In this blog post, we provide a practical example of VLAN trunking. First, let's start with some basic definitions. A Virtual LAN (VLAN) separates a single, physical local area network (LAN) into two or more distinct, logically separate LANs.
Each device on a VLAN can only access other devices on the same VLAN and each device is unaware of any other VLAN. This strategy isolates networks from one another, even though they run over the same physical network. Trunking allows multiple VLANs to be transported over a single connection. This extends the VLAN across physical boundaries that would otherwise block lower-layer protocols such as ARP. For more in-depth information, download our technical brief on VLAN trunking
, and how Digi devices based on the DAL OS operating system support this functionality.
Why Set Up VLAN Trunking?
As mentioned in our opening discussion, setting up a VLAN trunk helps to extend your VLAN across network boundaries. Additionally, a primary benefit of the VLAN features on Digi cellular routers is to provide multiple LAN networks on one or more Ethernet ports.
This allows users to create a segmented network, where certain devices are sectioned off in their own network, for increased performance, improved manageability, simplified software configurations, and increased security options. Digi cellular routers now take that one step further and allow users to create multi-segmented VLANs on multiple Ethernet ports, including both tagged and un-tagged packets.
Which Digi Devices Support VLAN Trunking?
Digi has a large and growing list of devices based on the DAL operating system — including routers, console servers, USB management devices and other infrastructure management products, that support VLAN trunks:
What the Digi cellular routers support is two VLAN modes: trunked VLANs or switchport VLANs. In trunked VLAN mode, the Digi device supports multiple VLANs per Ethernet port, the packets arrive with tags already, and it doesn’t add tags to the incoming packets.
The difference is that since the Digi device acts as a router, we can’t forward the tag on. The Ethernet header and VLAN tag are stripped before the packet enters the IP stack. So to the IP stack, it appears as the packet appeared on a virtual interface called "eth0.%d", and it needs to decide how to route the packet based on that.
There's no concept of a trunk interface that sends and receives all VLAN tags. The outgoing packet will then only have a VLAN tag if it is being routed out one of these virtual interfaces, and this VLAN tag doesnt have to be the same as the VLAN tag on the incoming packet.
In switchport mode, each Ethernet port can have one or more VLAN IDs associated to it. Any un-tagged VLAN packets that come into a network interface are automatically tagged with the primary VLAN ID for that switchport. This allows devices on the network that aren’t configured with a VLAN to act as if they are directly connected to the VLAN. Layer 2 traffic can flow directly between them.
Additional Resources and Support
Welcome to VLAN trunking with Digi solutions. Here are some additional resources to help you get started: