If a VLAN-aware station initiated a transmission that was received on a port of a tag-aware switch, it is a simple matter to read the value of the VLAN assignment and forward the frame intact to those ports in its filtering database for that particular VLAN assignment. However, if a transmission is instead received from a VLAN-unaware station, the tag-aware switch must append a VLAN tag equivalent to the VLAN association established previously for the received frame. This association could be based on the MAC address, protocol ID or port location as discussed earlier. Whatever the association rule was for the VLAN, the identifier for that VLAN must be the same as applied to the VLAN tag and the new frame forwarded to the output port or ports indicated in the switch's filtering database.

To limit VLAN tags from being propagated to VLAN-unaware end stations, the tag-aware switch must have the capability of removing VLAN tags at output ports. This capability can be found in an edge switch that resides on the boundary of VLAN-aware and VLAN-unaware domains. An edge switch can read a VLAN tag from a VLAN-aware station or append a VLAN tag to a frame from a VLAN-unaware station and take appropriate forwarding action. Before it forwards the frame to one of its output ports, it looks in its table if the VLAN tag is to remain or be removed. If the message is going to VLAN-unaware stations, then the VLAN tag should be stripped. If it is going on to core VLAN switches, then it should be retained.

VLAN Core Switches

Core switches understand VLAN tags and reside in the backbone of the LAN and are usually only connected to edge switches. Therefore, their forwarding rules are much simpler and faster to implement. All incoming frames will have VLAN tags and all outbound frames will retain these tags. The filtering database could consist of only the 4094 possible VLANs and output port assignments. No source addressing would need to be learned. In actuality, an edge switch could be configured as a core switch, and since it would probably be too confusing to have two types of VLAN-aware switches in the plant, restricting use to only edge switches could be the answer. Even though 4094 VLANs are possible according to the 802.1Q standard, not all switches can support that many VLANs simultaneously. Could you imagine the complexity of configuring and maintaining this many VLANs?

Mobility

It would be convenient to move your laptop and connect it to any available spare port on a switch anywhere within the LAN to examine the operation of an industrial automation system on a particular VLAN. To achieve this functionality, the laptop should be VLAN-aware and the switch to which it is attached must be programmed to allow access to that particular VLAN by having a valid VLAN/port association to let your frames to reach the desired VLAN. Using a VLAN-unaware laptop (therefore, implicit tagging) would make the task more difficult, but not impossible; reconfiguration of the switches in the desired path might be required to open the path to the port where your laptop attached — and the use of Port VLANs would likely be impractical.

Figure 4 shows a typical LAN incorporating 802.1Q tagging with edge switches, each connected to one core switch using a single cable. Within the VLAN-aware domain, edge switches must transmit VLAN-tagged frames to identify frame/VLAN associations. For any edge switch to have access to all possible VLANs (to ensure mobility), the port connected to the core switch must be associated with all possible VLANs.

Figure 4 — The most flexible VLAN arrangement can be achieved by the use of 802.1Q tags. Edge switches allow the use of both VLAN-aware and VLAN-unaware end stations.

CONCLUSION

VLANs are an effective means of portioning a larger LAN into manageable subsets. VLANs restrict the broadcast domain, improve performance and security, and they are ideal for isolating industrial automation systems from IT systems while retaining the plant's structural wiring. The simplest of VLANs to implement are Port VLANs, but the most effective VLAN scheme is the IEEE 802.1Q VLAN tagging standard that improves mobility by allowing a user to potentially access any VLAN from any point on the LAN.

References

The Switch Book , Rich Seifert, 2000, Wiley Computer Publishing

Ethernet The Definite Guide, Charles E. Spurgeon, 2000, O'Reilly & Associates, Inc.

International Standard ISO/IEC 8802-3 ANSI/IEEE Std 802.3, 2000, The Institute of Electrical and Electronics Engineers, Inc.

Commercial Building Telecommunications Cabling Standard, TIA/EIA-568-A, 1995, Telecommunications Industry Association

Virtual Bridged Local Area Networks IEEE Std 802.1Q™, 2003 Edition, The Institute of Electrical and Electronics Engineers, Inc., TIA/EIA-568-A, 1995, Telecommunications Industry Association