Virtual LANs (VLAN)

VLANs provide the means to logically group several

end stations with common sets of requirements.

VLANs are independent of physical locations,

meaning that two end stations connected to different

switches on different floors can belong to the

same VLAN. Typically the logical grouping follows

workgroup functions such as engineering or

finance, but this can be customized.

With VLANS it is much easier to assign access

rules and provision services to groups of users

regardless of their physical location. For example,

using VLANs you can give all members of a project

team access to project files by virtue of their

VLAN membership. This ability also makes it easier

to add or delete users without rerunning cables

or changing network addresses.

VLANs also create their own broadcast domains

without the addition of Layer 3 devices. 64

Frame Transmission Modes

Switches typically are Layer 2 devices (some

switches now perform Layer 3 and higher functions).

According to the OSI model, the data unit

processed by a switch is called a frame. Switches

must balance speed and accuracy (no errors) when

processing frames, because typically they are measured

on both attributes.

The three primary frame switching modes are as

follows:

• Cut-through: Also known as fast-forward. The

switch checks only the destination address and

immediately begins forwarding the frame. This

can decrease latency but also can transmit

frames containing errors.

• Store-and-forward: The switch waits to receive

the entire frame before forwarding. The entire

frame is read, and a cyclic redundancy check

(CRC) is performed. If the CRC is bad, the

frame is discarded. Although this method

increases latency (processing time), it also tends

to minimize errors.

• Fragment-free (modified cut-through): The

switch reads the first 64 bytes before forwarding

the frame. 64 bytes is the minimum number of

bytes necessary to detect and filter out collision

frames.

Address Learning

A switch must learn the addresses of the devices

attached to it. First it inspects the source address of

all the traffic sent through it. Then it associates the

port the traffic was received on with the MAC

address listed. The following example illustrates

this concept. The MAC addresses are not in the

correct format and are shown for clarity only:

• Time 0: The switch shown has an empty MAC

address table.

• Time 1: The device attached to port 2 sends a

message intended for the device on port 0. This

kicks off two actions within the switch. First, the

switch now knows the address associated with

the device on port 2, so it enters the information

into its table. Second, because it does not have

an association for the device the traffic is intended

for (the computer on port 0), the switch

floods the message out all ports except the one

on which it was received.

• Time 2: The device on port 0 replies to the message.

The switch associates the source address of

the message with port 0.

Any future communications involving either of

these end stations will not require these steps,

because the switch now knows which ports they

are associated with.

This process happens all the time in every switch.

For most switches, when a table entry has reached

a certain “age” and has not been referenced in a

while, it can be removed. This process is called

aging out.

Forwarding and Filtering

From a network efficiency standpoint, it is easy to
see that it is much better for the network when the
switch knows all the addresses on every port.
However, it is not always practical to enter this
information manually. As the network grows and
changes are made, it becomes almost impossible to
keep up.

A switch always does something when it receives
traffic. The preference is to send the traffic out a
specific port (called filtering), but this works only
when the location of the intended destination is
known. When the destination address is unknown,
the switch forwards the traffic out every port,
except the one on which the traffic was received.
This process is called flooding. Think of this as a
guy calling every number in the phone book because
he lost a woman’s number from the night before. 61

Broadcast and Collision Domains

From time to time, a device on the network will
want to communicate with all other “local” devices
at the same time. Typically, this occurs when a
device wants to query the network for an IP address,
when a device is newly added to a network, or when
a change occurs in the network.

A group of devices that receive all broadcast messages
from members of that group is called a
broadcast domain. Network broadcast domains
typically are segmented with Layer 3 devices (routers).
Think of a broadcast domain as like standing in
your yard and yelling as loudly as you can. The
neighbors who hear you are within your broadcast
domain.