ZyXEL Communications MSAP2000 VLAN

MSAP2000 AAMS User’s Guide

VLAN

This chapter shows you how to configure 802.1Q tagged VLANs.

8.1 Introduction to VLANs

A VLAN (Virtual Local Area Network) allows a physical network to be

partitioned into multiple logical networks. Devices on a logical network belong

to one group. A device can belong to more than one group. With VLAN, a

device cannot directly talk to or hear from devices that are not in the same

group(s); the traffic must first go through a router.

In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and

security among the subscribers. When properly configured, VLAN prevents one

subscriber from accessing the network resources of another on the same LAN,

thus a user will not see the printers and hard disks of another user in the same

building. If you have enabled port isolation in the Switch Setup screen, you do

not need to configure the VLAN to isolate subscribers.

VLAN also increases network performance by limiting broadcasts to a smaller

and more manageable logical broadcast domain. In traditional switched

environments, all broadcast packets go to each and every individual port. With

VLAN, all broadcasts are confined to a specific broadcast domain.

Note that a VLAN is unidirectional; it only governs outgoing traffic.

8.2 Introduction to IEEE 802.1Q Tagged VLAN

Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the

VLAN membership of a frame across bridges - they are not confined to the switch

on which they were created. The VLANs can be created statically by hand or

dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN

and provides the information that switches need to process the frame across the

network. A tagged frame is four bytes longer than an untagged frame and

contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length

field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts

after the source address field of the Ethernet frame).

The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for

Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then

that frame should not be forwarded as it is to an untagged port. The remaining

twelve bits define the VLAN ID, giving a possible maximum number of 4,096 (212)

VLANs. Note that user priority and VLAN ID are independent of each other. A

frame with VID (VLAN Identifier) of null (0) is called a