ASIA PACIFIC UNIVERSITY COLLEGE OF

TECHNOLOGY AND INNOVATION

UCTI LEVEL 2

INDIVIDUAL ASSIGNMENT

LAN Switching & WAN Networks (LSWN)

CT032-3-2-LSWN

JACKIE WONG CHING CHUNG

TP023665
UC2F1007IT (NC)

Lecturer: Salmiah Amin

Hand In Date: 29th April 2011

1
 Table of Contents

Question 1............................................................................................................................4
Layer 2 Switching............................................................................................................4
Layer 3 Switching............................................................................................................6
Layer 2 switches (Store-and-Forward and Cut Through)................................................8
Layer 3 switches (Pure Routers)....................................................................................10
Spanning Tree Algorithm...............................................................................................11
Medium-sized Switched LAN Design...........................................................................16
Question 2..........................................................................................................................19
Virtual Local Area Network..........................................................................................19
VLAN Membership for MAC Layer end users.............................................................21
VLAN Mechanism.........................................................................................................23
802.1Q Standard.............................................................................................................24
Referencing........................................................................................................................28
Error: Reference source not found

2
 Asia Pacific University College of Technology & Innovation
LAN Switching & WAN Networks (LSWN) -CT032-3-2
Individual Assignment
Intake : UC2F1007 IT {NC}
Lecturer : Salmiah Amin
Email ID : salmiah@apiit.edu.my
Date Due : 29th April 2011 (Week 13)

Question 1
a) Compare and contrast between the functionality, pros and cons of Layer 2 (bridging)
and Layer 3 (pure routing) LAN switches.
[10 marks]

b) Illustrate using diagrams to describe the functionalities of common Layer 2 switches

(Store-and-Forward and Cut Through) and Layer 3 switches (Pure Routers).
[15 marks]

c) Describe the functionality of Spanning Tree algorithm and explain the benefits of
implementing such algorithm.
[9 marks]

d) Designing a medium-sized switched LAN:

This case study is to design a switched LAN that spans two buildings. Each building
will contain about 500 end users and a series of servers and other common resources.
i) Building 1 – Core and Centralized Resources Areas design
Building 1 contains 500 end users, of which 300 are to be attached to
MicroLAN and 200 are to receive dedicated switch ports. Within the
building are five Novell servers and ten UNIX servers providing
NFS services. This building also contains the Internet router/network
address translator for this organization. The core area of this building
will consist of one backbone switch providing 30 fast Ethernet
interfaces. This switch should have a multi-gigabit internal
forwarding rate based on the large number of 100-megabit interfaces
required. Attached to this backbone switch will be the 15 servers and
the router. Each server will be given a 100-megabit interface to the
backbone switch and as such should be capable of delivering and

3
 receiving that much data. This may require that the servers be
upgraded in some cases.

ii) Building 2 – Core and Centralized Resources Areas design

Building 2 houses 500 end users and 20 server-type devices,
including one mainframe. The users are all to be given dedicated
switch ports. To build the core of this building, a single large
backbone switch will be deployed. This switch will have about 40
fast Ethernet interfaces. The internal capacity of this switch should
be in the multi-gigabit per second range to support so many
interfaces. Each of the server resources will be given a dedicated
100-megabit Ethernet switch port. It may be necessary to provide
one FDDI interface to the supercomputer, since that is its preferred
technology.

iii) Building 1 to Building 2 connection

To connect the two buildings, a trunk group of four to six full-
duplex fast Ethernet interfaces will be used. Other options could
include the use of a gigabit Ethernet link between chassis, if it is
available, or the use of trunked FDDI connections if long distance is
needed. The trunk group should be deployed with only a few links
initially, since both buildings contain servers. Once the system is
operational, the traffic levels and patterns through the trunked inter-
building links should be closely monitored. If the links are
saturated, adding more links should alleviate the issues.

Draw the network diagram to implement the above design specification and
requirements. [21 marks]

Question 2
a) Describe with proper justification the reasons for implementing VLANs.
[10 marks]

b) Describe four (4) methods how MAC layer end-users are associated with a particular
VLAN or VLANs.
[8 marks]

c) Describe the advantages and disadvantages of VLAN tagging.

[8 marks]

d) Describe the minimum functionality, features, and capabilities of 802.1Q standard

for VLANs.

4
 [9 marks]

Question 1
Layer 2 Switching
Layer 2 switch uses the Media Access Control address (MAC address). It uses MAC
address of the network interface cards (NICs) of the host to decide where to forward and
drop frames in a Local Area Network.

