The Layer 2 devices use Ethernet frame header information to send packets without having routing tables. Usually, the Ethernet frame header does not contain any information about virtual local area network (VLAN), so, when Ethernet frames arrive in a trunk, The virtual local area network (VLAN) information should add to the frame.
This method called tagging. The standard for VLAN tagging is IEEE 802.1Q. The 802.1Q header includes a 32-bits tag inserted inside the original Ethernet frame header, specifying the VLAN to which the frame belongs.
When the switch receives an Ethernet frame on a port in access mode and assigned a VLAN, the switch inserts a virtual local area network (VLAN) tag into the received frame header, calculates the FCS again, and sends out the tagged frame to the trunk port. The figure below illustrates the different fields of VLAN tag:
Type– Type field is 16 bits field also called the tag protocol ID (TPID) value. The value for Ethernet hexadecimal 0x8100.
User priority– It has a 3-bit value that supports service implementation.
Canonical Format Identifier (CFI)– This is a 1-bit identifier that enables Token Ring frames to be carried across Ethernet links.
VLAN ID (VID)– It is a 12-bit VLAN identification number that supports up to 4096 VLAN IDs.
Native VLANs and 802.1Q Tagging
Tagged Frames on the Native virtual local area network (VLAN)
Some devices that support trunking, insert a VLAN tag to native VLAN traffic. If a port configured on 802.1Q trunk receive a tagged frame with VID and the same as the native VLAN, it drops the frame.
So when configuring a switch port on Cisco switch, configure devices that they send untagged frames on the native VLAN. Other vendor devices, routers, non-Cisco switches, and servers support tagged frames on the native VLANs.
Untagged Frames on the Native VLAN
When a trunk port receives untagged frames, it forwards these untagged frames to the native VLAN. If there are no devices associated with the native VLAN and there are no other trunk ports, then the switch dropped the frame. During configuring an 802.1Q trunk port, the native VLAN Id is assigned as a default Port VLAN ID.
All untagged traffic coming in and out of the 802.1Q port is forwarded based on the PVID. For example, if VLAN 10 is a native VLAN. So, every untagged data is sent to VLAN 10 which PVID is 10. If the native has not been configured, the PVID value for native VLAN is 1. Because the default native VLAN is 1.
Voice VLAN Tagging
To Voice over IP Support, a separate voice VLAN is required. Port that connects the Cisco IP phone can be configured to use two separate VLANs. One for voice and another for data traffic.
The link between IP phone and switch work like the trunk to carry both voice and data VLAN traffic. The Cisco IP Phone has a three-port 10/100 switch. These ports give dedicated connections to these devices:
Port-1 – This port connects the IP phone to the switch or other VoIP (Voice Over Internet Protocol) devices.
Port-2 – This port is an internal 10/100 interface that carries the IP phone traffic.
Port-3 – This is an access port that connects to a PC or other device.
On the switch, the switch port is configured to send CDP (Cisco Discovery Protocol) packets and instruct an attached IP phone to send voice traffic to the switch in one of the following ways, depending on the type of traffic:
In a voice VLAN tagging with a Layer 2 class of service priority value.
In; an access VLAN tagging with a Layer 2 class of service priority value.
In an access VLAN, untagged without a Layer 2 class of service priority value.
In the default configuration, when a switch receives a broadcast frame on the ingress ports of the switch it forwards the frame out all ports excluding the port where the broadcast frame was received. Because the whole network is configured in the same subnet and no VLANs are configured therefore all ports are working in the same broadcast domain.
As shown in the figure below, when the PC-1 sends out a broadcast frame, switch S-1 receives the broadcast frame and sends that broadcast frame out all of its ports except ingress port. Ultimately the whole network receives the broadcast for the reason that the network is one broadcast domain. When the frame from S-1 received to S-2, the S2 will also flood the frame to all ports.
Network with VLANs
Figure 2 illustrates the segmented network with VLANs; the network has been segmented using two VLAN, VLAN 10 and VLAN 20. The IT department has assigned VLAN 10 and the admin department has assigned VLAN 20. When a broadcast is sent from any computer of the IT department (PC-2, PC-3, and PC-4) the switch (S1, S2) forwards that broadcast frame only to switch ports that are assigned to VLAN-10 and also to Trunk port. Same as when a computer from the admin department sent a broadcast frame; the switch forwards the frame to port that is configured for VLAN-20 and trunk port.
The ports that connect both switches S1 and S2 are trunks and have been configured to support all the VLANs in the network. When S1 and S2 receive the broadcast frames on a port from VLAN-10. The switch forwards that broadcast frame out of the only other port configured to support VLAN 10 including trunk port. When VLANs are configured on a switch, the transmission of unicast; multicast, and broadcast traffic from a host in a particular VLAN is limited to the devices that are in that VLAN. The VLAN create multiple broadcast domains in the switch so the broadcast can be controlled with creating multiple broadcast domains.
