In this lesson, we are going to examine what is a VLAN. Before we try to understand what is a VLAN there are few basics we must understand such as what is a collision domain, broadcast domain and LAN.
Please note Switches operate at the Layer 2 (Data Link Layer) and Routers operate at the Layer 3 (Network Layer) of the OSI model.
Collisions occur when two devices send a frame at the same time. The result is packets collide and the hosts have to retransmit the packet. This is usually seen in hub networks. However, switches break up collision domains between hosts. Each switch port is a separate collision domain.
Note: Each port on a hub is in the same collision domain. Each port on a bridge, a switch or router is in a separate collision domain. For example, all 24 ports on a 24-port hub will be in one single collision domain. Whereas each interface on a 24-port switch will have a separate 24 collision domains.
A broadcast domain is a group of devices that will receive broadcast frames originating from any device within the group.
A broadcast frame is a frame that will be received by all devices in a network. These frames have a special destination address ff:ff:ff:ff:ff:ff.
Switches operate at the Data Link Layer and by default forward broadcast frames out every egress port other than the ingress port where the broadcast frames were received.
Figure Wireshark capture of a broadcast frame
Figure Two separate broadcast domains
Broadcast frames are bounded by a device such as a router. Routers do not forward broadcast frames in one broadcast domain to another broadcast domain. In other words, routers, separate broadcast domains. For example, in the above figure, if PC Y transmits broadcast frames in to the network then Switch A will duplicate the frames out on every egress port other than the ingress port the broadcast frame was received. When the Router receives the broadcast frame, unlike the switch it will not pass the frame to the other broadcast domain where Switch B, PC A and PC B reside.
A local area network (LAN) is a computer network within a small geographical area such as an office floor. A LAN includes all the user devices, routers, switches, servers, cables, printers, wireless access points, IP phones in one location.
In other words, a LAN includes all devices in the same broadcast domain.
Virtual LAN (VLAN)
VLANs allow a switch to breakdown single broadcast domain in to multiple logical broadcast domains. Each VLAN (broadcast domain) is like a separate virtual switch within the physical switch. With the implementation of VLANs, we can configure some ports in the switch to belong to one VLAN while some of the ports in the switch to be in a different VLAN. These distinct broadcast domains implemented on the switch are called Virtual LANs (VLANs).
A VLAN can span multiple switches. A network devices’ VLAN membership is based on the VLAN membership of the switch port it is connected to. A switch port can only belong to one VLAN (Exception Voice VLAN). A group of devices in the same VLAN communicates with each other as if though they are in a network of their own. Unicast, Multicast and Broadcast frames are forwarded and flooded only within the VLAN the frames are sourced.
As a result of this segregation, traffic will not pass from one VLAN (broadcast domain) to another VLAN (broadcast domain) without the use of a routing device such as a router or a Layer 3 switch (These are switches that perform both Layer 2 & Layer 3 functions). In other words, traffic between VLANs must be routed. Each VLAN in a switched network corresponds to an IP subnet. Therefore, it is important to take in to consideration the implementation of a hierarchical network addressing scheme when implementing VLANs.
In the figure below by implementing VLANs we have created 3 broadcast domains on a switch.
Figure Creating Three Broadcast Domains Using One Switch and VLANs
In the figure above what happens when PC B sends broadcast frames in to the network? Who will receive and process these broadcast frames?
The broadcast frames initiated by PC B will be duplicated out all ports that belong to VLAN 20 and in the forwarding state, other than the switch port that is connected to the PC B. PC A is the only receiver.
Hosts in VLAN 10 and VLAN 30 will not receive the broadcast frame since they are in different broadcast domains. In other words, PC X, Y, Z and W will not receive the broadcast frames sent by PC B.
If PC X wants to communicate with PC W what needs to be done?
Since the communication must happen between two different IP subnets, the packets from PC X to PC W must be routed. The network engineer must introduce routing functionality either by implementing a Router or a Layer 3 switch.
Benefits of VLANs
- Cost Reduction
- Better Performance