Académique Documents
Professionnel Documents
Culture Documents
Abstract
The network performance can be significantly enhanced when the network broadcast domain is segmented into separate Layer
2 broadcast domains because, if a broadcast is not well contained in a network, it may lead to collision. Virtual local area
network (VLAN) is a viable technology for broadcast containment in switched networks by logical segmentation. The network
virtualization leads to ease of administration, confinement of broadcast domains, reduced broadcast traffic, as well as
enforcement of security policies. This paper presents the benefits of network virtualization through the implementation of
VLAN. Furthermore, practical application of VLAN for logical network segmentation based on job types is presented.
Moreover, the implementation of an IEEE 802.1Q trunking protocol frame-tagging mechanism which enables multiple VLANs
traffic between devices over the trunk link is considered.
Keywords
Trunk, Access, Link, Layer, Encapsulation, VLAN
Received: July 7, 2015 / Accepted: July 12, 2015 / Published online: July 24, 2015
@ 2015 The Authors. Published by American Institute of Science. This Open Access article is under the CC BY-NC license.
http://creativecommons.org/licenses/by-nc/4.0/
* Corresponding author
E-mail address: compeasywalus2@yahoo.com (I. A. Alimi)
American Journal of Mobile Systems, Applications and Services Vol. 1, No. 2, 2015, pp. 82-93 83
implementation of the VLAN as well as its associated time to process the incoming data compared to switches. In
benefits. The VLAN concepts for switched networks and the the light of this, Virtual Local Area Network (VLAN) has
obtainable improvement of network virtualization by the been developed as an alternative solution to using routers to
implementation of the VLAN are presented in Section 2. contain broadcast traffic within a LAN [4], [8]. Nevertheless,
Also, static and dynamic ways of realizing the VLAN routers are employed in the VLAN topologies for broadcast
memberships are discussed in Section 3. Section 4 focusses filtering, address summarization and traffic flow management
on means of connecting with the VLAN and the associated [8].
VLAN traffic that can be carried by each link. The types of A VLAN is a switched network that is logically segmented
VLAN encapsulation that can be employed to convey data
based on features such as service requirement, workgroup
from multiple VLANs over the trunk links with emphasis on and protocol or application requirement rather than on a
the most widely used IEEE industry-standard trunking
physical or geographical proximity. With the implementation
protocol are discussed in Section 5. Section 6 presents
of VLAN, geographically dispersed workstations, servers and
practical application of VLAN for logical network
other peripheral devices used by a particular workgroup can
segmentation based on job types and the implementation of
be put on the same VLAN and communicate as if they are
an IEEE 802.1Q trunking protocol. Some concluding physically on the same location in the network [8], [9], [10].
remarks are given in Section 6.
This enables the network administrators to manage the
network without the need for running new cables or making
major changes in the network infrastructure. Therefore,
VLAN addresses scalability, flexibility, security, and network
management issues which are associated with the traditional
LAN [5], [7], [9], [10], [11], [12].
that is destined for that specific VLAN and ports that are manually or with the network management software [12].
non-member will not receive the information [6], [13]. However, user mobility from a part of the network to another
Furthermore, the workstation that is connected to a port on has to be controlled so that the mobile user can plug the
the switch will automatically have membership to the VLAN workstation to the port in the specified VLAN. For the
which the port is assigned and will not be able to mobile user to have access to the network in different
communicate with workstations in different VLANs despite location and from unassigned switch, the network manager
the fact that they are connected to the same physical switch. need to reconfigure the VLAN association [4]. By default, all
Consequently, this is a security measure to control traffic the ports on the switch are members of VLAN 1 which is
within the VLAN as well as load-balancing network traffic. referred to as the native VLAN [6]. A port based VLAN
Therefore, the broadcast traffic can be contained effectively membership is illustrated in Figure 3 and the Port to VLAN
with the VLAN and the inherent bandwidth wastage of the mapping is presented in Table 1.
traditional switched networks is prevented. This results in
Table 1. VLAN Membership Table with Port and VLAN Mapping.
