Specifications
Chapter A Networking Concepts
Virtual LANs
A-12
Cisco 1700 Series Router Software Configuration Guide
78-5407-03
A VLAN can be thought of as a broadcast domain that exists within a defined set
of switches. A VLAN consists of a number of end systems, either hosts or network
equipment (such as bridges and routers), connected by a single bridging domain.
The bridging domain is supported on various pieces of network equipment; for
example, LAN switches that operate bridging protocols between them, with a
separate bridge group for each VLAN.
VLAN Issues
VLANs are created to provide the segmentation services traditionally provided by
routers in LAN configurations. VLANs address scalability, security, and network
management. Routers in VLAN topologies provide broadcast filtering, security,
address summarization, and traffic flow management. None of the switches within
the defined group will bridge any frames, not even broadcast frames, between two
VLANs. Several key issues need to be considered in designing and building
switched LAN internetworks:
• LAN Segmentation
• Security
• Broadcast Control
• Performance
• Network Management
LAN Segmentation
VLANs allow logical network topologies to overlay the physical switched
infrastructure in such a way that any arbitrary collection of LAN ports can be
combined into an autonomous user group or community of interest. The
technology logically segments the network into separate Layer 2 broadcast
domains whereby packets are switched between ports designated to be within the
same VLAN. By restricting traffic originating on a particular LAN only to other
LANs in the same VLAN, switched virtual networks avoid wasting bandwidth, a
drawback inherent to traditional bridged and switched networks in which packets
are often forwarded to LANs with no need for them. Implementation of VLANs
also improves scalability, particularly in LAN environments that support
broadcast- or multicast-intensive protocols and applications that flood packets
throughout the network.