Lesson
9: Understanding Virtual LANs
This lesson covers virtual LANs or VLANs. We’ll start
by defining what a VLAN is and then explaining how it works.
We’ll conclude the lesson by talking about some key
VLAN technologies such as ISL and VTP.
The Agenda
- What
Is a VLAN?
- VLAN
Technologies
What Is a VLAN?
Well, the reality of the work environment
today is that personnel is always changing. Employees move
departments; they switch projects. Keeping up with these changes
can consume significant network administration time. VLANs
address the end-to-end mobility needs that businesses require.
Traditionally, routers have been used to limit the broadcast
domains of workgroups. While routers provide well-defined
boundaries between LAN segments, they introduce the following
problems:
- Lack of scalability (e.g., restrictive addressing
on subnets)
- Lack of security (e.g., within shared segments)
- Insufficient bandwidth use (e.g., extra traffic
results when segmentation of the network is based upon physical
location and not necessarily by workgroups
or interest group)
- Lack of flexibility (e.g., cost reconfigurations
are required when users are moved)
Virtual LAN, or VLAN, technology solves these problems because
it enables switches and routers to configure logical topologies
on top of the physical network infrastructure. Logical topologies
allow any arbitrary collection of LAN segments within a network
to be combined into an autonomous user group, appearing as
a single LAN.
Virtual LANs
A VLAN can be defined as a logical LAN segment
that spans different physical LANs. VLANs provide traffic
separation and logical network partitioning.
VLANs logically segment the physical LAN infrastructure into
different subnets (broadcast domains for Ethernet) so that
broadcast frames are switched only between ports within the
same VLAN.
A VLAN is a logical grouping of network devices (users) connected
to the port(s) on a LAN switch. A VLAN creates a single broadcast
domain and is treated like a subnet.
Unlike a traditional segment or workgroup, you can create
a VLAN to group users by their work functions, departments,
the applications used, or the protocols shared irrespective
of the users’ work location (for example, an AppleTalk
network that you want to separate from the rest of the switched
network).
VLAN implementation is most often done in the switch software.
Remove the Physical Boundaries
Conceptually, VLANs provide greater segmentation
and organizational flexibility. VLAN technology allows you
to group switch ports and the users connected to them into
logically defined communities of interest. These groupings
can be coworkers within the same department, a cross-functional
product team, or diverse users sharing the same network application
or software (such as Lotus Notes users).
Grouping these ports and users into communities of interest—referred
to as VLAN organizations—can be accomplished within
a single switch, or more powerfully, between connected switches
within the enterprise. By grouping ports and users together
across multiple switches, VLANs can span single building infrastructures
or interconnected buildings. As shown here, VLANs completely
remove the physical constraints of workgroup communications
across the enterprise.
Additionally, the role of the router evolves beyond the more
traditional role of firewalls and broadcast suppression to
policy-based control, broadcast management, and route processing
and distribution. Equally as important, routers remain vital
for switched architectures configured as VLANs because they
provide the communication between logically defined workgroups
(VLANs). Routers also provide VLAN access to shared resources
such as servers and hosts, and connect to other parts of the
network that are either logically segmented with the more
traditional subnet approach or require access to remote sites
across wide-area links. Layer 3 communication, either embedded
in the switch or provided externally, is an integral part
of any high-performance switching architecture.
[1] [2]
[3]
[4] [5]
[6]
Next>>
|
