Overview VLAN
In a switched Ethernet, each port in the device is an independent collision domain, but all the ports belong to a broadcast domain. When a terminal device sends broadcast packets, all devices in the Local Area Network (LAN) can receive the packets. This not only wastes network bandwidth, but also brings hidden troubles.
Virtual Local Area Network (VLAN) is a technology through which devices in the same LAN can be divided in a logic manner. The devices in the same VLAN can communicate with each other at layer 2, while the devices from different VLANs are isolated at layer 2. In this way, broadcast packets are limited within a VLAN.
VLANs comply with IEEE 802.1Q. This standard defines a new frame encapsulation format, in which a 4-byte VLAN tag containing VLAN information is added after the source MAC address of a traditional data frame.
Figure 3-1 IEEE 802.1Q Frame Encapsulation Format
A VLAN tag contains the following four fields:
- Tag Protocol Identifier (TPID): It is used to determine whether a VLAN tag is carried by the data frame. The length is 2 bytes, and the value is fixed to be 0x8100, indicating a standard 802.1Q tag.
- Priority: It is the 802.1p priority. The length is 3 bits and the value range is 0-7. Packets with different priorities can obtain services of different levels.
- Canonical Format Indicator (CFI): It indicates whether the MAC address is encapsulated in a standard format for transmission in different media. The length is 1 bit. The value 0 indicates that the MAC address is encapsulated in a standard format while the value 1 indicates that the MAC address is encapsulated in a non- standard format.
- VLAN ID: It indicates the VLAN to which the packet belongs. The length is 12 bits, and the value range is 0-4095, where 0 and 4095 are protocol reserved values, and the available VLAN IDs are in the range of 1-4094.
VLANs have the following advantages:
- Establishes virtual workgroups flexibly. Users with the same requirements can be divided into one VLAN, without being limited by their physical locations.
- Limits broadcast domains. A VLAN is a broadcast domain. Layer-2 unicast, multicast, and broadcast frames can be forwarded only within the domain, and they cannot enter other VLANs directly. This prevents broadcast storms.
- Improves the network security. Different VLANs are isolated at layer two, and the VLANs cannot communicate with each other directly.
According to applications, VLANs are categorized into the following four types:
- Port-based VLANs
- MAC address-based VLANs
- IP subnet-based VLANs
- Protocol-based VLANs
By default, in the order of priorities from high to low, the four types of VLANs are: MAC- based VLANs, IP subnet-based VLANs, protocol-based VLANs, and port-based VLANs. On one port, the VLANs take effect according to the priority levels, and only one type of VLAN takes effect.