In modern network infrastructure, understanding how to segment broadcast domains and enable inter-VLAN communication is fundamental to building efficient enterprise networks. This article explores VLAN technology, trunking protocols, and Layer 3 switching capabilities.
- Understanding Broadcast Domains and VLANs
1.1 Challenges in Traditional Ethernet Networks
Traditional switched Ethernet environments place all connected devices within a single broadcast domain. As the network grows, broadcast traffic accumulates rapidly. When broadcasts consume approximately 30% of available bandwidth, network performance degrades significantly. Additionally, a malfunctioning network device continuously transmitting broadcasts can trigger broadcast storms, effectively paralyzing network communications.
The solution involves segmenting broadcast domains to prevent these issues from propagating across the entire network.
1.2 Approaches to Broadcast Domain Segmentation
Physicall segmentation divides a network into separate physical segments using routing equipment. While effective, this approach is costly and limited by router interface availability.
Logical segmentation divides a network into virtual segments using VLAN technology. VLANs operate at Layer 2 of the OSI model, where each VLAN represents an isolated broadcast domain. Inter-VLAN communication requires routing equipment.
1.3 What is a VLAN?
VLAN stands for Virtual Local Area Network. This technology logically divides a single physical LAN into multiple distinct broadcast domains, effectively creating multiple virtual networks from one infrastructure.
1.4 Why Deploy VLANs?
Traditional LANs cannot adequately address challenges including excessive collisions, broadcast flooding, and security concerns. VLANs provide the capabilities needed to overcome these limitations in modern network environments.
1.5 Benefits of VLAN Implementation
- Broadcast control: Contain broadcast traffic within VLAN boundaries, preventing unnecessary traffic from reaching devices outside the intended segment
- Enhanced security: Isolate sensitive network segments and control inter-VLAN access through routing policies
- Simplified management: Reconfigure network topology logically without physical infrastructure changes
- Types of VLANs
Static VLANs assign ports to specific VLANs based on administrative configuration. Network administrators manually define which ports belong to which VLAN. This method dominates enterprise deployments due to its predictability and ease of management.
Dynamic VLANs automatically assign ports based on connected device characteristics, typically MAC addresses. When a device connects to any switch port, the system maps it to the appropriate VLAN based on MAC-to-VLAN mappings in a VMPS (VLAN Management Policy Server).
- Static VLAN Configuration
3.1 VLAN ID Ranges
| Range | Status | Description |
|---|---|---|
| 0, 4095 | Reserved | System-only VLANs, not available for configuration |
| 1 | Default | Cisco default VLAN, cannot be modified or deleted |
| 2-1001 | Normal | Usable range for Ethernet VLANs in normal mode |
| 1002-1005 | Normal | Reserved for FDDI and Token Ring, cannot be removed |
| 1006-4094 | Extended | Extended VLAN range for specific deployments |
3.2 Configuration Workflow
Implementing static VLANs involves three primary steps:
-
Create the VLAN and assign it an identifier
-
Assign switch ports to their respective VLANs
-
Validate the configuration to ensure proper operation
-
Trunk Links and Configuration
4.1 The Cross-Switch VLAN Challenge
Consider an organization with multiple departments, each assigned to its own VLAN. When departments span across different switches, the challenge becomes enabling communication between devices in the same VLAN located on separate switches.
The naive solution of connecting separate links for each VLAN quickly becomes impractical. With potential for thousands of VLANs, dedicating individual physical connections between switches is neither scalable nor cost-effective.
Trunk links solve this problem by carrying traffic from multiple VLANs over a single physical connection, using tagging mechanisms to identify which VLAN each frame belongs to.
4.2 Communication Across Switches
When devices in the same VLAN exist on different switches, trunk links enable them to communicate by tagging frames with VLAN identifiers. The receiving switch strips the tag and forwards the frame to the appropriate port within that VLAN.
4.3 Port Types Overview
| Type | Function | Use Case | Tagging Behavior |
|---|---|---|---|
| Access | Edge port | Switch to end device | Removes tags on egress, expects untagged frames on ingress |
| Trunk | Uplink port | Switch to switch | Preserves tags, can carry multiple VLANs |
| Hybrid | Flexible port | Multiple scenarios | Configurable tagging for both tagged and untagged traffic |
4.4 VLAN Tagging Mechanism
When switches forward frames across trunk links, they insert a VLAN tag into the Ethernet frame header. This tag identifies which VLAN the frame belongs to, enabling the receiving switch to forward it correctly.
4.5 Tagging Protocols
Two primary encapsulation standards exist for VLAN tagging:
IEEE 802.1Q: The industry-standard approach that inserts a 4-byte tag between the source MAC address and the EtherType field. The tag contains the TPID (0x8100 to identify 802.1Q frames) and TCI (including Priority, CFI indicator, and the 12-bit VLAN ID).
ISL (Inter-Switch Link): A Cisco-proprietary protocol that encapsulates the entire original frame with a 26-byte header and 4-byte trailer. Less commonly used in modern networks.
4.6 Why Tagging is Necessary
Trunk links must carry traffic from multiple VLANs simultaneously. Without tagging, switches would have no way to determine which VLAN a received frame belongs to. Tagging provides the identification mechanism that allows switches to correctly classify and forward frames to the appropriate VLAN.
4.7 Sample Configuration
# Configure access port
system-view
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
# Configure trunk port
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 10 20 30
- Layer 3 Switching Technology
Layer 3 switches combine Layer 2 switching functionality with routing capabilities, providing high-speed inter-VLAN routing without the performance limitations of traditional software-based routers.
5.1 Implementation Approaches
5.1.1 Traditional MLS (Multilayer Switching)
When the first packet arrives destined for a different subnet, the Layer 3 engine processes it in software. The switch rewrites the source and destination MAC addresses, recalculates the frame check sequence, and forwards the packet. This initial processing creates an MLS entry in hardware cache.
Subsequent packets matching this flow bypass software processing entirely, being forwarded directly by hardware using the cached entry. This "route once, switch many" approach delivers wire-speed routing performance.
Process summary: Initial packet → Layer 3 engine → MAC address resolution → Hardware entry creation → Remaining packets → Hardware-based forwarding
5.1.2 CEF-Based MLS (Cisco Express Forwarding)
CEF precomputes forwarding decisions by maintaining two key tables:
FIB (Forwarding Information Base): Mirrors the routing table structure, containing destination network prefixes and next-hop information. Updated automatically when routing changes occur.
Adjacency Table: Stores Layer 2 rewrite information (MAC addresses) for directly connected neighbors. Eliminating ARP lookups for every packet significantly accelerates forwarding.
When receiving a packet, the switch performs a single FIB lookup to determine the exit interface and next-hop, then references the adjacency table for the correct Layer 2 encapsulation information. Packets forward without software intervention.
5.1.3 Comparing MLS Approaches
Traditional MLS requires atleast one software-based routing table lookup to establish hardware entries before forwarding can occur. CEF-based MLS precomputes all necessary forwarding information, enabling immediate hardware-based packet processing from the first packet onward.
- Virtual VLAN Interfaces
Layer 3 switches create virtual routing interfaces for each VLAN, allowing direct inter-VLAN routing without external routers. Each VLAN interface serves as the gateway for that subnet.
The primary value proposition of Layer 3 switches: enabling efficient communication between different VLANs at wire speed.
6.1 Sample Configuration
# Create VLAN interface and assign IP address
system-view
interface Vlanif 10
ip address 192.168.10.254 255.255.255.0
# Verify interface status
display ip interface brief