VLANs
Identify the main characteristics of VLANs.
The word virtual is used a lot in the computing world—perhaps too often. In the case of VLANs, the word virtual does little to help explain the technology. Perhaps a more descriptive name for the VLAN concept might have been “segmented LAN.”
EXAM TIP
802.1q 802.1q is the Institute of Electrical and Electronics Engineers (IEEE) specification developed to ensure interoperability of VLAN technologies from the various vendors.
VLANs involve network segmentation, a strategy that significantly increases the performance capability of the network and removes potential performance bottlenecks. A VLAN is a group of computers that are connected together and act as if they are on their own network segments, even though they might not be. For instance, suppose you work in a three-story building in which the advertising employees are spread over all three floors. A VLAN can let all the advertising personnel use the network resources as if they were connected on the same segment. This virtual segment can be isolated from other network segments. In effect, it would appear to the advertising group that they were on a network by themselves.
EXAM TIP
VLANs VLANs allow you to create multiple broadcast domains on a single switch. In essence, this is the same as creating separate networks for each VLAN.
VLANs offer some clear advantages. Being able to create logical segmentation of a network gives administrators flexibility beyond the restrictions of the physical network design and cable infrastructure. VLANs allow for easier administration because the network can be divided into well-organized sections. Further, you can increase security by isolating certain network segments from others. For instance, you can segment the marketing personnel from finance or the administrators from the students. VLANs can ease the burden on overworked routers and reduce broadcast storms. Table 10.3 summarizes the benefits of VLANs.
VLAN Membership
You can use several methods to determine VLAN membership or how devices are assigned to a specific VLAN. The following sections describe the common methods of determining how VLAN membership is assigned.
Protocol-Based VLANs
With protocol-based VLAN membership, computers are assigned to VLANs by using the protocol that is in use and the Layer 3 address. For example, this method allows an Internetwork Packet Exchange (IPX) network or a particular Internet Protocol (IP) subnet to have its own VLAN.
It is important to note that although VLAN membership may be based on Layer 3 information, this has nothing to do with routing or routing functions. The IP numbers are used only to determine the membership in a particular VLAN—not to determine routing.
Port-Based VLANs
Port-based VLANs require that specific ports on a network switch be assigned to a VLAN. For example, ports 1 through 8 may be assigned to marketing, ports 9 through 18 may be assigned to sales, and so on. Using this method, a switch determines VLAN membership by taking note of the port used by a particular packet. Figure 10.7 shows how the ports on a server could be used for port-based VLAN membership.
MAC Address–Based VLANs
As you may have guessed, the Media Access Control (MAC) address type of VLAN assigns membership according to the MAC address of the workstation. To do this, the switch must keep track of the MAC addresses that belong to each VLAN. The advantage of this method is that a workstation computer can be moved anywhere in an office without needing to be reconfigured; because the MAC address does not change, the workstation remains a member of a particular VLAN. Table 10.4 provides an example of the membership of a MAC address–based VLAN.
| MAC Address | VLAN | Description |
|---|---|---|
| 44-45-53-54-00-00 | 1 | Sales |
| 44-45-53-54-13-12 | 2 | Marketing |
| 44-45-53-54-D3-01 | 3 | Administration |
| 44-45-53-54-F5-17 | 1 | Sales |
Although the acceptance and implementation of VLANs has been slow, the ability to logically segment a LAN provides a new level of administrative flexibility, organization, and security.