There are three functions performed by Layer 2 switching:

i) Address learning
Layer 2 switches use a MAC forward/filter table to create and maintain information
of devices located in a network. The forward/filter table contains information of
network address of devices for sending frames to its destination. (TopBits)
When a device wants to send frames to another device, it will retrieve network
address from forward/filter table of the switch and forward the frames to the
destination. A point-to-point connection will be established between two devices to
share information.

ii) Forward and filter decisions

In this forword and filter decisions method, the switch will examine the the
destination hardware address of the frame whenever a frame is received on a switch
interfac. Then, the swtich will compares this address to the information contained
within the MAC forward/filter table. (TopBits)

When destination hardware address is found in the MAC forward/filter table, the
frame will be forwarded to the correct destination interface. Bandwidth will be
allocated for network segments after the frame is forwarded to the correct destination
interface. This concept is known as frame filtering. (TopBits)

If the destination hardware address s not found in the MAC forward/filter table, the
frame is flooded out all active destination interfaces. The frame will be received by
any interface, but no frame will be received if no respond is send to the switch. When
a device responds by returning a frame, the switch adds the MAC address of the
devices to the MAC forward/filter table. This proces will enables switch establish a
point-to- point connection between the two devices. If a server transmits a broadcast

5
 on the LAN, the switch, by default, floods the frame out all its ports. Then only the
devices will give respond will receive the frames. (TopBits)

iii) Ensuring loop avoidance

In a network connection, network loops can typically occur when there are numerous
connections between switches. Multiple connections between switches are usually
created to allow redundancy. To prevent network loops from occurring, and to still
maintain redundant links between switches, the Spanning-Tree Protocol (STP) can be
used. (TopBits)

Advantages of Layer 2 switching :

• Low cost
• Hardware-based bridging
• High speed
• Wire speed
• Low latency
• Increases bandwidth for each user

Disadvantages of Layer 2 swithcing:

• Broadcast and multicast problem

• Slow convergence time of the Spanning-Tree Protocol (SPT)
• Conflict of network domain

6
Layer 3 Switching

A Layer 3 switch is a high-performance device for network routing. A Layer 3 switch can
support the same routing protocols as network routers do. Both inspect incoming packets
and make dynamic routing decisions based on the source and destination addresses
inside.(Mitchell, 2011)

There are a few functions performed by Layer 3 switching:

i) Packet Switching
Layer 3 implements a transport method of carrying these packets is called packet
switching. The IP packet within the frame contains a source network layer IP address
and a destination network layer IP address. The router maintains a routing table of
network paths it has learned, and the router examines the network layer destination IP
address of the packet. When the router has determined the destination network from
the destination IP address, the router examines the routing table and determines
whether a path exists to that network. (Castelli, 2004)
ii) Route Processing
Layer 3 switches perform table lookups determining the next hop along the route,
which in turn determines the output port over which to forward the packet or frame.
The router or Layer 3 switch makes this decision based on the network portion of the
destination address in the received packet. (Castelli, 2004)

During the routing processing, when the destination network is unreachable, that
means there is no path to the destination network and no default network. In this case,
the packet is discarded. (Castelli, 2004)

If the packet is able to be sent to its destination network, the route lookup will
determine the network hop to deliver the packet. During this process, the first hop to
transmit the packet will be lookup and then the next hop will be determined to find
the nearest path until the final destination is reached. (Castelli, 2004)

When the destination network is able to be directly attached to the router, the port can
directly attached to the network and reachable. For directly attached networks, the
next step maps the host portion of the destination network address to the data link
MAC address for the next hop or end node using the Address Resolution Protocol
table (for IP). It does not map the destination network address to the router interface.

7
 It needs to use the MAC of the final end node so that the node picks up the frame
from the medium. Also, you are assuming IP when stating that the router uses the
ARP table. Other Layer 3 protocols, such as Internetwork Packet Exchange (IPX), do
not use ARP to map their addresses to MAC addresses. (Castelli, 2004)
Address Resolution Protocol (ARP) is a network layer protocol used in IP to convert IP
addresses into MAC addresses. A network device looking to learn a MAC address
broadcasts an ARP request onto the network. The host on the network that has the IP
address in the request replies with its hardware MAC address. This is called ARP
mapping, the mapping of a Layer 3 network address to a Layer 2 data link address.

Routing table lookup in an IP router is more complex than a MAC address lookup for a
bridge, because at the data link layer addresses are 48-bits in length with fixed-length
fields. Additionally, data-link address space is flat, meaning there is no hierarchy or
dividing of addresses into smaller and distinct segments. MAC address lookup in a bridge
entails searching for an exact match on a fixed-length field, whereas address lookup in a
router looks for variable-length fields identifying the destination network. (Castelli, 2004)

IP addresses are 32 bits in length and consists of two fields which is the network
identifier and the host identifier.

