Conventional technologies for virtual networks, such as a virtual local area network (VLAN) operate by connecting devices (i.e., servers, workstations, etc) to create a network that is logically segmented on an organizational basis (i.e., project teams, geographical locations, college campuses, etc). Traffic traveling through a particular VLAN carries a unique virtual network identifier (such as a VLAN ID) as it traverses through the network. The VLAN ID allows VLAN switches and routers to selectively forward packets to ports with the same VLAN ID while disallowing traffic from one VLAN to be sent to devices on another VLAN.
The devices within a VLAN can be connected to the same VLAN, regardless of their physical connections to the network. A device within the VLAN can be physically moved without having to manually update the network address of that device. Reconfiguration of the network can be done through software rather than by physically unplugging and moving devices or wires.
When an end user device such as a workstation is added to a network device such as an Ethernet switch that is shared by more than one VLAN, the end user device has to be statically or dynamically assigned to a VLAN. If this is done dynamically, authentication of the end user is required to know which VLAN to assign the end user device to. One authentication method commonly used for wired and wireless networking, is 802.1x. The authentication process is often performed prior to an IP address being assigned to the end user's device. The end user device being authenticated is called a supplicant where the network device that challenges the end user device for credentials is called the Authenticator. The Authenticator passes the credentials obtained from the end user device to the Authentication Server. The Authentication Server authenticates the end user using the credentials. Once authenticated, the new device is added to the VLAN, and then assigned a network address.
Routers support Virtual Routing and Forwarding instances (VRFs). A VRF consists of a network address routing table, a derived forwarding table, a set of interfaces or VLANs that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table.