In our previous blog, we shared with you a beginner’s guide to Virtual Local Area Network (VLAN), where we talked about the critical role VLANs play in a business environment. We also discussed how VLANs work, their different types, and their advantages.

In this blog post, we will explore the topic of VLANs further providing an overview of the different ways you can configure a VLAN, connection links, and tagging. So let’s get started…

How Do You Configure A VLAN?

VLANs are usually configured in one of the following ways:

Static VLAN

A static VLAN, also called Port-based VLAN, is a group of ports that belong to the same broadcast domain. It is created by manually assigning VLANs for each switch port. If any user changes their access port to the VLAN, then the port needs to be reconfigured. This makes static VLAN difficult to manage. Therefore, they are not commonly used.

Dynamic VLAN

A dynamic VLAN is one in which the network switch automatically assigns the port to a VLAN based on the information from the user’s device. VLANs are configured using software or protocol. Their flexibility and ease of management make them a popular choice.

Dynamic VLANs can be further classified into the following:

  • MAC Address-based VLAN

In a MAC address-based VLAN, the VLAN membership is assigned to a device based on its Media Access Control (MAC) address instead of the switch port. The network access is, therefore, controlled by authenticating a host source's MAC address and mapping the incoming packet source MAC to a VLAN.

  • IP Subnet-based VLAN

In an IP (Internet Protocol) subnet-based VLAN, VLAN membership is assigned according to a device’s IP subnet. Users can move their devices without impacting their VLAN membership as long as their IP is not changed. Network administrators can move devices to a new VLAN by assigning a different IP address to them. This flexibility and simplified management make IP subnet-based VLAN a popular choice for large networks.

 
 

  • User-based VLAN

In a user-based VLAN, membership is assigned based on the username that is used to log onto a device.

  • Policy-based VLAN

In a policy-based VLAN, membership is assigned based on defined policies that are usually a combination of MAC addresses, IP addresses, etc. Policy-based VLAN membership can enhance network security while maintaining flexibility and ease of management that is characteristic of dynamic VLANs.

VLAN Connection Links

When building VLANs, you will often need to connect multiple switches or other network devices together. This kind of connection is referred to as connection links or interfaces in the world of networking. VLAN connection links are of the following types:

  • Access Link

An access link is a link that is part of only one VLAN and normally connects end devices.

To gain access to the local network, hosts connect to the switch’s access link. These links are ordinary switch ports but configured in a way that allows you to plug a device into them and access your network.


A device attached to an access link is unaware of its VLAN membership and assumes that it is simply part of a single broadcast domain. Since it can understand only standard Ethernet frames, during data transfers, the switch strips any VLAN information from the frames so the receiving device has no information about them.

  • Trunk Link

Trunk links differ from access links as they are often configured to carry multiple VLAN traffic. Trunk links are generally used to connect switches to other switches or to routers. This allows network administrators to extend a VLAN across the entire network. As the trunk link can span over multiple switches, they need to have the ability to carry packets from all available VLANs.

VLAN Tagging

In the previous section, we mentioned that trunk links carry packets (frames) from multiple VLANs. So how do the packets traveling in a trunk link find their way to the correct destination without getting mixed up and lost among all the packets from different VLANs? That’s where VLAN tagging, also called frame tagging, comes into the picture.

 
 

The VLAN tagging method adds a special tag to the frame sent across a trunk link and helps identify the packets. A packet is tagged with a VLAN tag in the Ethernet frame and this tag is used to tell which packet belongs to which VLAN. As the packets arrive at the end of the trunk link, the tag is removed and the frame is sent to the correct access link port.


VLAN tagging is done by adding the VLAN ID into the header to identify the network it belongs to. This helps in determining the right broadcast domain that the packet needs to be sent to. The switches need to be configured before they can handle the tagging process. In this way, VLAN tagging can be used to handle more than one VLAN on a port.

  • Tagged VLAN

A port is referred to as tagged when the interface expects frames containing VLAN tags. When a device sends a frame with a VLAN tag, the switch checks the tag and if allowed, it will forward the frame to all the ports configured with that VLAN.

  • Untagged VLAN

An untagged port connects to hosts such as servers and expects traffic without any VLAN tag on the frames. When a frame reaches an untagged port, the switch adds the VLAN tag with a VLAN ID the port is configured with. And when a frame leaves an untagged port, the switch removes the VLAN tag from the frame so that the traffic is forwarded as normal traffic.

  • Native VLAN

Sometimes, an untagged frame can reach a tagged port and to handle it, the tagged ports have a special VLAN called native VLAN configured on them. Therefore, a native VLAN offers a way of carrying untagged traffic across one or more switches. For example, when there is a trunk link between two switches, one switch can send untagged traffic on the native VLAN.

 
 

Conclusion

VLANs simplify network management by enabling you to aggregate users and network devices to best support business and security requirements without being restricted by the physical location or connection of the devices.

The ability to logically separate a segment of the network while keeping it on the same physical infrastructure makes the work of network administrators simpler. This can potentially free up their time that can be utilized to focus on other critical areas such as network security and compliance.

Is your organization in need of better network management? Are you happy with the performance and security of your current network setup? Reach out to us by clicking the button below to find out how we can fulfill all your network requirements.

If you liked the blog, please share it with your friends

Related Content:
Common Vulnerabilities In Computer Networks
Common Vulnerabilities In Computer Networks
Common Network Connectivity Problems Troubleshooting Guide
Common Network Connectivity Problems Troubleshooting Guide
WiFi 7: Everything You Need To Know
WiFi 7: Everything You Need To Know
Software-Defined Networking (SDN): Everything You Need To Know
Software-Defined Networking (SDN): Everything You Need To Know
Wireless Access Points: Everything You Need To Know
Wireless Access Points: Everything You Need To Know
What Is Network Resilience And How To Achieve It
What Is Network Resilience And How To Achieve It
Fundamentals Of Computer Network Security
Fundamentals Of Computer Network Security
Proxy Servers: Everything You Need To Know
Proxy Servers: Everything You Need To Know
Tips For Improving Your WiFi Network Performance
Tips For Improving Your WiFi Network Performance
Commonly Used Computer Networking Acronyms
Commonly Used Computer Networking Acronyms

About The Author

Avatar

Hari Subedi

Marketing Manager at Jones IT

Hari is an online marketing professional with a focus on content marketing. He writes on topics related to IT, Security, Small Business, and Mindfulness. He is also the founder and managing director of Girivar Kft., a business services company located in Budapest, Hungary.

   
 
 

1 Comment