VLANs

A VLAN is a group of switched ports that acts as a separate, isolated LAN. There can be several VLANs defined on a single switch. A VLAN can also span multiple switches. Workstations in separate VLANs will never encounter traffic or share bandwidth from other VLANs unless the data is routed. In other words, a router or switch with routing capabilities is required if devices on different VLANs need to communicate. It should be noted that VLAN configuration is done through the switch and its software.

Remember that one of the main benefits of switches is that they segment a network into many collision domains. Each port represents a single collision domain, and devices share bandwidth only with other devices on the same switch port. Unless a switch is segmented into VLANs, however, all of the devices on the switch are still in the same broadcast domain; that is, all broadcasts (and multicasts) are sent to each port throughout the switching fabric.

VLANs introduce a way to limit the broadcast traffic in a switched network (a job normally associated with routers). When you create a VLAN by defining which ports belong to it, you are really just creating a boundary for broadcast traffic. This has the effect of creating multiple, isolated LANs on a single switch.

Figure 9.1 shows a 12-port switch that has been divided into two VLANs. Ports 1 through 6 are VLAN 1, and ports 7 through 12 are VLAN 2.

Figure 9.1. Simple VLAN.

graphics/09fig01.gif

graphics/alert_icon.gif

It is important to understand the need for routers in a switched network. If devices on different VLANs need to communicate, routing is required to facilitate this exchange of data. Many of today's network systems are a collection of routers and switches.


What happens when a device on one VLAN needs to communicate with a device on another VLAN? Because a VLAN is a closed Layer 2 network, traffic must cross a Layer 3 device to communicate with other VLANs. This means that a router is required to facilitate the exchange of packets between VLANs.

graphics/note_icon.gif

The behavior we're describing here is that of Layer 2 switching. There are Layer 3 switches on the market that perform routing, but these are beyond the scope of this book.


It is possible for a device to participate in more than one VLAN by using a special type of network card that performs ISL (Inter-switch link). ISL is discussed further in the "ISL" section in this chapter.

The real benefit to using VLANs is that they can span multiple switches. Figure 9.2 shows two switches that are configured to share VLAN information.

Figure 9.2. VLANs spanning multiple switches.

graphics/09fig02.gif

A large campus network may have hundreds of switches spread throughout several buildings . A user can be put on the appropriate VLAN easily, no matter where he or she is physically located. Users on the same VLAN do not have to be connected to the same device. Therefore, LANs are no longer tied to the physical location of users, but can be assigned based on department, functional area, or security level. By isolating users according to department or functional area, network administrators can keep the majority of data traffic within one VLAN, thereby maximizing the amount of traffic switched at hardware speeds versus what is routed at slower software speeds.

The ability to assign a user to a VLAN on a port-by-port basis makes adding, moving, or deleting users simple. For example, let's say a user changes from the accounting to the marketing department. If the network administrator designed the network and VLANs by functional department, this user would have changed VLANs. To accommodate this change, the administrator only has to make a software configuration change in the switch by assigning that user's port to the new VLAN.

In addition, VLANs provide the flexibility necessary to group users by security level. This can greatly simplify applying a security policy to a network. In summary, the benefits of VLANs are that they:

  • Simplify security administration.

  • Allow users to be grouped by functional area versus physical location.

  • Simplify moving and adding users.



CCNA Exam Cram[tm] 2 (Exams 640-821, 640-811, 640-801)
CCNA Exam Cram[tm] 2 (Exams 640-821, 640-811, 640-801)
ISBN: 789730197
EAN: N/A
Year: 2005
Pages: 155

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net