2VLAN Definition Per Webopedia: Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.
3VLAN DefinitionBroadcast domains are typically constrained to a set of interconnected switches or bridges.A router defines the end of a broadcast domain.VLANs provide multiple broadcast domains within what would otherwise be a single broadcast domain.
4VLAN Definition Continued VLANs are configured through software rather than hardware, which makes them extremely flexible.One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
5VLAN OverviewA LAN traditionally is made up of workstations all connected to the same wire. That puts them all in the same collision domain.
11VLAN OverviewEach workstation is on a collision domain of two devices; the workstation and the single port of the switch.Access to servers is enhanced by increasing the port speed on the Server ports
15VLAN OverviewNotice that we insert a router to provide connectivity between the two broadcast domains, while providing the added security routers can bring and isolation from broadcasts on the other segment.
16VLAN OverviewNetworks continued to grow until the number of routers required for a network became cumbersome, often requiring more than one router per switch. Hardware use became inefficient.
18VLAN OverviewMoving a user to another part of the same floor would sometimes mean moving them into a new broadcast domain, which wasn’t always desirable.To address this need, multiple broadcast domains had to be available in the same wiring closet.
19VLAN OverviewThere was a desire to define a method of providing separate broadcast domains within a single closet, and even within a single switch, so switch ports could be used more efficiently.VLANs were bornVLANs are broadcast domains that are not defined by physical location
20VLANsNetwork architects had conflicting ideas about how they wanted to separate their user broadcast domains.By protocolBy nameBy servicesBy IP addressBy MAC address
21VLANsFurthermore, network architects wanted to be able to make broadcast domain changes without having to add hardware or move hardware around. That is, they wanted to make such changes through configuration modifications rather than hardware replacement.
22VLANsIn addition to that, they wanted to make sure someone couldn’t just plug into an unused port and start sniffing the broadcasts to gather information surreptitiously.
23Static VLANsStatic VLANs are assigned by port. Each port is assigned to a VLAN, so whichever workstation shows up in that port becomes part of the VLANVLANs are assigned on a port basis and the broadcast domains span switches
24Static VLANsCommunication between two adjacent workstations in the same switch but on different VLANs involves router.
25Dynamic VLANsDynamic VLANs assume that the network administrator builds a database of all MAC addresses, then assigns those addresses to logical VLANs.Once built, the workstations can be plugged into any port on any switch at any time and it will find its way to the proper VLAN
27VLANsTrunk connections between the switches and routers carry traffic for all included VLANs.The traffic from multiple broadcast domains can quickly cause bottlenecks if the network is not carefully designed
28VLANs TaggingVLANs are identified by special tags attached to each frame.IEEE 802.1Q specifies how these tags are formattedDevices that don’t understand VLANs will consider these frames improperly formatted
29VLANs Access LinkAccess links are where the end station connects to the switch. VLAN information is not included on these links.Trunk links carry the VLAN information.
30VLANs TaggingISL (Inter-Switch Link) is the Cisco proprietary method of tagging, designed before 802.1Q was standardized. I mention it for historical reasons, as Cisco no longer makes hardware that supports ISL.
31VLANs VTP ModesVLAN Trunk Protocol is designed to carry VLAN information across internetworks.It requires a central VTP server. Switches are commonly the servers.
32VLANs Trunk Protocol VTP servers can make changes to the VTP domain VTP clients send and receive VTP updates, but they can’t make changesTransparent switches pass VTP updates but they don’t participate in the protocol.
33VLANs Trunk ProtocolVTP Pruning is a method of removing traffic from a link if there is nothing at the end of that link that requires the VLAN information. This increases security and reduces traffic.
34VLANs Advantages VLANs can be logically subnetted Adds, moves and changes are handled through configuration rather than physical movesVLANs can provide greater security by isolating broadcastsUsers can be assigned logically rather than being imposed by their physical location.Broadcast domains can be assigned by reasonable size rather than by physical port limitations.
35VLANs Disadvantages VLANs may take considerably more configuration Broadcast domains aren’t always obviousTroubleshooting problems becomes more difficultThe network becomes more complexTrunk traffic can be hard to predict and difficult to monitor