What is a VLAN?
A VLAN is known as a virtual local area network, virtual LAN, or just VLAN. It is a virtual grouping of network hosts within the same broadcast domain, regardless of their physical location. VLANs allow for their members to be located on different parts of the physical network. A VLAN is defined at layer 2 of the OSI model.
Why Create VLANs?
One of the main goals of configuring a VLAN is to create a boundary for a grouping of hosts that have the same requirements with regard to network connectivity, security, and management. Switches that support the creation of VLANs will logically segment the traffic between these virtual networks. Switches will not bridge traffic from one VLAN to another. To get traffic to flow from one VLAN to another, you would need to configure a virtual gateway on the layer 3 switch or plug a traditional router into each of the VLAN segments. As mentioned earlier, VLANs are defined at layer 2. In a network design that uses VLANs, you will generally find that each VLAN is associated with each network subnet. However, it is possible to associate more than one subnet to a VLAN ID. With switches that do support the creation of VLANs, by default, all ports will belong to a default VLAN ID. To create multiple VLANs, you would use the switch’s management software to configure the new VLAN IDs and then assign membership to each VLAN. VLAN membership can be assigned by a variety of methods, including static and dynamic membership. The most common method is by port membership. Other membership options include dynamically joining VLANs by protocol type. For instance, you may want to segment TCP/IP traffic from IPX/SPX. Finally, you should note that VLANs can span multiple switches, and switches can have more than one VLAN defined. For multiple VLANs on multiple switches to be able to communicate with each other, you will implement a process called trunking. Here is an example network design that uses VLANs and Trunking: This, of course, is a very simplistic design and view. As you can see, you can get VLAN2 traffic to the router via trunking. If the router supports VLAN tagging, you can extend VLAN1 and/or VLAN2 to other parts of the network as well.