NP0995.

qxd 12/8/97 11:10 AM Page 1

Virtual LANs
Flexible network segmentation for high-speed LANs

Intel Networking Information Series

For today’s networking professionals who need fast,

concise information to help them understand new

technologies that can make their networks more

efficient and cost-effective.

NP0995.qxd 12/8/97 11:10 AM Page 2

Virtual LANs

Contents
Executive Summary 3

The Need for VLANs 4

VLANs: A Semi-Technical Discussion 5

An Industry-Wide VLAN Standard 6

The Intel VLAN Solution 6

Summary and Conclusion 7

For More Information 7

Glossary of Terms 7

2
NP0995.qxd 12/8/97 11:10 AM Page 3
Executive
Summary
Few people experience the rapid changes
of today’s business environment more
than Information Technology (IT)
managers. Employees move, business
operations are restructured and new tech-
nologies emerge. All of these changes
add pressure to networks already straining
under the requirements of more users,
more powerful workstations and more
demanding applications.
Virtual LANs (VLANs) can help IT
managers adapt to these changes more
easily and effectively, while increasing
overall network performance. By offering
a highly flexible means of segmenting a
corporate network, VLANs reduce the
performance bottlenecks that occur when
traditional backbone routers can’t meet
the demands of fast, switched networks.
A VLAN is a group of PCs, servers
and other network resources that behave
as if they were connected to a single,
network segment – even though they
may not be. For example, all marketing
personnel may be spread throughout
a building. Yet if they are all assigned to
a single VLAN, they can share resources
and bandwidth as if they were connected
to the same segment (see Figure 1).
The resources of other departments can
be invisible to the marketing VLAN
members, accessible to all, or accessible
only to specified individuals, at the IT
manager’s discretion.
This logical grouping of network
nodes helps free IT managers from the
restrictions of their existing network
design and cabling infrastructure.
It offers a fundamental improvement
in the ease with which LANs can be
designed, administered and managed.
And since VLANs are software-based,
they allow the network structure to
quickly and easily adapt to the addition,
relocation or reorganization of nodes.
No longer does each change require a
visit to the wiring closet.
Equally important, VLANs help meet
performance needs by segmenting the net-
work more effectively. Unlike standard
switching, they restrict the dissemination of
broadcast as well as node-to-node traffic,
so the burden of extraneous traffic is
reduced throughout the network. Security
can also be improved. Since all packets
traveling between VLANs may also pass
through a router, standard router-based
security measures can be implemented
to restrict access as needed.
Despite the advantages of a well-
designed VLAN solution, the newness
The VLAN Solution
Hub
Switch
Marketing
Engineering
Administration
Switch
Router
WAN Switch
Figure 1: VLANs allow highly flexible, efficient network segmentation, enabling users and resources to be
grouped logically, without regard to physical location.
Virtual LANs
of the technology and the large number
of proprietary implementations have
created confusion in the marketplace.
Some industry pundits have charged
that VLANs may eventually become
unnecessary as routing becomes faster
and high-bandwidth technologies such
as Fast Ethernet and Gigabit Ethernet
emerge. They also note a slow, industry-
wide trend toward protocols that depend
less upon broadcast traffic.
These changes may, to some extent,
reduce the importance of VLAN solutions
in the future, but they won’t eliminate
many of the key advantages of the tech-
nology. And VLANs offer an immediate
and cost-effective solution to several very
real networking challenges – a solution that
can be integrated into existing networks
without costly overhauls. The potential
benefits should not be ignored.
Printer
3rd Floor
Printer
2nd Floor
Ist Floor
3
NP0995.qxd 12/8/97 11:10 AM Page 4
Virtual LANs
The Need
for VLANs
By the 1980’s, most networks consisted
of a simple, hierarchical arrangement in
which multiple, shared-media networks
were connected by a router (see Figure 2).
With their sophisticated packet handling,
routers allowed communication between
networks when necessary, while effectively
segmenting traffic so that large shared
networks were not swamped by excessive
traffic. Unfortunately, traditional routers
were slow, complicated and expensive.
As the need for faster networks emerged,
a new solution was needed.
Switches spearheaded the next
evolution of network structure. By
segmenting the network and providing
dedicated bandwidth where needed,
they greatly increased performance,
