The application of VLAN in the network project is very common, basically it needs to do VLAN segmentation in most of the projects. In this article, you could know the basic knowledge of VLAN.

WHY NEED VLAN?

1.What is VLAN?

A VLAN (virtual LAN) abstracts the idea of the local area network (LAN) by providing data link connectivity for a subnet. One or more network switches may support multiple, independent VLANs, creating Layer 2 (data link) implementations of subnets. A VLAN is associated with a broadcast domain. It is usually composed of one or more Ethernet switches.

In brief, the communication between users in the same VLAN is the same as in a LAN. That is to say, the broadcasts in the same VLAN could be only heard by the members of the VLAN and wont be transmitted to other VLANs, thus controlling the generation of unnecessary broadcast storm. At the same time, to improve information security between different workgroups, communication between different VLANs is forbidden if it is without routers. Network administrators can fully manage the exchange of information between different workgroups within the network by configuring router between VLANs.

2.Why need the VLAN (Broadcast Domain) segmentation?

If there is only one broadcast domain, it may affect the transmission performance of the network.

In above case, this network system consists of 5pcs of layer 2 switches (No.1-5), which are connecting with large numbers of terminals.

It is supposed that there will be communication between PC A and PC B, then it needs to specify the target MAC address in data frame for the normal communication based on Ethernet. Therefore, it needs the ARP request sent out from PC A to acquiring MAC address of PC B.

After receiving the broadcast frame (ARP request), the switch 1 would flood it to the all ports except the receiving port, and the switch 2,3,4 &5 would also flood the frame after receiving it. This is known as the broadcast storm.

The aim is to send ARP request from PC A to PC B to acquire the MAC address. But the frame is send to the all PCs in the network, it causes a lot of unnecessary consumption of network bandwidth and CPU computing power, and may cause network paralysis.

THEORY OF VLAN

1. Mechanism of Realizing VLAN

Any broadcast frame would be flood forwarded in layer 2 switch which is without any VLAN configuration.

In this example, we set Port 1-2 to WLAN 1 (Red), Port 3-4 to VLAN (Blue).

If we send broadcast frame from A, it would only be forwarded to ports in VLAN 1.

In this way, the VLAN separates broadcast domain by limiting the range of broadcast frame forwarding. Please note that we use different colors to distinguish different VLANs in the example, but in practical, it uses VLAN ID to distinguish them.

2. What shall we do if we need communication between different VLANs

Usually, two broadcast domains are connected by routers, and the packets transmission between them are relayed by routers. Therefore, vlan-to-vlan communication also requires routers to provide relay services, or the layer 3 switches with routing function to realize the communication.

VLAN SEGMENTATION

1. Static VLAN

It is also called port-based VLAN. The association with the VLAN wont change until the administrators change the port assignment. The advantage of static VLAN is that you can assign which port to which VLAN directly. Therefore you can know which ports are in the same VLAN in a simple way. But if the numbers of PC in the network are over hundreds, the operation would be complicated. What’s more, every time change the port of the PC, you need to change the VLAN settings to which the port belongs.

2. Dynamic VLAN

In a dynamic VLAN, the switch changes the VLAN to which the port belongs at any time according to the computer to which each port is connected. There are three types of dynamic VLAN.

- MAC Based VLAN

- Subnet Based VLAN

- User Based VLAN

MAC Based VLAN: The switch could identify which VLAN the port belongs to through querying and recording the MAC address of the computer’s network card connected to the port.

Assuming that the computer with MAC address of "A" is set by the switch to belong to VLAN 10, the port will be assigned to VLAN10 regardless of which port this computer is connected to. That is to say, If the computer is connected to port 1, then the port 1 belongs to VLAN10, while changing to port 2, the port 2 belongs to VLAN 10.

Subnet Based VLAN(also called as IP Based VLAN): The switch could identify which VLAN the port belongs to through the IP address of the computer connected to the port.

Under this VLAN type, if you changed the network card, which would result in the change of MAC, the VLAN belonging setting wouldn’t change.

User Based VLAN: The switch could identify which VLAN the port belongs to through the current logged-in user of the computer connected to the port. The user identification information here is generally the logged-in user of the computer operating system, such as the user name that is used in the Windows domain.These user name information belong to OSI information of over 4th layer.

Note: To enable subnet-based VLAN and user-based VLAN, different manufacturers have their own protocols for their devices. Therefore, it makes the compatibility issues between different brand devices.