting logically close together, although their workstations may actually be located in different geographical areas. In conclusion, VLAN network technology has promised a new kind of network design tool that assists network manager in adapting the network to fit a competitive changing world.
References
- Lammle, Todd and Hales, Kevin, “CCNP Switching Study Guide”, Sybex, Inc., 2001.
- Held, Gibert, “Virtual LANs”, John Wiley & Sons, Inc., 1997.
- Varadarajan, Suba, “Virtual Local Area Networks”,
- “The Virual LAN Technology Report”,
- “Virtual LAN”,
- “VLANs information”,
- “Virtual LANs”,
Page 1 of 7