You have 3 free guides left 😟
Unlock your guides
Unlock Cram Mode
You have 3 free guides left 😟
Unlock your guides

Virtual LANs (VLANs) are a powerful tool for network segmentation, allowing administrators to divide a physical network into logical segments. They enhance security, improve performance, and simplify network management by grouping devices based on function or department, regardless of physical location.

VLANs work by tagging Ethernet frames with VLAN IDs, enabling to isolate traffic between different VLANs. This segmentation reduces broadcast domains, optimizes bandwidth usage, and allows for more flexible network designs. Inter-VLAN routing enables communication between VLANs when needed.

Virtual LANs (VLANs)

Concept of Virtual LANs

Top images from around the web for Concept of Virtual LANs

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

1 of 3

Top images from around the web for Concept of Virtual LANs

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

  • VLANs and Trunk | ICND1 100-105 View original

    Is this image relevant?

1 of 3
  • VLANs logically divide a switched network into smaller broadcast domains independent of physical location
  • Devices in the same VLAN communicate as if on the same physical LAN even when connected to different switches (campus networks)
  • Network administrators can segment the network logically based on department, function, or security needs (accounting, marketing, guest access)
  • Segmentation achieved by assigning ports to specific VLANs
  • Devices connected to ports in the same VLAN are in the same (shared resources, common applications)

Benefits of VLAN implementation

  • Enhances security by isolating traffic between different groups preventing unauthorized access (financial data, HR records)
  • Applying security policies to specific VLANs restricts access to sensitive resources (executive management, R&D)
  • Reduces broadcast domains by dividing the network into smaller VLANs containing broadcast traffic (ARP requests, DHCP discoveries)
  • Smaller broadcast domains improve network efficiency by reducing unnecessary traffic (multicast video, software updates)
  • Boosts performance by limiting broadcast scope minimizing impact of broadcast storms on entire network (loops, misconfigurations)
  • Optimizes bandwidth utilization by confining traffic within relevant VLANs (large file transfers, backup operations)

Configuration of VLANs on switches

  • standard protocol for VLAN tagging inserts a VLAN tag into Ethernet frames
  • VLAN tag has a 12-bit VLAN ID and other control information (priority, canonical format indicator)
  • Configuring VLANs involves assigning switch ports to specific VLANs
  • Access ports belong to a single VLAN (user devices, printers)
  • Trunk ports carry traffic from multiple VLANs tagged with respective VLAN IDs (inter-switch links, switch-to- connections)
  • Configuration includes creating VLAN database entries, assigning VLAN names, specifying port membership (VLAN 10 - Marketing, VLAN 20 - Engineering)

Role of VLAN trunking

  • VLAN allows a single physical link to carry traffic from multiple VLANs
  • Used to connect switches or switches to (distribution layer, core layer)
  • VLAN tags added to Ethernet frames as they traverse the trunk link identify the VLAN
  • Trunk ports configured to allow specific VLANs or all VLANs to pass through (allowed VLAN list)
  • VLAN filtering on trunk ports restricts the VLANs allowed on the link (security, bandwidth management)

Process of inter-VLAN routing

  • Enables communication between devices in different VLANs
  • Requires a router or Layer 3 switch with an interface or subinterface for each VLAN (VLAN interfaces)
  • Process:
    1. Source device sends frame to its default gateway (router or Layer 3 switch)
    2. Router or Layer 3 switch receives frame on interface associated with source VLAN
    3. Router or Layer 3 switch makes routing decision based on destination IP address
    4. Router or Layer 3 switch forwards frame out of interface associated with destination VLAN
  • Maintains benefits of VLAN segmentation while enabling inter-VLAN communication (shared services, cross-functional collaboration)
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Fiveable
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
Stay Connected
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Back
Glossary
Glossary
Next