VLAN Overview

What is VLAN

Ethernet is a shared-medium network technology based on CSMA/CD (Carrier Sense Multiple Access/Collision Detect). A large number of hosts cause serious collisions, broadcast storms, performance degradation, and network outages. Switches reduce collisions but cannot isolate broadcast traffic.

VLAN (Virtual Local Area Network) technology solves this by splitting a physical LAN into multiple logical broadcast domains. Devices within a VLAN communicate as if on the same LAN; different VLANs cannot communicate directly, limiting broadcasts.

VLANs are not limited by physical location. Devices can be on the same switch, cross switches, or span routers while belonging to the same VLAN.

Advantages of VLAN:

1. Restrict broadcast domains, reduce routing load, lower latency, save bandwidth, and improve performance.
2. Enhance security: Layer 2 isolation between VLANs. Communication requires Layer 3 routing.
3. Flexible virtual workgroups: Users can be grouped logically without physical cabling changes.

VLAN Principles

To identify VLAN frames, a VLAN tag is added to the Ethernet header at the data link layer (Layer 2).

IEEE standardized VLAN tagging with the 802.1Q protocol in 1999. It defines a standard method for tagging Ethernet packets with VLAN information.

802.1Q inserts a 4-byte tag between the source MAC address and the EtherType field:

• 2 bytes: TPID (Tag Protocol Identifier)
• 2 bytes: TCI (Tag Control Information)

TCI includes PCP (Priority Code Point), CFI (Canonical Format Indicator), and VID (VLAN ID).

Figure 1-2 Traditional Ethernet Frame Format

Figure 1-3 VLAN Tag Fields

VLAN Tag Fields:

1. TPID: 16 bits, indicates 802.1Q tag; default value 0x8100.
2. Priority: 3 bits, 802.1p Class of Service (CoS).
3. CFI: 1 bit, MAC address format; 0 = standard, default value 0.
4. VLAN ID: 12 bits, identifies VLAN; valid range 1–4094 (0 and 4095 reserved).

Note: For double-tagged (QinQ) frames, the switch processes only the outer tag; inner tags are treated as payload.

VLAN Applications

2.3.1 LLDP Introduction

LLDP (Link Layer Discovery Protocol) allows devices to advertise and receive neighbor information over the local network. Information is stored in MIBs and can be queried via SNMP (RFC 2922).

LLDP uses TLV (Type/Length/Value) structures to carry device information. Multiple TLVs form an LLDPDU (LLDP Data Unit).

Figure 1-4 TLV Structure

LLDP-MED (Media Endpoint Discovery) is an extension for VoIP devices, providing:

• Capability discovery
• Voice VLAN configuration
• PoE power management
• Inventory management
• Location identification for emergency calls

Note: LLDP and LLDP-MED cannot run simultaneously on the same port.

LLDP Functions on IP Phones:

When LLDP is enabled, the phone periodically advertises itself and listens to the switch. If the Application Type = Voice, the phone automatically learns the Voice VLAN ID from the switch, updates its configuration, and reboots to apply the VLAN.

LLDP Configuration Steps (Web UI):

1. Log in to the web UI as admin/admin.
2. Go to Network → Advanced.
3. Enable LLDP.
4. Set the transmit interval (1–3600s).
5. Click Apply and reboot the phone.

Figure 1-5 LLDP Configuration Interface

After enabling LLDP, the phone:

• Periodically sends multicast LLDP packets.
• Accepts LLDP packets on the WAN/LAN port.
• Supports MAC/PHY configuration.
• Obtains VLAN from Network Policy TLV (overrides manual settings).

2.3.2 CDP Introduction

CDP (Cisco Discovery Protocol) is a Cisco proprietary layer 2 protocol for device discovery.

CDP Functions on IP Phones:
The phone advertises itself and listens to CDP packets from the switch. It automatically learns the Voice VLAN ID, updates configuration, and reboots.

CDP Configuration Steps (Web UI):

1. Log in as admin/admin.
2. Go to Network → Advanced.
3. Enable CDP.
4. Set the message interval (1–3600s).
5. Click Apply.

Figure 1-6 CDP Configuration Interface

2.3.3 DHCP VLAN

The phone supports VLAN discovery via DHCP. By default, it uses Option 132 to obtain the VLAN ID. Up to 5 custom DHCP options are supported.

DHCP VLAN Configuration Steps (Web UI):

1. Log in as admin/admin.
2. Go to Network → Advanced.
3. Enable DHCP VLAN.
4. Enter DHCP Option numbers (e.g., 132).
5. Click Apply.

Figure 1-7 DHCP VLAN Configuration Interface

Operation Flow:

1. Phone broadcasts DHCP Discover.
2. Server replies with Option 132 (VLAN ID).
3. Phone releases the current IP, tags all traffic with the learned VLAN ID, and performs DHCP again.

2.3.4 Manual VLAN Configuration

VLAN is disabled by default. You can configure VLAN for the WAN (Internet) port and LAN (PC) port separately with VLAN ID and 802.1p priority (0–7, 7 highest).

WAN VLAN Configuration (Web UI):

1. Log in as admin/admin.
2. Go to Network → Advanced.
3. Enable VLAN.
4. Set WAN VLAN ID (1–4094).
5. Set Priority (0–7).
6. Click Apply.

Figure 1-8 WAN VLAN Configuration

LAN VLAN Configuration (Web UI):

1. Log in as admin/admin.
2. Go to Network → Advanced.
3. Set LAN VLAN Mode and ID.
4. Set Priority.
5. Click Apply.

Figure 1-9 LAN VLAN Configuration

Phone LCD VLAN Configuration:

Menu → Advanced (Password:123) → Network → QoS&Vlan → WAN VLAN / LAN VLAN

Configuration Verification:
Capture packets to verify 802.1Q tags, VLAN ID, and 802.1p priority in SIP and RTP frames.

Switch VLAN Settings

Understanding Trunk, Access, Hybrid, Tagged, Untagged

Ethernet switch ports support three modes:

• Access: Belongs to 1 VLAN; used for endpoints (PCs).
• Trunk: Carries multiple VLANs; used for switch interconnections.
• Hybrid: Carries multiple VLANs; supports custom untagged egress.

Key Rules:

• Tagged: Frames retain the 802.1Q VLAN tag when sent.
• Untagged: The switch removes the VLAN tag before sending.
• PVID (Port VLAN ID): The default VLAN assigned to untagged incoming frames.

Cisco 2960 Switch VLAN Configuration

Default Ethernet VLAN Settings

Create or Modify VLAN

Delete VLAN

Assign Port to VLAN (Access Port)

Configure Trunk Port

Allowed VLANs on Trunk

switchport trunk allowed vlan { add | all | except | remove }

Configure Native VLAN

switchport trunk native vlan

Applicable Devices

Cisco 2960 Series Switches