A virtual LAN (VLAN) can be defined as:
- Broadcast domains defined by switch port rather than network address
- A grouping of devices based on service need, protocol, or other criteria rather than physical proximity
Using VLANs lets you assign devices on different switch ports to different logical (or virtual) LANs. Although each switch can be connected to multiple VLANs, each switch port can be assigned to only one VLAN at a time. The following graphic shows a single-switch VLAN configuration.
Be aware of the following facts about VLANs:
- In the graphic above, FastEthernet ports 0/1 and 0/2 are members of VLAN 1. FastEthernet ports 0/3 and 0/4 are members of VLAN 2.
- In the graphic above, workstations in VLAN 1 will not be able to communicate with workstations in VLAN 2, even though they are connected to the same physical switch.
- Defining VLANs creates additional broadcast domains. The above example has two broadcast domains, each of which corresponds to one of the VLANs.
- By default, switches come configured with several default VLANs:
- VLAN 1
- VLAN 1002
- VLAN 1003
- VLAN 1004
- VLAN 1005
- By default, all ports are members of VLAN 1.
Creating VLANs with switches offers the following administrative benefits.
- You can create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service)
- You can simplify device moves (devices are moved to new VLANs by modifying the port assignment)
- You can control broadcast traffic and create collision domains based on logical criteria
- You can control security (isolate traffic within a VLAN)
- You can load-balance network traffic (divide traffic logically rather than physically)
Creating VLANs with switches offers the following benefits over using routers to create distinct networks.
- Switches are easier to administer than routers
- Switches are less expensive than routers
- Switches offer higher performance (introduce less latency)
A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. Details of how VLANs are created and identified can vary from vendor to vendor. Creating a VLAN might mean you must use only that vendor’s switches throughout the network. When using multiple vendors in a switched network, be sure each switch supports the 802.1q standards if you want to implement VLANs.
Despite advances in switch technology, routers are still needed to:
- Filter WAN traffic
- Route traffic between separate networks
- Route packets between VLANs