Vlan configuration 146, Vlan configuration, Virtual lans – Interlogix GE-DS-242-PoE User Manual

Chapter 6: Command Line Interface

146

GE-DS-242-PoE Managed Ethernet Switch User Manual

VLAN Configuration

Virtual LANs

A Virtual LAN (VLAN) is a logical network group that limits the broadcast domain.
It allows you to isolate network traffic so only members of the VLAN receive
traffic from the same VLAN members. Basically, creating a VLAN within a switch
is logically equivalent of reconnecting a group of network devices to another
Layer 2 switch. However, all the network devices are still plugged into the same
switch physically. A station can belong to more than one VLAN group. VLAN
prevents users from accessing network resources of another on the same LAN,
thus the users can not see the hard disks and printers of another user in the
same building. VLAN can also increase the network performance by reducing the
broadcast traffic and enhance the security of the network by isolating groups.

The GE-DS-242-PoE supports two types of VLANs:
 Port-based
 IEEE 802.1Q (tag) -based

Only one of the two VLAN types can be enabled at one time.

Port-based VLANs are VLANs where the packet forwarding decision is made
based on the destination MAC address and its associated port. You must define
the outgoing ports allowed for each port when you use port-based VLANs. In
port-based VLANs, the packets received from one port can only be sent to the
ports which are configured to the same VLAN. As shown in the following figure,
the switch administrator configured port 1~2 as VLAN 1 and port 3~4 as VLAN 2.
The packets received from port 1 can only be forwarded to port 2. The packets
received from port 2 can only be forwarded to port 1. That means the computer A
can send packets to computer B, and vice versa. The same situation also
occurred in VLAN 2. The computer C and D can communicate with each other.
However, the computers in VLAN 1 can not see the computers in VLAN 2 since
they belonged to different VLANs.

IEEE 802.1Q (tag) -based VLANs enable the Ethernet functionality to propagate
tagged packets across the bridges and provides a uniform way for creating VLAN
within a network then span across the network. For egress packet, you can
choose to tag it or not with the associated VLAN ID of this port. For ingress
packet, you can forward this packet to a specific port as long as it is also in the
same VLAN group.

The 802.1Q VLAN works by using a tag added to the Ethernet packets. The tag
contains a VLAN Identifier (VID) which belongs to a specific VLAN group. And
ports can belong to more than one VLAN.