Both the network and host portions of the IP address can be of a variable or fixed length,
depending on the hierarchical network address scheme used. Discussion of this
hierarchical, or subnetting, scheme is beyond the scope of this book, but suffice to say
you are concerned with the fact that each IP address has a network and host identifier.

The routing table lookup in an IP router determines the next hop by examining the
network portion of the IP address. After it determines the best match for the next hop, the
router looks up the interface port to forward the packets across.

(Castelli, 2004)

8
Layer 2 switches (Store-and-Forward and Cut Through)

LAN switches come in two basic architectures, store-and-forward and cut-through. A

store-and-forward switch accepts and analyzes the entire packet before forwarding it to
its destination. It takes more time to examine the entire packet, but it allows the switch to
catch certain packet errors and collisions and keep them from propagating bad packets
through the network. Cut-through switches only examine the destination address before
forwarding it on to its destination segment. Cut-through switches do not perform any
error checking of the frame because the switch looks only for the packet's destination
MAC address and forwards the packet to the switch port.

Store –and -Forward

.

In c o m in g Receive Erro r SAT Lo o ku p Tran sm it

Bu ffer
P ac k et O p eratio n Ch eckin g Filter
/Fo w ard O p eratio n

Figure 1: Diagram of Store-and-Forward

The store-and forward method store the entire packet into internal memory, and then
performs a Cycle Redundancy Check (CRC) to to check the packet for errors before
forwarding the packet to its destination. However, this level of error-checking introduces
the highest latency of any of the switching methods. Bad data packets are discarded if
got any errors are found in the packet. After the error cheking, if the packet is error-free,
the packet will be dropped into the buffer. Source Address Table (SAT) is a table which
store lists of Media Address Control (MAC) address of network devices. Every packet
must go through the SAT Lookup Filter/Forward process to determine the destination

9
where the packet should be fowarded. Without any interruption, the transmission of the
frame will be operated until the packet is sent to its network destination.

ForwardingLogic
SAT

CRC Data Field Length Source Destination SFD Preambie

IN OUT
Buffer
Incoming Packet

Figure 2 : Diagram of Cut-Through forwarding logic

Cut-through is another method of forwarding logic which used in switch. The purpose of
using cut-through is to reduce latency of packet transmission. The Cut through switching
operates by eliminating the complete buffering of the packets as they are switched. This
method will only store the header of the frame in order to determine the destination.
Using this forwarding logic, the packet will be redirect to the correct port destination.

With cu-through switches, the whole packet is not buffered entirely before forwarding
process begins. This result in a much lower latency for a single packet forwarding
operation than a store-and-forward operation. This lack of buffering of packet also
eliminates the error isolation capabilities of switches.

In Figure 2, the cut-through switch would have switch the packet the other segment
before even it could examine the Cyclic Redundancy Check (CRC) to determine if the
packet contained errors. This fundamental flaw of cut-through switches will cause the

10
switch attempated to correct it with a modified cut-through algorithm. This algorithm
calculates the CRC for all packets which undergo cut-through mode. If the calculation
has show that thereis many bad packets has forwarded to other segments, it reverts to
store-and-forward operation until the error packet rate drops below some other defined
threshold. In reality, it maybe a good solution but it is still allows a reasonable number of
error packets forwarded to other segment before the store-and-forward mode become
operational. (J.Roese, 1998)

Layer 3 switches (Pure Routers)

Layer 3 switch is also known as pure router. The fundamental of router operation are
complex and having lower performance than LAN switching. Figure 3 illustrate the
process of moving data through a router.

Refram e into
Receive Strip off All Identify Route Check Access Forward
New M AC
Pecket Layer2 Fields Protocol Table List Packet
Layer Packet

Router Forwarding Logic

Figure 3 : Router Forwarding Logic Abstraction

The process of forwarding a packet from a port on a router to another is much more
complex than the process of LAN switch. The reason of its complexity is because the
forwarding operations of routers are done in terms of layer three protocols such as IP,
IPX, AppleTalk, ICMP, ARP, RIP, OSPF and others.

Based on Figure 3, when packets is received by a router, all MAC layer fields will be
removed. This MAC layer filelds do not serve any process in router forwarding logic.
Then, thee router will identify protocol that contains in the packet. Every layer three
protocol has its own unique frame format and forwarding rules.

11
When the protocol is identified, the switch will perform a routing table calculation and
determine the destination of the packet will be forwarded. Many high end routers will
cache the route table lookup to improve performance for this step. After the destination is
determined, the router will apply access lists or policy or accounting servies to the packet.

