Benefits and Restrictions

1.2.1802.1Q VLANs

An 802.1Q VLAN switch determines the VLAN membership of a data frame by its Tag Header, described later in this chapter. If the frame received is not tagged, the switch classifies the frame into the VLAN that is assigned as the default VLAN of the switch.

Some or all ports on the switch may be configured to operate as GARP VLAN Registration Protocol (GVRP) ports. If a frame received is tagged, the frame is forwarded to the GVRP ports that are configured to transmit frames associated with the frame VLAN ID and protocol. If the received frame is not tagged, the frame is examined and tagged as belonging to the default VLAN. Then the frame is forwarded to the GVRP ports that are configured to transmit frames associated with the default VLAN and the frame protocol.

1.2.2SecureFast VLANs

Enterasys Networks’ SecureFast VLAN strategy takes a different approach to creating virtual LANs. In a SecureFast VLAN environment, the switches in the network recognize Network Layer routing requests and translate them. Based on this translation, the switches set up a connection between the end devices in the network.

1.2.3Other VLAN Strategies

VLANs may also be created by a variety of addressing schemes, including the recognition of groups of MAC addresses or types of traffic. One of the best-known VLAN-like schemes is the use of IP Subnets to divide networks into smaller subnetworks.

1.3BENEFITS AND RESTRICTIONS

The primary benefit of the 802.1Q VLAN technology is that it provides localization of traffic. This function also offers improvements in security and performance to stations assigned to a VLAN.

While the localization of traffic to VLANs can improve security and performance, it imposes some restrictions on network devices that participate in the VLAN. Through the use of Filtering Database ID’s (FIDs) security can be implemented to enable or prevent users from one or more VLANs from communicating with each other.

One or more VLANs can be assigned to a FID so that all the users that share a common FID can communicate with each other regardless of their VLAN affiliation. However, for the sake of security, the members of one FID cannot communicate with the members of another FID.

To set up a VLAN, all the network switch devices that are assigned to the VLAN must support the IEEE 802.1Q specification for VLANs. Before you attempt to implement a VLAN strategy, ensure that the switches under consideration support the IEEE 802.1Q specification.

Virtual Local Area Networks 1-3

Page 12 Page 14
Page 13
Image 13
Enterasys Networks manual 1 802.1Q VLANs, SecureFast VLANs, Other Vlan Strategies, Benefits and Restrictions
Page 12 Page 14

802.1Q specifications

Enterasys Networks, a subsidiary of the Siemens Group, is widely recognized for its comprehensive networking solutions, with a strong emphasis on security, reliability, and performance. One of the key technologies offered by Enterasys is 802.1Q, a critical component of Ethernet networking that establishes standards for VLAN (Virtual Local Area Network) tagging. This technology is essential for enhancing network performance and managing traffic efficiently.

The primary feature of 802.1Q is its ability to create VLANs, which segment a physical network into multiple logical networks. This segmentation improves network security by isolating sensitive data and restricting access to specific users or devices. With VLANs, organizations can reduce broadcast traffic, thereby enhancing overall network efficiency. Different departments within an organization can operate on their own VLAN, ensuring that their traffic is kept separate from others.

One significant technological aspect of 802.1Q is its tagging method. When a frame passes through a switch port configured for IEEE 802.1Q, the switch appends a VLAN tag to the frame. This tag contains important information, such as the VLAN ID, enabling switches and devices throughout the network to identify which VLAN the frame belongs to. This tagging is especially critical in environments where multiple VLANs share the same physical infrastructure.

Another characteristic of Enterasys Networks' implementation of 802.1Q is interoperability with existing network standards and protocols. This means that organizations can implement VLAN tagging without requiring major upgrades or replacements of their switch hardware. Enterasys ensures that its switches are compliant with various industry standards, making it easier for enterprises to integrate these solutions into their existing network settings.

Security is another vital feature of Enterasys Networks’ 802.1Q offering. By leveraging VLANs, organizations can enforce stricter access controls and policies, reducing the risk of unauthorized access to sensitive network segments. This is particularly beneficial for industries with stringent compliance requirements, such as finance and healthcare.

In summary, Enterasys Networks' 802.1Q technology plays a pivotal role in modern networking by facilitating VLAN creation, enabling efficient traffic management, ensuring interoperability, and bolstering network security. As organizations increasingly rely on connected devices and data-driven processes, technologies like 802.1Q are essential for building robust, scalable, and secure networking environments.
Top Page Image Contents