while reducing cost and complexity
(see Figure 3). However, traditional
switches segment only unicast, or
node-to-node, traffic. Unlike routers,
they do not limit broadcast traffic
(packets that are addressed to all
A Traditional Fully Routed Network
Corporate
LAN Router
Hub Hub
PCs PCs
Server Server
Figure 2: Traditional LAN routers segment the network and provide logical
structure, but are slow, complicated and expensive.
4
the nodes within the network) or multicast
traffic (packets that are distributed to a
group of nodes).
As networks have grown and traffic has
increased, IT managers have been forced
to segment their networks into more and
more switched subnets to meet increasing
performance demands. With these changes,
broadcast and multicast traffic have placed
a greater burden on network bandwidth.
In the worst case scenario, broadcast
traffic can spiral out of control, creating
broadcast storms that can bring down
the network.
As switched networks have become
more common, routers have continued to
exist within the network. But they’ve been
forced toward the periphery, where speed
is generally less critical.
VLANs offer an effective solution to
swamped routers and broadcast storms.
By limiting the distribution of broadcast,
multicast and unicast traffic, they can
help free up bandwidth, reduce the need
for expensive and complicated routing
A Standard Switched Network
Servers
Hub
Hub
Hub
PCs
PCs
Server
PCs
Figure 3: Standard switches are much faster than routers and provide dedicated
bandwidth where needed, but are vulnerable to broadcast storms.
Benefits of VLANs
Flexible network segmentation
Users and resources that communicate most
frequently with each other can be grouped into
common VLANs, regardless of physical location.
Each group’s traffic is largely contained within the
VLAN, reducing extraneous traffic and improving
the efficiency of the whole network.
Simple management
The addition of nodes, as well as moves and
other changes, can be dealt with quickly
and conveniently from the management console
rather than the wiring closet.
Increased performance
VLANs free up bandwidth by limiting node-to-node
and broadcast traffic throughout the network.
Better use of server resources
With a VLAN-enabled adapter, a server can be a
member of multiple VLANs. This reduces the need
to route traffic to and from the server.
Enhanced network security
VLANs create virtual boundaries that can only be
crossed through a router. So standard, router-based
security measures can be used to restrict access
to each VLAN as required.
between switched networks, and eliminate
the danger of broadcast storms. With these
advantages, VLANs revive many of the
key advantages of LAN routing, but with
greater flexibility, performance, simplicity
and affordability.
Corporate
LAN Router
WAN
Switch
Switch
Hub
Hub
PCs
PCs
NP0995.qxd 12/8/97 11:10 AM Page 5
VLANs: A Semi-Technical Discussion
In general, there are three basic models
for determining and controlling how
a packet gets assigned to a VLAN.
Port-based VLANs – In this imple-
mentation, the administrator assigns
each port of a switch to a VLAN. For
example, ports 1-3 might be assigned
to the Sales VLAN, ports 4-6 to the
Engineering VLAN and ports 7-9 to
the Administrative VLAN (see Figure 4).
The switch determines the VLAN
membership of each packet by noting
the port on which it arrives.
When a user is moved to a different port
of the switch, the administrator can simply
reassign the new port to the user’s old
VLAN. The network change is then
completely transparent to the user, and
the administrator saves a trip to the wiring
closet. However, this method has one
significant drawback. If a repeater is
attached to a port on the switch, all of
the users connected to that repeater
must be members of the same VLAN.
MAC address-based VLANs –
The VLAN membership of a packet in
this case is determined by
its source or destination
MAC address. Each
switch maintains a table
Marketing
of MAC addresses and Engineering
Administration
their corresponding
VLAN memberships.
A key advantage of
this method is that the
switch doesn’t need
to be reconfigured
when a user moves to
a different port.
Figure 4: In a Port-based VLAN, each port of a switch can be assigned to a particular VLAN.
However, assigning VLAN membership
to each MAC address can be a time con-
suming task. Also, a single MAC address
cannot easily be a member of multiple
VLANs. This can be a significant limitation,
making it difficult to share server resources
between more than one VLAN. (Although
a MAC address can theoretically be assigned
to multiple VLANs, this can cause serious
problems with existing bridging and
routing, producing confusion in switch
forwarding tables.)
Layer 3 (or protocol)-based VLANs –
