3.8. Identifying the Main Characteristics of VLANs
Virtual local area networks (VLANs) are logical subnets that are formed using switches. One of the advantages of VLANs is that they do not have to conform to the physical characteristics of a building but instead can be set up in any manner that the administrator chooses. Another advantage is that VLANs can be formed without the use of routers. For example, suppose you have a four-story building that has sales personnel on all four floors of the building mixed in with other departments. Now, suppose you have a switch located on each of the floors. Without VLANs, your sales people's computers would have to be attached to the switch that eventually connects to the router that created the subnet. In other words, because of the physical location of your sales people's computers, they would be in the same subnet as the other computers on that floor, even if that may not be the best way of controlling the network traffic.
With VLANs, the traffic that is designated for a particular VLAN will only be sent to the ports are assigned to that VLAN. This allows you to control traffic with much greater flexibility and makes the location of the user's computer much less important in regard to controlling traffic. When a VLAN spans more than one switch, the connections that carry all of the VLAN traffic are referred to as trunks. Of course, you can still use a router to connect all of the VLANs, just as you would any other type of subnets.
3.8.1. Critical Information
You should understand how VLANs work, including the advantages of using VLANs and how VLANs are created on a switch.
3.8.1.1. The Advantages of VLANs
How you build VLANs will vary with the type of hardware that you use, but the IEEE has developed a standard called 802.1q that ensures the interoperability of VLAN technologies developed by all of today's vendors of switches. Developing this standard was an important step because VLANs offer many advantages to an organization, including the following:
Increased security
When you create virtual (logical) boundaries, network segments are isolated. You can then join them again using a router and apply access lists, which filter traffic by IP addresses and/or protocols, to the router for increased security.
Increased performance
Because VLANs create separate subnets, they reduce the effect of broadcasts across the entire network. In essence, they divide the network into smaller segments and each segment controls its own traffic.
Organization
Network users are linked to the other users that they communicate with most often. Also, the users are linked more closely to the network resources that they use most often.
Simplified administration
Adds, moves, and changes become much simpler when VLANs are used. VLANs give the network administrator and the network design team more flexibility in regard to traffic control.
3.8.1.2. How VLANs Are Formed
So now you are probably wondering how the switches determine which ports are for which VLAN. Well, there are two basic methods that are used to assign VLANs to a port: port based and MAC based. In the paragraphs that follow, we discuss each of these methods.
3.8.1.2.1. Port-Based VLANs
With port-based VLANs, each port is assigned to a specific VLAN. A port can only be assigned to one VLAN. This port assignment is often referred to as a VLAN membership. For example, suppose a switch has 24 ports but only ports 1–6 are assigned to the sales department. In this case, traffic that was received on port 1 would be sent only to ports 2–6. In other words, all of the other ports on the switch would be isolated from that traffic. The precise configuration of VLAN membership varies from vendor to vendor and sometimes even from product to product within the same vendor, but in all cases a port can be assigned to only one VLAN.
3.8.1.2.2. MAC Address–Based VLANs
MAC address–based VLANs assign each computer a VLAN based on the MAC address on the NIC of the computer. This is a completely different type of assignment that in effect makes the computer a member of the VLAN instead of a port. The advantage of this type of VLAN assignment is that the computer can be moved anywhere in the network where the VLAN exists and it will still be recognized and automatically given the correct configuration routes. The main disadvantage of this type of VLAN is that the MAC address must be constantly maintained in order for the VLAN to perform correctly. If the NIC of a computer fails, then the new MAC address will need to be updated on the switch.
3.8.2. Exam Essentials
List the main advantages of VLANs. VLANS provide increased security by creating logical segments in a network. VLANs increase performance in a network by reducing or eliminating the effect of broadcasts throughout the network. They improve the organization of a network by closely connecting the computers and the resources that work together. VLANs simplify ongoing network administration, allowing the network administrator or network designer much more flexibility in regard to network design.
Explain how VLANs are created on a switch. There are two main methods of creating VLANs on a switch: port based and MAC based. Port-based VLANs require that each port be assigned to one and only one VLAN. This assignment is called a membership. MAC-based VLANs are assigned based on the MAC address on the NIC of the computer. This means that the computer can be moved to anywhere in the organization where the VLAN exists and it will still get the same assignment.