Custom Search

News World

Aug 31, 2009



A VLAN (Virtual Local Area Networks Operation )requires a series of configuration steps in order to begin operating. Cabletron Systems VLAN aware SmartSwitches do not default to VLAN mode, and the VLAN operation must be configured and activated through software management.

1. Defining a Virtual Local Area Networks Operation
A VLAN must exist and have a unique identity before any ports or rules can be assigned to it. The Administrator defines a VLAN by assigning it a unique identification number (the VLAN ID) and an optional name. The VLAN ID is the number that will identify data frames originating from,

and intended for, the ports that will belong to this new VLAN.

2. Assigning Ports to a Virtual Local Area Networks Operation
Now that a VLAN has been created, individual ports are given membership in the VLAN. This is accomplished through software management by associating a VLAN ID with each port on the VLAN aware switch. This combination of the switch port’s identification and the VLAN ID becomes the Port VLAN ID (PVID).

At the same time, the Administrator configures any needed trunk ports to consider themselves members of every VLAN. The configuration of trunk ports is very important in multiswitch VLAN configurations where VLAN membership applies to users across several switches.

3. Customizing the Virtual Local Area Networks Operation’s Forwarding List
Once the ports that will participate in the VLAN have been associated with a VLAN ID, the VLAN Forwarding List can be customized. The information in the Forwarding List tells the VLAN aware switch what ports are eligible to forward traffic for that particular VLAN.

4 Customizing the Port’s Egress List
When the VLAN Forwarding List is fully configured, the Egress List for each port may be customized if needed. The entries in the Egress List allow traffic classified into specific VLANs to be transmitted out the port.

5 Setting the Operational Mode
Once the VLANs are in place, the operation of the switch is dependent upon the method of operation specified by the Administrator. All port based VLAN switches can be set to one of two operational modes: Open and Secure. The mode configuration of a switch determines how the switch handles the frames that it receives.

Aug 30, 2009


This chapter describes the operation of a VLAN switch and discusses the operations that a VLAN switch performs in response to both normal and VLAN-originated network traffic.


Port based VLAN operation is slightly different than the operation of traditional switched networking systems. These differences are due to the importance of keeping track of each transmission’s VLAN membership as it passes from switch to switch or from port to port within a switch.


Before describing the operation of a port based VLAN, it is important to understand the basic elements that are combined to make up an 802.1Q VLAN.

1. Stations

A station is any end unit that belongs to a network. In the vast majority of cases, stations are the computers through which the users access the network.

2. Switches

In order to configure a group of stations into a VLAN, the stations must be connected to VLAN aware switches. It is the job of the switch to classify received frames into VLAN memberships and transmit frames, according to VLAN membership, with or without a VLAN Tag Header.


To fully understand the operation and configuration of port based VLANs, it is essential to understand the meanings of several key terms.


A unique number (between 1 and 4095) that identifies a particular VLAN.


A 32-character alphanumeric name associated with a VLAN ID. The VLAN Name is intended to make user-defined VLANs easier to identify and remember.

Tag Header (VLAN Tag)

A field within a frame that identifies the VLAN the frame has been classified into. The Tag Header is inserted into the frame directly after the Source MAC address field. Twelve bits of the Tag Header are the VLAN ID. The remaining bits are other control information.

Tagged Frame

A data frame that contains a Tag Header. The Tag Header can be added to the data frame by a VLAN aware switch to any frame received from a port that is a member of a VLAN.

Untagged Frame

A data frame that does not have a Tag Header inserted into it.


An identification that encompasses a particular switch port’s identification (port 6, module 2) and that port’s VLAN membership. This identification is used to classify incoming untagged frames when they are received.

Default VLAN

The VLAN to which all ports are assigned upon initialization. The Default VLAN has a VLAN ID of 1.

Forwarding List

A list of the ports on a particular device that are eligible to transmit frames for a selected VLAN. The Forwarding List identifies what ports are associated with a single VLAN for frame transmission purposes.

Egress List

A per port list of all eligible VLANs that can be forwarded out one specific port and the frame format of transmissions for that port.The Egress List specifies what VLANs are associated with a single port for frame transmission purposes.

Filtering Database

A database structure within the switch that keeps track of the associations between MAC addresses, VLAN eligibilities, and interface (port) numbers. The Filtering Database is referred to when a VLAN aware switch makes a forwarding decision on a frame.

1Q Trunk

A connection between 802.1Q switches that passes only traffic with a VLAN Tag Header inserted in the frame.

1d Trunk

A connection from a switch that passes only untagged traffic.

Aug 29, 2009


The primary benefit of the port based VLAN technology is the localization of traffic that it provides. This function can offer improvements in security and performance to stations assigned to a VLAN.

