Virtual LANs


To understand VLANs, it is first necessary to have a basic understanding of how a traditional LAN operates. A standard local area network (LAN) uses hardware such as hubs, bridges, and switches in the same physical segment to provide a connection point for all end node devices. All network nodes are capable of communicating with each other without the need for a router; however, communications with devices on other LAN segments does require the use of a router.

As a network grows, routers are used to expand the network. The routers provide the capability to connect separate LANs and to isolate users into broadcast and collision domains. Using routers to route data around the network and between segments increases latency. Latency refers to delays in transmission caused by the routing process.

Virtual LANs (VLANs) provide an alternate method to segment a network and in the process, significantly increase the performance capability of the network, and remove potential performance bottlenecks. A VLAN is a group of computers that are connected and act as if they are on their own physical network segments, even though they might not be. For instance, suppose that you work in a three-story building in which the advertising employees are spread over all three floors. A VLAN can let all the advertising personnel use the network resources as if they were connected on the same segment. This virtual segment can be isolated from other network segments. In effect, it would appear to the advertising group that they were on a network by themselves.

VLANs allow you to create multiple broadcast domains on a single switch. In essence, this is the same as creating separate networks for each VLAN.


VLANs offer some clear advantages. Being able to create logical segmentation of a network gives administrators flexibility beyond the restrictions of the physical network design and cable infrastructure. VLANs allow for easier administration because the network can be divided into well-organized sections. Further, you can increase security by isolating certain network segments from others. For instance, you can segment the marketing personnel from finance or the administrators from the students. VLANs can ease the burden on overworked routers and reduce broadcast storms. Table 9.1 summarizes the benefits of VLANs.

Table 9.1. Benefits of VLANs

Advantages

Description

Increased security

By creating logical (virtual) boundaries, network segments can be isolated.

Increased performance

By reducing broadcast traffic throughout the network, VLANs free up bandwidth.

Organization

Network users and resources that are linked and communicate frequently can be grouped together in a VLAN.

Simplified administration

With a VLAN, the network administrator's job is easier when moving users between LAN segments, recabling, addressing new stations, and reconfiguring hubs and routers.


802.1q is the Institute of Electrical and Electronics Engineers (IEEE) specification developed to ensure interoperability of VLAN technologies from the various vendors.


VLAN Membership

You can use several methods to determine VLAN membership or how devices are assigned to a specific VLAN. The following sections describe the common methods of determining how VLAN membership is assigned.

Protocol-based VLANs

With protocol-based VLAN membership, computers are assigned to VLANs by using the protocol that is in use and the Layer 3 address. For example, this method enables an Internetwork Packet Exchange (IPX) network or a particular Internet Protocol (IP) subnet to have its own VLAN.

It is important to note that although VLAN membership might be based on Layer 3 information, this has nothing to do with routing or routing functions. The IP numbers are used only to determine the membership in a particular VLANnot to determine routing.

Port-based VLANs

Port-based VLANs require that specific ports on a network switch be assigned to a VLAN. For example, ports 1 through 8 might be assigned to marketing, ports 9 through 18 might be assigned to sales, and so on. Using this method, a switch determines VLAN membership by taking note of the port used by a particular packet. Figure 9.1 shows an example of a port-based VLAN.

Figure 9.1. Port-based VLAN configuration.


MAC Addressbased VLANs

As you might have guessed, the Media Access Control (MAC) address type of VLAN assigns membership according to the MAC address of the workstation. To do this, the switch must keep track of the MAC addresses that belong to each VLAN. The advantage of this method is that a workstation computer can be moved anywhere in an office without needing to be reconfigured; because the MAC address does not change, the workstation remains a member of a particular VLAN. Table 9.2 provides examples of MAC addressbased VLANs.

Table 9.2. MAC Addressbased VLANs

MAC Address

VLAN

Description

44-45-53-54-00-00

1

Sales

44-45-53-54-13-12

2

Marketing

44-45-53-54-D3-01

3

Administration

44-45-53-54-F5-17

1

Sales


Although the acceptance and implementation of VLANs has been slow, the ability to logically segment a LAN provides a new level of administrative flexibility, organization, and security.



    Network+ Exam Cram 2
    Network+ Exam Cram 2
    ISBN: 078974905X
    EAN: N/A
    Year: 2003
    Pages: 194

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net