If the internal operations are completed, the router will build a new MAC layer packet
and deliver it to the next hop in the path. Since the router is connectionless, this process
will be repeated for every packet until all the packets is sent to its destination. (J.Roese,
1998)

Spanning Tree Algorithm

Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path
redundancy while preventing undesirable loops in the network. (Tripod.com, 2005)
Spanning tree algorithms were developed to prevent redundant transmission of data along
intermediate hops between a source and destination host on a mesh network topology.
Without spanning trees, a mesh network can be flooded and rendered unusable by
messages circulating in an infinite loop between hosts. (Mitchell, 2011)
The primary Spanning Tree Protocol (STP) is IEEE standard 802.1D, an algorithm
commonly used on Ethernet networks. This algorithm works by limiting the paths
messages can travel at any given time to a fully connected tree rather than a mesh. As
hosts join and leave the network, this protocol dynamically updates the tree accordingly.
(Mitchell, 2011)

The three basic steps in the execution of the STP algorithm are as follows:

1. Identify Root Bridge

A root bridge is a switch that has all ports actively forwarding information. A root
bridge is typically chosen automatically, based on bridge priority. The root bridge
serves as the center of the network and should be placed near the focal point of all
network traffic (i.e., near the servers). (Adtran, 2004)

2. Identify Root Port

Every bridge which is not the root bridge must determine which of its ports is closest
to the root bridge. This port is designated as the root port. (Adtran, 2004)

3. Identify Designated Ports

12
 Every LAN segment must designate a port from among all the ports on all the bridges
connected to that segment. Traffic from that segment will head towards the root
bridge through the designated port. (Adtran, 2004)

All switches in an extended LAN participating in Spanning-Tree Protocol gather

information on other switches in the network through an exchange of data messages.
These messages are bridge protocol data units (BPDUs). (Cisco, 1997)

BPDU frames contain information regarding the originating switch port, Media Access
Control (MAC) address, switch port priority, and the switch port cost. The cost of a
switch port is based on the number of network segments the frame crosses before
reaching its destination.(eTutorials.org, 2008)

BPDU messages are also exchanged across bridges and switches to detect loops in the
network topology. Any loops found are removed by shutting down the selected bridge
and switch interfaces and placing the redundant switch ports in a backup, or blocked,
state. (eTutorials.org, 2008)

Figure 4: Port state

Source from (Cisco, 1997)
Because of network delay caused by large LAN segments, topology changes can take
place at different times and at different places in the switched network. When a switch
port transitions directly from nonparticipation to an active, or forwarding, state,
temporary data loops can be created. Ports must wait for new topology information to
spread throughout the LAN before frames can be forwarded. Switches must also allow
the frame lifetime to expire for frames that have been forwarded using the old topology.
(eTutorials.org, 2008)

13
Each port on a switch using STP is in one of the following five states:

i) Blocking state (eTutorials.org, 2008)

A port is placed in blocking mode upon startup and when STP determines it is a
suboptimal path to the root bridge. Blocked ports do not forward traffic.
• Discards frames received from the attached network segment.
• Discards frames switched from another port for forwarding.
• Does not incorporate a host location into its address database; because there is no
learning at this point, there is no address database to update.
• Receives BPDUs from the network segment and directs them to the switch system
module for processing.
• Unlike ports in the listening, learning, and forwarding state, a port in the blocking
state does not process BPDUs received from the switch system module.
• Receives and responds to network management messages, such as a network
administrator disabling the port.

After 20 seconds, the switch port moves from the blocking state to the listening state.
i) Listening state (eTutorials.org, 2008)
The listening state is the first transitional state for a port after the blocking state. The
listening state is where the STP determines that the port should participate in frame
forwarding. The switch does not perform any learning or forwarding functions while
in the listening state, and it therefore does not incorporate station locations into its
address database as it would if the switch were in a blocking state, because there is no
address table to update (while in a blocking state). In the listening state, a switch
performs the following functions:
• Discards frames received from the attached network segment.
• Discards frames switched from another port for forwarding.
• Receives BPDUs from the network segment and directs them to the switch system
module for processing.
• Processes BPDUs received from the switch system module.
• Receives and responds to network management messages, such as a network
administrator disabling the port.

After 15 seconds, the switch port moves from the listening state to the learning state.

i) Learning state (eTutorials.org, 2008)

In the learning state, the switch port prepares to participate in the network by
forwarding frames. Learning is the second transitional state through which a port
moves toward the end goal: frame forwarding. It is the STP that moves the port from
the listening to the learning state.
A port in the learning state performed:
• Discards frames received from the attached network segment.
• Discards frames switched from another port for forwarding.

