In this lesson we will take a look at VLANs (Virtual LANs) and I will explain what they are and why we need them.
First of all let me show you a picture of a network:
Look at this picture for a minute, we have many departments and every department has its own switch. Users are grouped physically together and are connected to their switch. what do you think of it? Does this look like a good network design? If you are unsure let me ask you some questions to think about:
- What happens when a computer connected to the Research switch sends a broadcast like an ARP request?
- What happens when the Helpdesk switch fails?
- Will our users at the Human Resource switch have fast network connectivity?
- How can we implement security in this network?
Now let me explain you why this is a bad network design. If any of our computers sends a broadcast what will our switches do? They flood it! This means that a single broadcast frame will be flooded on this entire network. This also happens when a switch hasn’t learned about a certain MAC address, the frame will be flooded.
If our helpdesk switch would fail this means that users from Human Resource are “isolated” from the rest and unable to access other departments or the internet, this applies to other switches as well. Everyone has to go through the Helpdesk switch in order to reach the Internet which means we are sharing bandwidth, probably not a very good idea performance-wise.
Last but not least, what about security? We could implement port-security and filter on MAC addresses but that’s not a very secure method since MAC addresses are very easy to spoof. VLANs are one way to solve our problems.
One more question I’d like to ask you to refresh your knowledge:
- How many broadcast domains do we have here?
What about broadcast domains? We didn’t talk about this before but I think you can answer it. If a computer from the sales switch would send a broadcast frame we know that all other switches will forward it. Did you spot the router on top of the picture? What about it…do you think a router will forward a broadcast frame?
Hi Rene,
I learned from http://www.netcontractor.pl/blog/?p=184 that control traffic from Layer 2 protocols like ( DTP, VTP , CDP , PAgP , STP, etc ) use VLAN 1.
And I make sure of that by doing this experience :
- I made a simple topology of connection two switches and making connectivity as trunk.
... Continue reading in our forum- I made one switch VTP server and another as VTP client.
- I also setup RSPAN to monitor the packets.
- Results, I saw VTP, CDP traffic marked with VLAN ID 1.
- Then, I made another vlan and disallowed Vlan 1 in the trunk.
- Results still the same.
- I thought it
Hi Daniel,
There’s a “technical” and “practical” aspect to this question
Let’s start with the technical part…a lot of networking people will tell you that you shouldn’t have > 200 hosts in a subnet since there will be too much broadcast traffic and it will slow down your network. This might be true 10 years ago but nowadays, your computers won’t be bothered much with broadcast traffic and it shouldn’t be an issue for your switches. You could probably put ~1000 hosts in a single subnet and not notice any performance issues.
The more important issue (the practic
... Continue reading in our forumHi I think I may have gotten a bad prep exam question as I cannot get it to work in labs and it does not make sense fully to me from how I learned VLANS. I will upload the practice test question from Boson and would like input please.
//cdn-forum.networklessons.com/uploads/default/original/1X/05b2d7038e648c45e08123c84caf728638301b4b.JPG
above is what they say is the answer and the topology its very brief. and below is their explanation.
//cdn-forum.networklessons.com/uploads/default/original/1X/6cb467368403ad27ae72143183da8d340c120a6b.JPG
Now I tried this in
... Continue reading in our forumI understand that vlans segment network traffic. What is the technical process that separates vlans? How does a Switch know I can forward out of this port, but I am not allowed to forward out that port?
Hello Justin
Let’s say a switch has 24 access ports where ports 1-12 are on VLAN 10 and ports 13-24 are on VLAN 20. Let’s say a broadcast frame is sent on port 1. The switch will receive that frame and send it out of ports 2 to 12. Why? Because it knows that it entered port 1, therefore it is on VLAN 10, therefore it will send it out of all ports that have been configured on VLAN 10. It doesn’t even look at the details of the frame itself, because there is no data in the frame that gives the switch VLAN information. The information comes only from the fac
... Continue reading in our forum