International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 1 Issue10 pp 006-010 January 2013 www.ijsret.org ISSN 2278 - 0882 Virtual Local Area Network (VLAN) 1 1,2 Gyan Prakash Pal, 2Sadhana Pal Faculty of Electronics & Communication Engineering Department, 1 SIT, Meerut, 2VGI, Greater Noida (India) ABSTRACT What happens if we need a virtual connection between two stations belonging to two different physical LANs? A virtual local area network (VLAN) is defined as a local area network configured by software, not by physical wiring. Virtual LANs (VLANs) have recently developed into an integral feature of switched LAN solutions from every major LAN equipment vendor. One of the reasons for the attention placed on VLAN functionality now is the rapid deployment of LAN switching that began in 1994/1995. The shift toward LAN switching as a replacement for local/departmental routers—and now even shared media devices (hubs)— will only accelerate in the future. With the rapid decrease in Ethernet and Token Ring switch prices on a per-port basis, many more ambitious organizations are moving quickly toward networks featuring private port (single user/port) LAN switching architectures. VLANs represent an alternative solution to routers for broadcast containment, since VLANs allow switches to also contain broadcast traffic. With the implementation of switches in conjunction with VLANs, each network segment can contain as few as one user (approaching private port LAN switching), while broadcast domains can be as large as 1,000 users or perhaps even more. This paper present, in details, exactly what a VLAN is and how VLAN memberships are used in a switched network. Membership in a VLAN can be based on port members, MAC addresses, IP addresses, IP multicast addresses and/or a combination of these features. VLANs are cost and time effective, can reduce network traffic, and provide an extra measure of security. Keywords: LAN, Switch, Port, VLAN, Membership, ISL, IEEE 802.1Q, LAN, Router, Routing I. INTRODUCTION By default, switches break up collision domains and routers break up broadcast domains. By creating virtual local area network (VLAN), broadcast domains break up in a pure switched internetwork. A VLAN is a logical group of network users and resources connected administratively defined ports on a switch. When VLANS created, It will be the ability to create smaller broadcast domains within a layer 2 switched internetworks by assigning different ports on the switch to different sub networks. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcast onto the network are only switched between the ports logically grouped within the same VLAN. By default, hosts in a specific VLAN cannot communicate with hosts that are members of another VLAN, so for inter-VLAN communication router is needed. Fig.1 shows layer 2 switched networks as flat networks. With this configuration, every broadcast packet is transmitted and observes by every device on the network, whether the device is receiving that data or not. PC 1 sending out a broadcast and all ports on all switches forwarding it-all except the port that originally received it. IJSRET @ 2013 International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 1 Issue10 pp 006-010 January 2013 www.ijsret.org ISSN 2278 - 0882 Figure (1) Flat network structure Fig.2 shows a switched network. PC 1 sending a frame to PC 6 as its destination. In this the frame is only forwarded out the port where PC 6 is located. This is a huge improvement over the old hub networks, unless having one collision domain by default. Layer 2 switched networks creates individual collision domain segments for each device plugged into each port on the switch. Now large networks can be built. VLANs simplify network management: Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN. A group of users that need high level of security can be put into its own VLAN so that users outside of the VLAN cannot communicate with them. As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations. VLANs greatly enhance network security. VLANs increase the number of broadcast domains while decreasing their size. Figure (3) A VLAN Network II. VLAN MEMBERSHIPS Figure (2): Switched Network Another issue of networking is security, because in layer 2 switched networks, all users can see all devices. And it cannot be stopped from broadcasting, and it cannot stop users from trying to respond to broadcasts. This means security options are dismally limited to placing passwords on servers and other devices. Using VLANs many problems can solved associated with layer 2 switching. There are two types of VLAN memberships: 1. Static VLANs: Static VLANs are created by network administrator, so these are more secure. Any switch port have assigned to a VLAN will always maintain it unless one change the port assign manually. Static VLAN is easy to set up and any movement in the host required manually update. For a large network which required often more updates of VLAN are not possible statically, we go to dynamic VLANs. 