Question:
What are virtual LANs and how do they function?

Answer:
Virtual LANs, as the name indicates, are software-defined groups of localarea network nodes. These nodes are comprised of workstations, servers,printers, etc. Creating these virtual groupings of nodes offers manyadvantages, such as advanced security, greater control and ease ofadministration.

According to the ATM LAN Emulation specification, one of the requirementsfor using ATM as a medium for local area networks is that these LANs mustbe emulated (Local Area Network Emulation or LANE) or in other words,virtual.

In order to set up VLANs, we first start with a switched network.Typically, the switch vendor supplies the VLAN definition utility. Thisutility will help us define the individual virtual LANs and specify whatnetwork nodes are to be included in each VLAN. The factors involved indefining VLANs can be subnet addresses, switch ports, MAC (media accesscontrol) addresses of the nodes, protocol type, or even the type ofapplication being used on the LAN.

Another way of analyzing the construction of VLANs is to use the OSIreference model. We can have two types of VLAN definitions, Layer 2 or theData-Link Layer model, and Layer 3 or the Network Layer model.

Let’s take a closer look at the data-link layer model. One of the easiestways to create virtual LANs is to group the switch ports into virtualsegments.

Note that if a hub were connected to a switch port on VLAN-1, then alldevices connected to that hub would belong to VLAN-1. This is especiallyattractive when departmental VLANs are desired. Virtual segment VLANs areeasy to design and administer and performance gains can be realized. Thedisadvantage is the fact that when a node has to be relocated to adifferent VLAN, a physical reconnection at the switch must take place.

Another Layer-2 method to create VLANs is the packet tagging principle. Inthis approach, when network nodes are designated as belonging to a specificVLAN, packets are tagged with unique additional information as they enterthe switch. All switches will now examine this information prior todelivering the packet to its destination.

The third Layer-2 model relies on MAC addresses of network nodes. WhenVLANs are defined, tables are created for each VLAN and its member’s MACaddresses are contained in these tables. Note that switching a user fromone VLAN to another now does not require a physical reconnection, only thetable entries need to be modified.

Layer 3 in the OSI reference model is also known as the Network Layer.Layer-3 VLAN segmentation techniques therefore employ network layeraddresses. We can view these VLANS as subnets, hence the term virtualsubnetting. Members of the same VLAN have the same subnet address. Theswitches use logic that reads the subnet address of the destination whileforwarding packets. Note that all members of a particular VLAN willcontain the same subnet address and therefore will be processed as membersof the same bridge group. This translates to the following observation -all intra-VLAN traffic is bridged at Layer-2 while all inter-VLAN trafficis routed at Layer-3.