system performance enhancement [8]. Figure 2 shows a
VLAN based LAN segmentation. Furthermore, the VLAN Port VLAN
membership is divided into three main categories which are 1 1
2 2
based on port, MAC address, and protocol type [4]. 3 2
4 3
3.1. Layer 1 VLAN: Membership Based on Figure 4. MAC Address based VLAN Membership.
Port
Table 2. VLAN Membership Table with MAC Address and VLAN Mapping.
unassigned switch port by the VLAN management database 3.3. Layer 2 VLAN: Membership Based on
that searches the MAC address and configure the switch port Protocol Type
to the correct VLAN. However, this approach may not be
This is also a dynamic VLAN assignment in which the data
feasible in a large network with so many workstations
link layer VLAN membership is based on the protocol type
because the VLAN membership mapping will be highly
field that is found in the Layer 2 header [4]. The protocol
demanding [4]. To address this problem, Cisco administrator
type to VLAN mapping is shown in Table 3.
normally use VLAN management Policy Server (VMPS)
database to map MAC addresses to the corresponding Table 3. VLAN Membership Table with Protocol and VLAN Mapping.
VLANs [1], [7], [11], [12]. A MAC address based VLAN Protocol VLAN
membership is depicted in Figure 4 and the MAC address to IP 1
VLAN mapping is shown in Table 2. IPX 2
Table 4. VLAN Membership Table with IP Subnet Address and VLAN Also, the workstations can move without reconfiguring the
Mapping. network addresses. However, this approach requires more
IP Subnet Host Address Range VLAN time because it takes relatively longer time to forward
204.15.5.0 1-30 1 packets using Layer 3 information than using MAC addresses
204.15.5.32 33-62 2 [4]. A subnet address based VLAN membership is depicted in
204.15.5.64 65-94 3
204.15.5.96 97-126 4
Figure 5 and the mapping is shown in Table 4.
In this approach, the VLAN membership is based on the 3.5. Higher Layer VLAN
Layer 3 header. The network IP subnet address can be used to
The higher Layer VLAN membership is based on the higher
classify VLAN membership [4], [6]. Furthermore, it is
Layer applications, services and the combination of both [4],
noteworthy that, the IP addresses are used only for the
[12]. In this approach, file transfer protocol (FTP)
mapping and have nothing to do with the network routing.
applications can be implemented on one VLAN while telnet
86 Isiaka A. Alimi and Akeem O. Mufutau: Enhancement of Network Performance of an Enterprises Network with VLAN
applications are employed on another VLAN. The Layer 1 switch removes any VLAN information from the frame
and Layer 2 VLAN memberships are defined by the 802.1Q before sending it to the access link device. Furthermore,
standard while other VLAN membership approaches are access link devices in a VLAN cannot communicate with
proprietary [4]. Furthermore, there is need for connection of devices in another VLAN [12].
the workstations to their respective VLANs and the
connection of different VLANs traffic between the network 4.2. Trunk Link
devices. A trunk link can carry multiple VLANs traffic and it is a
point-point link that is used to connect switches to other
switches or to routers or to servers. Unlike the access link
4. VLAN Connection
that carries a VLAN traffic, many VLAN traffic can be
The frame in a switched environment are handled according transported between switches with a single physical trunk
to the type of links in which they are passing through which link [12]. Figure 6 shows how the access and the trunk links
are categorized as access and trunk links [12]. These are links can be employed in a network. The hosts are connected to the
that connect workstations to the VLANs and multiple VLAN access links to communicate with the switch and they can
traffic between the network devices. An access link is only access a VLAN to which the access links belong and for
normally assigned to a specific VLAN while trunk link is inter-VLAN communication, a router is required [1].
associated to all VLANs. Moreover, the switch can communicate with all VLANS
because they are connected by a trunk link. According to [1],
4.1. Access Link for the number of nodes in VLAN , and for the traffic
An access link belongs to only one VLAN and carries the from node to in the traffic matrix given by , the total
associated VLAN traffic. The access link is also known as traffic of is expressed as
the native VLAN of the port and it is use to connect end
devices [12]. Devices that connect to the access link are (1)
unaware of the VLAN membership as they assume that they Also, intra-VLAN traffic for VLAN is expressed as
are in a broadcast domain. Due to the fact that the access link
connection understands only standard Ethernet frames, the (2)
header is known as tagged frame [13]. Tagged frame conveys 802.1Q is normally employ in a network in which switches
VLAN information across the network and this identification and other network devices are from different vendors [12].
