1-23) Improving LAN security. By assigning user groups to different VLANs, you can isolate them atLayer 2. To enable communication between VLANs, routers or Layer 3 switches are required.4) Flexible virtual workgroup creation. As users from the same workgroup can be assigned to thesame VLAN regardless of their physical locations, network construction and maintenance is mucheasier and more flexible.VLAN FundamentalsTo enable a network device to identify frames of different VLANs, a VLAN tag field is inserted into thedata link layer encapsulation.The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by IEEE in 1999.In the header of a traditional Ethernet data frame, the field after the destination MAC address and thesource MAC address is the Type field indicating the upper layer protocol type, as shown in Figure 1-2.Figure 1-2 The format of a traditional Ethernet frameIEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure 1-3.Figure 1-3 The position and format of VLAN tagA VLAN tag comprises four fields: tag protocol identifier (TPID), priority, canonical format indicator (CFI),and VLAN ID.z The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged.z The 3-bit priority field indicates the 802.1p priority of the frame. For information about frame priority,refer to QoS Configuration in the QoS Volume.z The 1-bit CFI field specifies whether the MAC addresses are encapsulated in the standard formatwhen packets are transmitted across different media. Value 0 indicates that MAC addresses areencapsulated in the standard format; value 1 indicates that MAC addresses are encapsulated in anon-standard format. The filed is 0 by default.z The 12-bit VLAN ID field identifies the VLAN the frame belongs to. The VLAN ID range is 0 to 4095.As 0 and 4095 are reserved by the protocol, a VLAN ID actually ranges from 1 to 4094.When receiving a frame, a network device handles the frame depending on whether the frame is VLANtagged and the value of the VLAN tag, if any. For more information, refer to section Introduction toPort-Based VLAN.