The network traffic typically is all handled by a single device that performs several functions: wireless access point, Internet router, NAT Network Address Translation , and Ethernet switch.
In a nutshell, VLANs allow a group of Ethernet devices subnet to be physically separated by many Ethernet switches but communicate as if they were all connected to the same physical Ethernet switch. In the example below, the three VLANs have devices located on separate floors. For the Engineering computers to be on the same network across multiple building floors, VLANs are used to isolate this traffic from marketing and accounting computers.
Devices in different VLANs cannot communicate when only using layer 2 switches. Layer 2 devices only inspect the destination MAC media access control addresses of Ethernet frames.
A MAC address is tied to a physical piece of hardware. In other words, a layer 2 switch allows devices in the same VLAN or subnet to communicate. Also, keep in mind, modern Ethernet switches often blur the lines between layer 2 and layer 3 capabilities. What benefits do VLANs have over making it all one large subnet? A single subnet is simple to understand and implement but creates problems as the network grows.
By creating smaller subnets, this limits the broadcast domain traffic. Think of broadcast traffic as one device making an announcement to the rest of the devices in the network like a person speaking to a large audience, but in networking every device can speak at the same time.
What is VLAN? How to Increase Upload Speed. Report a Bug. Previous Prev. Next Continue. Home Testing Expand child menu Expand. SAP Expand child menu Expand. Web Expand child menu Expand. Must Learn Expand child menu Expand. Big Data Expand child menu Expand. Live Project Expand child menu Expand. AI Expand child menu Expand. These workgroups are usually formed for a short period of time.
During this period, communication between members of the workgroup will be high. To contain broadcasts and multicasts within the workgroup, a VLAN can be set up for them. With VLAN's it is easier to place members of a workgroup together. Without VLAN's, the only way this would be possible is to physically move all the members of the workgroup closer together.
However, virtual workgroups do not come without problems. Consider the situation where one user of the workgroup is on the fourth floor of a building, and the other workgroup members are on the second floor. Resources such as a printer would be located on the second floor, which would be inconvenient for the lone fourth floor user. Another problem with setting up virtual workgroups is the implementation of centralized server farms, which are essentially collections of servers and major resources for operating a network at a central location.
The advantages here are numerous, since it is more efficient and cost-effective to provide better security, uninterrupted power supply, consolidated backup, and a proper operating environment in a single area than if the major resources were scattered in a building. Centralized server farms can cause problems when setting up virtual workgroups if servers cannot be placed on more than one VLAN. In such a case, the server would be placed on a single VLAN and all other VLAN's trying to access the server would have to go through a router; this can reduce performance [Netreference Inc.
Seventy percent of network costs are a result of adds, moves, and changes of users in the network [ Buerger ]. Every time a user is moved in a LAN, recabling, new station addressing, and reconfiguration of hubs and routers becomes necessary. Some of these tasks can be simplified with the use of VLAN's. If a user is moved within a VLAN, reconfiguration of routers is unnecessary.
In addition, depending on the type of VLAN, other administrative work can be reduced or eliminated [ Cisco white paper ].
However the full power of VLAN's will only really be felt when good management tools are created which can allow network managers to drag and drop users into different VLAN's or to set up aliases.
Despite this saving, VLAN's add a layer of administrative complexity, since it now becomes necessary to manage virtual workgroups [ Passmore et al 3Com report ]. Periodically, sensitive data may be broadcast on a network. In such cases, placing only those users who can have access to that data on a VLAN can reduce the chances of an outsider gaining access to the data.
VLAN's can also be used to control broadcast domains, set up firewalls, restrict access, and inform the network manager of an intrusion [ Passmore et al 3Com report ]. This is called explicit tagging. It is also possible to determine to which VLAN the data received belongs using implicit tagging. In implicit tagging the data is not tagged, but the VLAN from which the data came is determined based on other information like the port on which the data arrived.
Tagging can be based on the port from which it came, the source Media Access Control MAC field, the source network address, or some other field or combination of fields. VLAN's are classified based on the method used.
To be able to do the tagging of data using any of the methods, the bridge would have to keep an updated database containing a mapping between VLAN's and whichever field is used for tagging. For example, if tagging is by port, the database should indicate which ports belong to which VLAN.
This database is called a filtering database. Bridges would have to be able to maintain this database and also to make sure that all the bridges on the LAN have the same information in each of their databases. The bridge determines where the data is to go next based on normal LAN operations. Once the bridge determines where the data is to go, it now needs to determine whether the VLAN identifier should be added to the data and sent.
There has been a recent move towards building a set of standards for VLAN products. Up to this point, products have been proprietary, implying that anyone wanting to install VLAN's would have to purchase all products from the same vendor. Once the standards have been written and vendors create products based on these standards, users will no longer be confined to purchasing products from a single vendor. The major vendors have supported these standards and are planning on releasing products based on them.
It is anticipated that these standards will be ratified later this year. The main disadvantage of this method is that it does not allow for user mobility. If a user moves to a different location away from the assigned bridge, the network manager must reconfigure the VLAN.
0コメント