Separation of the large broadcast domain into smaller ones improves network performance. By design, routers block broadcast traffic. But, routers usually have a limited number of LAN interfaces. A router’s main role is to move data between different networks.
The router does not give network access to end devices. The access layer switches are responsible for connectivity to end devices. The VLANs on Layer 2 switches also cut the size of broadcast domains. Network design combined into VLANs making it easier for a network to support the goals of an organization. The switched LANs mostly used VLANs.
The VLAN creates a logical broadcast domain that consists of different physical LAN segments. it also improves network performance by separating large broadcast domains into smaller broadcast domains. If a device in one VLAN sends broadcast data, all devices in that VLAN receive the data, but devices in other VLANs do not.
What is VLANs
Virtual Local Area Network also provides segmentation within a switched network. It is a technique that group devices within a Virtual Local Area Network. A group of devices within a VLAN communicate like they are connected to the same wire.
Virtual Local Area Networks are based on logical connections, in place of physical connections. it permits a network administrator to divide larger networks based on factors like function, project team, or application, without hold for the physical place of the user or device.
Devices inside a Virtual Local Area Network act like they are in their own independent network however, they share a common infrastructure with other Virtual Local Area Networks. Any switch port can belong to any Virtual Local Area Network, and unicast; broadcast and multicast packets are forwarded and flooded only to the end station within the Virtual Local Area Network.
Every Virtual Local Area Network is working as a separate logical network; and data destined for stations, not in the Virtual Local Area Network must be forwarded through a router or device that supports routing.
Virtual Local Area Networks also make possible the implementation of access and security policies to particular groupings of users. Such as each switch port can assign to only one VLAN except in some cases. The figure below illustrates Virtual Local Area Networks.
Benefits of VLANs
VLANs make it simple to plan a network to maintain the goals of an organization. The most important benefits of Virtual Local Area Networks are as follows:
Security
Security is one of the primary benefits of the Virtual Local Area Networks. it makes it possible that the hosts that have sensitive data are separated from the rest of the network.
The separation decreases the possibility of confidential information breaches. The figure below illustrates that management, sells and IT sections are totally separate from each other, so they can’t access each other’s files.
Cost
VLANs reduce the cost of the network and make it possible of more efficient use of existing hardware and bandwidth because segmenting a network into smaller VLAN is cheaper than creating a routed network with routers.
Better Network Performance
Dividing flat Layer 2 networks into multiple broadcast domains reduces unnecessary traffic on the network and help increase network performance.
VLANs manage traffic very efficiently so that your end-users experience better performance. The administrator will have a smaller amount of latency problems on the network and more reliability for important applications.
Shrink Broadcast Domains
Division of large network into smaller Virtual Local Area Networks reduce devices in the broadcast domain. As shown in the figure above, a total of nine hosts working in this network but only three hosts are in broadcast domains.
Improved IT staff efficiency
VLANs make network management very easy for IT staff because users with related network requirements share the same VLAN.
Simpler Project and Application Management
VLANs combined users and network devices to support both business and geographic requirements.
Simplified Administration for the Network Manager
VLAN simplifies network management. Grouping of users into the virtual networks, make it easy to set up and control network policies at a group level.
Easy Troubleshooting
Network troubleshooting can be simpler and faster because of different user groups are segmented and isolated from one another. If the network administrator knows that complaints are only coming from a different subset of users, the network administrator will be able to quickly narrow down where to look to find the issue.
Types of VLANs
There are different types of VLANs used in networking. The VLAN is defined by classes of traffic and some others are defined by the specific function that they serve. Each switch has a default VLAN.
Default VLAN
VLAN-1 is the default VLAN on Cisco switches. After the first boot-up process, the switch loads the default configuration and all switch ports became a part of the default VLAN (VLAN-1). The switch port that is part of the default VLAN work in the same broadcast domain.
The figure below illustrates the default VLAN of a Cisco switch, the show VLAN brief command was executed on a switch running the default configuration.
You can see that all ports are assigned to VLAN 1 by default. There is no difference between the features and function of VLAN1 and other VLAN; excluding that it cannot be renamed or deleted. By default, all Layer 2 control traffic is associated with VLAN 1.
Data VLAN
A data VLAN is also called a user VLAN. It is used to separate the network into different groups of users or devices. Data VLAN is used to send user-generated traffic. It is also a separate voice and management traffic from data traffic.
Native VLAN
A native VLAN is assigned to an 802.1Q trunk port that was created for backward compatibility with old devices that don’t support VLANs just like a hub. Frames belonging to the native VLAN are not tagged when sent out on the trunk links so older devices can simply understand these frames. Frames received untagged on the trunk links are set to the native VLAN.
