In this lesson we will take a look at VLANs (Virtual LANs) and I will explain what they are and why we need them.
First of all let me show you a picture of a network:
Look at this picture for a minute, we have many departments and every department has its own switch. Users are grouped physically together and are connected to their switch. what do you think of it? Does this look like a good network design? If you are unsure let me ask you some questions to think about:
- What happens when a computer connected to the Research switch sends a broadcast like an ARP request?
- What happens when the Helpdesk switch fails?
- Will our users at the Human Resource switch have fast network connectivity?
- How can we implement security in this network?
Now let me explain to you why this is a bad network design. If any of our computers sends a broadcast what will our switches do? They flood it! This means that a single broadcast frame will be flooded on this entire network. This also happens when a switch hasn’t learned about a certain MAC address, the frame will be flooded.
If our helpdesk switch would fail this means that users from Human Resource are “isolated” from the rest and unable to access other departments or the internet, this applies to other switches as well. Everyone has to go through the Helpdesk switch in order to reach the Internet which means we are sharing bandwidth, probably not a very good idea performance-wise.
Last but not least, what about security? We could implement port-security and filter on MAC addresses but that’s not a very secure method since MAC addresses are very easy to spoof. VLANs are one way to solve our problems.
One more question I’d like to ask you to refresh your knowledge:
- How many broadcast domains do we have here?
What about broadcast domains? We didn’t talk about this before but I think you can answer it. If a computer from the sales switch would send a broadcast frame we know that all other switches will forward it. Did you spot the router on top of the picture? What about it…do you think a router will forward a broadcast frame?
Hi Rene,
I learned from http://www.netcontractor.pl/blog/?p=184 that control traffic from Layer 2 protocols like ( DTP, VTP , CDP , PAgP , STP, etc ) use VLAN 1.
And I make sure of that by doing this experience :
- I made a simple topology of connection two switches and making connectivity as trunk.
... Continue reading in our forum- I made one switch VTP server and another as VTP client.
- I also setup RSPAN to monitor the packets.
- Results, I saw VTP, CDP traffic marked with VLAN ID 1.
- Then, I made another vlan and disallowed Vlan 1 in the trunk.
- Results still the same.
- I thought it
Hi Daniel,
There’s a “technical” and “practical” aspect to this question
Let’s start with the technical part…a lot of networking people will tell you that you shouldn’t have > 200 hosts in a subnet since there will be too much broadcast traffic and it will slow down your network. This might be true 10 years ago but nowadays, your computers won’t be bothered much with broadcast traffic and it shouldn’t be an issue for your switches. You could probably put ~1000 hosts in a single subnet and not notice any performance issues.
The more important issue (the practic
... Continue reading in our forumSo if I have a 48 port switch on the 198.168.1.0/24 network…… and all 48 ports are connected to host. All the host have IP addresses on the 198.168.1.0/24 network. And lets say I create 4 VLANs. Help Desk is on VLAN 10 (interface 1-12), MGMT is on VLAN 20 (int 13-24), Accounting is on VLAN 30 (int 25-36), and Supply is on VLAN 40 (int-37-48). OK…. So these 4 VLANs would basically share the same network (198.168.1.0/24) right? VLANS don’t have to be on different networks/subnets?
... Continue reading in our forumWhat if there were some other MGMT host on another router on a 10.10.10.0/24 n
Hi I think I may have gotten a bad prep exam question as I cannot get it to work in labs and it does not make sense fully to me from how I learned VLANS. I will upload the practice test question from Boson and would like input please.
//cdn-forum.networklessons.com/uploads/default/original/1X/05b2d7038e648c45e08123c84caf728638301b4b.JPG
above is what they say is the answer and the topology its very brief. and below is their explanation.
//cdn-forum.networklessons.com/uploads/default/original/1X/6cb467368403ad27ae72143183da8d340c120a6b.JPG
Now I tried this in
... Continue reading in our forumHello Justin
Let’s say a switch has 24 access ports where ports 1-12 are on VLAN 10 and ports 13-24 are on VLAN 20. Let’s say a broadcast frame is sent on port 1. The switch will receive that frame and send it out of ports 2 to 12. Why? Because it knows that it entered port 1, therefore it is on VLAN 10, therefore it will send it out of all ports that have been configured on VLAN 10. It doesn’t even look at the details of the frame itself, because there is no data in the frame that gives the switch VLAN information. The information comes only from the fac
... Continue reading in our forum