lans and vlans - avaya support and vlans a simplified tutorial avaya labs _____ application note...
TRANSCRIPT
1
LANs and VLANsA Simplified TutorialLANs and VLANsA Simplified Tutorial
Avaya Labs
_____________________________________________________________
Application Note_____________________________________________________________
_____________________________________________________________
Application Note_____________________________________________________________
Version 3.0May 2002COMPAS ID 90947
2
Companion documentCompanion document
• IP Addressing: A Simplified TutorialCOMPAS ID 92962
3
IntroductionIntroduction
As the name implies, the purpose of this presentation is to provide a simplified tutorial on local area networks (LANs) and virtual local area networks (VLANs).
The instructions and terminology used in this presentation attempt to comply with industry practices and written standards. They represent the generally accepted implementations of the written standards.
It is important to understand that written standards are sometimes ambiguous, and are thus implemented differently among various vendors. This tutorial seeks to balance between the two and does not rely solely on written standards or specific implementations.
All IP addresses and numbering schemes in this tutorial are hypothetical, and used for illustration purposes.
4
First, the basicsFirst, the basics
5
OSI and TCP/IPOSI and TCP/IPOSI Reference
ModelTCP/IP Terms used in this tutorial
7 – Application6 – Presentation5 – Session
Application
4 – Transport Host – to – Host(TCP/UDP)
3 – Network Internet (IP) router, subnet, IP address2 – Data Link switch, VLAN, MAC address,
Ethernet1 – Physical
Network Interface
hub
• This table is presented for reference purposes.– The first column shows the 7-layer OSI Reference Model, which is a model
used to design protocols that make networking possible.– The second column shows the TCP/IP protocol stack in reference to the OSI
model. TCP/IP is the prevalent protocol stack for data networking.– The third column shows the terms that will be used in this tutorial, in reference
to both OSI and TCP/IP.
6
Hub (a collision domain)Hub (a collision domain)• A hub is a L1 (physical layer) multi-port repeater.
– It receives a signal on one port, regenerates it, and transmits it out all ports.– All devices connected to a hub receive any transmission on that hub,
regardless of the intended recipient.– Note: Simple hubs have a single bus that is capable of operating at either 10Mbps or
100Mbps, but not both. These are pure L1 devices, no “smarter” than the original coax Ethernet bus they replaced. The very common 10/100 hubs actually have two buses, a 10M bus and a 100M bus, which are bridged. This bridging function is a L2 function, so technically speaking 10/100 hubs are not pure L1 devices.
• Two or more devices on a hub cannot transmit at the same time.– When two or more devices simultaneously transmit, there is a collision.– The devices must back off and re-transmit at dispersed intervals, so that only
one device is transmitting at any given time.• Because of these characteristics, a hub (or a group of hubs connected
together) is known as a collision domain.• Hubs operate only at half duplex; attached devices cannot transmit and
receive at the same time.• Generally speaking, only four 10M hubs or two 100M hubs can be
connected together.
7
Switch (a broadcast domain)Switch (a broadcast domain)• A switch is more than just a repeater. It is a L2 (data link layer) bridge,
which means that it is “aware” of L2 MAC addresses.– MAC addresses and Ethernet frames will be discussed in more detail later.
• A switch keeps track of which devices are connected to which ports by maintaining a table of the MAC-address-to-switch-port mapping.
– We’ll simply call this the MAC table. It is populated by recording the source MAC addresses of incoming Ethernet frames on each port.
– MAC table entries are designed to time out, typically after a few minutes, if no other frame from the same source is not received on that port.
• Transmissions on a switch are sent only to the intended recipients, determined by the destination MAC address.
– The exception to this is if the destination MAC address is not already in the MAC table, in which case the Ethernet frame is transmitted out all ports.
• Broadcasts are sent to all recipients, as they are intended to be.• For this reason, a switch (or a group of switches connected together) is
known as a broadcast domain.• Switches can operate at full duplex; multiple attached devices can
transmit and receive at the same time.