The trunk is the link between switches that keep up the transmission of traffic connected with more than one VLAN. An 802.1Q trunk port supports also traffic coming from many VLANs (tagged traffic); with traffic that does not come from a VLAN.
Tagged traffic is traffic that has a 4-byte tag inserted in the original Ethernet frame header; specifying the VLAN to which the frame belongs. The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.
Management VLAN
The separate VLAN for management like monitoring, system logging, SNMP, and other sensitive management jobs is best practice in networking. It also ensures that bandwidth for management will also be available even when user traffic is high.
VLAN 1 is also the management VLAN by default. Moreover, to create the management VLAN, the switch virtual interface of that VLAN is assigned an IP address and subnet mask, which management remotely via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 would be a bad choice for the management VLAN.
If your organization uses voice over IP (VoIP), a separate VLAN is needed. This will also save bandwidth for other applications and make sure VoIP quality.
The Voice Over Internet Protocol (VoIP) traffic is also required, assured bandwidth to make sure quality, transmission priority, ability to be routed around congested areas on the network and delay of less than 150ms across the network. To meet these requirements, the entire network has to be designed to support VoIP.
Voice VLANs
If an organization uses voice over IP (VoIP), a separate VLAN is needed. This will save bandwidth for other applications and make sure VoIP quality.
The Voice Over Internet Protocol (VoIP) traffic requires, assured bandwidth to make sure voice quality, transmission priority over the different types of traffic on the network, ability to be routed around congested areas on the network and delay of less than 150ms across the network. To meet these requirements, the entire network must be designed to support VoIP.
With the network growing, its performance is going slower, Ethernet bridges limit the size of the collision domains. Therefore the use of ethernet bridges art started. The advancement in integrated circuits permitted LAN switches to replace the early bridges. The modern switches were able to move the layer 2 forwarding decision from software to application-specific-integrated-circuits (ASICs). The ASICs decrease the packet-handling time within the device and let the device handle an increased number of ports without degrading performance. There are two methods of frame forwarding and switching:-
Store-and-forward method
Cut-through Method
Store-and-Forward Switching
The store-and-forward method makes a forwarding decision when the complete frame is received and then checked the frame for errors using a mathematical error-checking mechanism known as a cyclic redundancy check (CRC). if the CRC is valid, the switch looks up the destination address, which determines the outgoing interface. The frame is then forwarded out to the correct port.
The Store-and-forward method has two primary characteristics that differentiate it from cut-through:
Error checking
Automatic buffering.
Error Checking
A switch using a store-and-forward switching technique performs an error check on each incoming frame. When received the entire frame on the ingress port, shows that the figure, the switch compares the frame-check-sequence (FCS) value in the last field of the datagram against its own FCS calculations. The FCS is the process that helps to make sure that the frame is free of physical and data-link layer errors. If the frame has no error, the switch forwards the frame to the destination; otherwise, the frame is dropped.
Automatic Buffering
With any difference in data speeds between the ingress and egress ports, the switch stores the frame in a buffer computes the FCS check; forwards it to the egress port buffer and then sends it. For example, when an incoming frame travelling into a Fast Ethernet port that must be sent out a Giga Ethernet interface would need to use the store-and-forward method. The store-and-forward switching is the primary method for Cisco switches.
Cut-Through Switching
The Cut-Through Switching is another method of switching, as shown in Figure 2; this method starts the forwarding process when the destination MAC address of an incoming frame and the egress port has been determined. The advantage of this method is the ability to switch data earlier than the store-and-forward method. The primary characteristics of cut-through switching are the following:
A switch using the cut-through method make forwarding immediately when it has found the destination MAC address of the frame in its MAC address table. The switch doesn’t need to wait for the complete frame to receive like the store-and-forward method.
A switch using the cut-through method can quickly decide because of ASICs and MAC controllers. The cut-through method needs to check a larger part of a frame’s headers for more filtering purposes. For example, the switch can check source MAC address; destination MAC, and the Ether Type fields which are total of 14 bytes and check an extra 40 bytes to carry out more difficult functions Layers 3 and 4.
This method does not drop invalid frames. The frames with errors are forwarded to the next segments of the network. If there are too much invalid frames in the network, which produce a negative impact on bandwidth.
Fragment Free Switching
It is a modified form of cut-through switching. In this form of switching the switch waits for the collision window (64 bytes) to pass before forwarding the frame. Each frame will be checked into the data field to make sure there is no fragmentation that has occurred. This is provides enhanced error checking than cut-through; without any further latency and delay. The lower latency speed of cut-through switching makes it more suitable for high-performance computing (HPC) applications that need process-to-process latencies of 10 microseconds or less.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.