Example 2, VLANs Across Multiple Switches

4.1.2Frame Handling

This section describes the operations of the switch when two frames are received. The first frame is a broadcast sent by station R1.

1.Station R1 transmits the broadcast frame. The switch receives this frame on Port 1. As the frame is received, the switch classifies it. The frame is untagged, so the switch classifies it as belonging to the VLAN that Port 1 is assigned to, the Red VLAN.

2.At the same time, the switch adds the source MAC address of the frame and the VLAN associated with port 1 to its Source Address Table in FID 2. In this fashion it learns that station R1 is located out Port 1.

3.Once the frame is classified, its destination MAC address is examined. The switch discovers that the frame is a broadcast, and treats it as it would any other unknown destination MAC address. The switch forwards the frame out all ports in the Red VLAN’s Forwarding List except for the one that received the frame. In this case, the frame is sent to Ports 2 and 3.

The second frame is a unicast, where station R2 responds to station R1’s broadcast.

4.Station R2, having received and recognized the broadcast from R1, transmits a unicast frame as a response. The switch receives this frame on Port 2. The switch classifies this new untagged frame as belonging to the Red VLAN.

5.The switch adds the source MAC address and VLAN for station R2 to its Source Address Table in FID 2, and checks the Source Address Table for the destination MAC address given in the frame. The switch finds the MAC address and VLAN in this table, and recognizes that the MAC address and VLAN match for R1 is located out Port 1.

6.The switch examines its VLAN configuration information and determines that the frame for Red VLAN is allowed to be forwarded out Port 1 and that it must be sent in an untagged format.

7.The switch forwards the frame out Port 1. Any other unicast transmissions between stations R1 and R2 will be handled identically.

4.2EXAMPLE 2, VLANs ACROSS MULTIPLE SWITCHES

This second example investigates the steps that must be taken to set up VLANs across multiple 802.1Q VLAN switches. This includes the configuration and operation of 1Q Trunks between 802.1Q VLAN switches.

As shown in Figure 4-3, two companies, “Redco” and “Blue Industries”, share floors 2 and 4 in a building where the network infrastructure is supplied by the building owner. The objective is to completely isolate the network traffic of the two companies by limiting the user’s traffic through the ports of two switches, thus maintaining security and shielding the network traffic from each company. This example will show the use and configuration of a 1Q Trunk connection and the creation of VLANs across multiple switches.

Examples 4-3

Page 62 Page 64
Page 63
Image 63
Enterasys Networks 802.1Q manual Frame Handling, Example 2, VLANs Across Multiple Switches
Page 62 Page 64

802.1Q specifications

Enterasys Networks, a subsidiary of the Siemens Group, is widely recognized for its comprehensive networking solutions, with a strong emphasis on security, reliability, and performance. One of the key technologies offered by Enterasys is 802.1Q, a critical component of Ethernet networking that establishes standards for VLAN (Virtual Local Area Network) tagging. This technology is essential for enhancing network performance and managing traffic efficiently.

The primary feature of 802.1Q is its ability to create VLANs, which segment a physical network into multiple logical networks. This segmentation improves network security by isolating sensitive data and restricting access to specific users or devices. With VLANs, organizations can reduce broadcast traffic, thereby enhancing overall network efficiency. Different departments within an organization can operate on their own VLAN, ensuring that their traffic is kept separate from others.

One significant technological aspect of 802.1Q is its tagging method. When a frame passes through a switch port configured for IEEE 802.1Q, the switch appends a VLAN tag to the frame. This tag contains important information, such as the VLAN ID, enabling switches and devices throughout the network to identify which VLAN the frame belongs to. This tagging is especially critical in environments where multiple VLANs share the same physical infrastructure.

Another characteristic of Enterasys Networks' implementation of 802.1Q is interoperability with existing network standards and protocols. This means that organizations can implement VLAN tagging without requiring major upgrades or replacements of their switch hardware. Enterasys ensures that its switches are compliant with various industry standards, making it easier for enterprises to integrate these solutions into their existing network settings.

Security is another vital feature of Enterasys Networks’ 802.1Q offering. By leveraging VLANs, organizations can enforce stricter access controls and policies, reducing the risk of unauthorized access to sensitive network segments. This is particularly beneficial for industries with stringent compliance requirements, such as finance and healthcare.

In summary, Enterasys Networks' 802.1Q technology plays a pivotal role in modern networking by facilitating VLAN creation, enabling efficient traffic management, ensuring interoperability, and bolstering network security. As organizations increasingly rely on connected devices and data-driven processes, technologies like 802.1Q are essential for building robust, scalable, and secure networking environments.
Top Page Image Contents