While the localization of traffic to VLANs can improve security and performance, it imposes some restrictions on network devices that participate in the VLAN. If a switch is operating in the “secure mode,” a group of users assigned to a single VLAN can communicate with one another freely, but cannot communicate with users on other VLANs without the services of a Network Layer (OSI Layer 3) routing device to make the connection between the VLANs. In the “open” mode, this restriction does not apply.

In order to set up a VLAN, all the network switch devices that are assigned to the VLAN must support the prestandard IEEE 802.1Q specification for port based VLANs. Before you attempt to implement a VLAN strategy, ensure that the switches under consideration support the 802.1Q specification.

Aug 28, 2009


There are a number of different strategies for creating Virtual Local Area Networks, each with their own approaches to defining a station’s membership in a particular VLAN.

1. Port Based Vlans

A port based VLAN switch determines the membership of a data frame by examining the configuration of the port that received the transmission or reading a portion of the data frame’s tag header. A four-byte field in the header is used to identify the VLAN. This VLAN identification indicates what VLAN the frame belongs to. If the frame has no tag header, the switch checks the VLAN setting of the port that received the frame. If the switch has been configured for port based VLAN support, it assigns the port’s VLAN identification to the new frame.

2. Secure Fast Vlans

Cabletron Systems’ SECURE FAST VLAN strategy takes a different approach to creating virtual LANs. In a SECURE FAST VLAN environment, the switches in the network recognize Network Layer routing requests and translate them. Based on this translation, the switches set up a connection between the end devices in the network.

3 Other Vlan Strategies

VLANs may also be created by a variety of addressing schemes, including the recognition of groups of MAC addresses or types of traffic. One of the best-known VLAN-like schemes is the use of IP Subnets to divide networks into smaller subnetworks. These other VLAN types offer performance advantages and disadvantages that can be quite different from those available with the port based VLAN strategy.

Aug 27, 2009


A Virtual Local Area Network is a group of devices that function as a

single Local Area Network segment (broadcast domain). The devices that

make up a particular VLAN may be widely separated, both by geography

and location in the network.

The creation of VLANs allows users located in separate areas or

connected to separate ports to belong to a single VLAN group. Users that

are assigned to such a group will send and receive broadcast and multicast

traffic as though they were all connected to a single network segment.

VLAN aware switches isolate broadcast and multicast traffic received

from VLAN groups, keeping broadcasts from stations in a VLAN

confined to that VLAN.

When stations are assigned to a VLAN, the performance of their network

connection is not changed. Stations connected to switched ports do not

sacrifice the performance of the dedicated switched link to participate in

the VLAN. As a VLAN is not a physical location, but a membership, the

network switches determine VLAN membership by associating a VLAN

with a particular port.

Pincture shows a simple example of a port based VLAN. Two buildings

house the Sales and Finance departments of a single company, and each

building has its own internal network. The stations in each building

connect to a SmartSwitch in the basement. The two SmartSwitches are

connected to one another with a high speed link.

In this example, the Sales and Finance workstations have been placed on

two separate VLANs. In a plain Ethernet environment, the entire network

is a broadcast domain, and the SmartSwitches follow the IEEE 802.1d

bridging specification to send data between stations. A broadcast or

multicast transmission from a Sales workstation in Building One would

propagate to all the switch ports on SmartSwitch A, cross the high speed

link to SmartSwitch B, and be propagated to all the switch ports on

SmartSwitch B. The SmartSwitches treat each port as being equivalent to

any other port, and have no understanding of the departmental

memberships of each workstation.

In a port based VLAN environment, each SmartSwitch understands that

certain individual ports are members of separate workgroups. In this

environment, a broadcast or multicast data transmission from one of the

Sales stations in Building One would reach SmartSwitch A, be sent to the

ports connected to other local members of the Sales VLAN, cross the high

speed link to SmartSwitch B, and then be sent to any other ports and

workstations on SmartSwitch B that are members of the Sales VLAN.

Alarm - Mini Alarm DVR, Wireless and Inteligent Alarm

Chipsilicon Presents World's Best Alarm Systems

For more detailed enquiry on the above products, please visit -

BioEnable Technologies Pvt Ltd, The Avenue, 2B, 2nd Floor, Opp Mega Centre
Pune Solapur Road, Hadapsar, Pune 411028, Maharashtra, India
Tel : +91 20 26810214, 65005360/1/2 Fax +91-20-30225587, TOLL FREE: 1800-209-2131
BioEnable is the - Company Of The Year 2007 for Electronic Access Control System - Frost & Sullivan

TOLL FREE: 1800-209-2131

IT Conversations

Moneycontrol Latest News

Latest new pages on Computer Hope

Latest from Infoworld

Door Lock

Door Lock Import Top Door Lock from China Contact Quality Manufacturers Now