While a switched network provides a number of great features including better performance, it also provides a greater degree of flexibility, scalability, and security. This is mainly accomplished through the use of Virtual Local Area Networks (VLANs).
Let’s get started on the right foot. VLANs are nowhere near as difficult to understand as some people make them out to be. Remember a traditional LAN? All computers are connected together in a segment referred to as a broadcast domain. Systems are usually very close together, and connect to devices such as hubs or switches.
At the most basic level, a VLAN is nothing more than a broadcast domain, meaning that it is a Layer 2 entity. What tends to throw people is that a VLAN is actually a broadcast domain configured on switches on a port-by-port basis. Say what? Well, imagine a switch that has 10 ports, like the one shown below. I could take the first 5 ports and make them part of one VLAN, and then take the next 5 and make them part of a different VLAN. What I’ve actually done is created two different broadcast domains. A broadcast made by a system on port 1 will only go to systems connected on those first 5 ports, and is not seen by those on the last six ports. In this way, I’ve used the switch to define two different broadcast domains.
But how do systems on different VLANs communicate with each other? You actually already know the answer to that: the same way systems on two different broadcast domains communicate, that is, through a router. So, in order for systems on one VLAN to communicate with those on other, some type of routing device must be involved. This could be a router, a Layer 3 switch, or a route switch module (RSM).
Because different VLANs are actually different broadcast domains, you’ll need to be sure that you’re connecting hosts to the correct ports. For example, if you were to connect two systems that are supposed to be part of the same IP subnet to ports from different VLANs, they would not be able to communicate. That is, even though the IP addresses assigned to the hosts may be correct, it’s still possible that you’ve made them part of different VLANs by accident. In cases where two correctly-configured hosts connected to the same switch cannot communicate, be sure to check the VLAN membership of ports on the switch.
It is also possible for VLAN configurations to go beyond a single switch. Consider the figure below, where a crossover cable connects two switches. Notice that both switches contain ports on VLANs 1 and 2. In order for these VLANs to communicate properly across switches, we’ll need to set up and configure a trunk connection, which we’ll look at shortly.
Figure: VLANs spanning more than one switch.