With this method, the VLAN membership
of a packet is based on protocols (IP, IPX,
Netbios, etc.) and Layer 3 addresses. This
is the most flexible method and provides
the most logical grouping of users. An IP
subnet or an IPX network, for example,
can each be assigned their own VLAN.
Additionally, protocol-based membership
allows the administrator to assign non-
routable protocols, such as Netbios or
DECNET, to larger VLANs than routable
protocols like IPX or IP. This maximizes
the efficiency gains that are possible
with VLANs.
Port-Based VLANs
Switch
1 2 3 4 5 6 7 8
Virtual LANs
Another important distinction between
VLAN implementations is the method
used to indicate membership when a
packet travels between switches. Two
methods exist – implicit and explicit.
Implicit – VLAN membership is
indicated by the MAC address. In this
case, all switches that support a particular
VLAN must share a table of member
MAC addresses.
Explicit – A tag is added to the packet
to indicate VLAN membership. Cisco
ISL and the IEEE 802.1q VLAN
specifications both use this method.
To summarize, when a packet enters
its local switch, the determination of its
VLAN membership can be port-based,
MAC-based or protocol-based. When
the packet travels to other switches, the
determination of VLAN membership
for that packet can be either implicit
(using the MAC address) or explicit
(using a tag that was added by the first
switch). Port-based and protocol-based
VLANs use explicit tagging as their
preferred indication method. MAC-based
VLANs are almost
always implicit.
The bottom line is
that the IEEE 802.1q
specification is going
to support port-based
9
membership and
explicit tagging,
so these will be
the default VLAN
model in the future.
5
NP0995.qxd 12/8/97 11:10 AM Page 6
Virtual LANs
An Industry-Wide
VLAN Standard
Many vendors have already developed
their own proprietary VLAN solutions
and products. Although these can provide
significant benefits, an industry standard
is clearly needed to ease the confusion
and make the benefits of VLANs more
accessible to IT managers.
At present, the IEEE is still working
on the 802.1q specification, which will
help ensure the interoperability of VLAN
implementations between switches and
NICs from different vendors. Ratification
of 802.1q is expected in the spring of 1998,
but products based on the specification
will start to appear on the market in early
1998. A second IEEE specification, 802.1p,
defines the use of priority bits, which are
part of the explicit VLAN tag as defined
in 802.1q.
There are two different VLAN
models which will both be specified
in the 802.1q specification: the shared
model and the independent model.
Both are explicit tagging implementa-
tions. They will generally work together,
but problems can arise. Specifically, if
you have a bridge router in your net-
work, you would probably do well to
adopt the independent model. If not,
either option would work. Some switches
will support both models, but you must
choose one when configuring the switch
for your network.
6
The Intel
VLAN Solution
A proprietary VLAN solution can
provide significant benefits. But once the
IEEE specifications have been finalized,
most future networking products will be
designed to support and extend that new
industry standard. So a standards-based
VLAN solution is more likely to retain
and extend its value as your network
grows and you incorporate new products
and technologies.
Intel currently offers network adapters
that are hardware-compatible with the
upcoming IEEE VLAN specifications.
Once the specifications are ratified, simple
software upgrades will be available by
disk or from the Intel Web page to estab-
lish compliance. Adapters that support
this simple upgrade path include:
■ Intel EtherExpressTM Server Adapter
■ Intel EtherExpress PRO/100
PCI Adapter
■ Intel EtherExpress PRO/100+
PCI Adapter
Since the industry standards are not
yet finalized, Intel switches currently
support a proprietary VLAN solution,
using the MAC address-based method
with Layer 3 extensions. This is an
extremely flexible approach, enabling
an efficient, high-performance VLAN
solution. The Intel EtherExpress
PRO/100 Server Adapter compliments
the implementation in Intel switches
with its support for Cisco’s proprietary
ISL VLAN protocol.
In the future, Intel intends to offer
strong support for the IEEE VLAN
specifications in both switches and
adapters. Both port-based and MAC
address-based VLANs will be supported
using an implicit model. Explicit tagging
will be also be supported using both the
shared and independent models. This
support for multiple implementations
will make it as easy as possible for IT
managers to create their own VLAN
solutions, and help ensure compatibility
with other VLAN implementations
within their network.