2. Dynamic VLANs: Dynamic VLAN assign VLANs automatically using software, based on hardware address (MAC), protocols and IJSRET @ 2013 International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 1 Issue10 pp 006-010 January 2013 www.ijsret.org ISSN 2278 - 0882 applications. For example, if MAC addresses have been entered into centralized VLAN management application software. If you attached it to an unassigned switch port, the VLAN management database can look up for the hardware address and assign and configure the switch port into the correct VLAN. It is a tuff task to setup database at initial level. ii. III. IDENTIFYING VLANS A switch port can belong to only one VLAN or all VLANs. One VLAN, if it is an access port and all VLANs, if it is a trunk port. One can manually configure a port as an access or trunk port. Let the Dynamic Trunking Protocol (DTP) operates on a per-port basis to set the switch port mode. DTP does this by negotiating with the port on the other end of the link. There are two different types of links in the switched network: i. Access Ports: An access port belongs to and carries the traffic of only one VLAN. Traffic is both received and sent in native formats with no VLAN tagging. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port. Any device attached to an access link is unaware of a VLAN membership; the device just assumes its part of the same broadcast domain. So it doesn’t understand the physical network topology. Access-link devices can’t communicate with devices outside their VLAN unless the packet is routed. And you can only create a switch port to be either an access port or a trunk port, not both. So you have to choose one or the other and know that if you make it an access port, that port can be assigned to one VLAN only. Trunk Ports: Trunk ports can carry multiple VLANs at a time. A trunk link is 100 or 1000 Mbps point-to-point link between two switches, between a switch and router, or even between a switch and server, and it carries the traffic of multiple VLANs from 1 to 4094 at a time. This is a great feature because you can actually set ports up to have a server in two separate broadcast domains simultaneously so your users won’t have to cross a layer 3 device (router) to log in and access it. Another advantage is that, trunk links can carry various amounts of VLAN information across the link, but by default, if the links between your switches are not trunked, only information from the configured VLAN will be switched across that link. IV. VLAN IDENTIFICATION METHOD VLAN identification is what switches use to keep track of all those frames as they are traveling is a switched network. It is how switches identify which frames belong to which VLANs and there’s more than one trunking method. i. Inter-Switch Link (ISL): Inter-Switch Link (ISL) is a way of tagging VLAN information onto an Ethernet frame. This tagging information allows VLANs to be multiplexed over a trunk through an external encapsulation method (ISL), which allows the switch to identify the VLAN membership of a frame over the trunked link. By running ISL, you can interconnect multiple switches and still maintain VLAN information as traffic travels between switches on trunk links. ISL functions at layer 2 by encapsulating a data frame with a new header and cyclic redundancy check (CRC). It is used for Fast Ethernet and Gigabit Ethernet links only. ISL routing is versatile and can be used on a switch port, router interface and server interface cards to trunk a server. IEEE 802.1Q: Created by IEEE as a standard method of frame tagging, IEEE 802.1Q inserts a field into the frame to identify the VLAN. If you are trunking between a Cisco switched link and a different brand of switch, you’ve got to use 802.1Q for the trunk to work. Voice Access Port: Most switches allow to add a second VLAN to an access port on a switch for voice traffic, it is called the voice VLAN. The voice VLAN used to be called the auxiliary VLAN, which allowed it to be overlaid on top of the data VLAN, enabling both types of traffic through the same port. So this is an access port that can be configured for both data and voice. VLANs. This allow to connect both a phone and a PC device to one switch port but still have each device in a separate VLAN. ii. IJSRET @ 2013 International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 1 Issue10 pp 006-010 January 2013 www.ijsret.org ISSN 2278 - 0882 The basic purpose of ISL and 802.1Q frame-tagging methods is to provide inter-switch VLAN communication. Also, remember that any ISL or 802.1Q frame tagging is removed if a frame is forwarded out an access link; tagging is used across trunk links only. VLANs can be used to create virtual work groups. For example, in a campus environment, professors working on the same project can send broadcast messages to one another without the necessity of belonging to the same department. This can reduce traffic if the multicasting capability of IP was previously used. iii. Security VLANs provide an extra measure of security. People