|
        
|
VLANs
are established in switches and can be used to group a set of related
users, regardless of their physical connectivity. They can be located
across a campus environment or even across geographically dispersed locations.
The users might be assigned to a VLAN because they belong to the same
department or functional team, or because data flow patterns among them
is such that it makes sense to group them together. Note, however, that
without a router, devices in one VLAN cannot communicate with devices
in another VLAN.
Benefits of VLANs
In a flat, bridged
network all broadcast packets generated by any node in the network are
sent to and received by all other network nodes. In extreme cases, the
effects of broadcast radiation can be so severe that an end station
spends all of its CPU power on processing broadcasts.
VLANs solve some
of the scalability problems of large flat networks by breaking a single
bridged domain into several smaller bridged domains, each of which is
a virtual LAN. VLANs without routers do not scale to large campus environments.
Routing is instrumental in the building of scalable VLANs.
VLANs offer the
following features:
Broadcast control:
Just as switches isolate collision domains and only forward appropriate
traffic out a particular port, VLANs refine this concept further and
provide complete isolation between networks. A VLAN is a bridging domain,
and all broadcast and multicast traffic is contained within it. This
is helpful in controlling bandwidth usage.
Security:
VLANs provide security in two ways:
- High-security
users can be grouped into a VLAN, possibly on the same physical segment,
and no users outside of that VLAN can communicate with them.
- Because VLANs
are logical groups that behave like physically separate entities,
inter- VLAN communication is achieved through a router. Thus, all
the security and filtering functionality that routers traditionally
provide can be used.
Performance:
The logical grouping of users allows, for example, a multimedia
author making intensive use of a networked multimedia station or testing
a video broadcast application to be assigned to a VLAN that contains
just that developer and the servers he or she needs. The work does not
affect the rest of the campus, which results in improved performance
for the multimedia author (by being on a dedicated LAN) and improved
performance for the rest of the campus (whose communications are not
slowed down by the power-users use of the network).
Network management:
The logical grouping of users, divorced from their physical or geographic
locations, allows easier network management. Adds, moves, and changes
are achieved by configuring a port into the appropriate VLAN switch.
Network management software is used to easily assign a user from one
VLAN to another.
Adapted from: http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2012.htm
Ethernet
| Multimedia | Switching
| Router | VLAN | Layer
2 v Layer 3 | ATM | Resources
|
|