14
 • Incorporates LAN host location information into its address database.
• Receives BPDUs from the network segment and directs them to the switch system
module for processing.
• Receives, processes, and transmits BPDUs received from the system module.
• Receives and responds to network management messages, such as a network
administrator disabling the port.

After 15 seconds, the switch port moves from the learning state to the forwarding
state.

i) Forwarding state (eTutorials.org, 2008)

A port in the forwarding state forwards frames across the attached network segment.
The forwarding state is the last state a port enters during the creation of the network
topology.
A port in the forwarding state performed:
• Forwards frames received from the attached network segment.
• Forwards frames switched from another port for forwarding.
• Incorporates LAN host location information into its address database.
• Receives BPDUs from the network segment and directs them to the switch system
module for processing.
• Processes BPDUs received from the switch system module.
• Receives and responds to network management messages, such as a network
administrator disabling the port.

A port stays in the forwarding state until a change occurs in the network topology,
such as the addition of a new bridge or switch, a new bridge or switch port, or the
failure of a bridge, switch, or port. When a change in the topology is detected, all
switches recompute the network topology; this process is called convergence.

i) Disabled state (eTutorials.org, 2008)

A port in the disabled state does not participate in frame forwarding or the operation
of STP because a port in the disabled state is considered nonoperational.
A disabled port state performed:
• Discards frames received from the attached network segment.
• Discards frames switched from another port for forwarding.
• Does not incorporate LAN host location information into its address database.

15
 • Receives BPDUs, but does not direct them to the switch system module.
• Does not receive BPDUs for transmission from the switch system module.
• Receives and responds to network management messages, such as notification of
a network administrator enabling a port.

Benefits

1. Redundancy
STP provides redundancy to all devices in the network. This is accomplished in the
STP by ensuring that each device has a path to multiple switches. When there are
multiple paths for each device to send data, it will choose only one path is active at a
time to send data. In the event that the active path experiences an error, another path
will be opened. This allows the device to have constant access to the rest of the
network even in the event of network connectivity problems along one or more lines.
(Enne, 2011)

2. Loop Prevention
A loop exists when there is more than one available path between devices. This can
result in duplicate data and confusion in the data-forwarding process. STP, however,
only allows a single active path between devices at a time, which prevents the
formation of loops in the network. (Enne, 2011)

3. Root Switch
The creation of a root switch helps to eliminate loops and reduce network traffic. A
LAN using STP has a number of switches but only one root switch. A switch is a
piece of networking equipment, also known as a bridge, that connects segments of a
network to each other. The root switch of an STP network is elected as the result of
data gathering by all switches in the network and determination of the logical center
of the network rather than the physical center. The root switch is the switch that has
the shortest path to the majority of network devices. The other switches then calculate
the shortest path to the root switch and set all other paths as backups. (Enne, 2011)

16
17
Medium-sized Switched LAN Design

18
24-Port Ethernet Hub

19
20
Building 1

• 500 end users, of which 300 are to be attached to MicroLAN and 200 are to
receive dedicated switch ports
• five Novell servers and ten UNIX servers providing NFS services
• Internet router/network address translator
• one backbone switch providing 30 fast Ethernet interfaces

Assume that not all ports are in use.

Calculate number of 24 - Ports Workgroup switch:

200 user/20 ports = 10

∴ 10 Workgroup switch needed.

Calculate number of 24 Ports Shared Hub:

300 user/20 ports = 15

∴ 15 Shared Hub needed.

By using 5 Intermediate Distribution Frame (IDF) switches, each IDF switch is

attached with 2 Workgroup switch and 3 Shared Hub.

Unused ports left = 30 – 5 – 10 – 5 – 1

= 9

∴ there are 9 unused ports on the backbone Core Switch.

17
Building 2

• houses 500 end users with dedicated switch ports

• 20 server-type devices, including one mainframe
• a single large backbone switch with 40 fast Ethernet interfaces will be deployed
• one FDDI interface to the supercomputer

Assume that not all ports are in use.

Calculate number of 24 - Ports Workgroup switch:

500 user/ 20 ports = 25

∴ 25 Workgroup switch needed.

By using 2 Intermediate Distribution Frame (IDF) switches, one IDF switch with
attached 12 Workgroup Switch and another with 13 Workgroup switch.

Unused ports left = 40 – 2 – 20

= 18

∴ there are 17 unused ports on the backbone Core Switch.