8
An overview of LANsAn overview of LANs
9
• A single hub or switch is a physical LAN segment.
– “Ethernet segment” is more precise, but we’ll use the general term.
• An IP endpoint (PC, server, IP phone, etc.) is a host and has an IP address.
– In this diagram the hub or switch itself is also a host, with an IP address.
• A LAN segment typically contains one IP network or sub-network. There is a difference between the two, but the term “subnet” is generally used.
– We will not address in detail the case of two or more subnets residing on one LAN segment, which is a valid but uncommon case.
• This subnet is 10.1.1.0 with subnet mask 255.255.255.0, which implies…– Host addresses are 10.1.1.1 through 10.1.1.254.– Broadcast address is 10.1.1.255, which is the IP address used to transmit to
all hosts on the subnet.• All hosts are “aware” of their individual subnet and mask, and what that
implies.
10
• Two or more hubs or switches connected together still constitute one physical LAN segment.
• The only differences between this diagram and the previous are…– Having two hubs or switches increases the port density.– The up-link between the two devices may be a bottleneck.
• Note: It is not required that a hub or switch have an IP address. However, the device is very likely to have an IP address if it is remotely manageable (ie, configure, troubleshoot, view statistics, upgrade firmware, etc). Otherwise, the device must be managed via a console port or not at all.
11
• Now we’ve added a second LAN segment, which contains a different IP subnet.
• All hosts on the second subnet have addresses pertaining to that subnet.
• Hosts on one subnet cannot communicate with hosts on the other subnet.– The obvious reason is that the two LAN segments are physically separated.– However…
12
Break for an explanation of ARPBreak for an explanation of ARP
13
IP addresses and MAC addressesIP addresses and MAC addresses• An IP address is a 32-bit Network Layer (L3) address on the OSI model.
It is configured on each IP host.• A MAC address is a 48-bit Data Link Layer (L2) address on the OSI
model. It is typically “burned in” to the network interface card or equivalent, and is a combination of the manufacturer ID and the board ID (serial number).
• An IP packet, with source and destination IP addresses, is encapsulated in an Ethernet frame, with source and destination MAC addresses. The Ethernet frame is then transmitted on the LAN segment.
• On a LAN segment, hosts communicate with one another using MAC addresses, even though applications use IP addresses.
– Therefore, each IP host must resolve the destination IP address to the destination MAC address before sending an IP packet.
– This is done using the Address Resolution Protocol (ARP).
14
How ARP worksHow ARP works• Host X needs to send an IP packet to host Y but only knows Y’s IP
address.• X sends an ARP Request message containing Y’s IP address, which is
broadcast to all the hosts on the LAN segment.– Remember that hosts communicate with each other using MAC addresses.– This broadcast is a MAC broadcast, which means that the destination MAC
address is a L2 broadcast address (all 48 address bits are ones).– The source MAC address of this ARP Request message is X’s MAC address.
• All hosts on the LAN segment receive the ARP Request message, but only Y recognizes the request as pertaining to its IP address.
– The ARP Request message contains X’s MAC and IP addresses.– All hosts make an entry with this mapping in their respective ARP caches.
• Y sends a unicast ARP Reply message containing its MAC and IP addresses directly to X.
– X now knows Y’s MAC and IP addresses, and makes a corresponding entry in its ARP cache.
• Entries in ARP caches are designed to time out, typically after a few minutes. When this happens, the ARP process is repeated.
15
Back to LANsBack to LANs
16
• Take the previous diagram and connect the two segments together to make one physical LAN segment (not recommended).
• Hosts on one subnet still could not communicate with hosts on the other subnet because…
– Hosts are “aware” of their subnet and will only ARP for addresses in their subnet. For example, 10.1.1.11 will not ARP for 10.1.2.11.
