1-11 VLAN OverviewThis chapter covers these topics:z VLAN Overviewz Port-Based VLANz Protocol-Based VLANVLAN OverviewIntroduction to VLANThe traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain andconnected with each other through hubs or switches. Hubs and switches, which are the basic networkconnection devices, have limited forwarding functions.z A hub is a physical layer device without the switching function, so it forwards the received packet toall ports except the inbound port of the packet.z A switch is a link layer device which can forward a packet according to the MAC address of thepacket. A switch builds a table of MAC addresses mapped to associated ports with that addressand only sends a known MAC’s traffic to one port. When the switch receives a broadcast packet oran unknown unicast packet whose MAC address is not included in the MAC address table of theswitch, it will forward the packet to all the ports except the inbound port of the packet.The above scenarios could result in the following network problems.z Large quantity of broadcast packets or unknown unicast packets may exist in a network, wastingnetwork resources.z A host in the network receives a lot of packets whose destination is not the host itself, causingpotential serious security problems.z Related to the point above, someone on a network can monitor broadcast packets and unicastpackets and learn of other activities on the network. Then they can attempt to access otherresources on the network, whether or not they are authorized to do this.Isolating broadcast domains is the solution for the above problems. The traditional way is to use routers,which forward packets according to the destination IP address and does not forward broadcast packetsin the link layer. However, routers are expensive and provide few ports, so they cannot split the networkefficiently. Therefore, using routers to isolate broadcast domains has many limitations.The Virtual Local Area Network (VLAN) technology is developed for switches to control broadcasts inLANs.A VLAN can span across physical spaces. This enables hosts in a VLAN to be located in differentphysical locations.By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of whichhas a broadcast domain of its own. Hosts in the same VLAN communicate in the traditional Ethernetway. However, hosts in different VLANs cannot communicate with each other directly but need the helpof network layer devices, such as routers and Layer 3 switches. Figure 1-1 illustrates a VLANimplementation.
