|
A virtual LAN (VLAN) logically segments a switched network based on an organization's functions, project teams, or applications rather than on a physical or geographical basis.
For example, all workstations and servers
used by a particular workgroup team can be connected to the same
VLAN, regardless of their physical connections to the network or the
fact that they might be intermingled with other teams.
Reconfiguration of the network can be done through software rather
than by physically unplugging and moving devices or wires.
As shown in the Figure, a VLAN can be
thought of as a broadcast domain that exists within a defined set of
switches. A VLAN consists of a number of end systems, either hosts
or network equipment (such as bridges and routers), connected by a
single bridging domain. The bridging domain is supported on various
pieces of network equipment; for example, LAN switches that operate
bridging protocols between them with a separate bridge group for
each VLAN.
VLANs are created to provide the
segmentation services traditionally provided by routers in LAN
configurations. VLANs address scalability, security, and network
management. Routers in VLAN topologies provide broadcast filtering,
security, address summarization, and traffic flow management. By
definition, switches may not bridge any traffic between VLANs.
This would violate the integrity of the VLAN broadcast domain.
Traffic should only be routed between VLANs. Several key issues need to
be considered when designing and building switched-LAN internetworks.
|