Virtual LANs (VLANs)

Lesson

What are VLANs?

VLANs allow us to logically separate groups of users using a layer two switch. We can use VLANs to create smaller broadcast domains and segregate user data without a router. Switches supporting VLANs allow you to assign groups of ports to different VLANs – for example, ports 1 – 5 could be in VLAN 1, ports 6 – 8 in VLAN 2 and ports 9 and 10 in VLAN 3. Consequently, devices in VLAN 1 can only send Ethernet frames to other devices in VLAN 1, and the same is true for devices in VLAN 2 and VLAN 3. If users on VLAN 1 need to communicate with users in VLAN 2, then we need to add a router which lets us route packets between the VLANs at layer 3 (the IP layer). In summary, VLANs let us create multiple separate LANs without having to use multiple switches – we separate the Ethernet networks logically on the switch instead of physically.

Benefits of VLANs

• Smaller broadcast domains.

• Segregation of users for increased data security.

• Fewer switches and routers required.

• It is possible to reorganise the network layout by reconfiguring a switch, removing the need to unplug cables physically.

VLAN Trunks

In more extensive networks, we may want VLANs to span more than one switch. If we had to have a separate connection between the switches for each VLAN, this would quickly become cumbersome and use up many ports on each switch. Instead, we can use VLAN trunks to carry traffic from multiple VLANs over a single physical link. VLAN trunking protocols provide a way for one switch to group data from multiple VLANs on to a single link and then for the other switch to separate it back out into the different VLANs and maintain the logical separation the VLANs offer. Therefore a trunk is simply an interface on a switch which can carry multiple VLANs.

VLAN Trunk Tags and Protocols

Each Ethernet frame must be ‘tagged’ by the originating switch to keep track of the different VLANs on a trunk port. The receiving switch then reads the VLAN tag on each frame and sends the traffic out on the appropriate ports in that VLAN. There are two primary protocols used for implementing VLAN trunks: Cisco’s Inter-Switch Link (ISL) protocol and IEEE 802.1Q. ISL and 802.1Q are not compatible with each other; therefore, the protocol used between two devices must be the same. However, it is possible to use both protocols within a single network as the tagging occurs between each trunk (pair of devices) independently.

ISL vs 802.1Q

• ISL is a Cisco proprietary standard, whereas 802.1Q is an open standard supported by many vendors, including Cisco.

• ISL is deprecated and should not be used in new networks – 802.1Q is considered standard.

• 802.1Q supports up to 4,096 VLANs, but ISL only supports up to 1000.

• ISL encapsulates the Ethernet frame to add the tag whereas 802.1Q inserts the tag directly into the Ethernet frame. Therefore, ISL increases the amount of data being transmitted. 802.1Q alters the original frame but can then be transmitted over a standard Ethernet link. There are pros and cons to both approaches.

• Some older Cisco equipment only supports ISL. A lot of newer equipment and devices from manufacturers other than Cisco only support 802.1Q.

Questions

Test your knowledge with these questions.

Other Lessons

Learn more by checking out these related lessons

Courses

This lesson is part of the following courses.