![[previous]](../../../graphics/l_arrow.gif){kind=icon}
![[next]](../../../graphics/r_arrow.gif){kind=icon}
Setting up Virtual Local Area Networks (VLANs) on your Switch reduces the time and effort required by many network administration tasks, and increases the efficiency of your network.
This chapter explains more about the concept of VLANs and explains how they can be implemented on your Switch. It covers the following topics:
A VLAN is a flexible group of devices that can be located anywhere in a network, but they communicate as if they are on the same physical segment. With VLANs, you can segment your network without being restricted by physical connections - a drawback of traditional network design. As an example, with VLANs you can segment your network according to:
The main benefit of VLANs is that they provide a network segmentation system that is far more flexible than any traditional network. Using VLANs also provides you with three other benefits:
With traditional IP networks, network administrators spend much of their time dealing with moves and changes. If users move to a different IP subnet, the IP addresses of each endstation must be updated manually.
With a VLAN setup, if an endstation in VLAN 1 is moved to a port in another part of the network, you only need to specify that the new port forwards VLAN 1 traffic.
Devices within each VLAN can only communicate directly with devices in the same VLAN. If a device in VLAN 1 needs to communicate with devices in VLAN 2, the traffic needs to pass through a routing device or Layer 3 switch.
With traditional networks, congestion can be caused by broadcast traffic that is directed to all network devices whether they require it or not. VLANs increase the efficiency of your network because each VLAN can be set up to contain only those devices that need to communicate with each other.
Your Switch provides the following VLAN features:
The IEEE 802.1Q standard allows each port on your Switch to:
The standard requires that you define the following information about each VLAN on your Switch before the Switch can use it to forward traffic:
VLT (Virtual LAN Trunk) tagging is a proprietary 3Com system that allows a port to be placed in all the VLANs defined for your Switch.
A new or initialized Switch contains a single VLAN, the Default VLAN. This VLAN has the following definition:
All the ports are initially placed in this VLAN, and it is the only VLAN that allows you to access the management software of the Switch over the network.
If you want to move a port from the Default VLAN to another VLAN, you must first define information about the new VLAN on your Switch. To do this, you use the VLAN Setup page of the web interface; see "Defining VLAN Information".
When setting up VLANs you need to understand when to use untagged and tagged VLANs. Quite simply, if a port is in a single VLAN it can be untagged but if the port needs to be a member of multiple VLANs it must be tagged.
The IEEE 802.1Q standard defines how VLANs operate within an open packet-switched network. An 802.1Q compliant packet carries additional information that allows a switch to determine to which VLAN the port belongs. If a frame is carrying the additional data, it is known as tagged.
To carry multiple VLANs across a single physical (backbone) link, each packet must be tagged with a VLAN identifier so that the switches can identify which packets belong in which VLANs. Routers interconnect VLANs, so they must also understand 802.1Q tagging, so that they do not become bottlenecks for inter-VLAN traffic.
Once the information for a new VLAN has been defined, you can place a port in that VLAN. To do this, use the Untagged VLAN listbox on the Port Setup page of the web interface; see "Configuring a Port".
Your Switch supports VLAN tagging, a system that allows traffic for multiple VLANs to be carried on a single link. Two methods of VLAN tagging are supported: 802.1Q tagging and VLT (Virtual LAN Trunk) tagging.
This method of tagging is defined in the IEEE 802.1Q standard, and allows a link to carry traffic for any of the VLANs defined on your Switch. 802.1Q tagging can only be used if the devices at both ends of a link support IEEE 802.1Q.
To create an 802.1Q tagged link:
1 . Ensure that the device at the other end of the link uses the same 802.1Q tags as your Switch.
2 . Place the Switch port in the required VLANs using the VLAN Setup page of the web interface; see "Placing Ports in Multiple VLANs Using 802.1Q Tagging".
3 . Place the port at the other end of the link in the same VLANs as the port on your Switch.
You cannot create an 802.1Q tagged link with ports that already use VLT tagging (see "VLT Tagging" below).
This method of tagging is a proprietary system developed by 3Com, and allows a link to carry traffic for all the VLANs defined on your Switch. VLT tagging can only be used on links to legacy 3Com devices.
To create a VLT tagged link:
1 . Specify that the port is a VLT port using the VLT listbox on the Port Setup page of the web interface; see "Configuring a Port".
2 . Specify that the port at the other end of the link is a VLT port.
You cannot create a VLT tagged link with ports that already use 802.1Q tagging.
A VLT tagged link only carries traffic for VLANs defined on your Switch. In legacy 3Com devices, a VLT tagged link carries traffic for all VLANs automatically.
