Asante Technologies 3500 Series user manual Switching Concepts, Port-Based VLANs

Chapter 7. Switching Concepts

A bridge is a hardware device used to connect multiple networks into one big network. However, when a bridge receives a broadcast from one interface, it will forward the frame to all interfaces and flood the wire, easily overwhelming the network.

The traditional solution to the problem of broadcast flooding is to use a router. The disadvantages of a router include higher cost (the initial purchase price and higher maintenance costs) and slower rate pf processing incoming data, leading to increased latency with decreased network performance. A switch (basically a complex bridge) can process data at a faster rate than a router, and can limit unnecessary flooded traffic by learning the addresses of the stations on the system. A switch can be used to create broadcasts domains (via VLANs), and can be employed as an alternate solution to using routers to contain broadcast flooding.

While a bridge connects network segments via interfaces, a switch connects segments via its ports, like a hub. But, unlike a hub, the ports of a switch can be configured to belong to a specific network, thereby separating traffic, providing security and reducing overall network congestion.

The following sections provide brief explanations of some of the concepts related to switching. If more information is required, please refer to networking textbooks, online resources (i.e. www.oreillynet.com) or your MIS manager.

7.1 VLANs

A virtual local area network, or VLAN, is a logical grouping that allows stations to communicate as if they were physically connected to a single LAN, independent of the actual physical configuration of a network. A VLAN localizes flooded traffic to parts of LAN segments, rather than to an entire LAN, offering a simple solution to network performance, security and bandwidth utilization.

7.1.1 Port-Based VLANs

Port-based VLANs are the simplest of many VLAN approaches (others are based on MAC addresses, protocol type, and higher layers that are not currently supported by the IEEE 802.1Q standard) that solve the problem of unnecessary flooding. The switch currently supports port-based VLANs in compliance with the IEEE standard.

A port-based VLAN allows the administrator to assign individual ports to a VLAN. Any broadcast (sent to every user in the network) or multicast (sent to a pre-specified group of users) traffic received on a port in a VLAN are limited by the VLAN boundaries so that only workstations whose ports are members of the same VLAN see those frames.

7.1.2 VLAN ID and Tagged Frames

The IntraCore 3524 supports 64 manually configurable VLANs. Each VLAN is identified by a 12-bit (1-4095) VLAN ID (VID). No two VLANs may have the same VID if they reside on the same switch. However, by assigning the same VID to VLANs on multiple switches, the broadcast domain may be extended over a large network. The switch is shipped with a single default VLAN, with a VID of 0.

In a network with only one switch, the switch itself keeps track of which ports belong to which VLAN. In a network with multiple switches, the information about which VLAN an Ethernet frame belongs to must be sent along with the frame. This is done by inserting a tag field, as defined in IEEE 802.1Q, in the frame. The tag includes a VLAN ID field that matches the VID assigned to a VLAN on the switch. The switch will then assign the frame to the VLAN represented by the tag field.

A port map is used to specify which ports are members of each VLAN. Each VLAN has a set of untagged ports that specifies which port members of the VLAN transmit only untagged frames. The untagged set can be a subset of the port map, or it can be the same as the port map. If a port is in the VLAN port map and not in the VLAN untagged set, that port transmits tagged frames only. The switch includes all ports in its untagged set by default.

73