– To get to hosts on another subnet, an IP gateway is required.• But broadcasts (including ARPs) would be seen by all hosts because…
– The broadcast is at the MAC layer (L2) and is seen by all hosts on the same physical LAN segment.
17
• But wait. We said that each IP subnet had a broadcast IP address, so why doesn’t that limit the broadcast to just one subnet?
• Yes, the broadcast address for subnet 10.1.1.0 with mask 255.255.255.0 is 10.1.1.255. And the broadcast address for subnet 10.1.2.0 with mask 255.255.255.0 is 10.1.2.255.
• But hosts can’t communicate using IP addresses, so these IP broadcasts are converted to MAC broadcasts.
• The sequence is as follows…– Host 10.1.1.11 sends a broadcast packet to 10.1.1.255.– The IP packet with destination broadcast IP address 10.1.1.255 is
encapsulated in an Ethernet frame with destination broadcast MAC address FFFFFFFFFFFF (hex for 48 binary ones).
– Every host on the LAN segment sees the MAC broadcast.– Only hosts on subnet 10.1.1.0 dig deeper into the IP packet.– Hosts on subnet 10.1.2.0 must examine the MAC broadcast, but ignore the IP
broadcast because it pertains to a different subnet.
18
• Now it should be more clear why a LAN segment typically has only one associated IP subnet.
• Why broadcast messages to hosts that don’t need to see them?
• In most cases it is preferable to maintain a 1-to-1 mapping of a L2 broadcast domain (physical LAN segment) to a L3 broadcast domain(logical IP subnet).
• Note: Having two different routers with different subnets on one LAN segment can also cause serious problems with routing in rare configurations, which will not be discussed in detail here.
19
• Enter the router - the IP gateway. This is a L3 (network layer) device.• Now when host 10.1.1.11 wants to send an IP packet to host 10.1.2.11,
host 1.11 forwards the packet to the gateway (1.254 in this diagram).• This router forwards the packet directly to the 2.11 host because the
10.1.2.0 subnet is directly connected. Otherwise, the packet would be forwarded to the next hop router en route to that subnet.
• The router, which is a L3 boundary, is a broadcast barrier.– Broadcasts on one subnet are not transmitted across the router to the other
subnet, unless specifically configured to do so.
20
• What if we were to connect the two LAN segments together? (again, not recommended, and might produce an error condition on the router)…
– Hosts on one subnet would still require the router to communicate with hosts on the other subnet.
– But now the broadcasts would “leak” from one subnet to the other, because we’ve created one LAN segment.
– We have one L2 broadcast domain (LAN segment) with two L3 broadcast domains (IP subnet) :-(
21
Transition to VLANsTransition to VLANs
22
• A “smart” L2 switch is required to implement VLANs, which are specified in the IEEE 802.1Qstandard.
– Hubs no longer apply, because they are simply dumb repeaters that operate at L1.
– Simple switches with no 802.1Q intelligence also do not apply.
• A filtering database resident on the switch keeps track of which ports belong on which VLAN.
• Every port belongs to at least one VLAN, which is the port/native VLAN.– The 802.1Q standard and most Cajun switches call this the port VLAN, with
an associated port VLAN ID (PVID).– Cisco switches call this the native VLAN.– Although VLAN1 is the default port/native VLAN, this can be changed on a
per port basis by configuration.• What was once a physical LAN segment is now a logical VLAN.
23
• If we want to add a second VLAN, we don’t need a second switch.– We simply create another VLAN on the same switch and assign the desired
ports to that VLAN (we change the port/native VLAN on the desired ports).– The switch’s filtering database maintains the port-to-VLAN mapping.– This diagram is analogous to having two separate switches or LAN segments.
• By default a host pertains to the port/native VLAN of the connected port, and must be configured with the proper IP address for that VLAN.
– In this diagram hosts on VLAN1 are on one IP subnet, and hosts on VLAN2 are on a different IP subnet, which is the correct implementation.
– In this diagram the switch itself is configured to be a host on VLAN1.