Flexible VLAN support is only
one way in which Intel switches and
adapters help ensure maximum per-
formance and adaptability in changing
network environments. (For more infor-
mation, see the Adaptive Technology
and Layer 3 Switching briefs in the
Intel Network Information Series,
FaxBack 1758 and 1769.)
Intel’s support for emerging VLAN
technologies derives naturally from
Intel’s commitment to delivering high-
performance connectivity solutions to
PCs and servers.
Intel now offers a complete line of
industry-leading networking products
and network management software.
All offer high-performance, cost-
effective networking solutions, designed
to empower users at the desktop while
easing the burden on IT managers.
Intel has also played a leading role
in shifting the industry toward simplified
PC and server management. The Wired
for Management (WfM) initiative was
launched by Intel in September of 1996.
One result of this wide-ranging effort
is the Wired for Management Baseline
Specification. This defacto industry
standard is already helping to make
NP0995.qxd 12/8/97 11:10 AM Page 7
the next generation of networked PCs
easier to manage and support. The goal
is nothing less than a network of PCs
that can be fully managed from a
central location.
Intel is strongly committed to devel-
oping and supporting other industry-wide
standards as well, through cooperation
with other key vendors and standards
organizations. Because in today’s het-
erogenous networking environments,
a solution can only be cost-effective if
it interoperates readily with existing
components and software. To safeguard
your investment, Intel continually tracks
and supports trends and specifications
relating to VLANs and other emerging
networking technologies.
Summary and
Conclusion
By segmenting the corporate network
with a new level of flexibility, VLANs
offer a fundamental improvement to
the network by working to simplify
management, while increasing
performance and enhancing security.
Desktops, servers and other network
resources can be organized according
to the needs of the business, rather
than the restrictions of the wiring closet.
VLANs also address the limitations
of standard switch segmentation by
containing broadcast as well as node-to-
node traffic. This helps eliminate router
bottlenecks and reduces the danger of
broadcast storms. Also, as a software-
based solution, VLANs allow IT
managers to adapt more easily to the
inevitable network changes that occur
in a fast-paced business environment.
Virtual LANs
Intel’s current VLAN solution offers For More
a highly flexible approach, using explicit Information
tagging so that each node can be assigned Visit Intel on the World Wide Web
to multiple VLANs. In future switches at http://www.intel.com/network
and adapters, Intel will provide multiple for more information on Intel’s
VLAN solutions to better meet the complete line of LAN adapters,
specific needs of individual networks, switches and other high-performance
while also supporting the upcoming networking solutions.
IEEE specifications.
Glossary of Terms
Broadcast – Network traffic that is disseminated to all the nodes on a shared-
media segment
Explicit model – VLAN membership is indicated by adding a tag to each packet
Implicit model – VLAN membership is determined by examining information
that already exists within each packet (the MAC address)
Independent Model – One of two explicit VLAN models specified in the
IEEE 802.1q specification
Layer 3 (or protocol)-based VLANs – Each packet’s protocol or Layer 3 addressing
is examined individually by the switch to determine VLAN membership
MAC Address-based VLANs – VLAN membership is determined by the MAC
address of each individual node
Multicast – Network traffic that is disseminated to selected nodes
Node – Each of the individual computers or other devices on a network
Packet – A chunk of data bits and associated information, including source address
and destination address, formatted for transmitting from one node to another
Port-based VLANs – Each port of a switch is assigned to a particular VLAN
Router – A device that connects two networks at the Network Layer (Layer 3) of the
OSI model; operates like a bridge, but also can choose routes through a network
Segmentation – The division of a network into separate shared-media subnets
Shared Model – One of two explicit VLAN models specified in the IEEE 802.1q
specification
Switch – A device that connects multiple network segments at the Data Link Layer
(Layer 2) of the OSI model. They operate more simply and at higher speeds than routers.
Unicast – Network traffic between two nodes
VLAN – Virtual LAN; a logical grouping of network nodes that act as if they are
connected to a single, shared-media network
7
NP0995.qxd 12/8/97 11:10 AM Page 8

