Virtual LANs (VLAN)

VLANs provide the means to logically group several
end stations with common sets of requirements.
VLANs are independent of physical locations,
meaning that two end stations connected to different
switches on different floors can belong to the
same VLAN. Typically the logical grouping follows
workgroup functions such as engineering or
finance, but this can be customized.
With VLANS it is much easier to assign access
rules and provision services to groups of users
regardless of their physical location. For example,
using VLANs you can give all members of a project
team access to project files by virtue of their
VLAN membership. This ability also makes it easier
to add or delete users without rerunning cables
or changing network addresses.
VLANs also create their own broadcast domains
without the addition of Layer 3 devices. 64

Frame Transmission Modes

Switches typically are Layer 2 devices (some
switches now perform Layer 3 and higher functions).
According to the OSI model, the data unit
processed by a switch is called a frame. Switches
must balance speed and accuracy (no errors) when
processing frames, because typically they are measured
on both attributes.
The three primary frame switching modes are as
• Cut-through: Also known as fast-forward. The
switch checks only the destination address and
immediately begins forwarding the frame. This
can decrease latency but also can transmit
frames containing errors.
• Store-and-forward: The switch waits to receive
the entire frame before forwarding. The entire
frame is read, and a cyclic redundancy check
(CRC) is performed. If the CRC is bad, the
frame is discarded. Although this method
increases latency (processing time), it also tends
to minimize errors.
• Fragment-free (modified cut-through): The
switch reads the first 64 bytes before forwarding
the frame. 64 bytes is the minimum number of
bytes necessary to detect and filter out collision

Address Learning

A switch must learn the addresses of the devices
attached to it. First it inspects the source address of
all the traffic sent through it. Then it associates the
port the traffic was received on with the MAC
address listed. The following example illustrates
this concept. The MAC addresses are not in the
correct format and are shown for clarity only:
• Time 0: The switch shown has an empty MAC
address table.
• Time 1: The device attached to port 2 sends a
message intended for the device on port 0. This
kicks off two actions within the switch. First, the
switch now knows the address associated with
the device on port 2, so it enters the information
into its table. Second, because it does not have
an association for the device the traffic is intended
for (the computer on port 0), the switch
floods the message out all ports except the one
on which it was received.

• Time 2: The device on port 0 replies to the message.
The switch associates the source address of
the message with port 0.
Any future communications involving either of
these end stations will not require these steps,
because the switch now knows which ports they
are associated with.
This process happens all the time in every switch.
For most switches, when a table entry has reached
a certain “age” and has not been referenced in a
while, it can be removed. This process is called
aging out.

Forwarding and Filtering

From a network efficiency standpoint, it is easy to
see that it is much better for the network when the
switch knows all the addresses on every port.
However, it is not always practical to enter this
information manually. As the network grows and
changes are made, it becomes almost impossible to
keep up.

A switch always does something when it receives
traffic. The preference is to send the traffic out a
specific port (called filtering), but this works only
when the location of the intended destination is
known. When the destination address is unknown,
the switch forwards the traffic out every port,
except the one on which the traffic was received.
This process is called flooding. Think of this as a
guy calling every number in the phone book because
he lost a woman’s number from the night before. 61

Broadcast and Collision Domains

From time to time, a device on the network will
want to communicate with all other “local” devices
at the same time. Typically, this occurs when a
device wants to query the network for an IP address,
when a device is newly added to a network, or when
a change occurs in the network.

A group of devices that receive all broadcast messages
from members of that group is called a
broadcast domain. Network broadcast domains
typically are segmented with Layer 3 devices (routers).
Think of a broadcast domain as like standing in
your yard and yelling as loudly as you can. The
neighbors who hear you are within your broadcast