24
Continuing with the same diagram...
• What was before two separate LAN segments is now two VLANs, and all the same conditions apply.
– Hosts on VLAN1 cannot communicate with hosts on VLAN2 without an IP gateway. This would be true even if we physically connected the two VLANs together with a cross-over cable.
– Broadcasts on VLAN1 do not “leak” onto VLAN2, but they would if we were to connect the two VLANs together with a cross-over cable.
• What if we did connect the two VLANs together with a cross-over cable?– In effect, this results in one VLAN (one L2 broadcast domain) with two
subnets (two L3 broadcast domains), which is not desired.– No different than connecting two physical LAN segments together.
25
• So how do we get the two subnets to talk to each other?• Again, an IP gateway is required. And as before with two LAN segments,
an external router could be used to provide the gateway function.• However, this is not how it is typically accomplished.
– This diagram is here mainly so that the reader can make a connection between an external router servicing two LAN segments, and one servicing two VLANs.
– There is no difference.
26
• Today it is more common to see switches with both L2 and L3 functions (Avaya Cajun, Cisco Catalyst, and many others).
• The switching function (L2) continues to maintain a filtering database to keep track of VLANs and ports, just as before.
• The routing function (L3) resident on the switch fills the gateway role previously filled by an external router, and performs many of the other functions previously performed by an external router.
– Instead of physical router interfaces, we now have virtual router interfaces.– Instead of physical connections between the router and the switch(es), we
now have logical connections.
27
Continuing with the same diagram...
• One major difference is the mapping between L2 and L3 domains.• Remember before that it was possible for one LAN segment to have two
connections from an external router to service two IP subnets, which was not recommended.
• In this case, we could not create another virtual router interface (L3) for VLAN1 or VLAN2 (L2), nor would we want to.
– Each L2 entity (VLAN) can have only one L3 (virtual router) interface with only one IP subnet.
– This maintains the 1-to-1 mapping between L2 and L3 broadcast domains.– The only way to add a second IP subnet to a VLAN (not recommended) would
be to use an external router.
28
Let’s recap before moving on...Let’s recap before moving on...• A hub is a L1 device, a switch a L2 device, and a router a L3 device.• A hub is a collision domain (all devices see all transmissions), so by
default it has the characteristics of a broadcast domain (all devices see broadcast transmissions).
• A physical LAN segment (with at least one switch, let’s say, to avoid argument) is a L2 broadcast domain, and so is a VLAN.
– Hence a VLAN is the logical equivalent of a physical LAN segment…– with the caveat that a VLAN is always switched, whereas a LAN segment may
contains switches and hubs.• An IP subnet is a L3 broadcast domain.• Under most circumstances, we prefer to maintain a 1-to-1 mapping of a
L2 broadcast domain to a L3 broadcast domain. Therefore…– A physical LAN segment contains one IP subnet.– A VLAN contains one IP subnet.
• Each upper layer device/function is a boundary for the lower layer device/function.
– A router is a boundary between broadcast domains.– A switch is a boundary between collision domains.
29
Move forward to 802.1Q trunkingMove forward to 802.1Q trunking
30
How do we interconnect two or more of these smart L2 switches together?How do we interconnect two or more of these smart L2 switches together?
• Physically connecting the VLANs together is one way, but it is not the recommended way.
– This slide and the following are primarily for illustration purposes! Do not try this in your enterprise :-)
• This creates two VLANs that traverse multiple switches.
• Note: This scenario requires multiple instances of the Spanning Tree Protocol -one instance per VLAN on each switch. Otherwise, a single Spanning Tree process running on each switch would cause them to block one of these links to prevent a Spanning Tree loop. Most advanced switches implement per-VLAN Spanning Tree in a proprietary implementation, as it is not yet standard.
31
• But we don’t want to have to do this
• This creates five VLANs that traverse multiple switches.
BUT...
• A simple wiring error through the closets could end up in this.
