Benefits and Restrictions
Virtual Local Area Networks
1-3
1.2.1
802.1Q VLANs
An 802.1Q VLAN switch determines the VLAN membership of a data frame by its Tag Header,
described later in this chapter. If the frame received is not tagged, the switch classifies the frame
into the VLAN that is assigned as the default VLAN of the switch.
Some or all ports on the switch may be configured to operate as GARP VLAN Registration
Protocol (GVRP) ports. If a frame received is tagged, the frame is forwarded to the GVRP ports
that are configured to transmit frames associated with the frame VLAN ID and protocol. If the
received frame is not tagged, the frame is examined and tagged as belonging to the default VLAN.
Then the frame is forwarded to the GVRP ports that are configured to transmit frames associated
with the default VLAN and the frame protocol.
1.2.2
SecureFast VLANs
Enterasys Networks’ SecureFast VLAN strategy takes a different approach to creating virtual
LANs. In a SecureFast VLAN environment, the switches in the network recognize Network Layer
routing requests and translate them. Based on this translation, the switches set up a connection
between the end devices in the network.
1.2.3
Other VLAN Strategies
VLANs may also be created by a variety of addressing schemes, including the recognition of
groups of MAC addresses or types of traffic. One of the best-known VLAN-like schemes is the use
of IP Subnets to divide networks into smaller subnetworks.
1.3
BENEFITS AND RESTRICTIONS
The primary benefit of the 802.1Q VLAN technology is that it provides localization of traffic. This
function also offers improvements in security and performance to stations assigned to a VLAN.
While the localization of traffic to VLANs can improve security and performance, it imposes some
restrictions on network devices that participate in the VLAN. Through the use of Filtering
Database ID’s (FIDs) security can be implemented to enable or prevent users from one or more
VLANs from communicating with each other.
One or more VLANs can be assigned to a FID so that all the users that share a common FID can
communicate with each other regardless of their VLAN affiliation. However, for the sake of
security, the members of one FID cannot communicate with the members of another FID.
To set up a VLAN, all the network switch devices that are assigned to the VLAN must support the
IEEE 802.1Q specification for VLANs. Before you attempt to implement a VLAN strategy, ensure
that the switches under consideration support the IEEE 802.1Q specification.