VLANs are another important topic on the CCNA Exam that you will need to become very familiar with. VLAN stands for Virtual Local Area Network which means that you can now segment a LAN logically at the Layer 2 level rather than physically based on geographic location.
Benefits of VLANs
Having this capacity to logically break up network segments VLANs provide many benefits. They are able to break up broadcast domains, keep network failures from affecting the entire network, increase security, and reduce administrative overhead.
Breaking up broadcast domains – Every subnet has it’s own broadcast domain. Network devices need to use broadcasts (packets that get sent to every host in the network) in order to function properly. The problem with broadcasts is that when you get too many hosts in your network the number of broadcasts continues to increase and if you have too many broadcasts they can begin to dominate your bandwidth and slow the entire network down. So the solution isn’t to eliminate broadcasts, but rather split the network into smaller segments so that there are fewer broadcasts per segment. For example if we had 100 hosts on our network we could divide the network using VLANs into 4 different segments of 25 hosts each.
Breaking up failure domains – If there was an error with a host in the network it could possibly bring down the whole network, but if we divide the network into smaller segments with VLANs the error would only effect that small segment. The rest of the network would be unaffected and continue to function.
Increase Security – VLANs are able to increase your security by keeping data from certain departments only in their department. For example if we had a network with 100 hosts on it and we divided it into 4 different VLANs based on department we would have one VLAN for Accounting, another for Sales, another for Human Resources, and another for Developers. Because each department has their own VLAN data from Accounting wouldn’t be able to travel to the Sales VLAN.
Less Administrative Overhead – Because VLANs break up the network logically an employee could switch offices and still be a member of the correct VLAN because of his MAC address. Which means that network administrator didn’t need to re-wire anything or configure any ip addresses.
Communicating Between VLANs
If you set up a switch with 4 different VLANs, computers in separate VLANs would not be able to talk to one another. Switches operate at layer 2 of the OSI Model, but when you create a VLAN you create a separate subnet for each VLAN and so to communicate between each other you will need a layer 3 device such as a router.
Regular switch ports can only belong to one VLAN at a time. And so if you want to connect a switch to a router so that multiple VLANs can still talk to each other or if you want to join multiple switches together you will need to configure a trunk port on a switch. A trunk port is able to carry data for multiple VLANs by tagging each frame as it enters the trunk with the appropriate VLAN number and then removing the tag as it leaves the trunk.
There is quite a bit to know about trunks, so I’m going to save that for another post so that I can cover it in much greater detail.
Recap
Remember that VLANs have many benefits including breaking up broadcast domains, segmenting failures, increased security, and less administrative overhead.
Also remember that in order for a VLAN to talk to another VLAN it needs to use a layer 3 router. And in order for more than one VLAN to go through a switch port it needs to be configured as a trunk port first.
Related Topics:
ICND1 Study Guide – The Fastest Way To Get Cisco Certified Guaranteed!