Go to main content

Managing Network Datalinks in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020
 
 

Deploying VLANs

A virtual local area network (VLAN) is a subdivision of a local area network at the datalink layer of the protocol stack. VLANs split a single L2 layer network into multiple logical networks such that each logical network is its own broadcast domain. All the devices connected to a VLAN can send broadcast frames to each other regardless of their physical location or their connection to the same physical switch.

In Oracle VM Server for SPARC, the network infrastructure supports 802.1Q VLAN-Tagging. The virtual switch (vsw) and virtual network (vnet) devices support switching of Ethernet packets based on the VLAN ID and handle the necessary tagging or untagging of Ethernet frames. For more information, see Using VLAN Tagging in Oracle VM Server for SPARC 3.6 Administration Guide.

When to Use VLANs

    Deploy VLANs if you need to do the following:

  • Create a logical division of workgroups.

    For example, if all systems on a floor of a building are connected on one switch-based local network, you can create a separate VLAN for each workgroup on the floor.

  • Enforce differing security policies for the workgroups.

    For example, a finance department and an information technology department have different security requirements. You can create a separate VLAN for each department and enforce the appropriate security policy on a per-VLAN basis.

  • Reduce the size of broadcast domain and improve network efficiency. With VLANs, you split workgroups into manageable broadcast domains.

    For example, in a broadcast domain consisting of 25 users, if the broadcast traffic is intended only for 12 users, then setting up a separate VLAN for those 12 users can reduce traffic and improve network efficiency.

About VLAN IDs

A VLAN is identified through its name and a VLAN ID. You assign the VLAN name and its VLAN ID during configuration. Then, on the switch, you also assign a VLAN ID to each port.

The port VLAN ID must be the same as the VLAN ID assigned to the interface that connects to the port. If port IDs and their corresponding VLANs do not match, packets might go to the wrong destinations. See How Datalink VLAN ID Mismatch Errors Are Detected in Troubleshooting Network Administration Issues in Oracle Solaris 11.4.

VLAN Topology

VLANs require switches that support the VLAN technology. Switch ports should be configured according to the VLAN topology you adopt. Each switch manufacturer has different procedures for configuring ports on a switch. For example, to configure the ports of Oracle Switch ES1-24 for VLAN, see Sun Ethernet Fabric Operating System in VLAN Administration Guide, .

The following figure shows a local area network that has been divided into three VLANs. The setup includes the use of two switches.

Figure 8  Local Area Network With Three VLANs

image:Graphic illustrates local area network with three VLANs.

In the figure, the VLANs correspond to three working groups: accounting (acctg0), human resources (humres0), and information technology (infotech0). Different host systems belong to each VLAN. VLAN member hosts connect to each other through the switch ports that are configured with their specific VLAN IDs.

The next figure is a variation of the previous figure, where only one switch is used to support the VLAN infrastructure.

Figure 9  A Switch Connecting Multiple Hosts of Different VLANs

image:Graphic shows a single switch connecting multiple hosts of different VLANs.

The illustration especially shows that a single host can belong to multiple VLANs. For example, Host A has two configured VLANs, one with ID 123 and the second VLAN with ID 456. Each VLAN is connected to a switch port with a matching ID. Thus, Host A is a member of both the infotech0 and the humres0 VLANs.

Copyright © 2011, 2020, Oracle and/or its affiliates.  
Previous
Next