– This is a technically valid configuration.– VLANs are local to the Ethernet switch and
do not have to match across switches.– But probably no one would intentionally do
something like this.
32
So how do we connect two or more smart L2 switches together and maintain VLAN numbering consistency?So how do we connect two or more smart L2 switches together and maintain VLAN numbering consistency?
• We trunk the VLANs.– On each switch we configure a trunk port (can be any Ethernet port) that is
logically connected to multiple VLANs.– Then we connect the trunk ports together.
• The numbering is kept consistent through the use of 802.1Q tags.
33
Terminology checkTerminology check• access port / link - 802.1Q terms to define a port with one or more
untagged VLANs, and a link connecting two such ports.• trunk port / link - 802.1Q term to define a port with multiple VLANs that
are all tagged, and a link connecting two such ports.• hybrid port / link - 802.1Q term to define a port with both untagged and
tagged VLANs, and a link connecting two such ports.
• VID - 802.1Q acronym for VLAN ID• PVID - 802.1Q acronym for port VLAN ID
• tagged frame - An Ethernet or 802.3 frame with the 802.1Q tag.• clear frame - An Ethernet or 802.3 frame with no tag.
• VLAN trunking - a generic networking vernacular term to describe the process of forwarding multiple VLANs across a single link, whether via 802.1Q or proprietary protocols like Cisco’s ISL.
34
802.1Q tag802.1Q tag
35
802.1Q tag continued802.1Q tag continued
• The preceding diagram shows the IEEE 802.1Q tag and its insertion point within the Ethernet and 802.3 frames. (The term “Ethernet” is commonly used to describe both types of frames, although the two are different.)
• The 802.1Q tag contains 3 priority bits and 12 VLAN ID bits.– The priority bits are the reason why 802.1Q is often referred to as 802.1p/Q.– The VID bits make trunking possible.
• Ethernet switches and endpoints must be capable of interpreting the 802.1Q tag to make use of the tag.
• If an Ethernet switch or an endpoint cannot interpret the 802.1Q tag, the presence of the tag may cause problems.
36
How VLAN trunking works w/ 802.1QHow VLAN trunking works w/ 802.1Q
Continuing with the previous trunking diagram...
• When one switch sends an Ethernet frame to the other, the transmitting switch inserts the 802.1Q tag with the appropriate VID (with the exception of the PVID/native VID in some cases).
• The receiving switch reads the VID and forwards the Ethernet frame to the appropriate VLAN.
37
VLAN trunking is not the same as VLAN configuration.VLAN trunking is not the same as VLAN configuration.
• The VLANs must be configured independently on each switch, using any of the following methods.
… manually via the CLI or web interface.… with a VLAN management tool provided by the vendor.… automatically with a standard protocol like GVRP (GARP VLAN Registration
Protocol), which works in conjunction with 802.1Q.… automatically with a proprietary protocol like Cisco’s VTP (Virtual Trunking
Protocol), which works in conjunction with Cisco’s proprietary ISL (Inter-Switch Link) trunking protocol.
• 802.1Q trunking simply matches VIDs across switches. It does not help if the VIDs cannot be matched…
38
Default tagging behavior on most Catalyst switchesDefault tagging behavior on most Catalyst switches• Every port, including hybrid/trunk ports, has a native VLAN.• By default, enabling 802.1Q trunking on most Catalyst switches results in
a hybrid configuration.– The transmitting switch does not tag frames originating from the native VLAN
of the egress port, but tags all other VLANs.– The receiving switch forwards all clear frames to the native VLAN of the
ingress port, and all tagged frames to the appropriate VLAN.• Because the native VLAN is not tagged, the native VIDs do not have to
match. Both of the following scenarios are technically valid, but probably no one would intentionally implement the second scenario.
