JOURNAL OF TELECOMMUNICATIONS, VOLUME 18, ISSUE 2, FEBRUARY 2013

11

Conceptualising VLAN Operation Through a VLAN Teaching Model (VTM): Deployed for

sub-Saharan Institutions Jameson Mbale

Abstract—The VLAN technology involved defining set of ports and criteria of VLAN membership on a switch for workstations

connected to the ports that allowed the given edge devices to communicate exclusivelywith the targeted stations on the same

VLAN. Teaching such advanced technology to institutions in the sub-Saharan region that lack a VLAN infrastructure posed a

challenge to the learners’ability to conceptualise and to clearly understand. Thus, teaching the technology while limiting it to

theory only,failed to allow students to witness VLAN operational principles. It was in view of this, that the VLAN Teaching Model

(VTM) was envisaged to simplify the methodology of introducing the essence of VLANs into a classroom environment. To

ascertain the effectiveness of the model,a CASE Control study was conducted where a class of one hundred and twenty (120)

students was divided into two groups. The Control group which used the model had fifty one (51) studentsand managed to

attainan eighty five percent (85%) conceptualiasation level of the technology, a high to very high result. The CASE Group

comprised of 60 students had only eight (8) students who managed to attain a high/very high conceptualization level. Thus only

thirteen point three-three percent (13.33%) high/of the case group managed to attain a very high conceptualiasation level. From

such statistical results, the VTM proved to be an effective teachingtool in the absence of the actual infrastructure.

Index Terms—VLANs Teaching Model (VTM), switch, sub-Saharan institutions and VLAN infrastructure.

————————————————————

1 INTRODUCTION

heVLANs Teaching Model (VTM)was designedfor use as a teaching tool ininstitutions that did not have aVirtual Local Area Netwok (VLAN) infrastructure,a

condition especially prevalent in the sub-Saharan region. Teaching about VLANs and its implementation in theory only prohibitedlearners from fully understanding the VLAN mechanism technology. Hence the need arose for a practical, alternative method to be used in the absence of an actual VLAN infrastructure. In view of that, a simula-tion-based VTM teaching aid was designed as demon-strated in Figures 1, 3, 4, 5 and 6. In these simulations, the model had the following components: the Network Ad-ministrator (NA) personal computers, a switch, a me-dium, a status window, and series of work stations. The NA personal computers were used to configure the ports and to set VLAN membership for the workstations on the switch. When the VTM was run, the configured VLANs using the virtual switch sent the network traffic to tar-geted workstations only.The workstations that were not targeted did not see the traffic. In that way, the learners were able to observe the simulation of the configured VLAN, moving from the switch, which broadcasted the network traffic, to only the targeted workstations. The status window on the model indicated the action of that particular VLAN. In Figure 2, the VTM flow chart dem-onstrated the whole mechanism of the VLANs implemen-tation.

1.2 The Problem Statement

Many institutions in the sub-Saharan region do not have the relevant telecommunication equipment. This is detri-mentalto those students studying Telecommunications who were faced with a challenge of learning technology whichthey had neither seen nor experienced. Much of teaching and thelearning wasbased upon theory, without the use of any actual teaching aids. For instance, the con-cept of configuring and implementing VLANs in a net-work set up became a nightmare to many of these stu-dents. The learners could not figure out how to divide larger LAN into smaller subnets containing manageable workstations installed from different physical locations. The mechanism of a switch sending packets/frames to those workstations that were VLAN ID configured re-ceived the information and the rest did not manage to see the packet distribution, was a puzzle to the learners. It was in view of this deficiency that the VTM was envi-saged to practically demonstrate the VLAN mechan-ism,which illustrated step-by-step, the movement of in-formation to the targeted workstations. The learners were able to physically see the VLAN infrastructure setup in action. In addition, they were able to see the communica-tion in the form of packets/frames being directed by a switch to only those workstations that were configured under the specific VLAN configuration as demonstrated in Figures 1, 3, 4, 5 and 6.

2 RELATEDWORK

The concept and technology of VLANs were dis-cussed by other network experts. In[1]the authorstated

————————————————

Jameson Mbale is with the University of Namibia,Centre of Excellence in Telecommunications (CoE), Department of Computer Science, P/B 13301, Windhoek, Namibia.

