Specifications
Configuring Routing Between VLANs
Information About Routing Between VLANs
3
LAN Segmentation
VLANs allow logical network topologies to overlay the physical switched infrastructure such that any
arbitrary collection of LAN ports can be combined into an autonomous user group or community of
interest. The technology logically segments the network into separate Layer 2 broadcast domains
whereby packets are switched between ports designated to be within the same VLAN. By containing
traffic originating on a particular LAN only to other LANs in the same VLAN, switched virtual networks
avoid wasting bandwidth, a drawback inherent to traditional bridged and switched networks in which
packets are often forwarded to LANs with no need for them. Implementation of VLANs also improves
scalability, particularly in LAN environments that support broadcast- or multicast-intensive protocols
and applications that flood packets throughout the network.
Figure 73 illustrates the difference between traditional physical LAN segmentation and logical VLAN
segmentation.
Figure 73 LAN Segmentation and VLAN Segmentation
Security
VLANs improve security by isolating groups. High-security users can be grouped into a VLAN, possibly
on the same physical segment, and no users outside that VLAN can communicate with them.
Catalyst
VLAN switch
VLAN 1
VLAN segmentationTraditional LAN segmentation
VLAN 2 VLAN 3
LAN 1
Shared hub
Shared hub
Shared hub
Floor 3
Floor 2
Floor 1
LAN 2
LAN 3
S6619
Catalyst
VLAN switch
Catalyst
VLAN switch
Router