Principle of VLAN Communication
Basic Principle of VLAN Communication
To improve the efficiency in processing frames, frames within a switch all carry VLAN tags for uniform processing. When a data frame reaches a port of the switch, if the frame carries no VLAN tag and the port is configured with a PVID, the frame is marked with the port's PVID. If the frame has a VLAN tag, the switch will not mark a VLAN tag for the frame regardless of whether the port is configured with a PVID.
The switch processes frames differently according to the type of port receiving the frames. The following describes the frame processing according to the port type.
Port Type |
Untagged Frame Processing |
Tagged Frame Processing |
Frame Transmission |
|---|---|---|---|
Access port |
Accepts an untagged frame and adds a tag with the default VLAN ID to the frame. |
|
After the PVID tag is stripped, the frame is transmitted. |
Trunk port |
|
|
|
Hybrid port |
|
|
If the frame's VLAN ID is permitted by the port, the frame is transmitted. The port can be configured whether to transmit frames with tags. |
QinQ port |
QinQ ports are enabled with the IEEE 802.1 QinQ protocol. A QinQ port adds a tag to a single-tagged frame, and supports a maximum of 4094 x 4094 VLAN tags, which meets the requirement on the number of VLANs. |
||
Because all interfaces join VLAN 1 by default, broadcast storms may occur if unknown unicast, multicast, or broadcast packets exist in VLAN 1. To prevent loops, delete interfaces that do not need to be added to VLAN 1 from VLAN 1.
Intra-VLAN Communication
Sometimes VLAN users are connected to different switches, in which case the VLAN spans multiple switches. Since ports between these switches must recognize and send packets belonging to the VLAN, the trunk link technology becomes helpful in simplifying this solution.
The trunk link plays the following two roles:
Trunk line
The trunk link transparently transmits VLAN packets between switches.
Backbone line
The trunk link transmits packets belonging to multiple VLANs.
As shown in Figure 5-7, the trunk link between DeviceA and DeviceB must both support the intra-communication of VLAN 2 and the intra-communication of VLAN 3. Therefore, the ports at both ends of the trunk link must be configured to belong to both VLANs. That is, Port2 on DeviceA and Port1 on DeviceB must belong to both VLAN 2 and VLAN 3.
User A sends a frame to User B in the following process:
- The frame is first sent to Port4 on DeviceA.
- A tag is added to the frame on Port4. The VID field of the tag is set to 2, that is, the ID of the VLAN to which Port4 belongs.
- DeviceA queries its MAC address table for the MAC forwarding entry
with the destination MAC address of User B.
- If this entry exists, DeviceA sends the frame to the outbound interface Port2.
- If this entry does not exist, DeviceA sends the frame to all interfaces bound to VLAN 2 except for Port4.
- Port2 sends the frame to DeviceB.
- After receiving the frame, DeviceB queries its MAC address table
for the MAC forwarding entry with the destination MAC address of User B.
- If this entry exists, DeviceB sends the frame to the outbound interface Port3.
- If this entry does not exist, DeviceB sends the frame to all interfaces bound to VLAN 2 except for Port1.
- Port3 sends the frame to User B.
Inter-VLAN Communication
After VLANs are configured, users in different VLANs cannot directly communicate with each other. To implement communication between VLANs, use either of the following methods:
Layer 3 sub-interface
As shown in Figure 5-8, DeviceA is a Layer 3 switch supporting Layer 3 sub-interface, and DeviceB is a Layer 2 switch. LANs are connected using the switched Ethernet interface on DeviceB and the routed Ethernet interface on DeviceA. User hosts are assigned to VLAN2 and VLAN3. To implement inter-VLAN communication, configure as follows:
On DeviceA, create two Layer 3 sub-interfaces Port1.1 and Port2.1 on the Ethernet interface connecting to DeviceB, and configure 802.1Q encapsulation on Layer 3 sub-interfaces corresponding to VLAN2 and VLAN3.
Configure IP addresses for Layer 3 sub-interfaces.
Set types of Ethernet interfaces connecting DeviceB and DeviceA to Trunk or Hybrid, to allow VLAN2 and VLAN3 frames.
Set the default gateway address to the IP address of the Layer 3 sub-interface mapping the VLAN to which the user host belongs.
Host A communicates with host C as follows:
- Host A checks the IP address of host C and determines that host C is in another VLAN.
- Host A sends an ARP request packet to DeviceA to request DeviceA's MAC address.
- After receiving the ARP request packet, DeviceA returns an ARP reply packet in which the source MAC address is the MAC address of the Layer 3 sub-interface mapping VLAN2.
- Host A obtains DeviceA's MAC address.
- Host A sends a packet whose destination MAC address is the MAC address of the Layer 3 sub-interface and destination IP address is host C's IP address to DeviceA.
- After receiving the packet, DeviceA forwards the packet and detects that the route to host C is a direct route. The packet is forwarded by the Layer 3 sub-interface mapping VLAN3.
- Functioning as the gateway of hosts in VLAN3, DeviceA broadcasts an ARP packet requesting host C's MAC address.
- After receiving the packet, host C returns an ARP reply packet.
- After receiving the reply packet, DeviceA sends the packet from host A to host C. All packets sent from host A to host C are sent to DeviceA first to implement Layer 3 forwarding.
VLANIF interface
Layer 3 switching combines routing and switching techniques to implement routing on a switch, improving the overall performance of the network. After sending the first data flow, a Layer 3 switch generates a mapping table on which it records the mapping between the MAC address and the IP address for the data flow. If the switch needs to send the same data flow again, it directly sends the data flow at Layer 2 based on the mapping table. In this manner, network delays caused by route selection are eliminated, and data forwarding efficiency is improved.
In order for new data flows to be correctly forwarded, the routing table must have the correct routing entries. Therefore, VLANIF interfaces are used to configure routing protocols on Layer 3 switches to reach Layer 3 routes.
A VLANIF interface is a Layer 3 logical interface, which can be configured on either a Layer 3 switch or a router.
As shown in Figure 5-9, hosts connected to the switch are assigned to VLAN 2 and VLAN 3. To implement inter-VLAN communication, configure as follows:
Create two VLANIF interfaces on the device, and configure IP addresses for them.
Set the default gateway address to the IP address of the VLANIF interface mapping the VLAN to which the user host belongs.
Host A communicates with host C as follows:
- Host A checks the IP address of host C and determines that host C is in another subnet.
- Host A sends an ARP request packet to Device to request Device's MAC address.
- After receiving the ARP request packet, Device returns an ARP reply packet in which the source MAC address is the MAC address of VLANIF2.
- Host A obtains Device's MAC address.
- Host A sends a packet whose destination MAC address is the MAC address of the VLANIF interface and destination IP address is host C's IP address to Device.
- After receiving the packet, Device forwards the packet and detects that the route to host C is a direct route. The packet is forwarded by VLANIF3.
- Functioning as the gateway of hosts in VLAN3, Device broadcasts an ARP packet requesting host C's MAC address.
- After receiving the packet, host C returns an ARP reply packet.
- After receiving the reply packet, Device sends the packet from host A to host C. All packets sent from host A to host C are sent to Device first to implement Layer 3 forwarding.