T

that the basic reason for splitting a network into VLANs was to reduce congestion on a large LAN. They pointed out that initially LANs were very flat—all the worksta-tions were connected to a single piece of coaxial cable, or sets of chained hubs. They said, in a flat LAN, every packet that any device puts onto the wire gets sent to every other device on the LAN. They further described a VLAN as a set of workstations within a subnet on a LAN that could communicate with each other as though they were on a single, isolated LAN. They also emphasized that a switch only sends traffic to a given port if the traffic hasto go to that port. So switches reduced congestion at workstations, by stopping the workstations from seeing all the traffic from the other ports of the switch. They stressed that a simple switched network, though, still needs routers to set the boundaries of where broadcasts are sent (referred to as “broadcast containment”). They also mentioned the advantages of using VLANs as: im-proving networkperformance, allowing the formation of virtual working groups, while providing greater flexibili-ty and ease of partitioning resources. They described the creation of a VLAN on a switch as involvingthe definition of a set of ports, and establishing the criteria for VLAN membership for workstations connected to those ports. All devices connected to a given port automatically be-came members of the VLAN to which that port was as-signed. The Extension [2]described VLANs as allowing single physical LAN to be partitioned into several smaller logi-cal LANs. VLANs are an effective means of portioning a larger LAN into manageable subset. They said VLANs limit the broadcast domain, improve security and per-formance and are ideal for separating industrial automa-tion systems from information technology systems. They explained some ways of creating VLANs by pointing out that the easiest to understand was the Port VLAN. They stressed that switches created an association of MAC ad-dresses and port numbers. They also mentioned that what needed to be added was a VLAN association which would have to be accomplished through some configura-tion of a switch that could support VLANs. The Extension [2] also discussed a big advantage of Port VLAN was that it was simple to use and patch panel ports could be easily tagged with the association VLAN, and it was just a sim-ple matter of moving patch cords around to connect par-ticular stations to particular VLANs.

In [3] the authors explained how a VLAN separated devices by employing media access control (MAC) ad-dresses on an Open Systems Interconnection Reference Model (OSI) Level 2. Effectively, this is similar to physi-cally separating traffic with completely independent in-frastructure, except that network traffic separation occurs through the switches. They [3]further asserted that Vir-tual LANs (VLANs), defined by the 1998 IEEE standard 802.1Q, operate at level 2 of the OSI model.

VLAN's [4]allowed a network manager to logically segment a LAN into different broadcast domains. VLAN's offer a number of advantages over traditional LAN's: performance, Formation of Virtual Workgroups, Simplified Administration, Reduced Cost and Security.

VLAN's which allow the formation of virtual workgroups, better security, improved performance, sim-plified administration, and reduced costs.

In another report[5],a VLAN was roughly equated to a broadcast domain. More specifically, VLANs can be seen as analogous to a group of end-stations, perhaps on multiple physical LAN segments, that are not constrained by their physical location and can communicate as if they were on a common LAN. Port grouping is still the most common method of defining VLAN membership, and configuration was fairly straightforward. However, the primary limitation of defining VLANs by port is that the network manager must reconfigure VLAN membership when a user moves from one port to another.

Blue Coat Systems, Inc.,[6] defined a VLAN asa me-thod of creating independent logical networks within a physical network. VLAN Tagging is the practice of insert-ing a VLAN ID into a packet header in order to identify which VLAN (Virtual Local Area Network) the packet belongs to. More specifically, switches use the VLAN ID to determine which port(s), or interface(s), to send a broadcast packet to. The purpose of VLANs is to group multiple physical network segments into individual broadcast domains, allowing you to have multiple virtual switches. The benefit of this grouping is that clients can be organized logically rather than being limited to a sub-net per physical switch. VLAN configuration occurs on the switch; the network administrator specifies which ports belong to which VLANs.

