Virtual LANs

Introduction

Another important advantage of Ethernet switches is the ability to create Virtual Local Area Networks (VLANs). A virtual LAN is a logical subset of the LAN configured by a network administrator. The traffic for different VLANs remains segregated resulting in increased efficiency of network operation. This is useful in many cases, for example, to keep the traffic for different departments in an organization separate. The traffic of the Accounts Department, for instance, may want to be kept separate from that of Network Operations, Human Resources and so on. A virtual LAN is hence a set of ports attached to one or more Ethernet switches. A switch can support several VLANs and it runs one MAC learning algorithm for each Virtual LAN.

• Every frame is labeled with the VLAN identifier that it belongs to.
• When a switch receives a frame with an unknown or a multicast destination, it forwards it over all the ports that belong to the same Virtual LAN but not over the ports that belong to other Virtual LANs.
• Similarly, when a switch learns a source address on a port, it associates it to the Virtual LAN of this port and uses this information only when forwarding frames on this Virtual LAN.

The figure below illustrates a switched Ethernet network with three Virtual LANs.

• VLAN 2 and VLAN 3 only require a local configuration of switch S1.
• Host C can exchange frames with host D, but not with hosts that are outside of its VLAN.
• VLAN1 is more complex as there are ports of this VLAN on several switches. To support such VLANs, local configuration is not sufficient anymore.
• When a switch receives a frame from another switch, it must be able to determine the VLAN in which the frame originated to use the correct MAC table to forward the frame. This is done by assigning an identifier to each Virtual LAN and placing this identifier inside the headers of the frames that are exchanged between switches.