D-Link DES-3624 manual IEEE 802.1Q VLANs, VLAN Segmentation, Sharing Resources Across VLANs

Stackable NWay Ethernet Switch User’s Guide

IEEE 802.1Q VLANs

The Switch supports up to 96 IEEE 802.1Q (port-based) VLANs. Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department.

On port-based VLANs, NICs do not need to be able to identify 802.1Q tags in packet headers. NICs send and receive normal Ethernet packets. If the packet’s destination lies on the same segment, communications take place using normal Ethernet protocols. Even though this is always the case, when the destination for a packet lies on another switch port, VLAN considerations come into play to decide if the packet gets dropped by the switch or delivered.

There are two key components to understanding IEEE 802.1Q VLANs; Port VLAN ID numbers (PVID) and VLAN ID numbers (VID). Both variables are assigned to a switch port, but there are important differences between them. A user can only assign one PVID to each switch port. The PVID defines which VLAN a switch will forward packets from the connected segment on, when packets need to be forwarded to another switch port or somewhere else on the network. On the other hand, a user can define a port as a member of multiple VLANs (VIDs), allowing the segment connected to it to receive packets from many VLANs on the network. These two variables control a port’s ability to transmit and receive VLAN traffic, and the difference between them provides network segmentation, while still allowing resources to be shared across more than one VLAN.

VLAN Segmentation

Take for example a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 and has the Port VLAN ID number 2 (PVID=2). If the destination lies on another port (found through a normal forwarding table lookup), the switch then looks to see if the other port (Port 10) is a member of VLAN 2 (and can therefore receive VLAN 2 packets). If port 10 is not a member of VLAN 2, then the packet will be dropped by the switch and will not reach it’s destination. If Port 10 is a member of VLAN 2, the packet will go through. This selective forwarding feature based on VLAN criteria is how VLANs segment networks. The key point being that Port 1 will only transmit on VLAN 2, because it’s Port VLAN ID number is 2 (PVID=2).

Sharing Resources Across VLANs

Network resources such as printers and servers however, can be shared across VLANs. This is achieved by setting up overlapping VLANs as shown in the diagram below.

VLAN 3

Figure 5-4. Example of typical VLAN configuration

In the above example, there are three different VLANs and each port can transmit packets on one of them according to their Port VLAN ID (PVID). However, a port can receive packets on all VLANs (VID) that it belongs to. The assignments are as follows: