VLAN

Virtual LAN (VLAN):

VLANs are virtual LANs in which work devices on one or more LANs are logically segregated into independent broadcast domains. The logical segregation allows devices from multiple LANs across different floors or geographical regions to communicate as if they are physically connected. At the same time, a single LAN can be separated into multiple VLANs based on roles, work groups, services, or any other logical parameter.

Although routers are generally used to create broadcast domains in LANs, switches create the VLAN broadcast domains. You can assign each VLAN to one or more ports on a single switch. In case of distributed VLANs, you can assign them across multiple switches. Communication within a VLAN happens through the switch, while communication across different VLANs requires a layer 3 device – a router, a layer 3 switch, or a firewall.

VLANs & VLAN Tagging:

A VLAN or a Virtual LAN is a virtual network that has the technical properties of a physical layer two network without the physical constraints. All hosts in the same VLAN can communicate with each other, as hosts connected to the same physical LAN can. As with physical networks, hosts in one VLAN cannot communicate with hosts in another without using a router or some other layer three device to route traffic between the two. A VLAN, like any physical network also represents a single broadcast domain Unlike physical networks formed using a hub, multiple VLANs can exist on a single switch and each port on a suitable switch could be assigned a different VLAN. As with any virtualization feature, this provides a great deal of flexibility and independence from physical considerations. For instance, if you have two departments that must be on different networks, rather than using a dedicated hub per department you can use a single switch with two VLANs and still maintain the required separation.

This is illustrated in the following diagram:

https://img-c.udemycdn.com/redactor/raw/article_lecture/2021-07-31_08-54-04-1bd6f5144063c14a1c9616c83531b9ec.png

In the diagram you can see that we have four VLANs, Engineering, Production and Sales. The network is divided into different floors and each floor contains four hosts that are physically connected to the same switch. Each port on the switch is assigned to one of these VLANs and each host connected to one of those ports will therefore  belong to that VLAN.

This means that even though the hosts have different physical locations they are still part of the same logical network, the same VLAN. Even though the hosts in each VLAN are on different floors and connected to different switches, they can still communicate with each other. Hosts on the same floor but in different VLANs cannot, at least not without the aid of a router.

Most modern day switches support layer 3 switching which means they have the ability to route traffic between VLANS. Thus, you do not actually have to attach a router to the network.

Using VLANs adds a 32-bit (4 byte) sub header to Ethernet frames where necessary, typically internally within a switch and across switch to switch links (trunks) that carry multiple VLANs. This header is called a VLAN tag and it identifies which VLAN the frame belongs to.

When the frames travels over what is called a trunk port the tag is not removed.

Since VLANs are not dependent on network dedicated physical connections, member hosts can be located on any switch where that VLAN is available and trunked and a host can even belong to several VLANs. However in order to use more than one VLAN on a single port you need to enable VLAN trunking.

You have two options when configuring VLANs on a switch port: access mode (also known as untagged mode) or trunk mode (also known as tagged mode). When sending and receiving frames to and from the connected host, access mode means using a single VLAN on a port (or interface) and not using a tag (a tag may still be added if the frames cross a trunk port). Trunk mode, on the other hand, allows you to use multiple VLANs on a single port, with each frame carrying a tag that identifies which VLAN it belongs to.

This is beneficial when, for instance, you expand your network by adding more switches and you want to use the same VLAN(s) on the new switches. If you are using VLAN1, VLAN2 and VLAN3 on your current switch and you want to use those VLANs on the new switch, how are you going to connect them? If you just add the VLANs to the new switch and connect it to the existing one, hosts on the same VLAN connected to different switches will not be able to communicate.

You need to create a trunk port on each switch in order for the VLAN information to pass between the existing and new in the form of tagged frames. The trunk ports on each will serve as a passage between them, identifying every VLAN you use in your network.

This is illustrated in the following diagram;

https://img-c.udemycdn.com/redactor/raw/article_lecture/2021-07-31_09-16-47-5805431a09492243d141193150d13d18.png

You could actually not use a trunk (and therefore VLAN tagging) but instead you'd need to use a dedicated port on each switch for every VLAN used across the two which would be very wasteful. In the example above you'd use three ports per switch instead of just one per switch.