VLAN Implementation Methods

 VLAN Implementation Methods

Frame Filtering:  It is a VLAN implementation technique a unique identifier is placed in the header of each frame. It learns which host belongs to which VLAN by exchanging the switching tables. In a network where we have many VLANs will consume a large CPU and memory because the switch needs to process long switching tables which slows down the performance of the network.

Here we have multiple PCs connected to these switches through VLAN 1 and VLAN 2, The VLANs have been mapped against the MAC address which shows which MAC address belongs to which VLAN.

Frame Tagging VLAN

This is considered the method for VLAN configuration and is widely used, where a VLAN tag is added to a frame to identify which frame belongs to which network. The VLAN tag is added to the frame when the frames reach a switch through an access port and when this frame is going out of a trunk link, the frame tag is removed, and the frame is then delivered to the desired destination.

 

The port whose frames are tagged with a specific VLAN ID becomes a member of the same VLAN and the frame processing for all the frames entering from them is the same.

 

VLAN as Mechanism for Security

Network segmentation with VLAN break big networks into small network with their own broadcast domains and every user gets connected to its own network. The VLANs only communicate with the host within the same VLAN and can not communicate with the host in other networks. This feature introduces security in the network.

Apart from this, we can also use layer-II security features like port security features to enhance protection in the network.

VLAN Membership Static/Dynamic

VLANs can be configured as both dynamic and static.

Static VLANs:  In static VLAN a device is connected to a configured port of the switch to join a virtual LAN and become a member of the network.

·         Here the ports to VLAN are manually configured.

·         Users can connect from anywhere through a member port.

·         Time-consuming while identifying member ports in closets.

Dynamic VLANs:   Based on the MAC address of the connected device switchport assigns VLAN if the device MAC has been configured with the VLAN.

·         Making and maintaining the MAC address database can be difficult.

·         Less effort is required to connect the device to the network in closets.

·         Central notification when unknown devices are connected.

Dynamic VLANs are more susceptible to security risks as MAC Addresses can be spoofed easily but static VLANs are more secure and greater security can be added by configuring port security also.