VLAN (Virtual Local Area Network)

Aqeel Zaffar
Enrollment# UW-19-CS-BS-001
Email: [email protected]
Computer Networks (CS-312)

Abstract

This report gives the detail about the VLAN (Virtual Local Area Network) and explains
not only different types of VLANs but also explains how VLANs work and how we can
configure VLAN. This report also explains how VLANs create the broadcast domain,
how VLAN memberships are used in a switched network and what characteristic can be
used to group the stations in VLAN. Furthermore, in this report we discussed the benefits
of VLANs.

1. Introduction

A LAN is a grouping of two or more devices on a network. A VLAN is a virtual LAN, a

subgroup within a local area network. VLANs make it easy for network administrators to
separate a single switched network into multiple groups to match the functional and
security requirements of their systems. However, VLANs are entirely virtual. They can be
implemented without having to run new cables or make major changes in the existing
network infrastructure [1].

Figure.1 Switch Supporting Two VLANs

Figure.1 shows that one switch is supporting two VLANs. The users on the VLAN-10
cannot access the devices on VLAN-20 and vice versa. In the upcoming sections we have
discussed the VLANs in more details like its types, configuration and benefits.
2. Background

Virtual local area networks, or VLANs, have become important as network complexity
has exceeded the capacity of typical local area networks (LANs). Originally, a LAN
connected a group of computers and associated devices to a server via cables in a shared
physical location (hence the term “local”). Many LANs now connect devices via wireless
internet, rather than Ethernet, although most LANs use a combination of both
connectivity types. Over time, organizations have grown in their networking needs,
requiring solutions that enable networks to grow in size, flexibility, and complexity [2].
VLANs circumvent the physical limitations of a LAN through their virtual nature,
allowing organizations to scale their networks, segment them to increase security
measures, and decrease network latency.

3. VLAN (Virtual Local Area Network)

A VLAN is a custom network created from one or more existing LANs. It enables groups
of devices from multiple networks (both wired and wireless) to be combined into a single
logical network. The result is a virtual LAN that can be administered like a physical local
area network.

In order to create a virtual LAN, the network equipment, such

as routers and switches must support VLAN configuration. The hardware is typically
configured using a software admin tool that allows the network administrator to
customize the virtual network. The admin software can be used to assign
individual ports or groups of ports on a switch to a specific VLAN. For example, ports 1-
12 on switch #1 and ports 13-24 on switch #2 could be assigned to the same VLAN [3].

A station or the node is considered as the part of LAN if it is physically belongs to that
LAN. The criterion of membership is geographic. What happens if we need a virtual
connection between two stations belonging to two different physical LANs? We can
define the VLAN as local area network which is configured on software not by physical
wiring [4]. Let us take an example to elaborate this definition of VLAN.

Figure 3.1 Switch using VLAN Software

Figure 3.1 shows the same switched LAN divided into VLANs. The whole of the
technology is to divide a LAN into logical, instead of physical segments. A LAN is
divided into several logical LANs called VLANs. Each VLAN is a work group in the
organization.

3.1 VLAN Creates Broadcast Domain

Here are the two switches which are connected to the backbone local area network and
the three VLANs.

Figure.3.1 Two Switches in Backbone using VLAN software

Figure 3.1 shows a good configuration for the company with two separate buildings
because each building can have its own switched LAN connected by the backbone.
People in the first building and in the second building can be in the same work group
even though they are connected to different physical LANs [4].

3.2 VLAN Membership

There are two types of VLAN memberships:

3.2.1 Static VLANs

Static VLANs are configured by network administrator, mainly because of security

reason. Since it is assigned manually to a VLAN will be always finxed and maintained.
This type of membership is of course easy to set up and configured but the manual update
is required if any changes in the host. Static VLANs are not feasible to be implemented
for a large network which required frequent updates. In this case a dynamic solution is
suggested [5].
3.2.2 Dynamic VLANs

VLANs can be assigned automatically using software, based on hardware address

(MAC), protocols and applications. For instance, assume that a MAC addresses has been
listed into centralized VLAN software. If it is attached to an unassigned switch port, the
management database of VLAN can look up for the hardware address and assign and
configure the switch port into the correct VLAN. The difficulty of this method is to setup
the database at the initial level [5].

3.3 Types of VLAN

There are different types of VLAN. Some of them can be explained and classified based
on their traffic classes. The other VLAN types could be define by the particular function
that they serve [6].