is what switches use to classify the VLAN that the frame The 802.1Q operates by using an internal tagging mechanism
belongs to [12]. to insert a 4-byte tag field into the original Ethernet frame
There are two most common types of VLAN encapsulation and then re-computes the frame check sequence (FCS) before
the device send the frame over the trunk link [8]. The tag is
that can be employed to convey data from multiple VLANs
removed at the receiving end where the frame is forwarded to
over the trunk links. The first one is the Cisco proprietary
the assigned VLAN. The 802.1Q inserts the tag field between
trunking mechanism known as Inter-Switch Link (ISL)
the Source Address (SA) and Type/Length fields of the
which is a frame encapsulation method that adds a header to
identify the VLAN [11]. Also, the most widely used one is an original Ethernet frame. This modification necessitates the
need for the trunking device to re-compute the FCS on the
IEEE industry-standard trunking protocol named IEEE
tagged frame [8]. A typical IEEE 802.1Q Frame is depicted
802.1Q which is a frame-tagging mechanism in which a
in Figure 7.
VLAN identifier is added to the frame by inserting a tag at
Layer 2 [13], [15], [16]. Being an open standard, IEEE
This sub-section shows the implementation of an IEEE [3] M. Huynh, S. Goose, P. Mohapatra, R. Liao, "RRR: Rapid
802.1Q trunking for multiple VLANs traffic between Ring Recovery Submillisecond Decentralized Recovery for
Ethernet Ring," IEEE Transactions on Computers, vol.60,
devices over the trunk link. To demonstrate this, the interface no.11, pp.1561-1570, 2011.
GigabitEthernet 0/1 and 0/2 are moved out of the unused
[4] U. Sehgal, Ms. Anu and Ms. Prity, Virtual Local Area
VLAN created in the previous experiment to the native Networks Technologies Implementation and Developments in
VLAN. The result is shown in Figure 13. Then, the last few years classified by Port, MAC Address and LAN
encapsulation is implemented with the IEEE 802.1Q to Based Protocol, International Journal of Advances in
Engineering Research, vol. 4, Issue 4, 2012.
enable multiple VLANs traffic between devices over the
trunk link and the switchport mode of both gigabit interfaces [5] S. Ziyu, J. Xin, J. Wenjie, C. Minghua and C. Mung, "Intra-
are configure as trunk as shown in Figure 14. Also, the show data-center traffic engineering with ensemble routing," 2013
Proceedings IEEE INFOCOM, pp.2148-2156.
trunk command is used to confirm the current status of both
gigabit interfaces and the result presented in Figure 15 shows [6] Z. Syed, S. Joshi, R. R. Vikram and J. Kuriakose, "A novel
approach to naval architecture using 1G VLAN with RSTP,"
that both interfaces are in native VLAN and are using IEEE 2014 Eleventh International Conference on Wireless and
802.1Q trunking. Optical Communications Networks, pp.1-5.
[7] Y. Minlan, J. Rexford, S. Xin, R. Sanjay and N. Feamster, "A
survey of virtual LAN usage in campus networks," IEEE
7. Conclusions Communications Magazine, vol.49, no.7, pp.98-103, 2011.
The traditional Local Area Network (LAN) has the ability to [8] Cisco Systems, Cisco IOS Switching Services Configuration
significantly reduce an organization operational costs Guide, Release 12.2
because of its efficient support for multipoint-to-multipoint [9] I. A. Alimi, A. O. Mufutau, T. D. Ebinowen, Cost-Effective
(MP2MP) services instead of relying on separate and Resilient Large-Sized Campus Network Design,
technologies. However, network segregation with the LAN is American Journal of Information Science and Computer
Engineering, vol. 1, no. 1, pp. 21-32, 2015.
