User’s Manual: SW-10200
17
5. VLAN SETTING
5.1. Introduction to VLAN
A
Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather
than the physical location. VLAN can be used to combine any collection of LAN segments into an autonomous user
group that appears as a single LAN. VLAN also logically segment the network into different broadcast domains so
that packets are forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular
subnet, although not necessarily.
VLAN can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific
domains.
End nodes that frequently communicate with each other are assigned to the same VLAN, regardless of where
they are physically on the network. Logically, a VLAN can be equated to a broadcast domain, because broadcast
packets are forwarded to only members of the VLAN on which the broadcast was initiated.
No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN
membership, packets cannot cross VLAN without a network device performing a routing function
between the VLAN.
5.1.1. IEEE 802.1Q Standard
IEEE 802.1Q (tagged) VLAN is implemented on the Switch. 802.1Q VLAN require tagging, which enables
them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets
entering a VLAN will only be forwarded to IEEE 802.1Q enabled switches that are members of that VLAN, including
broadcast, multicast and unicast packets from unknown sources.
VLAN can also provide a level of security to your network. IEEE 802.1Q VLAN will only deliver packets
between stations that are members of the VLAN. Any port can be configured as either tagging or untagging.
The untagging feature of IEEE 802.1Q VLAN allows a VLAN to work with legacy switches not recognizing
VLAN tags in packet headers.
The tagging feature allows VLAN to span multiple 802.1Q-compliant switches through a single physical
connection and allows Spanning Tree to be enabled and working normally on all ports.
Some relevant terms:
Tagging: The act of putting 802.1Q VLAN information into the packet header.
Untagging: The act of stripping 802.1Q VLAN information out of the packet header.
802.1Q VLAN Tags
The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC
address. Their presence is indicated by a value of 0x8100 in the Ether Type field. When a packet's Ether Type field
is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets
and consists of 3 bits of user priority, 1 bit of Canonical Format Identifier (CFI - used for encapsulating Token Ring
packets so they can be carried across Ethernet backbones), and 12 bits of VLAN ID (VID). The 3 bits of user priority
are used by 802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard. Because the VID is 12 bits
long, 4094 unique VLAN can be identified.
The tag is inserted into the packet header making the entire packet longer by 4 octets. All of the information
originally contained in the packet is retained.
The Ether Type and VLAN ID are inserted after the MAC source address, but before the original Ether
Type/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic
Redundancy Check (CRC) must be recalculated.
Port VLAN ID
Tagged packets (carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network
