VLANs (Virtual LANs) - Part 2

Port-based VLANs
In the previos post (VLANs), we simply stated that the network is split up into sets of virtual LANs. It is one thing to say this; it is quite another thing to understand how this is actually achieved.
Fundamentally, the act of creating a VLAN on a switch involves defining a set of ports, and defining the criteria for VLAN membership for workstations connected to those ports.
By far the most common VLAN membership criterium is port-based. We will consider that criterium here, and visit the other options later in this post.
With port-based VLANs, the ports of a switch are simply assigned to VLANs, with no extra criteria.

All devices connected to a given port automatically become members of the VLAN to which that port was assigned.
In effect, this just divides a switch up into a set of independent sub-switches.

Protocol-based VLANs
With this method, different protocol types are assigned to different VLANs. For example, IP defines one VLAN, IPX defines another VLAN, Netbeui yet another VLAN, etc.

Subnet-based VLANs
With this method, the VLAN membership is defined by the subnet to which a workstations's IP address belongs.

Workstation or packet?
Now that you have read the descriptions of protocol-based and subnet-based VLANs, it is possible that some awkward questions will come to your mind like "Isn't a VLAN a set of workstations? How does a protocol specify a workstation?" etc.
At this point, you may be starting to see that the description of a VLAN as a set of workstations is a bit of a simplification. So, let us look a bit deeper here and get to a better understanding of what VLAN membership means.
In fact, a given workstation can belong to multiple VLANs. It could belong to one subnet-based VLAN when sending IP packets, another protocol-based VLAN when sending IPX packets, and yet another different port-based VLAN when sending some other protocol.
So, certainly, when analysing the VLAN setup on a network, it is a mistake to as "What VLAN does this workstation belong to?" The more meaningful question to ask is "If a packet of such-and-such a protocol arrived at port x of the switch, which VLAN would that packet be associated with?"
It is important to really understand the change of mind-set that has just been introduced here. When initially learning about VLANs, it is usual to think of VLANs as sets of workstations. And, in practice, this is often all that a network administrator wants to achieve. However, once the VLAN configuration on a switch becomes complex, with multiple VLANs of different types all configured on the same port, it is no longer possible to really think about the VLAN from the workstation point of view. It becomes necessary to think of it from the packet point of view.
Therefore, it really is vital to think of packets being associated to VLANs when trying to understand VLAN configurations. Any other approach just ends in confusion.
The main poin is that, when using protocol-based and subnet-based VLANs, it is data streams that are divided into VLANs, not necessarily whole workstations.


Follow on:
1. Facebook
2. Google+