Network Protocol

—VLAN Protocol

      VLAN（Virtual Local Area Network）is a technology that logically divides a physical Local Area Network (LAN) into multiple broadcast domains at layer 2 (the data link layer).Through VALN, the network administrator can assign devices to different logical network without changing the physical topology,thereby improving network security,flexibility and management efficiency.

1、Base Concepts of VLAN

● Broadcast Domain Isolation

   In traditional Ethernet,all devices are in the same broadcast domain and broadcast frames are flooded to all ports.With VLAN, port on one or multiple switches can be divided into multiple logical broadcast domains.Each VLAN acts as an independent broadcast domain and broadcast traffic dose not cross VALN boundaries

● Logical Segmentation rather than Physical Segmentation

   VLAN dose not rely on physical location.Devices in the same VLAN can be distributed across different switches or even different geographical locations (connected via Trunk link).As long as the configuration is correct,they can communicate as if they were connected to the same switch

● VLAN ID

   Each VLAN has a unique identifier called VLAN ID,which typically ranges from 1 to 4094 (According to the IEEE 802.1Q Standard) .Among there,VLAN 1 is the default VLAN which generally used for management purposes and is not recommend for user data.The user can define and use VLAN 2 to 4094 as needed.

●  Access Port & Trunk Port

（1）、Access Port: It connects to terminal devices (Such as PC、Printer) ,belong to only one VLAN,sending and receiving untagged frames.

（2）、Trunk Port: It is used to transmit traffic for multiple VLAN between switches,or between a switch and a router.It uses the IEEE 802.1Q protocol to tag frame, thereby distinguishing data from different VLAN.

●  IEEE 802.1Q Standard

   This is the most commonly used VLAN encapsulation protocol. It inserts a 4‑byte VLAN tag into the Ethernet frame, which contains information such as the VLAN ID.

2、Advantages of VLAN

● Enhanced Security: Different VLAN cannot communicate directly by default. They require routing through a Layer 3 device (such as a router or Layer 3 switch), which makes it easier to implement access control.

● Improved Performance: Reduces unnecessary broadcast traffic, shrinks broadcast domains and increases network efficiency.

● Simplified Management: When user moved、added and changed,only the VLAN configuration need to be adjusted-no need to rewiring.

● Flexible Networking: Network can be logically divided by department 、function and project,without restricted by physical location.

3、IEEE 802.1Q（Core VLAN Protocol）

VLAN（Virtual Local Area Network）itself is not an independent "protocol", but rather a networking technology. Its standardization and implementation depend on a series of protocols and specifications. The core and most widely used VLAN protocol is IEEE 802.1Q.

Purpose：

    It defines how to insert a VLAN tag into an Ethernet frame, thereby supporting the transmission of data for multiple VLAN in the same physical link.

Tag Structure：

A 4-byte 802.1Q Tag is inserted between the source MAC address field and the Type field in the standard Ethernet frame.

    Contains the following key fields：

● TPID(Tag Protocol Identifier) :Fixed value 0x8100,identifies the frame as carrying a VLAN tag.

● PRI（Priority Code Point): 3 bits, used for QoS (Quality of Service) priority (0–7).

● CFI（Canonical Format Indicator): 1 bit. It indicates whether the MAC address is in canonical format. A CFI value of 0 means the address is in standard format; a value of 1 means it is in non‑standard format. It is used to distinguish between Ethernet frames, FDDI frames, and Token Ring frames. In Ethernet, the CFI is always set to 0.

● VID（VLAN Identifier): 12 bits, representing the VLAN ID, ranging from 0 to 4095 (the actually usable range is 1 to 4094).

Configuring VLAN on the ONU