A Virtual LAN (VLAN) is the IEEE standard 802.1Q that allows segregating individual physical switches on the link layer into multiple subnets. This allows for a single switch to act as if being multiple physical dedicated switches. It can both reduce the cost but also add security to the network.
For instance, it can be used to create cheaply multiple subnets on a network without having to buy additional network cards and switches. For instance, one might want to create a dedicated subnet for Guest WIFI to prevent guest devices from accessing the rest of the network, and maybe a dedicated storage subnet for adding additional firewall capabilities and limit what device can access the storage server. Additionally, perhaps a dedicated subnet for all Network cameras and etc.
How VLAN Work
The VLAN standard will insert data/tag inside the Ethernet frame. It will be inserted between the Source MAC address field and the EtherType field. Furthermore, it is possible to add up to two VLAN tags. By adding the VLAN tag inside the Ethernet frame, it will only be visible on the link layer.
Protocol Header
The protocol header for the VLAN standard is very small, that takes only either 4 or 8 bytes. Depending on if a single or double tag inserted. But each tag individually only a 4-byte that is associated with the VLAN tag.
- Tag protocol identifier (TPID) – 16 bits – a field that is set to 0x8100
- Tag control information (TCI) – 16 bits – divided into 3 fields.
- Priority code point (PCP) – 3 bits – The priority associated with the package
- Drop eligible indicator (DEI) – 1 bit – That it is okay to be dropped if needed.
- VLAN identifier (VID) – 12 bits – This is the VLAN Tag that specifies what subnet it is associated with.
The TPID is the bytes that are on the same byte location as the Ethernet type, which is the byte location that will specify the following bits and what protocol they are associated with. See EtherType list. This the reason why the Ethernet package allows for the inserting of subframe, by simply flagging the next proceeding protocol in the byte sequence.
This means that only 2 byte is related the VLAN tag, which is the TCI section.
Let us take a look at a real-world example. The following is Pfsense, a router operating system bundle. There it is possible to setup an interface that can be used for instance creating a subnet. There there are two variables that are configurable, the VLAN tag, as well the priority.
Free/Open software developer, Linux user, Graphic C/C++ software developer, network & hardware enthusiast.