✔ VLANs allow network administrators to group hosts together even if the
hosts are not on the same network switch.
✔ Routers in VLAN topologies filter broadcast traffic, enhance network
security, perform address summarization, and mitigate network congestion.
Switches may not bridge network traffic between VLANs, as doing so would
violate the integrity of the VLAN broadcast domain.
✔ VLANs can help reduce network traffic by forming multiple broadcast
domains, to break up a large network into smaller independent segments with
fewer broadcasts being sent to every device on the overall network.
✔ VLANs can also help create multiple layer 3 networks on a single physical
infrastructure. For example, if a Dynamic Host Configuration Protocol (DHCP)
server is plugged into a switch it will serve any host on that switch that is
configured for DHCP. By using VLANs, the network can be easily split up so some
hosts will not use that DHCP server and will obtain link-local addresses, or
obtain an address from a different DHCP server.
✔ VLANs are data link layer (OSI layer 2) constructs, analogous to IP
subnets, which are network layer (OSI layer 3) constructs. In an environment
employing VLANs, a one-to-one relationship often exists between VLANs and IP
subnets, although it is possible to have multiple subnets on one VLAN
✔ VLANs can be used to partition a local network into several distinctive
segments, for example:
✔ Production
✔ Voice over IP
✔ Network management
✔ Storage area network (SAN)
✔ Guest network
✔ Demilitarized zone (DMZ)
✔ Client separation (ISP, in
a large facility, or in a datacenter)
✔ In
cloud computing VLANs, IP addresses, and MAC addresses on them are resources
which end users can manage. Placing cloud-based virtual machines on VLANs may
be preferable to placing them directly on the Internet to avoid security
issues.
✔ VLANs operate at Layer 2 (the data link layer) of the OSI
model. Administrators often
configure a VLAN to map directly to an IP network, or subnet, which gives the
appearance of involving Layer 3 (the network layer)
✔ a network of computers that behave as if they are connected to the same
wire even though they may actually be physically located on different segments
of a LAN. VLANs are configured through software rather than hardware, which
makes them extremely flexible. One of the biggest advantages of VLANs is that
when a computer is physically moved to another location, it can stay on the
same VLAN without any hardware reconfiguration.
Establishing VLAN
memberships:
The two
common approaches to assigning VLAN membership are as follows:
• Static VLANs
• Dynamic VLANs
✔ Static VLANs are also referred to as port-based VLANs. Static VLAN
assignments are created by assigning ports to a VLAN. As a device enters the
network, the device automatically assumes the VLAN of the port. If the user
changes ports and needs access to the same VLAN, the network administrator must
manually make a port-to-VLAN assignment for the new connection.
✔ Dynamic VLANs are created using software. With a VLAN Management
Policy Server (VMPS), an administrator can assign switch ports to VLANs
dynamically based on information such as the source MAC address of the device
connected to the port or the username used to log onto that device. As a device
enters the network, the switch queries a database for the VLAN membership of
the port that device is connected to.
No comments:
Post a Comment