VLANs allow us to logically separate groups of users using a layer two switch. This lets us create smaller broadcast domains and segregate user data without a router. Switches supporting VLANs allow you to assign groups of ports to different VLANs – for example, ports 1 – 5 could be in VLAN 1, ports 6 – 8 in VLAN 2 and ports 9 and 10 in VLAN 3. Consequently, devices in VLAN 1 can only send Ethernet frames to other devices in VLAN 1 and the same is true for devices in VLAN 2 and VLAN 3. If users on VLAN 1 need to communicate with users in VLAN 2 then we need to add a router which lets us route packets between the VLANs at layer 3 (the IP layer). Essentially, VLANs let us create multiple separate LANs without having to use a separate switch – we separate the Ethernet networks logically on the switch instead of physically.
Smaller broadcast domains.
Better segregation of users for increased data security.
Fewer switches and routers required.
It is possible to reorganise network layout by reconfiguring a switch instead of having to physically unplug cables.
In larger networks, we may want VLANs to span more than one switch. If we had to have a separate connection between the switches for each VLAN, this would quickly become cumbersome and use up many ports on each switch. Instead, we can use VLAN trunks to carry traffic from multiple VLANs over a single physical link. VLAN trunking protocols provide a way for one switch to group data from multiple VLANs on to a single link and then for the other switch to separate it back out into the different VLANs and maintain the logical separation the VLANs offer. Therefore a trunk is simply an interface on a switch which can carry multiple VLANs.
In order to keep track of the different VLANs on a trunk port, each Ethernet frame must be ‘tagged’ by the originating switch. The receiving switch then reads the VLAN tag on each frame and sends the traffic out on the appropriate ports in that VLAN. There are two primary protocols used for implementing VLAN trunks: Cisco’s Inter-Switch Link (ISL) protocol and IEEE 802.1Q. The protocol used between two devices must be the same as the two protocols are not compatible with each other however it is possible to use both protocols within a single network as the tagging occurs between each trunk (pair of devices) inde-pendently.
ISL is a Cisco proprietary standard whereas 802.1Q is an open standard supported by many vendors (in-cluding Cisco.
ISL is deprecated and shouldn’t be used in new networks – 802.1Q is considered standard.
802.1Q supports up to 4,096 VLANs but ISL only supports up to 1000.
ISL encapsulates the Ethernet frame to add the tag whereas 802.1Q inserts the tag directly into the Ethernet frame. ISL therefore increases the amount of data being transmitted whilst 802.1Q alters the original frame but can then be transmitted over a standard Ethernet link. There are pros and cons to both approaches.
Some older Cisco equipment only supports ISL. A lot of newer equipment and devices from manufactur-ers other than Cisco only support 802.1Q.