Intel Services
Intel PC & LAN Products Customer Information and Support Phone Numbers
or find us on the World Wide Web at http://www.intel.com/network

NORTH AMERICAN SERVICE CENTER: OREGON, USA ASIA-PACIFIC SERVICE CENTER: SINGAPORE††
†
Intel BBS 1-503-264-7999 Product Information +65-735-3811
FaxBack* 1-800-525-3019 or 503-264-6835 Technicians +65-831-1311 Hours: 05:00 – 15:00
Product Information 1-800-538-3373 or 503-264-7354
Technicians ASIA-PACIFIC SERVICE CENTER: HONG KONG††
Network and ProShare®
Product Information +65-735-3811
Conferencing/Video Products 1-916-377-7000
Technicians +852-2-844-4456 Hours: 05:00 – 15:00
CPU, OverDrive® Processors
and Math Processors 1-800-321-4044
ASIA-PACIFIC SERVICE CENTER: KOREA††
Phone Hours: 7:00 – 5:00 M-W, F
7:00 – 3:00 Th (US Pacific Time) Product Information +65-735-3811
Technicians +822-767-2595 Hours: 05:00 – 15:00
EUROPEAN SERVICE CENTRE: SWINDON, UK
ASIA-PACIFIC SERVICE CENTER: TAIWAN††
Intel BBS† +44-1793-432-955
FaxBack +44-1793-432-509 Product Information +65-735-3811
Product Information +44-1793-431-155 Technicians +886-2-718-9915 Hours: 05:00 – 15:00
Technicians Hours (British Time)
English +44-1793-404-900 (08:00 – midnight) JAPAN SERVICE CENTER: TSUKUBA, JAPAN††
French +44-1793-404-988 (08:00 – 17:00, Tu 08:00 – 16:00) Product Information and Technicians
German +44-1793-404-777 (08:00 – 17:00, Tu 08:00 – 16:00) Network and ProShare
Italian +44-1793-404-141 (08:00 – 17:00, Tu 08:00 – 16:00) Conferencing/Video Products +81-298-47-0800
OverDrive Processors and Math Processors 03-5454-1886
ASIA-PACIFIC SERVICE CENTER: SYDNEY, AUSTRALIA†† Hours: 09:00 – 17:00 M-F
Product Information +61-2-9937-5800
†
Technicians +1-800-649-931 Hours: 05:00 – 15:00 modem settings: 8-N-1, up to 14.4Kbps
††
Or contact your dealer or distributor.

NOTE: Call our FaxBack service and order document #9089 for a current list of phone numbers.

CUSTOMER SUPPORT
Intel Customer Support Services offers a broad selection of programs including extended phone support, upgrades, parts replacement, on-site
services and installation. For more information, contact us on the World Wide Web at http://support.intel.com or call 800-538-3373, ext. 276.
Service and availability may vary by country.

FOR ALL OTHER INTERNATIONAL SALES MAILING ADDRESS

AND TECHNICAL SUPPORT QUESTIONS
North American Service Center
Contact your local dealer or distributor or call the North Intel Customer Support
American Service center at +1-503-264-7354. JF3-333
5200 NE Elam Young Parkway
SUPPORT FILES ON THE INTERNET Hillsboro, OR 97124-6497
Support information for Intel Brand products is available USA
on the Internet for downloading by Anonymous FTP and European Service Centre
for viewing or downloading on the World Wide Web. Branded Products Support Centre
World Wide Web address (URL) Intel Corporation (UK), Ltd.
Corporate: http://www.intel.com Pipers Way
Customer Support: http://support.intel.com Swindon, Wiltshire
Intel FTP Server England SN3 1RJ
Hostname: ftp.intel.com
File directory location: /pub/support/enduser_reseller
(For FTP Server access instructions, order document #9051)

© Intel Corporation, 1997.

NP0995 * Third party trademarks are the property of their respective owners. Please Recycle.