18
Question 2
Virtual Local Area Network

19
Virtual Local Area Network (VLAN) is collection of nodes that are grouped together in a
single broadcast domain that is based on something other than physical location. A
broadcast domain is a network (or portion of a network) that will receive a broadcast
packet from any node located within that network. (Tyson, 2001)

There are reasons for implementing VLANs:

i) Simplification of Adds, Moves, and Changes

The most important of implementing VLANs in a network is to simplify the process

of adds, moves and changes. In a corporate organization, the process of moving end
users is very costly. The costs include those processes to move the end-user’s
computer and reconfiguration, changing of network access lists on router, and most
importantly, the cost of having end-users unable to operate their routine work until
the changes and reconfiguration is done. Therefore, they need a technology that
would simplify these processes for significant cost saving.

A VLAN solution can provide this simplicity in any network that implements a
router-based hierarchy. The end-user’s PC needs new network address and a
reconfiguration of router to assign access control for the user when the user is moved
to a new area in the network. In this simple move of end-user’s PC, it needs many
additional tasks to adopt the end system to its new location.

In a VLAN system, the network is now able to adjust its configuration when the users
are moved. In this situation, VLAN act as a container for subnetting to distribute
network address to every user in the network. In addition, more advanced systems can
dynamically adapt the VLAN to any location the user moves to without manual
intervention.

ii) Control of Broadcast and Multicast Traffic

VLANs provide broadcast and multicast control over switched LANs. It allows size
of a switched LAN is scaled based on the level of broadcast and multicast traffic.
VLANs also can be used to group broadcast-intensive users to one broadcast domain,
which enables to control end-users access to a limited broadcast traffic.
For example, a network administrator can limit the broadcast traffic to different group
of users. Some users are only allowed to access a specific broadcast traffic.
iii) Creation of Private Networks
VLANs can be used to create private virtual networks. By using VLANs, different
groups of private virtual networks can be supported operating under a single network.
This private virtual network concept implements a logical VLAN for each group of

20
 users which means that users are sharing the same physical topology but logically
separate networks.
For example, in a company, network administrator can use VLANs to separate a
single physical network into many private virtual networks for different departments.
Using these private virtual networks, network sharing can be shared privately in a
department.

iv) Security
VLANs can enchance security of data broadcast to be only accessiable by those users
who can have authorize to access to the specific broadcast of data and reduce the
chances of an outsider gaining access to the data. VLAN's can also be used to
control broadcast domains, set up firewalls, restrict access, and inform the
network manager of an intrusion.

(J.Roese, 1998)

21
v)

VLAN Membership for MAC Layer end users

VLAN membership defines how groups of MAC layer end users are associated with a
particular VLAN or VLANs. There are many methods for this process, ranging from
simple port association to complex protocol-based association.

i) VLAN Membership by Port Inheritance

The first mechanism to create VLAN is known as port inheritance, or port-based
VLANs. This mechanism works by port switching in the VLAN. Every users on that
port will be associated with that VLAN by inheritance from the switch port.
For example, in a bridge with four ports, ports 1, 2, and 4 belong toVLAN 1 and port
3 belongs to VLAN 2 (see Figure 5).

Port VLAN
1 1
2 1
3 2
4 1
Figure 5: Assignment of ports to different VLAN's.

This method of VLAN Membership is most useful in grouping together physical

areas of a network. By associated the VLAN with switched ports, the VLAN is also
associated with the physical areas those switch ports connect to.

ii) VLAN Membership by MAC Address

The second level of VLAN association is based on end-user MAC address. Every
network-connected device has its own MAC address. Those devices are assigned to
VLANs according to their MAC address, which means they can track MAC addresses
to decide membership. (see Figure 6)

MAC Address VLAN

00-80-C7-60-44-71 1
00-50-C6-88-41-6D 2
00-50-C4-13-21-5D 2

22
 00-80-5F-98-9D-29 1
Figure 6: Assignment of MAC address to different VLAN's

This method is most suitable in situation where end-users move around the network.
By associating their MAC address to a set of VLANs, the user’s PC can move
anywhere in the network and keep its membership.

iii) VLAN Membership based on Upper-Layer Protocol or Service

The third level of VLAN membership is based on upper-layer protocols and services.
This type of VLAN is used to logically group the broadcast traffic of a particular
protocol or service. In a network, every users may only access a particular protocol or
services broadcast or multicast traffic. Therefore, this type of VLAN is used for
grouping those users who only access a particular protocol or services broadcast or
multicast traffic(see Figure 7).

