Virtual Local-Area Networks (VLANs)
A virtual local-area network (VLAN) is a group of devices
on an Ethernet network that are logically segmented by
function, team, or application. Imagine a university
campus network and all the devices that need access to
it. It is a common practice to combine into the same
logical construct devices that need the same type of
access to the network or that perform the same function.
For example, the student devices will probably be
grouped into the student VLAN, the faculty devices into
the faculty VLAN, the finance department devices into
the finance VLAN, and so on. On top of the physical
network that connects these devices, a software layer is
added to separate them into different silos. This is done
following the IEEE 802.1q standard, which specifies an
additional field in the data link layer frame: the 802.1q
header. This header is 4 bytes long and is wedged
between the source MAC address field and the Type field,
as shown in Figure 16-7.
Figure 16-7 Typical Ethernet Frame Versus 802.1q
Ethernet Frame
In the 802.1q header, 12 bits are dedicated to the VLAN
identifier, so a maximum of 4094 VLANs can be defined
on an Ethernet network; the VLANs with IDs 0 and 4095
are reserved. Each VLAN defines its own broadcast
domain. A data link layer broadcast domain is defined as
the subset of devices on a network that receive Layer 2
broadcast traffic. Layer 2 broadcast traffic stops and is
not forwarded further by Layer 3 devices or routers. It is