If an endstation supports IEEE 802.1Q, it can be configured to inform your network that it is to receive traffic for specific VLANs. If your Switch units have IEEE 802.1Q learning enabled, they can do the following:
IEEE 802.1Q VLAN Learning (GVRP) only works correctly in networks that have 16 or less 802.1Q VLANs.
The system works as follows:
1 . The configured 802.1Q endstation sends out a packet with a known multicast address to the whole network - this packet declares that the endstation is to receive traffic for specific VLANs.
2 . When the packet arrives at a port on a Switch with 802.1Q learning enabled, the Switch places the receiving port in the VLANs specified and then forwards the packet to all other ports.
3 . When the packet arrives at another Switch with 802.1Q learning enabled, it also places the receiving port in the VLANs specified and forwards the packet to all other ports. In this way the VLAN information is propagated throughout the network, and the required VLAN traffic can always reach the endstation from anywhere in the network.
For information about enabling 802.1Q learning for an individual port on your Switch, see "Configuring a Port". For information about enabling 802.1Q learning for a whole Switch or stack, see "Configuring the Advanced Stack Settings" .
For information about configuring IEEE 802.1Q functionality on an endstation, refer to the user documentation supplied with your endstation or the endstation's Network Interface Card (NIC).
Your Switch supports up to 16 VLANs, however the IEEE 802.1Q standard allows up to 4,094 VLANs to be defined on a network. If your network contains endstations that support 802.1Q, the Switch may need to forward traffic that uses unknown 802.1Q tags. This traffic is automatically forwarded if your Switch has 802.1Q learning enabled, but is not if 802.1Q learning is disabled.
To specify that a port can forward traffic containing unknown tags when 802.1Q learning is disabled, see "Configuring a Port". We recommend that you only forward unknown tags on ports connected to switch units that support IEEE 802.1Q (as shown in Figure 32).
Figure 32 Forwarding unknown 802.1Q tags
If the devices placed in a VLAN need to talk to devices in a different VLAN, each VLAN requires a connection to a routing or Layer 3 switching device. Communication between VLANs can only take place if they are all connected to a routing or Layer 3 switching device.
Your Switch supports VLANs using the IEEE 802.1Q VLAN standard, however legacy Switch units (for example, the SuperStack II Switch 1000) do not use this system. If you want to connect the VLANs on your Switch to the VLANs on legacy Switch units, note the following:
For examples of connecting VLANs on your Switch to VLANs on legacy Switch units, see "Connecting to a Legacy Network".
This section contains examples of simple VLAN configurations. It describes how to set up your switch to support simple untagged and tagged connections. For more advanced configuration examples, see "VLAN Configuration - Advanced Examples" on page 177.
The simplest VLAN operates in a small network using a single switch. In this network there is no requirement to pass VLAN traffic across a link. All traffic is handled by the single switch and therefore untagged connections can be used.
The example shown in Figure 33 illustrates a single Switch 1100 connected to endstations and servers using untagged connections. Ports 1, 3 and 13 of the Switch belong to VLAN 1, ports 10, 12 and 24 belong to VLAN 2. VLANs 1 and 2 are completely separate and cannot communicate with each other.
Figure 33 Simple example: Using untagged connections
To set up the configuration shown in Figure 33:
1 .
Configure the VLANs
Use the VLAN Setup page of the web interface to define VLAN 2 on the Switch. VLAN 1 is the default VLAN and already exists. Do not add the ports to the VLAN using this screen. For more information about creating a VLAN, see "Configuring VLANs" on page 83.
2 .
Edit the Port settings
Use the Untagged VLAN listbox on the Port Setup page of the web interface to:
3 .
Check the VLAN membership
Return to the VLAN setup page of the web interface to check VLAN 1 and VLAN 2. The relevant ports should be listed in the VLAN Members listbox.
In a slightly larger network the switch port may be connected to a hub rather than a single endstation to provide more connections to the VLAN. You can still use untagged connections, as data is not being passed between switches and the VLANs are still contained within a single switch.
The example shown in Figure 34 illustrates a Dual Speed Hub 500 and a Switch 3300 connected using untagged connections. The Switch 3300 has a SuperStack Switch Layer 3 Module installed, which allows it to provide Layer 3 switching which means that traffic can be passed between VLAN 1 and VLAN 2. On the Switch 3300, ports 1 and 14 belong to VLAN 1, and ports 2, 6 and 24 belong to VLAN 2. VLANs 1 and 2 can communicate using the Layer 3 Module.
Figure 34 Simple example: Untagged connections using hubs
To set up the configuration shown in Figure 34:
1 .
Configure the VLANs
Use the VLAN Setup page of the web interface to define VLAN 2 on the Switch 3300. VLAN 1 is the default VLAN and already exists. Do not add the ports to the VLAN using this screen. For more information about creating a VLAN, see "Configuring VLANs" on page 83
2 .
