The ability of users to access programs and to share data over a local area network (referred to as “LAN”) has become a necessity for most working environments. Frequently, as the amount of data traffic over the LAN increases, efforts have been made reduce data traffic congestion. One technique involves separating the LAN into multiple LAN segments, using a networking device such as a bridge or network switch operating at a Media Access Control (MAC) sublayer of the Data Link layer (layer 2) of the International Standards Organization (ISO) Open Systems Interconnection (OSI) reference model. For this implementation, however, all networking devices connected to the LAN still belong to the same broadcast domain.
As the number of LAN segments and networking devices per segment increase, in many cases, the networking devices become overburdened processing broadcast data frames. Thus, under such circumstances, it is desirable to separate the growing data network into multiple broadcast domains. One possible approach for providing multiple broadcast domains is to configure the LAN with multiple virtual local area networks (VLANs).
In general, a “VLAN” is a logical local area network that can roughly be equated to a broadcast domain. A VLAN may comprise a plurality of networking devices, perhaps on multiple LAN segments, that are not constrained by their physical location. A network administrator determines the configuration of the VLAN based on a selected VLAN membership mechanism.
For example, the most common VLAN membership mechanism is to classify selected groups of ports for a networking device as VLANs. For example, a first group of ports may form one VLAN while a second group of ports may form another VLAN. This port-based VLAN membership mechanism has a number of disadvantages. In particular, it does not allow for multiple VLANs to share the same networking device port. Also, it requires the network administrator to reconfigure VLAN membership each time a networking device moves from one port to another.
An alternative solution is to utilize policy-based VLANs in which one or more ports are classified as a member of a VLAN if the contents of their incoming frames satisfy the policy associated with the VLAN. For example, if the “policy” for the VLAN is “protocol-based,” those ports of the networking device that receive frames having a certain protocol are members of the VLAN. Besides protocol-based, examples of other types of “policy” include grouping based on source MAC address, source IP subnet and the like.
One problem associated with policy-based VLANs is that each and every port of a networking device may not be able to classify untagged frames based on the policy in question. For example, the networking device may include different application specific integrated circuits (ASICs) responsible for different ports. Both of these ASICs may support different VLAN capabilities. For example, one ASIC may support policy-based VLANs and the other ASIC may not. Thus, this may result in non-uniform classification of frames depending upon the port on which they are received.