belonging to the same group can send broadcast message with the guaranteed assurance that users in other groups will not receive these messages. V. ROUTING BETWEEN VLANS Hosts in a VLAN create their own broadcast domain and can communicate freely. VLANs create network partitioning and traffic separation at layer 2 of the OSI, and if you want hosts or any other IP-addressable device to communicate between VLANs, you need a layer 3 device. You can use a router that has an interface for each VLAN or a router that supports ISL or 802.1Q routing. VII. SUMMARY This paper introduces you to the world of virtual LANs and described how Cisco switches can use them. We talked about how VLANs break up broadcast domains in a switched internetwork; a very important, necessary thing because layer 2 switches only break up collision domains and, by default, all switches make up one large broadcast domain. I also described access links to you and we went over how trunked VLAN work across a Fast Ethernet link. REFERENCES [1]http://www.cisco.com/en/US/docs/switches/lan/cataly st2950/software/release/12.1_9_ea1/configuration/guide/ swvlan.pdf [2] Forouzan, B. Local Area Networks. New York, NY: McGraw-Hill, 2003. [3] Sauders, S. Gigabit Ethernet Handbook. New York, NY: McGraw-Hill, 1998. [4] Tanenbaum, A. Computer Networks.Prentice Hall,2003. [5] Gyan Prakash Pal, Sadhana Pal, “First Boot Of the Router & Storing Its Configuration”, International Journal of Scientific Research Engineering &Technology (IJSRET), Volume 1 Issue1 pp 008-0013 March 2012 [6] Sadhana Pal, Gyan Prakash Pal, “VPN: To Make Private Networks Through Public Networks”, International Journal of Scientific Research Engineering &Technology (IJSRET), Volume 1 Issue3 pp 026-032 June 2012 [7] Keiser, G. Local Area Networks. New York, NY: McGraw-Hill, 2002. Figure (4) Inter-VLAN communication via a router VI. ADVANTAGES OF USING VLANS There are several advantages to using VLANs. i. Cost and Time Reduction VLANs can reduce the migration cost of stations going from one group to another. Physical reconfiguration takes time and is costly. Instead of physically moving one station to another segment or even to another switch, it is much easier and quicker to move it by using software. ii. Creating Virtual Work Groups IJSRET @ 2013 International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 1 Issue10 pp 006-010 January 2013 www.ijsret.org ISSN 2278 - 0882 [8] Perlman, R. Interconnection: Bridges, Routers, Switches, and Intemetworking Protocols. Reading, MA: Addison-Wesley, 2000. [9] Anuj Kumar, Dr. Ashish Chaturvedi “Organization of Energy Efficiency in Wireless Sensor Network” IJSRET Vol 1 Issue 3, June 2012 [10] Sadhana Pal,Gyan Prakash Pal “VPN: To Make Private Networks Through Public Networks” IJSRET Vol 1 Issue 3, June 2012 [11] Tushar Gawande, Prof.N.N Mhala “Network Coding To Improve Performance of AODV Protocol in Wireless Ad-Hoc Network” IJSRET Vol 1 Issue 3, June 2012 [12] Achal Agarwal, Richa Agarwal, Kirtika Goel “A Prescriptive Policy Paper on E-Governance Use of Wireless Technology in Electronic Voting Machine” IJSRET Vol 1 Issue 3, June 2012 [13] Akhil Kaushik, Hari Om Awashti, Kirtika Goel, Sakshi Goel “Secure Authentication with Encryption Technique for Mobile on Cloud Computing” IJSRET Vol 1 Issue 5, August 2012 [14] Nalini Tyagi, Rahul Gupta, Ruchi Singh “Parent Cluster Head with XML usage in Wireless Network” IJSRET Vol 1 Issue 5, August 2012 [15] Ruchin Mangla, Maninder Singh “MIMOOrthogonal Frequency Division Multiplexing System over Rayleigh Fading Channel with Simulink” IJSRET Vol 1 Issue 5, August 2012 [16] Lalit Kishore Arora, Rajkumar “Performance Evaluation of Mesh with Source Routing for Packet Loss” IJSRET Vol 1 Issue 5, August 2012 [17] Sapana Singh, Pratap Singh “Key Concepts and Network Architecture for 5G Mobile Technology” IJSRET Vol 1 Issue 5, August 2012 [18] Naveen Kumar, B.S.Roohani “Data Security on WLAN” IJSRET Vol 1 Issue 5, August 2012 [19] Payal Rani, Nalini Tyagi “Mobile Cloud Computing: A New Approach, Case Study, Result & Analysis” IJSRET Vol 1 Issue 5, August 2012 [20] Sandeep Rana, Varun Pundir, Ram Sewak Singh, Deepak Yadav Congestion Control in Mobile Ad-Hoc Networks” IJSRET Vol 1 Issue 5, August 2012 [21] Ajay kumar yadav, Vishal Upmanu, Satyendra kr. Yadav “Design and Analysis of a Beam FormingNetwork for WLAN Application” IJSRET Vol 1 Issue 6, September 2012 [22] Kewal Krishan Sharma, Dr. Rakesh Dube “Multihoming Mobile Computing Architecture” IJSRET Vol 1 Issue 11, February 2013 [23] Rahul Mukherjee “Power Optimized MAC Protocol in Mobile Ad-hoc Network’s” IJSRET Vol 1 Issue 11, February 2013 [24] Rohit, Neeraj Joshi, Navneet Kumar Yadav “Mobile Payments by short range wireless Connectivity” IJSRET Vol 1 Issue 5, August 2012 [25] Shweta Verma, Shailee Yadav “Spectrum Sensing Technique in Cognitive Radio using WIMAX signal” IJSRET Vol 1 Issue 5, August 2012 [26] Ms. Sonal J. Rane “A Simulation Study of Behaviour of Mobile Zigbee Node” IJSRET Vol 1 Issue 6, September 2012 IJSRET @ 2013