January 17, 2012

1.2.3 VLAN Management

A virtual LAN, (VLAN), is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access.

A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices.

VLANs address issues such as scalability, security, and network management.

A VLAN is a good way to contain network traffic to a certain segment of the network.

On a LAN, hosts can communicate with each other through broadcasts, and no forwarding devices, such as routers, are needed. As the LAN grows, so too does the amount of chatter. Shrinking the size of the LAN by segmenting it into smaller groups (VLANs) reduces the size of the broadcast domain (and the amount of chatter). The advantages of doing this include reducing the scope of the broadcasts, improving security, performance and manageability, and decreasing dependence on the physical topology. VLANs allow users with similar data sensitivity levels to be segmented together.
A VLAN is a logical subdivision of a Layer 2 network that makes a single Layer 2 infrastructure operate as though it were multiple, separate Layer 2 networks. This is accomplished by adding a numeric tag field to each data packet as it leaves a Layer 2 switch which identifies the VLAN number to which the packet belongs. Other VLAN-enabled switches honor the VLAN numbering scheme to segregate the network into logical, virtual networks.
It is possible to have multiple subnets on one VLAN or have one subnet spread across multiple VLANs.

The protocol used in configuring virtual LANs is IEEE 802.1Q.

With port-based VLAN membership, the port is assigned to a specific VLAN independent of the user or system attached to the port. This means all users attached to the port should be members in the same VLAN.

In a protocol based VLAN enabled switch, traffic is forwarded through ports based on protocol.

References:
http://www.connect802.com/vlans.htm
CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart
CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment