Views

Difference between revisions of "VLAN Policies"

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search
 
Line 8: Line 8:
 
belongs, by default, to a VLAN (See Default VLAN).
 
belongs, by default, to a VLAN (See Default VLAN).
  
== VLAN Benefits ==
+
= VLAN Benefits =
  
 
VLANs adoption is used to control network traffic, increasing or enhancing network:
 
VLANs adoption is used to control network traffic, increasing or enhancing network:
Line 22: Line 22:
 
***
 
***
  
== VLAN Policies ==
+
= VLAN Policies =
 
Here some VLAN assignment methods typically availabe on Switches (Layer 2) and Routing Switches (Layer 3) network devices:
 
Here some VLAN assignment methods typically availabe on Switches (Layer 2) and Routing Switches (Layer 3) network devices:
* Port based VLANs (Layer 2)
+
* ''Port based VLANs (Layer 2)'' [[VLAN_Policies#Port based VLANs (Layer 2)|Port based VLANs]]
 
* [[MAC]] Address based VLANs
 
* [[MAC]] Address based VLANs
 
* Protocol based VLANs (Layer 3)
 
* Protocol based VLANs (Layer 3)
Line 32: Line 32:
 
----
 
----
  
=== Port based VLANs (Layer 2) ===
+
== Port based VLANs (Layer 2) ==
 
With Layer 2 Port based VLANs, a subset of ports on a device is assigned to a specific VLAN creating and sharing a common and exclusive Layer 2 Broadcast Domain.
 
With Layer 2 Port based VLANs, a subset of ports on a device is assigned to a specific VLAN creating and sharing a common and exclusive Layer 2 Broadcast Domain.
 
Multiple Port based VLANs are possible on a single Layer 2 / Layer 3 device (Switch / Routing Switch).
 
Multiple Port based VLANs are possible on a single Layer 2 / Layer 3 device (Switch / Routing Switch).
  
==== Default VLAN ====
+
=== Default VLAN ===
 
By default, all ports on a device are members of the ''Default VLAN'' (known also as VLAN ID 1 or DEFAULT-VLAN) and consequently all the ports on the device constitute a single Layer 2 Broadcast Domain.
 
By default, all ports on a device are members of the ''Default VLAN'' (known also as VLAN ID 1 or DEFAULT-VLAN) and consequently all the ports on the device constitute a single Layer 2 Broadcast Domain.
 
Ports that belong to a specific Port based VLAN are automatically removed from belonging to the ''Default VLAN'' by device ensuring that each Port resides in only one Layer 2 Broadcast Domain.
 
Ports that belong to a specific Port based VLAN are automatically removed from belonging to the ''Default VLAN'' by device ensuring that each Port resides in only one Layer 2 Broadcast Domain.
  
==== Port based VLANs (Layer 2) and IEEE 802.1p Tagging ====
+
=== Port based VLANs (Layer 2) and IEEE 802.1p Tagging ===
 
IEEE 802.1p tagging is an IEEE standard that allows a networking device to add information to a Layer 2 packet in order to identify the VLAN membership of the packet.
 
IEEE 802.1p tagging is an IEEE standard that allows a networking device to add information to a Layer 2 packet in order to identify the VLAN membership of the packet.
  
Line 57: Line 57:
 
----
 
----
  
=== MAC Address based VLANs ===
+
== MAC Address based VLANs ==
 
[[MAC]] Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC Address present on the Switch forwarding database.
 
[[MAC]] Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC Address present on the Switch forwarding database.
 
Network administrators can designate a set of physical ports that have their VLAN membership dynamically (or offline) determined by the MAC addresses of the end devices that plug into those physical ports.
 
Network administrators can designate a set of physical ports that have their VLAN membership dynamically (or offline) determined by the MAC addresses of the end devices that plug into those physical ports.
Line 63: Line 63:
 
----
 
----
  
=== Protocol based VLANs (Layer 3) ===
+
== Protocol based VLANs (Layer 3) ==
  
=== Network Address based VLANs ===
+
== Network Address based VLANs ==
  
=== Custom Defined VLANs ===
+
== Custom Defined VLANs ==
  
 
Any combination of above ones
 
Any combination of above ones

Revision as of 11:50, 19 November 2006

VLAN Overview

The term VLAN (Virtual LAN) is used to refer to a collection of networking devices that logically communicate as if they were on the same physical LAN.

Any set of physical network ports, including all ports on:

  • Switches (Layer 2)
  • Routing Switches (Layer 3)

belongs, by default, to a VLAN (See Default VLAN).

VLAN Benefits

VLANs adoption is used to control network traffic, increasing or enhancing network:

  • Device Security
  • Device Mobility
  • QoS (Quality of Service)
  • Administrative/Management control
    • at Layer 2 by means of:
      • Segmentation over Ethernet (Broadcast Domains)
      • Prioritization scheme for Ethernet with IEEE 802.1p CoS (Class of Service)
    • at Layer 3 by means of:

VLAN Policies

Here some VLAN assignment methods typically availabe on Switches (Layer 2) and Routing Switches (Layer 3) network devices:

  • Port based VLANs (Layer 2) Port based VLANs
  • MAC Address based VLANs
  • Protocol based VLANs (Layer 3)
  • Network Address based VLANs
  • Custom Defined VLANs

Port based VLANs (Layer 2)

With Layer 2 Port based VLANs, a subset of ports on a device is assigned to a specific VLAN creating and sharing a common and exclusive Layer 2 Broadcast Domain. Multiple Port based VLANs are possible on a single Layer 2 / Layer 3 device (Switch / Routing Switch).

Default VLAN

By default, all ports on a device are members of the Default VLAN (known also as VLAN ID 1 or DEFAULT-VLAN) and consequently all the ports on the device constitute a single Layer 2 Broadcast Domain. Ports that belong to a specific Port based VLAN are automatically removed from belonging to the Default VLAN by device ensuring that each Port resides in only one Layer 2 Broadcast Domain.

Port based VLANs (Layer 2) and IEEE 802.1p Tagging

IEEE 802.1p tagging is an IEEE standard that allows a networking device to add information to a Layer 2 packet in order to identify the VLAN membership of the packet.

A Port can belong to only one port based VLAN at time, unless you apply IEEE 802.1p Tagging to the port.

IEEE 802.1p Tagging allows routing switches (Layer 3) and switches (Layer 2) to tag the port by adding a 4 Byte Tag Field to each packet sent on that port. The 4 Byte Tag Field contains a default Tag Value, which identifies the data as a tag, and the VLAN ID of the VLAN from which the packet is sent.

Port based VLANs can be configured to span multiple devices in a network by tagging the ports within the VLAN: the applied Tag then enables each device that receives the packet to determine the VLAN the packet belongs to.

IEEE 802.1p Tagging:

  • Applies only to Layer 2 Port based VLANs.
  • Does not apply to Layer 3 Protocol based VLANs.

MAC Address based VLANs

MAC Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC Address present on the Switch forwarding database. Network administrators can designate a set of physical ports that have their VLAN membership dynamically (or offline) determined by the MAC addresses of the end devices that plug into those physical ports.


Protocol based VLANs (Layer 3)

Network Address based VLANs

Custom Defined VLANs

Any combination of above ones