Edit the Port settings
Use the Untagged VLAN listbox on the Port Setup page of the web interface to:
3 .
Check the VLAN membership
Return to the VLAN setup page of the web interface to check VLAN 1 and VLAN 2. The relevant ports should be listed in the VLAN Members listbox.
4 .
Connect VLAN 1 and VLAN 2
Configure the Layer 3 Module to allow communication between VLANs 1 and 2. For more information, refer to the user documentation supplied with the Layer 3 Module.
5 .
Join the switch and hub
Connect port 13 of the Dual Speed Hub 500 to port 1 of the Switch 3300.
In a network with more than one switch where the VLANs are distributed amongst different switches, you must use 802.1Q tagged connections so that all VLAN traffic can be passed along the link between the switches.
The example shown in Figure 35 illustrates two Switch 1100 units. Each switch has endstations in both VLAN 1 and VLAN 2 and each switch has a server for a VLAN. All endstations in VLAN 1 need to be able to connect to the server attached to Switch 1 and all endstations in VLAN 2 need to connect to the server attached to Switch 2.
Figure 35 Simple example: 802.1Q tagged connections
To set up the configuration shown in Figure 35:
1 .
Configure the VLANs on Switch 1
Use the VLAN Setup page of the web interface to define VLAN 2. VLAN 1 is the default VLAN and already exists. Do not add the ports to the VLAN using this screen. For more information about creating a VLAN, see "Configuring VLANs" on page 83
2 .
Add untagged ports on Switch 1
Use the Untagged VLAN listbox on the Port Setup page of the web interface to place untagged ports in the appropriate VLAN
3 .
Add tagged port 26 on Switch 1
Use the VLAN Setup page of the web interface to assign port 26 on Switch 1 to both VLANs 1 and 2 so that all VLAN traffic is passed over the link.
4 .
Configure the VLANs on Switch 2
Use the VLAN Setup page of the web interface to define VLAN 2. VLAN 1 is the default VLAN and already exists. Do not add the ports to the VLAN using this screen. For more information about creating a VLAN, see "Configuring VLANs" on page 83
5 .
Add untagged ports on Switch 2
Use the Untagged VLAN listbox on the Port Setup page of the web interface to place untagged ports in the appropriate VLAN
6 .
Add tagged port 25 on Switch 2
Use the VLAN Setup page of the web interface to assign port 25 on Switch 2 to both VLANs 1 and 2 so that all VLAN traffic is passed over the link.
7 .
Check the VLAN membership for both switches
Return to the VLAN setup page of the web interface to check VLAN 1 and VLAN 2 for both switches. The relevant ports should be listed in the VLAN Members listbox.
8 .
Connect the switches
Connect port 26 on Switch 1 to port 25 on Switch 2.
The VLANs are now configured and operational and the endstations in both VLANs can communicate with their relevant servers.
The examples below describe how you can extend the functionality of simple VLANs to provide more features and functionality within your network.
The example shown in Figure 36 shows a network that has endstations that support IEEE 802.1Q and network devices that have 802.1Q learning enabled. The 802.1Q functionality of each endstation informs the network that it is to receive traffic for certain VLANs, and the network devices automatically place the endstation in those VLANs. In addition, the links between the network devices are automatically configured to forward traffic that contains unknown 802.1Q tags.
Figure 36 Using 802.1Q learning
To set up the configuration shown in Figure 36:
1 . Configure the endstations attached to the left Switch 1100 so that they belong to VLANs 1, 2 and 3.
2 . Configure the endstations attached to the right Switch 1100 so that they belong to VLANs 4, 5 and 6.
3 . Enable 802.1Q learning on the left Switch 1100 using the 802.1Q VLAN Learning listbox on the Advanced Stack Setup page of the web interface.
4 . Enable 802.1Q learning on the right Switch 1100 using the 802.1Q VLAN Learning listbox on the Advanced Stack Setup page of the web interface.
5 . Enable 802.1Q learning on the Switch 3300 using the 802.1Q VLAN Learning listbox on the Advanced Stack Setup page of the web interface.
6 . Configure the Layer 3 Module to allow communication between VLANs 1 to 6. For more information, refer to the user documentation supplied with the Layer 3 Module.
7 . Connect port 26 of the left Switch 1100 to port 1 of the Switch 3300.
8 . Connect port 25 of the right Switch 1100 to port 3 of the Switch 3300.
The example shown in Figure 37 illustrates a Switch 1100 that has been connected to a legacy network using a VLT tagged link:
To set up this configuration:
1 . Configure the VLANs on the Switch 1100:
2 . Connect port 26 on the Switch 1100 to port 1 on the Switch 3000 10/100.
Figure 37 Connecting to legacy VLANs using VLTs
To configure the Switch 1000, Switch 3000 10/100 and router, refer to the user documentation supplied with them.