Hi all, Can anyone explain the phenomenan of Vlan add and Vlan strip. Why it is required? I have this brief knowledge that a Switch DUT when it receives a packet with VLAN TAG, the same packet can come out of another port without VLAN TAG (strip). And similarly a packet received by a Switch DUT without a VLAN TAG can come out of another port with a VLAN TAG (Add). Is this behaviour common for Switch dut's? Thanks in advance. PranavT
the VLAN technology is the attempt to build a LAN in a switched network. In a switched network every port of a switch can be a LAN (shared segment) or a line to a host. A LAN has the advantage that one frame sent by one node can be read by any other connected node.
Supposing we have only single hosts connected to switch ports, how could I manage hosts at different ports to become memeber of a construction that resembles A LAN construction?
One way is to make a table inside the switch and list all ports belonging to this particular Virtual LAN. This list would contain the port numbers and the individual hardware address of the connected host.
The advantages of this construction are:
traffic containment - the frames can only be read by the VLAN members
recource protection - servers, printers can only be used from members
broafcast containment - broadcasts will only be flooded within the VLAN
The frames of any host at a port belonging to VLAN "blue" will get a TAG containing this VLAN Identifier. By the aid of the list these frames can be assigned to the ports with the connected destination address also belonging to VLAN BLUE. Before we send it there the "egress Process" of the switch removes the TAG, because the TAG elongates the frame to length that would not be understood be the host. It's a simple sorting mechanism.
Members of the VLAN BLUE could be connected to another switch than the rest of this VLAN community. To reach these members we need a connection between both switches belonging to the VLAN BLUE. This is called a TRUNK. Trunks carry tagged frames only between switches sharing a VLAN. The TAG would not be removed by the Egress Process, because looking at the VLAN tablle locating the destination address this process learns that this address is reachable over a trunk connection. The connected switch would receive this frame on a port belonging to VLAN BLUE. The destination address in his list points to a port. The Egress process would remove the TAG to deliver a known frame format to the host.
VLAN BLUE is a name. For the VLAN process names are synonyms for numbers. in the VLAN TAG 12 bits are reserved to build VLAN numbers. 2 to the power of 12 is 4095. For some reason we count from zero. so we cover a range from 0 to 4094, what makes 4095 numbers. 0 is forbidden, 1 is reserved, 4095 is something like a waste basket number. Everything directed to VLAN 4095 is thrown away. Finally we come to a usable number range from 2 to 4094 which makes 4093
These numbers and the names as part of a human interface to vlaning as well as the hardware addresse are part of the lists. These lists are called FID - Filtering Databases.
So far VLAN technology at a glance.
I hope I could give you an idea what VLANs are. There is much about this subject to know and it is a very common technology for security reasons.
Good luck to you.
Continue asking questions, there is a hell of a lot expertise out here in the world.