VLAN Policies

= VLAN Overview =

The term VLAN (Virtual LAN) is used to refer to a collection of networking devices that logically communicate as if they were on the same physical LAN.

Any set of physical network ports, including all ports on: belongs, by default, to a VLAN (See Default VLAN).
 * Switches (Layer 2)
 * Routing Switches (Layer 3)

= VLAN Benefits =

VLANs adoption is used to control network traffic, increasing or enhancing network:
 * Device Security
 * Device Mobility
 * QoS (Quality of Service)
 * Administrative/Management control
 * at Layer 2 by means of:
 * Segmentation over Ethernet (Broadcast Domains)
 * Prioritization scheme for Ethernet with IEEE 802.1p CoS (Class of Service)
 * at Layer 3 by means of:

= VLAN Policies = Here some VLAN assignment methods typically availabe on Switches (Layer 2) and Routing Switches (Layer 3) network devices:
 * Port based VLANs (Layer 2)
 * MAC Address based VLANs
 * Protocol based VLANs (Layer 3)
 * Network Address based VLANs
 * Custom Defined VLANs

Port based VLANs (Layer 2)
With Layer 2 Port based VLANs, a subset of ports on a device is assigned to a specific VLAN creating and sharing a common and exclusive Layer 2 Broadcast Domain. Multiple Port based VLANs are possible on a single Layer 2 / Layer 3 device (Switch / Routing Switch).

Default VLAN
By default, all ports on a device are members of the Default VLAN (known also as VLAN ID 1 or DEFAULT-VLAN) and consequently all the ports on the device constitute a single Layer 2 Broadcast Domain. Ports that belong to a specific Port based VLAN are automatically removed from belonging to the Default VLAN by device ensuring that each Port resides in only one Layer 2 Broadcast Domain.

Port based VLANs (Layer 2) and IEEE 802.1p Tagging
IEEE 802.1p Tagging is an IEEE standard that allows a networking device to add information to a Layer 2 packet in order to identify the VLAN membership of the packet.

A Port can belong to only one port based VLAN at time, unless you apply IEEE 802.1p Tagging to the port.

IEEE 802.1p Tagging allows routing switches (Layer 3) and switches (Layer 2) to tag the port by adding a 4 Byte Tag Field to each packet sent on that port. The 4 Byte Tag Field contains a default Tag Value, which identifies the data as a tag, and the VLAN ID of the VLAN from which the packet is sent.

Port based VLANs can be configured to span multiple devices in a network by tagging the ports within the VLAN: the applied Tag then enables each device that receives the packet to determine the VLAN the packet belongs to.

IEEE 802.1p Tagging:
 * Applies only to Layer 2 Port based VLANs.
 * Does not apply to Layer 3 Protocol based VLANs.

MAC Address based VLANs
MAC Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC Address present on the Switch forwarding database. Network administrators can designate a set of physical ports that have their VLAN membership dynamically (or offline) determined by the MAC addresses of the end devices that plug into those physical ports.

Custom Defined VLANs
Any combination of above ones