Ethernet VLANs

A Virtual Local Area Network (VLAN) is a virtualized, logical grouping of devices that appear to be on the same local network, regardless of their physical location. Devices within the same VLAN can communicate as if they are connected to the same physical switch, while traffic between VLANs requires routing. VLANs are defined in the IEEE 802.1Q standard. VLANs provide logical segmentation of a physical network into multiple distinct broadcast domains. This enhances performance, security, and manageability in a network.

VLAN Tagging

• IEEE 802.1Q introduces a mechanism for identifying and segregating traffic using VLAN tags.
• A VLAN tag is a 4-byte field inserted into the Ethernet frame header that identifies the VLAN to which the frame belongs.
• This tagging enables traffic from different VLANs to traverse the same physical link without mixing.

VLAN ID

• Each VLAN is assigned a unique identifier called a VLAN ID.
• The VLAN ID is a 12-bit field, allowing for up to 4096 VLANs (IDs 0–4095).
  • VLAN ID 0: Reserved for priority tagging only.
  • VLAN ID 4095: Reserved and cannot be used.
  • VLAN ID 1: Default VLAN for untagged traffic in many implementations.

Tagged and Untagged Frames

• Tagged Frames: Frames with a VLAN tag that specifies their VLAN membership.
• Untagged Frames: Frames without a VLAN tag, typically assigned to the default VLAN by the receiving switch.

Trunk Links

• A trunk link is a single physical connection between switches or between a switch and a router that carries traffic for multiple VLANs.
• Trunk links use 802.1Q tagging to ensure that traffic is identified and directed to the appropriate VLAN.

Access Links

• An access link is a connection between a switch and an end device (e.g., a computer) that carries traffic for only one VLAN.
• Frames on access links are untagged, as the switch tags the frames when they are transmitted to other parts of the network.

Isolation and Segmentation

• VLANs create separate broadcast domains, reducing the size of each broadcast domain and isolating traffic.
• This improves network performance and security by preventing unnecessary traffic from propagating to unrelated devices.

Inter-VLAN Routing

• Communication between VLANs requires a router or a Layer 3 switch.
• VLAN traffic is routed based on IP addresses, enabling devices in different VLANs to communicate securely.

VLAN priorities

VLAN (IEEE 802.1Q) supports 7 priority levels encoded in 3 bits as shown in Figure 2. The principle of handling frames with different priorities is shown in Figure 4 and can be explained on the following example.

VLAN priorities example

There are two frames in the low-priority queue of P3 and another low-priority one is being transmitted. A high-priority frame is received at P2 and is forwarded to P3. The procedure of processing the low- and high-priority frames is as follows:

1. The high-priority frame is put into the high-priority output queue of P3.
2. The transmission of the low-priority frame being transmitted at P3 is finished.
3. The high-priority frame is transmitted at P3
4. The remaining two low-priority frames are transmitted at P3
5. Both queues of P3 are empty