VLANs or virtual local area networks allow for a wide range of capabilities when it comes to segmented and connecting different segments of network traffic. However, there can be much confusion when it comes to how these are setup and how the flow of traffic between switches is accomplished. Of course depending on the manufacturer of the switch and other factors, the syntax for setting up VLANs may be different from switch to switch, however, the general concept remains the same.
VLANs allow for networks to be setup that may span several switches or locations but function and act like you are sitting on the same segment with another user or device that is plugged into the same physical switch. This is accomplished via VLAN tagging and special information being added at the packet level to make this all happen.
Administrators who have never setup VLANs sometimes get confused as to how they should setup the switch to pass traffic between switches. There are a few things that must be accomplished when setting up VLANs. They include:
- Setting up a VLAN ID
- Configuring both the access ports and trunk ports
- Setting up an address scheme
VLAN ID
The VLAN ID is important because this same ID must be set on all switches that will be carrying this particular VLAN traffic. So, for instance, if you setup a VLAN identifier of “50” this VLAN 50 must be created on all switches that you want to be able to communicate and carry traffic on this segment.
Access and Trunk Ports
Access ports and trunk ports provide the means for communication. The Access ports are the ports that the devices are actually plugged into that you want to communicate on a particular VLAN. The trunk port(s) is the port that actually carries the traffic between your switches. Typcially, this would be your “uplink” port in the most basic configuration. The uplink port that uplinks a particular switch to the rest of the network serves the same purpose in a flat network or a non-VLAN’ed network. In a VLAN scenario, it simply has the added special role of carrying the “tagged” VLAN traffic.
Many are confused by the terms tagged and untagged and are not sure what ports need to be setup as what. Typically, your access ports are setup as untagged ports and only know about the particular VLAN they are a member of. So if you created an untagged port, it will not receive traffic from the rest of the network aside from the particular VLAN it resides on. We mentioned above that the uplink port would generally be the “tagged” port which carries the VLAN traffic and allows it to “uplink” to the rest of the network. The uplink port or tagged port is typically tagged with “all” of the VLANs that are configured on the switch. So it essentially is a member of all the VLANs so it can communicate with all VLANs. All traffic that comes across the uplink is examined and the “tagging” alerts the switch of which VLAN to send the traffic to.
Address Scheme
Setting up a VLAN does not negate the need to configure host addressing. If you have a number of hosts on the same VLAN and they are all configured for different subnets, they will NOT be able to communicate due to simply having them on the same VLAN in itself. Addressing still has to be setup appropriately to allow for communication.
Putting it all together
VLANs are not difficult to configure, however, they require forethought about the ID, ports, and address scheme. In its most basic configuration, a switch or number of switches will have:
- one or more ports setup as access ports (untagged generally)
- one or more ports setup as trunk ports (usually is the uplink port that is “tagged” with the VLAN ID)
- Address scheme between hosts that allows for communication
After setting up the above, you should have a basic functional VLAN scenario that will allow for a virtual grouping of hosts not matter how far or close they may be as if they were on the same flat network.
