Virtual LAN - Implementation

Implementation

A basic switch not configured for VLANs has VLAN functionality disabled or permanently enabled with a default VLAN that contains all ports on the device as members. Every device connected to one of its ports can send packets to any of the others. Separating ports by VLAN groups separates their traffic very much like connecting the devices to another, distinct switch of their own.

Configuration of the first custom VLAN port group usually involves removing ports from the default VLAN, such that the first custom group of VLAN ports is actually the second VLAN on the device, in addition to the default VLAN. The default VLAN typically has an ID of 1.

If a VLAN port group were to exist only on one device, no ports that are members of the VLAN group need be tagged. These ports would hence be considered "untagged". It is only when the VLAN port group is to extend to another device that tagging is used. Since communications between ports on two different switches travel via the uplink ports of each switch involved, every VLAN containing such ports must also contain the uplink port of each switch involved, and these ports must be tagged. This also applies to the default VLAN.

Some switches either allow or require a name be created for the VLAN, but it is only the VLAN group number that is important from one switch to the next.

Where a VLAN group is to simply pass through an intermediate switch via two pass-through ports, only the two ports must be a member of the VLAN, and are tagged to pass both the required VLAN and the default VLAN on the intermediate switch.

Management of the switch requires that the administrative functions be associated with one of the configured VLANs. If the default VLAN were deleted or renumbered without first moving the management connection to a different VLAN, it is possible for the technician to be locked out of the switch configuration, requiring a forced clearing of the device configuration (possibly to the factory default) to regain access.

Switches typically have no built-in method to indicate VLAN port members to someone working in a wiring closet. It is necessary for a technician to either have administrative access to the device to view its configuration, or for VLAN port assignment charts or diagrams to be kept next to the switches in each wiring closet. These charts must be manually updated by the technical staff whenever port membership changes are made to the VLANs.

Remote configuration of VLANs presents several opportunities for a technician to cut off communications accidentally and lose connectivity to the devices they are attempting to configure. Actions such as subdividing the default VLAN by splitting off the switch uplink ports into a separate new VLAN can suddenly terminate all remote connectivity, requiring the device to be physically accessed at the distant location to continue the configuration process.

Read more about this topic:  Virtual LAN