3.3.1 Default VLAN

When the switch initially starts up, all switch ports become a member of the default
VLAN (generally all switches have default VLAN named as VLAN 1), which makes
them all part of the same broadcast domain.

3.3.2 Data VLAN

Data VLAN A data VLAN could be used and configured to bear with the traffic
generated by a user. It would not include a VLAN carrying voice or management traffic.
It is common practice to distinguish voice traffic and management traffic from data
traffic. It is sometimes referred to as a user VLAN. These VLANs are developed to
separate the network into groups of users or groups of devices.
3.3.3 Voice VLAN
Voice VLAN is configured to carry voice traffic. Voice VLANs are mostly given high
transmission priority over other types of network traffic. To ensure voice over IP (VoIP)
quality (delay of less than 150 milliseconds (ms) across the network), we must have
separate voice VLAN as this will preserve bandwidth for other applications.
3.3.4 Management VLAN
A management VLAN is configured to access the management capabilities of a switch
(traffic like system logging, monitoring). VLAN 1 is the management VLAN by default
(VLAN 1 would be a bad choice for the management VLAN). Any of a switch VLAN
could be define as the management VLAN if admin as not configured a unique VLAN
to serve as the management VLAN. This VLAN ensures that bandwidth for
management will be available even when user traffic is high.
3.3.5 Native VLAN
This VLAN identifies traffic coming from each end of a trunk link. A native VLAN is
allocated only to an 802.1Q trunk port. The 802.1Q trunk port places untagged traffic
(traffic that does not come from any VLAN) on the native VLAN. It is a best to
configure the native VLAN as an unused VLAN.
 3.4 Identifying VLAN

A port on a switch could be associated to only one VLAN or to all VLANs. A port could
be configured manually as an access or trunk port. Let the Dynamic Trunking Protocol
(DTP) operates on a per-port basis to set the switch port mode. It can be done by
negotiating with the port on the other end of the link [7]. There are two different types of
links in the switched network:

 Access Ports: An access port normally carries the traffic of only one VLAN. In this case,
traffic is both sent and received in native formats without VLAN tagging. Anything
arriving on an access port is simply considered to belong to the VLAN assigned to the
port. Any device connected to an access link is not aware of a VLAN membership; the
device just assumes its part of the same broadcast domain and doesn’t recognize the
physical network topology. Access-link devices cannot send and receive data to and from
devices outside their VLAN unless the routing is configured. It can only make a switch
port to be either an access port or a trunk port but not both. It must be noted that the
access port can only be attached to one VLAN only [7].
 Trunk Ports: Trunk ports on the other hand is able to carry multiple VLANs at a time. A
trunk link is 100 or 1000 Mbps point-to-point link between two switches, switch and
router, or even between a switch and server, and it carries the traffic of multiple VLANs
from 1 to 4094 at a time. This is a great functionality because ports can be set up to have
a server in two separate broadcast domains at the same time, so the users will not have to
cross a network layer (layer 3) device to log in and access it. The other benefit is that
trunk links are able to carry various amounts of VLAN data across the link [7].

3.5 Configuration of VLAN

In Figure 3.5.1 we have created a network of 4 Layer 2 2960 switches that are connected
via Copper cross over cable and devices connected to these switches using copper
straight through cable. Switch ports fastEthernet 0/1,0/2 and 0/3 are used to connect
switches, all the four switches are connected with eachother using these three ports.

Figure.3.5.1 Switch Network

Now we divide the switches into multiple VLANs, as we know 5 VLANs are created by
default VLAN 1, 1002, 1003, 1004 and 1005. Initially all the ports are assigned to VLAN
1.
Here we created VLANs 100,101, and 102. To create VLAN in Cisco Packet tracer click
on the switch and select VLANs Database under config tab.

Do the same thing for other switches. For now we have divided the switch into multiple
lans but as I said before initially all the ports are assigned to VLAN1 which means the
devices connected to the switch are in VLAN1, but we have to divide them in different
vlans so for that purpose we need to assign ports to VLANs. And we can do this by
simply clicking on the port under config tab in Interface section, and assign the vlan to
the port.
We can view ports assigned to VLANs using command show vlan brief in CLI section.

Do the same thing in other switches also.