Micrel, inc.,[7]maintained that a VLAN can be rough-ly equated to a broadcast domain. More specifically, VLANs can be seen as analogous to a group of end-stations, perhaps on multiple physical LAN segments that are not constrained by their physical locations and can communicate as if they were on a common LAN. VLANs are set up between switches by inserting a tag into each Ethernet frame. The Micrel (2004) further explained that the simplest way to defineVLANwas to assign specific ports on a switch to VLANs. He gave a scenario such that, ports 1, 2, 7, and 8 on an 8-port switch make up VLAN A, while ports 3, 4, 5, and 6 make up VLAN B. He empha-sized that port grouping was the most popular mannerof defining VLAN membership, and that this configuration was fairly straightforward.

3 THE VTMINFRASTRUCTURE

The VTM infrastructure in Figure 1 was built displaying all the system components ranging from network admin-istrator’s personal computers, the medium, switch and a series of user’s workstations.

12

Figure 1. VTM Infrastructure Set Up

The three stations on the left hand side were the PC’s di-

rectly connected by a medium to the switch. The top sta-

tion was configured for VLAN10 and was named V10.

The middle one was set for VLAN20, classified as V20,

whereas, the bottom one arranged for VLAN30, referred

to as V30. These PC’s were used by the Network Adminis-

trator (NA) to configure the switch. In between the NA

PC’s and series of workstations was the switch. The

switch was configured to create and partition the VLANs

by setting up the workstation port ID’s. That configura-

tion was the creation of VLANs by configuring the port

ID’s of the workstations involved. On the right hand-side

was a series of workstations, whose port ID’s were confi-

gured according to the VLAN of the choice. In between

the NA stations and the switch was the medium, where

the packets or frames were transported. On top of the

medium was a status box, whose function was to indicate

the process that was going on. At the bottom left hand

side laid a series of buttons used to commence the

process.

4 THEVTM DATA FLOW DIAGRAM ILLUSTRATING

VLANS MECHANISM

The NA initiated the process and the system first checked if there was a switch. If there was no switch the whole process stopped. If there was a switch, the system created and configured the VLANs in that cases were VLAN10, VLAN20 and VLAN30. After creating the VLANs, the implementation started. If NA invoked the VLAN10, then the traffic was only transmitted to all Work Stations:10, the rest of the Work Stations did not see the network traf-fic. If the initiated VLAN was VLAN20, theall network packets were directed to Work Stations:20 and other Work Stations were excluded from such services. If the NA wanted to run VLAN30, the network frames were sent to all Work Stations:30 only and the re-maining ones could not access these network communica-tions.

Work-

Stations:10

Switch

Exist

Start

EndNoYes

IF Config

VLAN10

IF Config

VLAN20

IF Config

VLAN30

goto

Work-

Stations:20

Work-

Stations:30

goto

goto

Else

Else

Else

Create / Configure

VLANs 10, 20, 30

Figure 2. VTMData Flow Diagram 5 VTMIMPLEMENTATION The implementation of the VTM in that work was demon-strated in five stages of simulation showing the whole VLAN mechanism. Stage 1: The In Figure 3, the NA pressed the button labeled “But-ton V10”, and it invoked station 1 which activated the switch to configure the VLAN10 by setting up the VLAN10 ID ports of all the Work Stations:10.

Figure 3. VLAN10 Started

13

13

Stage 2: Figure 4 now showed how the V10 was approaching the switch.

Figure 4. Frame Approaching the Switch

As the frame was moving in the medium, the status win-dow remained showing “STATION 1 SENDING TO V10”.

Figure 5. Switch Broadcasting V10 to Work Stations:10 As discussed above, the status window still indicated “STATION 1 SENDING TO V10”. Stage4: The frames were approaching Work Stations:10 as shown in Figure 6.

Figure 6. Frames Reaching their Respective Worksta-

tions:10

The status window still indicated “STATION 1 SENDING TO V10”.

6 RESULTS AND DISCUSSION The CASESample Group in Table 1 and Controlled Sam-ple Group in Table 2, each with sixty (60) students were used to ascertain the effectiveness of the VTM model. In that work, the controlled group was the one taught using the VTM model, whereas the CASE Group did not use the teaching aid.

