A virtual local-area network (VLAN) is a switched network that can be
logically segmented, by functions, project teams, or applications rather than
only on a physical or geographical basis. For example, all workstations and
servers used by a particular workgroup team can be connected to the same VLAN,
regardless of their physical connections to the network or the fact that they
might be intermingled with other teams. VLANs can be used to reconfigure the
network through software rather than physically unplugging and moving devices
or wires.
A VLAN can be thought of as a broadcast domain that exists
within a defined set of switches. A VLAN consists of a number of end systems,
either hosts or network equipment (such as bridges and routers), connected by a
single bridging domain. The bridging domain is supported on various pieces of
network equipment such as LAN switches that operate bridging protocols between
them with a separate group for each VLAN.
VLANs provide the segmentation
services traditionally provided by routers in LAN configurations. VLANs address
scalability, security, and network management. Consider several key issues when
designing and building switched LAN networks:
- LAN segmentation
- Security
- Broadcast control
- Performance
- Network management
- Communication between VLANs
LANs can be used on some wireless equipment to segregate traffic, as
pictured in Figures
and
. This
may be useful in separating basic WEP clients on one VLAN from users who are
not using any encryption
. When properly
configured, VLANs are secure. Traffic from one VLAN cannot traverse another
VLAN. SSIDs may be used in conjunction with VLANs for allowing limited access
to guests. VLANs can be created using the VLAN Services configuration page
.