Port VLAN
fastEthernet 0/4 100

Switch 0 fastEthernet 0/5 101

fastEthernet 0/6 102

fastEthernet 0/7 100

fastEthernet 0/4 100
fastEthernet 0/5 101
Switch 1
fastEthernet 0/6 101

fastEthernet 0/4 101

fastEthernet 0/5 101
Switch 2
fastEthernet 0/6 102

fastEthernet 0/4 102

Switch 3 fastEthernet 0/5 101

fastEthernet 0/6 100

Table 1
Now assign IP addresses to the devices. Click on the device go to desktop tab and
select IP Configuration and give an ip address there.

After assigning ip addresses to the devices lets send a message. If we send message to
the device within a same switch and have same vlan message will receive.But there is
a problem if we send message from one device to another which is connected to
another switch, however, they have same vlan but message will not receive. But
WHY? The answer is we need to enable trunk mode of the port which is used for
switch to switch connection. In this scenario we used fastEthernet 0/1, 0/2 and 0/3 for
switch connection. So we need to enable trunk on these three ports of all the switches.

To enable trunk mode type following commands on CLI window.

Configure t

Interface fastEthernet 0/1

Switchport mode trunk

Exit

Interface fastEthernet 0/2

Switchport mode trunk

Exit

Interface fastEthernet 0/3

Switchport mode trunk

Exit

Now if we can send message. The message will sent and received successfully. We
can see in Figure 3.5.2
 Figure.3.5.2 To check Whether Message is sent successfully or not.

3.6 Benefits of VLAN

VLANs make it easier to design a network to support the goals of an organization. The
primary benefits of using VLANs are as follows:

 Security: Groups that have sensitive data are separated from the rest of the network,
decreasing the chances of confidential information breaches.
 Cost reduction: Cost savings result from reduced need for expensive network upgrades
and more efficient use of existing bandwidth and uplinks [8].
 Creating Virtual Work Groups: VLANs can be used to create virtual work groups. For
example, in a campus environment, professors working on the same project can send
broadcast messages to one another without the necessity of belonging to the same
department. This can reduce traffic if the multicasting capability of IP was previously
used [9].

3.7 Conclusion:

In this report we have seen that there are significant advances in the field of networks in
the form of VLAN's which allow the formation of virtual workgroups, better security,
improved performance and reduced costs. VLAN's are formed by the logical
segmentation of a network and can be classified into Layer1, 2, 3 and higher layers. Only
Layer 1 and 2 are specified in the draft standard 802.1Q. Tagging and the filtering
database allow a bridge to determine the source and destination VLAN for received data.
VLAN's if implemented effectively, show considerable promise in future networking
solutions.

4. References

[1] 2021.Available online: https://www.etherwan.com/support/featured-articles/brief-

introduction-vlans. (Accessed on: 10- Nov- 2021).
[2] 2021.Available online: https://www.etherwan.com/support/featured-articles/brief-
introduction-vlans. (Accessed on: 10- Nov- 2021).
[3] "VLAN (Virtual Local Area Network) Definition", Techterms.com, 2021.Available
online: https://techterms.com/definition/vlan. (Accessed on: 10- Nov- 2021).
[4] Behrouz A.Forouzan.(2007).Data Communication and Networking(4th ed.).NewYork:
Alan R, Apt
[5] 2021.Available online:
https://www.researchgate.net/publication/322077322_Proceedings_of_the_Third_Inter
national_Conference_on_Computing_Technology_and_Information_Management_ICCTI
M2017_Thessaloniki_Greece_2017. (Accessed: 12- Nov- 2021).
[6]"Types of Virtual LAN (VLAN) - GeeksforGeeks", GeeksforGeeks, 2021.Available online:
https://www.geeksforgeeks.org/types-of-virtual-lan-vlan/.(Accessed: 12- Nov- 2021).
[7] S.Organization, “Virtual Local Area Network (VLAN): Segmentation and Security” ,
Academia.edu,2021.Available_online:
https://www.academia.edu/35497133/Virtual_Local_Area_Network_VLAN_Segmentati
on_and_Security. (accessed on: 14-Nov-2021)
[8] "3.1.1.2 Benefits of VLANs", Static-course-assets.s3.amazonaws.com, 2021.Available
online:https://static-course-
assets.s3.amazonaws.com/RSE50ENU/module3/3.1.1.2/3.1.1.2.html. (Accessed on: 14-
Nov- 2021).
[9] Behrouz A.Forouzan.(2007).Data Communication and Networking(4th ed.).NewYork:
Alan R, Apt