6.1 The CASE Group

As discussed above, theCASE Group was denied use of the VTM model during the lesson, and their performance was demonstrated in Table 1 and Figure 8. At the end of teaching , the CASEgroup, only three (3) learners showed very high level of conceptualization, which comprised five percent (5%) of the group’s population, followed by five (5) students had high level, comprising an (8.33%) frequency as indicated in Figure 7. The majority of the students[ thirty two (32)] of themattained an average un-derstanding composing (53.33%) of the group, and the remaining twenty (20) performed at a low level acquired thus forming (33.33% of this group )as indicated in Fig-ure7.

14

6.2 The Control Group Similarly, the outcome of using the VTM model also shown in Table 2 and Figure 8, produced the following results. Out of sixty (60) students, eleven (11) had a very high conceptualization score and comprised(18.33%) of its student members, followed by forty (40) learners who demonstrated high conceptualization, which was equated to(66.67%) of the group. About eight (8) students had at-tainedan average conceptualization score which tallied to (13.33%) of the group’s population. In this Control Group, only one (1) student had a low conceptualization which was (1.67%) of the Control Group’s membership. 7 CONCLUSION Within academic circles, there is a slogan states “ You Learn best by doing”. In other words that what you prac-tically see and touch, remains permanently in your mind. It was inthis context that the VLANs Teaching Model (CTM) was designed and created for use especially in the sub-Saharan institutions where the telecommunications infrastructure was very limited. The components of the VTM operated as the true replica of the physical tele-communications components that formed the complete VLAN operation. The developed software simulation si-multaneously demonstrated in stages 1 to 5, discussed in Section 4, represented replica of the actual VLAN opera-tion. From the software simulation and starting at the beginning, the learners from the controlled group were able to see the VLAN creation and configuration. They (learners) also saw the switch releasing and sending the VLANs to only the targeted workstations. In that way, the learners were able to conceptualiseprocess of the VLAN communicationsbeing directed to specific workstations and demonstrated how the non-targeted ones were ex-cluded from this network traffic. Such a hands-on soft-ware simulation piquedthe student’s interest in the topic as they dealt with this simulated praxis. As also demon-strated in Section 4, the CASEGroup which did not use the model, none usage of the hands-on software simula-tion piquedthe student’s interest on the lesson and ended up performingat average level, failing to satisfactorily conceptualise the VLANs technology. In conclusion, the VTM model served as practical teaching method in the absence of the actual telecommunications equipment.

Table 1. Did Not Use the Model

Table 2. Used the Model

Figure 7.CASE Group Never Used the Model

Figure 8.Control Group that Used the Model

15

REFERENCES [1] A. Telesis,“AlliedWarePlus™OS Overview:

VLANs,Overview of VLANs (Virtual LANs.USA Headquarters,”http://www.alliedtelesis.com. 2008

[2] The Extension,“A Technical Supplement to Control

Network,”Contemporary Control Systems, Inc. Volume 5, Issue 1. 2004.

[3] G. Leischner and C. Tews, “Security Through VLAN

Segmentation: Isolating and Securing Critical Assets Without Loss of Usability,” proceedings of the 9th Annual Western Power Delivery and Automation Conference, Spokane, WA, available at http://www.selinc.com/techpprs.htm April 2007.

[4] S. Varadarajan, “Virtual Local Area Net-

works,”availableat http://www.cis.ohio-state.edu/ 1997.

[5] D. Passmore and J. Freeman, “The Virtual Lan Tech-

nology Report,” Decisys, Inc., a Sterling, Virginia-based Consulting Firm, USA. 1996.

[6] Blue Coat Systems, Inc., “Technology Primer: VLAN

Tagging,” available at http://www.bluecoat.com 2007.

[7] Micrel, inc., “Virtual LAN: Application and Tech-

nology – White Paper,” available athttp://www.fourdtech.com/downloads/virtual_lan.pdf2004.

Jameson Mbale received his PhDDegree in Computer

Science from Harbin Institute of Technology, China, in 2003. He obtained M.Sc. Degree in Computer Science from Shanghai University in 1996 and B.A. in Mathematics and Computer Science at University of Zambia in 1993 in Zambia. He is a Senior Lecturer in the Department of Computer Science at the Uni-versity of Namibia. He is the founder and coordina-tor of Centre of Excellence in Telecommunications and Information Technology (CoE). His research in-terest in network security, wireless network-ing,telecommunications and e-Learning and he has published papers in these areas.

16