Part 1 of this series (here) provided an overview of networking concepts and terminology and discussed some of the possibilities of incorporating networks in audio video and lighting systems. Part 2 (here) explained the OSI model to help us understand how different network technologies operate and interact with each other.
We left off in Part 2 talking about using multiple OSI Layer 2 and Layer 3 protocols that require isolation from each other – for example, [Audinate] Dante and Allen & Heath dSnake (digital interconnect snake) protocols. It could turn into a lot of work and expense to run separate sets of cabling and network switches for each protocol. Luckily, there’s a great solution for that.
What Is VLAN?
VLAN stands for virtual local area network. VLANs operate at Layer 2 on the OSI model (again, Part 2) and are a way of creating mostly isolated networks on a single set of physical cabling and switches. I say “mostly” because the traffic is isolated, but the VLANs share the same pool of bandwidth available on the switch, uplink interfaces, etcetera.
But the point is that the data from different networks are isolated from each other. They’re commonly used in the networking world to separate things like a guest WiFi network from, say, a staff network that has file servers, phones, printers, and staff computers. This way the guests on the WiFi can’t access things on the staff network. In our audio-video-lighting (AVL) world, we can use this same technology to isolate Dante, dSnake and control networks to prevent them from causing trouble for each other.
VLANs are identified by numbers 1 to 4094 and are assigned in a 12-bit section of each Ethernet frame. Ethernet frames are segments of data that traverse Layer 2 networks. So, for instance, we might make a VLAN that is identified as VLAN 29, or VLAN 4093. (We’ll come back to this in a bit.)
For a simple explanation of the concept: we can assign certain ports on switches to have access to different VLANs. Cabling between switches (called uplink) is able to carry multiple VLANs. This reduces, for example, the need for three sets of switches and three different uplink cables to carry three networks (Figure 1).
VLANs are configured on network switches (and other network hardware). As with any network design, make sure the networking hardware you select supports all the necessary features you require. VLAN support is pretty common, but most home grade network switches from the local electronics store won’t support them. For most small business-grade switches and above, VLANs are standard.
Now that we’ve covered a little bit of what’s going on here, let’s learn the practical application. Various switch manufacturers have slightly different terminology but the concepts remain the same.
The VLANs chosen for your networks will need to be created on each relevant piece of the network infrastructure – any switches, WiFi access points, routers, or servers that need to be involved. Our primary focus here will be on switches.
Let’s say you’re using VLAN 10 for your church’s staff network, VLAN 20 for AV control, and VLAN 21 for Dante. In the network switch, add and name them thusly. I work mostly with Aruba switches and configure them via the command line interface (CLI), so it’s as simple as entering the configuration mode and typing “VLAN 21 name Dante.” VLAN 21 exists on that switch now and is named Dante. Adding a VLAN via the web interface might require clicking on a tab and entering it. Either way gets the job done. Consult your specific network switch preferences and manual.
Now we get to determine what happens with that VLAN. It exists, but it’s not really doing anything.
Tagged & Untagged
“Tagged” and “Untagged” is how we assign the physical ports on the switch to the separate VLANs (Figure 2). To put it simply, “untagging” a VLAN on a switch interface will give the device connected to that interface access to that VLAN. Untagged interfaces are commonly called access ports because they’re the interfaces where devices are accessing the network.
On the other hand, “tagging” VLANs on interfaces will allow multiple VLANs to traverse a single interface, and they’re normally used between network switches and other pieces of infrastructure. Let’s say we have a Dante device connected to interface 10 on the switch, and Dante is VLAN 21. The Dante device doesn’t have a VLAN configuration within itself, so it doesn’t have the VLAN data tagged in the ethernet frame.
The switch interface we connect it to will be untagged on VLAN 21. This means that data from the Dante device will enter the switch, where the switch will add the VLAN information to each frame of data. Now as that data flows through the switch and across the network, it’s identified as traffic that belongs to the Dante VLAN and can go wherever that VLAN is allowed to go.
When data tagged for this Dante VLAN goes out of a switch interface that’s untagged on VLAN 21 into another Dante device, the switch interface will remove the VLAN information (or untag) that Ethernet frame to allow it to be received by the device connected to that interface.