challenging when different levels of security and access are
required by different network groups in an organization. [10] L. Fuliang, Y. Jiahai, A. Changqing, W. Jianping, W. Siyang
Employment of Virtual Local Area Network (VLAN) for the and J. Ning, "CSS-VM: A centralized and semi-automatic
system for VLAN management," 2013 IFIP/IEEE
network segregation has been observed as a viable solution International Symposium on Integrated Network Management,
because, it can effectively contain the broadcast traffic and pp.623-629.
prevent bandwidth wastage which is a drawback inherent to [11] S. McQuerry, CCNA Self-Study: Interconnecting Cisco
the traditional switched networks in order to enhance the Network Devices (ICND) 640-811, 640-801, 2nd Edition,
system performance. Therefore, VLAN addresses scalability, Cisco Press, 2004.
flexibility, security, and network management issues that are [12] T. Lammle and A. Barkl, CCDA: Cisco Certified Design
associated with the traditional LAN. This paper presents Associate Study Guide: Exam 640-861, 2nd Edition, John
practical application of network virtualization by the Wiley & Sons, 2006
implementation of the VLAN for logical network [13] Cisco Networking Academy, Routing and Switching
segmentation based on job types. In addition, the Essentials Companion Guide, 1st Edition, Cisco Press, 2014.
implementation of an IEEE 802.1Q trunking protocol frame- [14] S. Li, S. Sharma, D. Katramatos and Y. Dantong, "Optimizing
tagging mechanism is demonstrated. circuit allocation for bandwidth reservations in dynamic
virtual circuit networks," 2015 International Conference on
Computing, Networking and Communications, pp.817-823.
References [15] T. Hirotsu, K. Fukuda, H. Abe, S. Kurihara, O. Akashi and T.
Sugawara, "Dynamic and distributed routing control for
[1] A. Hameed and A.N. Mian, "Finding efficient VLAN virtualized local area networks," 2010 IEEE Conference on
topology for better broadcast containment," 2012 Local Computer Networks pp.212-215.
International Conference on the Network of the Future, pp.1-6.
[16] X. Ren, Z. Jun-feng and Y. Yu, "Research of access control
[2] Batayneh, M.; Schupke, D.; Hoffmann, M.; Kirstaedter, A.; strategy in EOC system based on VLAN," 2012 International
Mukherjee, B., "Reliable Multi-Bit-Rate VPN Provisioning Symposium on Information Technology in Medicine and
for Multipoint Carrier-Grade Ethernet Services Over Mixed- Education, vol.2, pp.893-896.
Line-Rate WDM Optical Networks," IEEE/OSA Journal of
American Journal of Mobile Systems, Applications and Services Vol. 1, No. 2, 2015, pp. 82-93 93
Biography
Isiaka Ajewale Alimi earns B. Tech. (Hons) Akeem Olapade Mufutau holds M.Eng.
and M .Eng. in Electrical and Electronics Degree in Communication Engineering from
Engineering (Communication) from Ladoke the Federal University of Technology, Ondo
Akintola University of Technology, state, Nigeria 2013. He joined the services
Ogbomoso, Nigeria in 2001, and the Federal of the Federal University of Technology,
University of Technology, Akure, Nigeria in Akure as a Senior Network Engineer in
2010 respectively. He is a Lecturer in the 2005 and rose to the position of Chief
Department of Electrical and Electronics Engineering, Federal Network Engineer and currently the Head of Systems & Network
University of Technology, Akure, Nigeria. He has published 3 Engineering Unit in the Computer Resource Centre of the
refereed international journals. He has extensive experience in University. He is presently a P.hD student and his research
radio transmission as well as in Computer Networking. His interests include, Network traffic monitoring and analysis, wireless
research interests include network security, advanced signal network and Radio frequency spectrum. He is a COREN registered
processing and wireless communication systems with emphasis on engineer, Chartered Information Technology Practitioner (C.itp),
multiple-antenna (MIMO) systems. He is a COREN registered and Member, Computer Professionals.
engineer.