39
Default tagging behavior on Avaya’s Cajun switchesDefault tagging behavior on Avaya’s Cajun switches
• Every port, including trunk ports, has a port VLAN.• Other VLANs are added to a port via the “bind-to-xxxx” commands.• In terms of egress…
– There is no hybrid scenario on Cajun switches.– An access port with just the port VLAN sends the port-VLAN frames clear.– An access port bound to multiple VLANs sends all frames clear, including
port-VLAN frames.– A trunk port sends all frames tagged, including port-VLAN frames.– Note: Whether in a single-VLAN or multi-VLAN configuration, 802.1Q trunking must not
be enabled on Cajun switches when connecting to an Avaya TM IP phone with an attached PC, because the PC cannot interpret the tag.
• In terms of ingress…– An access port with just the port VLAN accepts clear frames and priority-
tagged frames (frames with VID zero - discussed in the next slide).– An access port bound to multiple VLANs accepts clear frames or priority-
tagged frames on the port VLAN, and VLAN-tagged frames on the other VLANs.
– A trunk port behaves exactly like an access port in terms of ingress traffic.
40
VLAN ID zero (0)VLAN ID zero (0)• VID 0 is the null VID.
– It is used when the 802.1Q tag contains only priority information.– The VID field cannot be removed from the tag, so zero is used to indicate that
there is no VID.– Because there is no VID, it is treated like a clear frame and associated with
the port/native VLAN of the ingress port.– 802.1Q trunking may or may not be enabled when using the null VID,
provided the receiving switch is capable of interpreting the tag.• The null VID should be used to associate priority-tagged frames to the
port/native VLAN of the ingress port.– The point of the null VID is that the frame belongs on the port/native VLAN,
regardless of what it may be.– It should not be necessary to tag a frame with the PVID/native VID; the switch
should associate VID zero with the port/native VLAN.• This becomes critical for PCs with NICs that are capable of tagging the priority
value but not the VID, and thus leave the field as zero.– Although zero should be used, tagging with the PVID/native VID instead of
zero typically does not hinder operation. Some Cisco switches actually require this because they don’t understand VID zero.
• Note: There is no null priority. Priority zero is a priority with value zero.
41
Sample of how Cisco handles VLAN ID zero (results from lab testing)Sample of how Cisco handles VLAN ID zero (results from lab testing)
• Catalyst 6509 w/ CatOS 6.1(2): Accepted VID zero for the native VLAN when 802.1Q trunking was enabled on the port. In this case, all but the native VLAN should be cleared off the trunk.
• Catalyst 4000 w/ CatOS 6.3(3): Would not accept VID zero for the native VLAN. Opened a case with Cisco TAC, and TAC engineer said it was a hardware problem in the 4000. Bug ID is CSCdr06231. Workaround is to enable 802.1Q trunking and tag with native VID instead of zero. Again, clear all but the native VLAN off the trunk.
• Catalyst 3500XL w/ IOS 12.0(5)WC2: Accepted VID zero for the native VLAN when 802.1Q trunking was disabled on the port.
• Conclusion: Note the hardware platform and OS version and consult Cisco’s documentation, or call TAC.
42
How Cajun handles VLAN ID zeroHow Cajun handles VLAN ID zero
• All Cajun switches accept VID 0 as pertaining to the port VLAN, regardless of how the Cajun is configured.
43
To tag or not to tagTo tag or not to tag
• To tag…– Tag with the proper VID and desired priority when transmitting to a hybrid port
and the frame belongs on a VLAN other than the port/native VLAN.– Tag with VID 0 and the desired priority when transmitting to a hybrid port and
the frame belongs on the port/native VLAN.– Tag with VID 0 and the desired priority when transmitting to an access port.
• The switch should accept this and forward the frame to the port/native VLAN.• This would only be done if the priority value is significant (non-zero). Otherwise,
there should be no tag at all.– On hybrid ports, a Catalyst switch tags the non-native-VLAN egress traffic
with the proper VID and priority.
