HomeHowTo › What is a VLAN and how does it work?

What is a VLAN and how does it work?

Understanding VLANs can be a little difficult if one has never dealt with these before. That was the case for me anyway. In this article I will explain some VLAN specific terms and describe a few simple configurations, which hopefully helps to understand the manner of functioning better. I’m not sure if everything is 100% correct, but most of it should be 😀

Terminology

Term Meaning
VLAN Virtual Local Area Network. Basically, by creating VLANs, a physical switch is subdivided into multiple virtual (logical) switches. The VLANs operate isolated against each other, i.e. data from one VLAN can’t get into another VLAN unless there is a router involved.
ID Every VLAN that is created on a switch gets a numeric ID. If VLANs are expanded across multiple switches, the VLAN IDs must be identical on all switches.
Membership Each port of a switch can be a member of one or multiple VLANs. Ports that are connected to end-user devices (e.g. simple workstation PCs) are usually a member of only one VLAN. Ports that are connected to another switch in order to expand the VLANs are a member of multiple VLANs (i.e. all the ones that are to be expanded).
Tagged Each port of a switch can be set to tagged or untagged. If it is set to tagged, the VLAN ID will be added to all Ethernet Frames that leave this port. This is usually done for ports that are a member of multiple VLANs.
Untagged Each port of a switch can be set to tagged or untagged. If it is set to untagged, the VLAN ID will be removed from all Ethernet Frames that leave this port. This is usually done for ports that only belong to one VLAN and are connected to end-user devices (e.g. simple workstation PCs). Usually, end-user devices are not capable of interpreting VLAN IDs.
Trunk Port Another term for a Tagged Port.
Access Port Another term for an Untagged port.
PVID Additionally to the Membership configuration a PVID (Port VLAN ID) has to be specified for each port on the switch. It defines which VLAN ID is added to incoming Ethernet Frames that are untagged. On untagged ports the PVID is usually identical to the VLAN ID this port belongs to. The PVID isn’t relevant for tagged ports as long as these only receive tagged Frames.
Static In a static VLAN (also called port-based VLAN) Membership configuraton is done manually by the administrator.
Dynamic In a dynamic VLAN the switch automatically determines the Membership based on the MAC- or IP-address of the connected device.

 

Example 1

One physical switch subdivided into two logical switches by creating two VLANs.
All ports are operating untagged.
Devices connected to YELLOW can access each other.
Devices connected to ORANGE can access each other.
Devices connected to YELLOW cannot access devices connected to ORANGE and vice versa.

 

Example 2

Two physical switches, both subdivided into two logical switches by creating two VLANs on each switch.
All ports are operating untagged.
To connect YELLOW with YELLOW and ORANGE with ORANGE, two cables are required.
Devices connected to YELLOW can access each other (spanning).
Devices connected to ORANGE can access each other (spanning).
Devices connected to YELLOW cannot access devices connected to ORANGE and vice versa.

 

Example 3

Two physical switches, both subdivided into two logical switches by creating two VLANs on each switch.
Port 1 of each switch is a member of both VLANs and operating tagged (Trunk Port).
To connect YELLOW with YELLOW and ORANGE with ORANGE, in this case only one cable is required.
Devices connected to YELLOW can access each other (spanning).
Devices connected to ORANGE can access each other (spanning).
Devices connected to YELLOW cannot access devices connected to ORANGE and vice versa.

 

Example 4

Two physical switches, both subdivided into three logical switches by creating three VLANs on each switch.
Port 1 of each switch is a member of VLAN 13+14 and operating tagged (Trunk Port). Since VLAN 15 is not part of the Trunk, this VLAN is not expanded across the switches.
YELLOW can only access YELLOW (spanning).
ORANGE can only access ORANGE (spanning).
GREEN can only access GREEN.
BLUE can only access BLUE.

 

Example 5

Two physical switches, both subdivided into two logical switches by creating two VLANs on each switch.
All ports are operating untagged.
The connection only links the first VLAN of Switch 1 with the first VLAN of Switch 2.
YELLOW can only access YELLOW (spanning).
ORANGE can only access ORANGE.
GREEN can only access GREEN.

 

Example 6

Same as example 5, but different VLAN IDs are used on the second switch.
Since all ports are operating untagged, the different IDs don’t change anything

 

Example 7

An untagged VLAN can be extended with a simple unmanaged switch.

Leave a Comment

Captcha Captcha Reload