Protocol VLAN
IP 1
IPX 2
IP/IPX 3
Figure 7: Assignment of protocol to different VLAN's

This type of VLAN is most useful for broadcast and multicast control on switched
LANs. By ceating different VLANs for specific protocols, users ultilizing those
protocols are allowed to see the broadcasts of that VLAN, while users not un the
VLAN are prevented from seeing that protocol. By isolating a protocol to only the
users ultilizing that protocol, the switched LAN is able to scale up to much larger
sizes.

iv) VLAN Membership by IP Subnet Address

Membership is based on the Layer 3 header. VLAN membership can be classify
based on the IP address subnet. (see Figure 8).

IP subnet VLAN
192.20.160.0 1
202.221.161.0 2
168.18.0.0 3

23
 Figure 8: Assignment of IP subnet addresses to different VLAN's

Although VLAN membership is based on Layer 3 information, this has nothing to

do with network routing and should not be confused with router functions. In this
method, IP addresses are used only as a mapping to determine membership in
VLAN's. No other processing of IP addresses is done.
In Layer 3 VLAN's, users can move their workstations without reconfiguring their
network addresses. The only problem is that it generally takes longer to forward
packets using Layer 3 information than using MAC addresses.

24
v)

VLAN Mechanism

The primary VLAN distribution mechanism in use is known as frame tagging. A frame
tag is defined as an identifier within packets that describes the packets’ VLAN
membership. Frame tags can either be explicit or implicit. An explicit frame tag consists
of an additional field or fields added to existing packets, making them as belonging to
one or more VLANs. An implicit frame tag is an existing field in the origina packet that
identifies its membership in VLANs.

Premable SFD Destination Source Length Data field CRC

Address Address
Figure 9 : Structure of implicit frame tag

Preamble SFD Destination Source Explicit Data Field CRC

Address Address TAG
Figure 10 : Structure of explicit frame tag

An implicit tagging is shown in Figure 9. An implicit tag is defined as the switch using
internal characteristic of the original packet to identift its VLAN. Some of the fields that
can be used as implicit tags are the source or destination addresses. An example of an
implicit tag is a packet sent to the BPDU multicast address.

Most vendor do not implement implicit tagging, because it is difficult to be ultilized. But,
it also can be used to eliminates the posibility of oversized packets and generally
increases the overall efficiency of the switches’ forwading logic, since no packet
modification is required.

An explicit tagging is shown in Figure 10. It shows a modification on the original packet
by adding an explicit tag in its structure. This kind of tagging is done for packets that
cannot support the concept of an inplicit tag. Many vendor simply implement explicit
tags on all the packets. By using this method, the more complex analysis of implicit tags
is not needed.

The disadvantage of explicit tagging is that it add to the size of the original packet and
may cause oversized packet to be generated on interswitch links. If this happen, there is
no guarantee that the packet can be delivered. Because of this, some vendors have linited
their use of explicit tagging to broadcast and multicast.

(J.Roese, 1998)

25
26
802.1Q Standard

Fuctionality

IEEE 802.1Q standard is mainly focused on the mechanisms of the VLAN-capable

switches. The standard provides a set of functions which is implemented defined in
802.1Q, allow the standard to be interoperability with other vendor’s 802.1Q switches.
This limited scope of implementing a basic model of VLAN-capable switches fails to
provice comprehensive VLAN implementation technology in partical network. (J.Roese,
1998)

Features

The general goals of the 802.1Q standard are to simply to define an architecture for
VLANs and the protocols and fuction requirements of an 802.1Q VLAN switch. The
actual specification is based on other IEEE 802.1 standards such as transparent bridging
and spanning tree algorithm. 802.1Q introduced the concept of a virtual bridged network
or VLAN and defines an operational model of VLAN-capable switch for implementation
of IEEE 802.1Q VLAN.

802.1Q VLANs have the capabilities for identify end systems or switch neighbors using
new ingress and egree rules, GARP VLAN Registration Protocol (GVRP) and its
distribution mechanism. Each of these three areas allows the switch has the capability to
create logical bridged LANs over common switch fabric.

(J.Roese, 1998)

27
Capabilities

New Ingress and Egress Rules

An 802.1Q-capable bridge must be able to properly deliver packets to a specified VLAN.

Since the bridges are just devices with many interface and some forwarding logic, their
forwarding logic can be modified by the VLAN switch to understand the concept of
having multiple independent broadcast domains accessible via one bridge. This
modification is done based on the new ingress and egress rules. These rules are used to
define the handling of inbound and outbound of the packets.

The 802.1Q-compatible switches classify the inbound packets based on the VLAN
identifier (VID) of the port were received on. It is possible that the switch will receive a
packet on a port connected to another 802.1Q-compatible switch or an end user capable
of categorizing user’s packets into VLAN. This ingress categorization of packets involves
the addition of a frame tag if needed. The frame indicates the VLAN ID of the packet
along with others information related to the priority of the packet and addressing format.

