Filter
Top Products
DES-1218/DES-1226 10/100/1000 Mbps Ethernet Switch User’s Guide
22
Another benefit of VLANs is that you can change the network topology without
physically moving stations or changing cable connections. Stations can be ‘moved’
simply by changing VLAN settings from one VLAN (the sales VLAN, for example) to
another VLAN (the marketing VLAN). This allows VLANs to accommodate network
moves, changes and additions with the utmost flexibility.
VLANs can also provide a level of security to your network. Port-based VLANs allow
you to configure ports to not accept packets from outside of the VLAN.
Port-based VLANs
Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all devices
connected to a port are members of the VLAN(s) the port belongs to, whether there is a
single computer directly connected to a switch, or an entire department.
On port-based VLANs, NICs do not need to be able to identify 802.1Q tags in packet
headers. NICs send and receive normal Ethernet packets. If the packet’s destination
lies on the same segment, communications take place using normal Ethernet protocols.
Even though this is always the case, when the destination for a packet lies on another
switch port, VLAN considerations come into play to decide if the packet gets dropped by
the switch or delivered.
VLAN Segmentation
Take for example a packet that is transmitted by a machine on Port 1 that is a member
of VLAN 2. If the destination lies on another port (found through a normal forwarding
table lookup), the switch then looks to see if the other port (Port 10) is a member of
VLAN 2 (and can therefore receive VLAN 2 packets). If port 10 is not a member of
VLAN 2, then the packet will be dropped by the switch and will not reach it’s
destination. If Port 10 is a member of VLAN 2, the packet will go through. This
selective forwarding feature based on VLAN criteria is how VLANs segment networks.
The key point being that Port 1 will only transmit on VLAN 2.
Network resources such as printers and servers however, can be shared across VLANs.
This is achieved by setting up overlapping VLANs. That is ports can belong to more
than one VLAN groups. Setting VLAN 1 members are port 1,2,3,4 and VLAN 2
members are 1,5,6,7. The Port 1 is belonging to two VLAN groups. The port 8, 9, 10 are
not configured to any VLAN group. This is means port 8,9,10 are the same VLAN group.
VLAN and Trunk Groups
The members of a trunk group have the same VLAN setting. Any VLAN setting on the
members of a trunk group will apply to the other member ports.
Note: In order to use VLAN segmentation in conjunction with port trunk groups, you
must first set the port trunk group(s), and then you may configure VLAN settings. If
you wish to change the port trunk grouping with VLANs already in place, you will need
to reconfigure the VLAN settings after changing the port trunk group settings.