Lancom Systems LCOS 3.50 Server User Manual


 
LANCOM Reference Manual LCOS 3.50 ̈ Chapter 10: Virtual LANs (VLANs)
192
Virtual LANs (VLANs)
10 Virtual LANs (VLANs)
10.1 What is a Virtual LAN?
The increasing availability of inexpensive layer 2 switches enables the setup
of LANs much larger than in the past. Until now, smaller parts of a network
had been combined with hubs. These individual segments (collision domains)
had been united via routers to larger sections. Since a router represents
always a border between two LANs, several LANs with own IP address ranges
arose by this structure.
By using switches, it is possible to combine much more stations to one large
LAN. By the specific control of data on the individual ports, the available
bandwidth can be utilized much better than by using hubs, and the configu-
ration and maintenance of routers within the network can omitted.
But also a network structure based on switches has disadvantages:
̈ Broadcasts are sent like hubs over the entire LAN, even if the respective
data packets are only important for a certain segment of the LAN. A suf-
ficient number of network stations can thus lead to a clear reduction of
the available bandwidth in the LAN.
̈ The entire data traffic on the physical LAN is “public”. Even if single seg-
ments are using different IP address ranges, each station of the LAN is
theoretically able to tap data traffic from all logical networks on the Ether-
net segment. The protection of individual LAN segments with Firewalls or
routers increases again the requirements to network administration.
One possibility to resolve these problems are virtual LANs (VLANs), as
described in IEEE 802.1p/q. By this concept, several virtual LANs are defined
on a physical LAN, which do not obstruct each other, and which also do not
receive or tap data traffic of the respective other VLANs on the physical Ether-
net segment.
10.2 This is how a VLAN works
By defining VLANs on a LAN the following goals should be achieved:
̈ Data traffic of certain logical units should be shielded against other net-
work users.
̈ Broadcast traffic should also be reduced to logical units, not bearing a
burden on the entire LAN.