Well, the reality of the work environment today is that personnel is always changing. Employees move departments; they switch projects. Keeping up with these changes can consume significant network administration time.
VLANs address the end-to-end mobility needs that businesses require.
Traditionally, routers have been used to limit the broadcast domains of workgroups. While routers provide well-defined boundaries between LAN segments, they introduce the following problems:
- – Lack of scalability (e.g., restrictive addressing on subnets)
- – Lack of security (e.g., within shared segments)
- – Insufficient bandwidth use (e.g., extra traffic results when segmentation of the network is based upon physical location and not necessarily by workgroups or interest group)
- – Lack of flexibility (e.g., cost reconfigurations are required when users are moved)
Virtual LAN, or VLAN, technology solves these problems because it enables switches and routers to configure logical topologies on top of the physical network infrastructure. Logical topologies allow any arbitrary collection of LAN segments within a network to be combined into an autonomous user group, appearing as a single LAN.
Virtual LANs
A VLAN can be defined as a logical LAN segment that spans different physical LANs. VLANs provide traffic separation and logical network partitioning.
VLANs logically segment the physical LAN infrastructure into different subnets (broadcast domains for Ethernet) so that broadcast frames are switched only between ports within the same VLAN.
A VLAN is a logical grouping of network devices (users) connected to the port(s) on a LAN switch. A VLAN creates a single broadcast domain and is treated like a subnet.
Unlike a traditional segment or workgroup, you can create a VLAN to group users by their work functions, departments, the applications used, or the protocols shared irrespective of the users’ work location (for example, an AppleTalk network that you want to separate from the rest of the switched network).
VLAN implementation is most often done in the switch software.
Remove the Physical Boundaries
Conceptually, VLANs provide greater segmentation and organizational flexibility. VLAN technology allows you to group switch ports and the users connected to them into logically defined communities of interest. These groupings can be coworkers within the same department, a cross-functional product team, or diverse users sharing the same network application or software (such as Lotus Notes users).
Grouping these ports and users into communities of interest—referred to as VLAN organizations—can be accomplished within a single switch, or more powerfully, between connected switches within the enterprise. By grouping ports and users together across multiple switches, VLANs can span single building infrastructures or interconnected buildings. As shown here, VLANs completely remove the physical constraints of workgroup communications across the enterprise.
Additionally, the role of the router evolves beyond the more traditional role of firewalls and broadcast suppression to policy-based control, broadcast management, and route processing and distribution. Equally as important, routers remain vital for switched architectures configured as VLANs because they provide the communication between logically defined workgroups (VLANs). Routers also provide VLAN access to shared resources such as servers and hosts, and connect to other parts of the network that are either logically segmented with the more traditional subnet approach or require access to remote sites across wide-area links. Layer 3 communication, either embedded in the switch or provided externally, is an integral part of any high-performance switching architecture.