
When we have a single Ethernet switch or a group of Ethernet switches that form a LAN (Local Area Network), the devices connected to the LAN are in the same network, or more commonly in the same Sub Network. A switch is a Layer-2 device and as such is designed to read, manage and forward Ethernet frames. A switch does this by reading the source and destination MAC Addresses on the frames to build MAC Address Tables and make forwarding decisions. A Layer-2 device does not look above layer-2 and therefore does not read IP Addresses.
An Ethernet switch is programmed to flood Broadcast and Multicast frames in order to ensure all devices receive the traffic. This means that a lot of traffic on the LAN is broadcast traffic and this can be a problem on busy LANs. Consequently we refer to a Local Area Network as a single broadcast domain because broadcast traffic will be seen by all devices.
VLANs can help reduce broadcast traffic, and in fact this is the primary purpose of a Virtual Local Area Network. By creating a number of VLANs, the single broadcast domain is segmented into as many broadcast domains as VLANs that are created. Broadcast traffic is restricted to devices within the same common domain. For example, if we had an Ethernet switch with 24 ports and we created 6 VLANs with 4 ports assigned to each VLAN. If a device in VLAN 2 sent a broadcast frame, the switch would only forward that frame out of other ports that were members of the same VLAN. The frame would only be sent to 3 other devices. Each group of devices that form a VLAN by association with a switch port must have an IP Address configured within the same common subnet. We could allocate IP Addresses as follows:
VLAN 1 10.1.1.x
VLAN 2 10.2.2.x
VLAN 3 10.3.3.x
VLAN 4 10.4.4.x
VLAN 5 10.5.5.x
VLAN 6 10.6.6.x
In this case the subnet mask could be 255.255.255.0 which means that the first byte (10) is the Class A network number, bytes 2 and 3 are the subnet number and the fourth byte represented by x would be the device number usually in the range 1-254.
It is normally the role of routers to create or segment broadcast domains, but now we can use less expensive switches to do the same job. It is worth bearing in mind that apart from controlling broadcasts, the switch restricts traffic between devices in different VLANs, so a router or Layer 3 switch would be required to allow Unicast traffic between devices in different broadcast domains.
What criteria do we use for adding groups of devices to a common VLAN? We may create departmental VLANs were we associate devices within the same department with a particular VLAN. Eg. HR, Engineering, Accounts, Projects. A good example of the use of VLANs could be where we have IP Telephones sharing the LAN with workstations, servers etc. By placing the VoIP Phones in a common VLAN we are associating the phones as a common group with their own subnet IP Address range.
Apart from reducing the broadcast traffic we have also added a layer of security by easy identification of the VoIP phones my means of their common subnet addresses. This allows us to apply security policy for the VoIP VLAN, and indeed all VLANs.
VLAN technology is covered within the syllabus of a number of our training courses including TCP/IP - A Practical Foundation, which is a 4-day practical hands-on training course. See our course schedule for details and dates of this training course.
An Ethernet switch is programmed to flood Broadcast and Multicast frames in order to ensure all devices receive the traffic. This means that a lot of traffic on the LAN is broadcast traffic and this can be a problem on busy LANs. Consequently we refer to a Local Area Network as a single broadcast domain because broadcast traffic will be seen by all devices.
VLANs can help reduce broadcast traffic, and in fact this is the primary purpose of a Virtual Local Area Network. By creating a number of VLANs, the single broadcast domain is segmented into as many broadcast domains as VLANs that are created. Broadcast traffic is restricted to devices within the same common domain. For example, if we had an Ethernet switch with 24 ports and we created 6 VLANs with 4 ports assigned to each VLAN. If a device in VLAN 2 sent a broadcast frame, the switch would only forward that frame out of other ports that were members of the same VLAN. The frame would only be sent to 3 other devices. Each group of devices that form a VLAN by association with a switch port must have an IP Address configured within the same common subnet. We could allocate IP Addresses as follows:
VLAN 1 10.1.1.x
VLAN 2 10.2.2.x
VLAN 3 10.3.3.x
VLAN 4 10.4.4.x
VLAN 5 10.5.5.x
VLAN 6 10.6.6.x
In this case the subnet mask could be 255.255.255.0 which means that the first byte (10) is the Class A network number, bytes 2 and 3 are the subnet number and the fourth byte represented by x would be the device number usually in the range 1-254.
It is normally the role of routers to create or segment broadcast domains, but now we can use less expensive switches to do the same job. It is worth bearing in mind that apart from controlling broadcasts, the switch restricts traffic between devices in different VLANs, so a router or Layer 3 switch would be required to allow Unicast traffic between devices in different broadcast domains.
What criteria do we use for adding groups of devices to a common VLAN? We may create departmental VLANs were we associate devices within the same department with a particular VLAN. Eg. HR, Engineering, Accounts, Projects. A good example of the use of VLANs could be where we have IP Telephones sharing the LAN with workstations, servers etc. By placing the VoIP Phones in a common VLAN we are associating the phones as a common group with their own subnet IP Address range.
Apart from reducing the broadcast traffic we have also added a layer of security by easy identification of the VoIP phones my means of their common subnet addresses. This allows us to apply security policy for the VoIP VLAN, and indeed all VLANs.
VLAN technology is covered within the syllabus of a number of our training courses including TCP/IP - A Practical Foundation, which is a 4-day practical hands-on training course. See our course schedule for details and dates of this training course.