Filter
Top Products
Chapter 47: Port-based and Tagged VLANs
688
Overview
A VLAN is a group of ports that form a logical Ethernet segment on an
Ethernet switch. The ports of a VLAN form an independent traffic domain
in which the traffic generated by the nodes remains within the VLAN.
VLANs let you segment your network through the switch’s management
software so that you can group nodes with related functions into their own
separate, logical LAN segments. These VLAN groupings can be based on
similar data needs or security requirements. For example, you could
create separate VLANs for the different departments in your company,
such as one for Sales and another for Accounting.
VLANs offer several important benefits:
Improved network performance
Network performance often suffers as networks grow in size and
as traffic increases. The more nodes on each LAN segment vying
for bandwidth, the greater the likelihood overall network
performance will decrease.
VLANs improve network perform because VLAN traffic stays within
the VLANs. The nodes of a VLAN receive traffic only from nodes of
the same VLAN. This reduces the need for nodes to handle traffic
not destined for them and frees up bandwidth within all the logical
workgroups.
In addition, broadcast traffic remains within a VLAN because each
VLAN constitutes a separate broadcast domain. This, too, can
improve overall network performance.
Increased security
Because network traffic generated by a node in a VLAN is
restricted only to the other nodes of the same VLAN, you can use
VLANs to control the flow of packets in your network and prevent
packets from flowing to unauthorized end nodes.
Simplified network management
VLANs can also simplify network management. Before the advent
of VLANs, physical changes to the network often had to be made
at the switches in the wiring closets. For example, if an employee
changed departments, changing the employee’s LAN segment
assignment often required a change to the wiring at the switch.
With VLANS, you can use the switch’s management software to
change the LAN segment assignments of end nodes, without
having to physically move workstations or move cables from one
switch port to another port.