adam's notes

Virtual LANs

  • All hosts connected to the same unmanaged switch are said to be in the same broadcast domain
    • does not present any problem on a small network
    • but, the switching fabric on an enterprise network can provide thousands of ports
    • placing hundreds or thousands of hosts in the same broadcast domain reduces performance
      • To mitigate this, the ports can be divided into groups using a feature of managed switches called virtual LAN (VLAN)
  • simplest means of assigning a node to a VLAN is by configuring the port interface on the switch with a VLAN ID in the range 2 to 4094
    • E.g.,
      • switch ports 1 through 10 could be configured as a VLAN with the ID 10
      • and ports 11 through 20 could be assigned to VLAN 20
      • Host A connected to port 2 would be in VLAN 10
      • host B connected to port 12 would be in VLAN 20\

Info

  • the VLAN with ID 1 is referred to as the “default VLAN”
  • Unless configured differently, all ports on a managed switch default to being in VLAN 1
  • When hosts are placed in separate VLANs, they can no longer communicate with one another directly
    • even though they might be connected to the same switch
  • Each VLAN must be configured with its own subnet address and IP address range
  • Communications between VLANs must go through an IP router
  • Each VLAN must also be provisioned with its own DHCP and DNS services
  • as well as reducing the impact of excessive broadcast traffic, from a security point of view, each VLAN can represent a separate zone
    • Traffic passing between VLANs can easily be filtered and monitored to ensure it meets security policies
    • are also used to separate nodes based on traffic type
      • such as isolating devices used for VoIP so that they can more easily be prioritized over data passing over other VLANs

Graph View

Backlinks