1. Field of the Invention
The present invention is related to data communications in a Local Area Network (LAN). In particular, the present invention is related to providing multiple virtual LANs (VLANs) per switch port in a port-based VLAN implementation.
2. Description of the Related Art
Virtual Local Area Networks (Virtual LANs or VLANs) are logical groupings of nodes in a Media Access Control (MAC) bridged, or switched, network. In other words, VLANs define groups of nodes in the switched network that are not constrained by the physical location of the nodes. VLANs provide for increased user and network security: only nodes belonging to a particular VLAN communicate as if they shared a common LAN. Given the shift toward high speed LAN switching at the MAC layer as an alternative to data packet routing at the Network layer, VLANs provide an International Standards Organization (ISO) Open Systems Interconnection (OSI) Layer 2 based alternative to Layer 3 based methods for decreasing, containing, or limiting broadcast and multicast traffic in a network that is compatible with a switched LAN architecture.
The Institute for Electrical and Electronic Engineers (IEEE) is presently drafting a standard (802.1Q) that covers the operation of IEEE 802.1D MAC bridges or switches in a VLAN environment. However, there remain a number of proprietary, vendor-specific VLAN implementations for defining VLAN membership, and controlling intra- and inter-VLAN communication between nodes.
There are a number of well known, generally accepted ways for defining VLAN membership, i.e., for defining which nodes in a network belong to the same VLAN, and hence, which nodes can communicate with each other. As is well known to those of ordinary skill in the art, VLAN membership may be based on MAC-layer address, Network layer protocol type, Network layer address, or multicast address. One of the more common prior art methods for defining VLAN membership is based on the grouping of ports on a LAN switch. For example, nodes connected to ports 1, 2, 3, 5 and 8 of a switch may be grouped in VLAN 1, while nodes attached to ports 4, 6 and 7 of the same switch may be grouped in VLAN 2. Grouping nodes into a particular VLAN based on switch ports is applicable across multiple switches in a switched LAN architecture. With reference to FIG. 1, for example, nodes attached to ports 1, 2, 3, 5 and 8 of switch 1 and port 8 of switch 2 are grouped in VLAN 1. Additionally, nodes attached to ports 4 and 6 of switch 1 and ports 1, 3, 5 and 6 of switch 2 are grouped in VLAN 2. Finally, nodes attached to port 7 of switch 1 and ports 2, 4 and 7 of switch 2 belong to VLAN 3. Note that in a port-based VLAN grouping, a node cannot belong to multiple VLANs, since the node is attached to a switch via a single port. However, there are instances in which it is desirable for a node in a network, e.g., a sever or a high speed networked printer, to be a member of more than one VLAN. What is needed, therefore, is a method for allowing such a node to be granted membership in multiple VLANs.
Given a method for allowing a node to be granted membership in multiple VLANs, VLAN capable LAN switches must convey VLAN membership information associated with a particular node when forwarding a data packet for the node from switch to switch. Depending on the method of defining VLAN membership groups, e.g., Network layer protocol based grouping, the VLAN membership information is implicitly defined in the data packet forwarded by the switch. In other instances, such as port based VLAN membership grouping, an explicit reference must be inserted in the data packet before it is forwarded from a switch to the destination node, or another switch, so that the VLAN in which the data packet is allowed to be transmitted can be determined. A common prior art method for transmitting VLAN information between switches is based on frame tagging. Frame tagging involves inserting a header, comprising a VLAN identifier (VID) into a frame, or packet, prior to forwarding the packet over an interswitch link, so that the receiving switch can identify the VLAN to which the particular packet belongs.
A proposed method for identifying the VLAN to which a particular packet belongs, based on the frame tagging paradigm, is set forth in the IEEE draft standard 802.1Q. The draft standard suggests a standard format and definition of a single VLAN identifier (VID) in a tag header. In a port based VLAN grouping approach, in which a node is assigned to a VLAN based on the port of a switch to which it is attached, inserting a tag with a single VID does not allow a node to send packets over different VLANs. That is, a node necessarily can only be a member of a particular VLAN, as fixed by the VID associated with the port on the switch to which the node is attached. What is needed, therefore, if a node is to be granted membership in multiple VLANs, is a method and apparatus for identifying the VLAN to which the node belongs, so that a packet exchanged with the node may be identified with a particular one of multiple VLANs.
According to the present invention, a method and apparatus is provided for grouping a node in multiple VLANs using a port based VLAN grouping paradigm. The invention relates to a unique frame tagging approach for explicit VLAN identification, wherein a packet transmitted by a node is explicitly associated one of multiple VLANs by way of the tag protocol identifer/virtual LAN identifier combination in the tag header inserted in the packet.