The delivery mechanisms of 802.1Q also known as Egress Rules. In this rules, the switch
will examine the packets received and deliver the packets to ports based on the VLAN
membership for sharing.

(J.Roese, 1998)

28
GARP VLAN Registration Protocol (GVRP)

GVRP is generally used to support multiple switch topologies abd VLAN-aware end
nodes. This protocol is a signaling method used to identify VLAN membership to peer
switches in the network. In a switched VLANs, GVRP is used to identify its capabilities
for attaching switches over the spanning tree topology or GVRP end system to attach the
switch port.

For communication between the end system and the 802.1Q switch, GVRP is used to
register end user with support to a VLAN port ID and allows the switch to forward
received packets with that VID to the port with the end user. GVRP must be used for
commuication between switches to identify which VLAN are to be sent up or down the
spanning tree link. Each switch must register with others switch within VLANs, so that
the packets can be delivered to the switch with those VIDs.

(J.Roese, 1998)

Distribution Mechanism

802.1Q provides a tagging-based distribution mechanism to allow multi-switch VLAN

networks. The tagging mechanism standarization is one of the most difficult areas in the
standard. 802.1Q standard has define a several frame formats for tagging because the
frame formats for Ethernet, Token ring and FDDI are very different from one another. In
the explicit, there are two major elements: a Tag Protocol ID (TPID) and a Tag Control
Information field (TCI).

Tag protocol ID is used in the existing Ethernet II and Ethernet SNAP headers to identify
the packet as tagged packet. IEEE specified 8100 as the registered protocol type for
802.1Q tagging.

There are three fields in TCI. The first field is the priority field. 802.1Q supports tagging
of packets for not just VLAN ID but also to established packet prioritization. Three bits
of the two-byte TCI are allocated for priority. Therefore, it gives the network a total of
eight levels of prioritization, which can mapped to vendor-specific queuing and priority
mechanisms.

29
The next bit is used to indicate the address format of the packet. It is known as the
canonical format indicator and assists the switches in converting from Ethernet least
significant bit first addressing to Token Ring / FDDI most significant bit first addressing.
The final 12 bits of the TCI are the VID, indicating the VLAN this packet associated
with.

With the use of GVRP mechanisms for identifying the VLAN that exists between
switches, the tagging mechanisms can mark the packet as a member of a specific VLAN.
The packet can be sent through spanning tree backbone of switches and assuring it is
being delivered to the right VLAN as indicated in VID. In short, this tagging allows the
VLAN’s packet to travel in the different link of switches and still allow for the correct
identification of the VID of packet.

(J.Roese, 1998)

30
Referencing

Adtran, 2004. [Online] Available at:

http://www.at2.com/downloads/documents/adtran/adtran_span_tree_config_guide.pdf
[Accessed 23 April 2011].

Castelli, M.J., 2004. How a LAN Switch Works. [Online] Available at:
http://www.ciscopress.com/articles/article.asp?p=357103&seqNum=4 [Accessed 9 April
2011].

Cisco, 1997. Understanding Spanning-Tree Protocol. [Online] Available at:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cw
siug2/vlan2/stpapp.htm [Accessed 23 April 2011].

Enne, V., 2011. The Advantages of Spanning Tree Protocol. [Online] Available at:
http://www.ehow.com/list_6157099_advantages-spanning-tree-protocol.html [Accessed
23 April 2011].

eTutorials.org, 2008. Root Bridge or Switch Port. [Online] Available at:

http://etutorials.org/Networking/Lan+switching+first-
step/Chapter+7.+Spanning+Tree+Protocol+STP/Root+Bridge+or+Switch+Port/
[Accessed 23 April 2011].

eTutorials.org, 2008. Spanning Tree Protocol Configuration. [Online] Available at:

http://etutorials.org/Networking/Lan+switching+first-
step/Chapter+7.+Spanning+Tree+Protocol+STP/Spanning+Tree+Protocol+Configuration
/ [Accessed 23 April 2011].

J.Roese, J., 1998. Switched LANs - Imnplementation, Operation, Maintanance. In

McGraw-Hill Series on Computer Communication. Boston: International Thomson
Computer Press.

J.Roese, J., 1998. Switched LANs - Imnplementation, Operation, Maintanance. In

McGraw-Hill Series on Computer Communication. Boston: International Thomson
Computer Press. pp.32-33.

Mitchell, B., 2011. Layer 3 Switches - What Is a Layer 3 Switch? [Online] Available at:
http://compnetworking.about.com/od/hardwarenetworkgear/f/layer3switches.htm
[Accessed 9 April 2011].

31