VLANs logically group users. It's not that networks don't work without VLANs, but it's a great convenience to use them.
A VLAN is also a broadcast domain, so it is said to provide segmentation of broadcast domains. A broadcast in VLAN 1 will only come out of all ports associated to VLAN 1.
A VLAN correlates to a subnet typically. In proper implementation, a VLAN = Broadcast Domain = Subnet.
Trunk links use tagging technology to extend VLANs across switches. Without trunking, VLANs are locally significant. More on this in later articles.
VLANs also provide access control and allows easier implementation of QoS. You can have prioritized equipment in a VLAN, and non-prioritized equipment in another VLAN. In this way, you can protect sensitive traffic like VoIP.
A legacy switch has one collision domain per port. The entire switch is also a broadcast domain. The entire switch also supports one subnet (you can actually put more on it, but they aren't really separated). This provides very little access control.
Cisco's rule of thumb for a subnet is a maximum of 500 PCs. However, most good designers would start segmenting every hundred PCs or so.
VLANs allow segmentation of users without routers. To segment users in the past using normal switches, you'll need to use routers and this will limit you physically. Besides, before VLANs, one switch supports one LAN, so you will need to use 2 whole switches just to segment two groups of users even though not all ports are used.
No comments :
Post a Comment