What is a VLAN ?

What is a VLAN?

VLANs (Virtual Local Area Networks) are a logical grouping of devices in the same broadcast domain. VLANs are typically configured on switches by placing specific interfaces in one broadcast domain and some interfaces in a different broadcast domain. VLANs can be distributed through a variety of switches, with each VLAN being treated as its own subnetwork or broadcast domain. This means that the frames transmitted in the network are only exchanged between the ports of the same VLAN.

A VLAN acts as a physical LAN, but it allows hosts to be grouped in the same broadcast domain, even if they are not connected to the same switch. Here are the main reasons why you should use VLANs on your network:

• VLANs increase the number of broadcast domains and reduce their size.
• 
  
• VLANs reduce security risks by reducing the number of hosts receiving copies of frames flooded by switches.
• 
  
• You can keep hosts that contain sensitive data on a separate VLAN for added security.
• 
  
• You can create more flexible network designs that group users by department rather than physical location.

Network changes can be made simply by configuring a port in the appropriate VLAN.

The following topology shows a network with all hosts in the same VLAN:

Topology without VLAN

Without VLAN, a broadcast sent by Host A would reach all devices on the network. By arranging the Fa0 / 0 and Fa0 / 1 of the two switches in a separate VLAN, a broadcast host A can only reach host B, where each VLAN is a separate broadcast domain and only the host B entities in the same VLAN as the host A. The hosts in VLAN 3 and VLAN 5 will not even realize that communication was taking place. This is shown in the picture below:

Topology with VLAN

NOTE

To reach hosts in another VLAN, a router is needed.

Access and network ports

Each port of a switch can be configured as an access port or trunk port. An access port is a port that can be assigned to a single VLAN. This type of interface is configured on switch ports that are attached to devices with a standard network adapter, such as a network adapter. To a host on a network. A trunk interface is an interface that connects to another switch. This type of interface can transfer traffic from multiple VLANs.

In the network example shown above, the connection between SW1 and SW2 would be configured as a trunk interface. All other switch ports are connected to end-user devices. They must therefore be configured as access ports.