VLAN Basics

A virtual LAN (VLAN) is a broadcast domain created by one or more switches. The switch creates a VLAN simply by putting some interfaces in one VLAN and some in another. So, instead of all ports on a switch forming a single broadcast domain, the switch separates them into many, based on configuration. It's really that simple.

The first two figures in this chapter compare two networks. First, before VLANs existed, if a design specified two separate broadcast domains, two switches would be used—one for each broadcast domain, as shown in Figure 10-1.

Figure 10-1 Example Network with Two Broadcast Domains and No VLANs

Figure 10-1 Example Network with Two Broadcast Domains and No VLANs

Alternately, you can create multiple broadcast domains using a single switch. Figure 10-2 shows the same two broadcast domains as in Figure 10-1, now implemented as two different VLANs on a single switch.

Figure 10-2 Example Network with Two VLANs Using One Switch

Figure 10-2 Example Network with Two VLANs Using One Switch

Fred

. Wilma

Fred

. Wilma

IVLAN1

IVLAN2

In a network as small as the one in Figure 10-2, you might not really need to use VLANs. However, there are many motivations for using VLANs, including these:

■ To group users by department, or by groups that work together, instead of by physical location

■ To reduce overhead by limiting the size of each broadcast domain

■ To enforce better security by keeping sensitive devices on a separate VLAN

■ To separate specialized traffic from mainstream traffic—for example, putting IP telephones on a separate VLAN from user PCs

0 0

Post a comment