44
To tag or not to tagTo tag or not to tag
• Not to tag…– Do not tag when transmitting to a hybrid port and the frame belongs on the
port/native VLAN and has no special priority requirement.– Do not tag when transmitting to an access port and the frame has no special
priority requirement.– By default, Catalyst switches do not tag native-VLAN egress traffic at all, even
if the frame has a non-zero priority. Cajun switches do not tag port-VLAN egress traffic unless 802.1Q trunking is enabled.
• This is to accommodate devices that do not understand the tag, and would thus misinterpret or discard the tagged frame.
• To forward priority information from the port/native VLAN to another switch, the link must be a trunk link, meaning that the port/native VLAN must also be tagged.
• Pure speculation: The 802.1Q tag came after the Ethernet frame to facilitate VLAN trunking and L2 priority tagging. The tag is not integrated into the Ethernet frame but is added to it when necessary. As VLAN trunking and priority tagging become commonplace with the proliferation of 802.1Q-capable NICs and network devices, we may see the 802.1Q tag become integrated into the Ethernet frame.
45
Finally, some scenariosFinally, some scenarios
46
• Here are two variations of a common scenario.
• Routing between VLANs is performed by the L2/L3 switch.
– This is the distribution switch.
• Users connect to L2 switches.
– These are access switches that may or may not be VLAN-capable.
• This can be expanded out to many more VLANs than shown.
47
• Here is another variation of the same scenario.• Routing between VLANs is still performed by the L2/L3 distribution switch.• But now the access switches have multiple VLANs, and the uplinks to the
distribution switch are hybrid or trunk links.• VLAN1 is the management VLAN in this setup.
– The access switches are hosts on VLAN1.– Management stations, such as an SNMP server, are connected to VLAN1.
• VLANs 2-5 are user VLANs for devices such as user PCs.
48
• Here is a different scenario.• Now the access switches are
also L2/L3 switches.• Each access switch routes its
own user VLANs (101-104).
• The distribution switch routes between access switches and other external networks.
• VLANs 1-5 are uplink VLANs; there are no users on these VLANs.– Each uplink VLAN connects a group of access switches to the distr switch.
• VLANs 101-104 are user VLANs.– These VLANs are local to their respective access switches.– Broadcasts from these VLANs are not transmitted across the uplinks.
• In the previous scenario the user VLANs traverse the access and distribution switches, which results in broadcasts across the uplinks.
49
• So we make the shared ports hybrid or multi-VLAN ports, make the even VLAN the port/native VLAN, and tag the phone traffic with the odd VID.
– The clear PC traffic is forwarded to the port/native VLAN, and the tagged phone traffic is forwarded to the appropriate VLAN.
• Here we’ve added an IP telephony twist.
• The even-numbered user VLANs are “data” VLANs.
• The odd-numbered user VLANs are “voice” VLANs.
• PCs are connected into the even VLANs and IP phones are connected into the odd VLANs.
• But some of the PCs must “piggyback” on the phones to share a common port.
50
ConclusionConclusion• At first the Ethernet LAN was a shared coax bus (thick-net, thin-net).• The hub replaced the coax bus, but there were still collisions on the hub.• The switch replaced the hub and removed the collisions, but the switch
itself was one L2 broadcast domain.• Then smart L2 switches came along that could create multiple VLANs
(multiple L2 broadcast domains) on a single switch. IEEE 802.1Q is the standard that brought this about.
– The 802.1Q tag facilitates VLAN trunking between these switches.– At some point L3 (routing) functionality was added to these switches to
remove the need for an external router in many cases.• Real-time applications, such as IP telephony, have increased the practice
of using the 802.1Q tag for priority tagging as well as VLAN trunking.• NICs with priority-tagging capability already exist. It’s probably only a
matter of time before PCs are able to assign different priority values to different applications and tag them accordingly.
• Is it a stretch to speculate that one day endpoints will have the capability to tag different applications to different VLANs and source them from different IP addresses?
© 2002 Avaya Inc. All Rights Reserved.
DA/LHP 7/8/02