Virtual LANs (VLANs)
With the introduction of Ethernet switches, and their subsequent replacement of Ethernet hubs in corporate LAN environments, came the power to manage traffic flow much more efficiently
and in many different ways. One of those ways was to allow users on different switch ports to participate in their own network separate from, but still connected to, the other stations on the
same or connected switch. This “network-within-a-network” concept became known as Virtual LAN (VLAN) technology.
Let’s say, for example, that you have a 24-port Ethernet switch. If you have a group of users that constantly use a particular server and produce very large amounts of broadcast traffic, you might want to separate them into their own segment. But, with VLAN-capable switches, you are able to modify the segmentation within the switch itself regardless of geographical proximity of the VLAN members, thus saving you the expense of additional network hardware or recabling. To do this, you would use the switch management software to assign the ports on which those users and their server were working to their own VLAN. The VLAN for this group could be VLAN #2, for example, and the VLAN everyone else is assigned to could be the default management VLAN #1. Users would still be able to communicate with each other and their respective servers (assuming a router was installed), but broadcast traffic would be isolated. With large, enterprise-capable switches, this benefit is realized even more so. With hundreds of ports, you can segment the network any way you’d like, even on-the-fly and into many different segments.
Let’s say, for example, a company’s network is divided into VLANs based on the departmental affiliation of the users. Bob transfers from the finance department to the accounting
department but keeps his same office. Susan moves from one building to another but remains in the marketing department. The administrator needs simply to configure Bob’s switch port to
be in the Accounting VLAN and Bob immediately enters the Accounting broadcast domain. Of course, Bob’s computer must be reconfigured for the subnet related to the Accounting VLAN,
which can be done centrally by rescinding his DHCP lease. Once his system requests a new DHCP lease, the DHCP server with the scope for his new subnet will offer him the proper IP information. The administrator can then configure the new port on the new switch that Susan is now plugged into for the marketing department, and regardless of her physical move, Susan never notices that she is connected to different switch hardware and her IP configuration can remain the same.
Note:
In practice, each VLAN corresponds to a different IP subnet, which is why a router is required to change the VLAN affiliation of a frame. The underlying packet has to be routed to the destination subnet, even if the intended recipient happens to be connected to the switch port right beside the port leading from the source device.
0 comments:
Post a Comment