Other Enterprise Security Services
VLANs

A virtual local-area network (VLAN) is a switched network that can be logically segmented, by functions, project teams, or applications rather than only on a physical or geographical basis. For example, all workstations and servers used by a particular workgroup team can be connected to the same VLAN, regardless of their physical connections to the network or the fact that they might be intermingled with other teams. VLANs can be used to reconfigure the network through software rather than physically unplugging and moving devices or wires.

A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. A VLAN consists of a number of end systems, either hosts or network equipment (such as bridges and routers), connected by a single bridging domain. The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group for each VLAN.

VLANs provide the segmentation services traditionally provided by routers in LAN configurations. VLANs address scalability, security, and network management. Consider several key issues when designing and building switched LAN networks:

  • LAN segmentation
  • Security
  • Broadcast control
  • Performance
  • Network management
  • Communication between VLANs

LANs can be used on some wireless equipment to segregate traffic, as pictured in Figures and . This may be useful in separating basic WEP clients on one VLAN from users who are not using any encryption . When properly configured, VLANs are secure. Traffic from one VLAN cannot traverse another VLAN. SSIDs may be used in conjunction with VLANs for allowing limited access to guests. VLANs can be created using the VLAN Services configuration page .


Web Links