UMN:CLI User Manual
SURPASS hiD 6615 S223/S323 R1.5
178 A50010-Y3-C150-2-7619
8 System Main Functions
8.1 VLAN
The first step in setting up your bridging network is to define VLAN on your switch. VLAN
is a bridged network that is logically segmented by customer or function. Each VLAN con-
tains group of ports called VLAN members. On the VLAN network, packets received on a
port are forwarded only to ports that belong to the same VLAN as the receiving port. Net-
work devices in different VLANs cannot communicate with one another without a Layer 3
switching device to route traffic between the VLANs. These VLANs improve performance
because they reduce the propagation of local traffic, and they improve security benefits
because they completely separate traffic.
Enlarged Network Bandwidth
Users belonged in each different VLAN can use more enlarged bandwidth than no VLAN
composition because they do not receive unnecessary Broadcast information. A properly
implemented VLAN will restrict multicast and unknown unicast traffic to only those links
necessary to only those links necessary to reach members of the VLAN associated with
that multicast (or unknown unicast) traffic.
Cost-Effective Way
When you use VLAN to prevent unnecessary traffic loading because of broadcast, you
can get cost-effective network composition since switch is not needed.
Strengthened Security
When using a shared-bandwidth LAN, there is no inherent protection provided against
unwanted eavesdropping. In addition to eavesdropping, a malicious user on a shared
LAN can also induce problems by sending lots of traffic to specific targeted users or net-
work as a whole. The only cure is to physically isolate the offending user. By creating
logical partitions with VLAN technology, we further enhance the protections against both
unwanted eavesdropping and spurious transmissions. As depicted in Figure, a properly
implemented port-based VLAN allows free communication among the members of a
given VLAN, but does not forward traffic among switch ports associated with members of
different VLANs. That is, a VLAN configuration restricts traffic flow to a proper subnet
comprising exactly those links connecting members of the VLAN. Users can eavesdrop
only on the multicast and unknown unicast traffic within their own VLAN presumably the
configured VLAN comprises a set of logically related users.
User Mobility
By defining a VLAN based on the addresses of the member stations, we can define a
workgroup independent of the physical location of its members. Unicast and multicast
traffic (including server advertisements) will propagate to all members of the VLAN so that
they can communicate freely among themselves.