A virtual LAN is a logically-independent network. Several VLANs can exist
parallel on a single physical switch. A VLAN consists of all computers
that behave as if connected to the same wire - even though they may actually
be physically connected to different segments of a LAN. VLANs have to be
configured by a network administrator. In the shown example, we have 3
VLANs that are characterized by different colors.
In order to make VLANs function correctly, VLAN-aware switches are needed
and all MAC-layer packets (e.g. Ethernet frames) need a VLAN identifier
in the header. This identifier makes clear to which VLAN a packet belongs
and switches should forward it only to computers that belong to the same
Since not all computers are VLAN-aware, there exist two possibilities to
tag the MAC-layer packet with a VLAN identifier:
Explicit Tagging: VLAN-aware hosts generate tagged
packets directly and the switches forward these tagged packets.
Implicit Tagging: In this case the hosts are not
VLAN-aware and now the switch has to build a tagged frame based on
its knowledge of the sender's VLAN membership. Typically the VLAN membership
is configured by ports or by MAC addresses.