Netis ST3208, Руководство пользователя

Страница: 20 / 42

20
Introduction to VLAN
The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast
domain and connected with each other through hubs or switches. Hubs and switches, which are
the basic network connection devices, have limited forwarding functions.

A hub is a physical layer device without the switching function, so it forwards the received
packet to all ports except the inbound port of the packet.
 A switch is a link layer device which can forward a packet according to the MAC address of
the packet. A switch builds a table of MAC addresses mapped to associated ports with that
address and only sends a known MAC’s traffic to one port. When the switch receives a
broadcast packet or an unknown unicast packet whose MAC address is not included in the
MAC address table of the switch, it will forward the packet to all the ports except the
inbound port of the packet. The above scenarios could result in the following network
problems.
 Large quantity of broadcast packets or unknown unicast packets may exist in a network,
wasting network resources.
 A host in the network receives a lot of packets whose destination is not the host itself,
causing potential serious security problems.

Related to the point above, someone on a network can monitor broadcast packets and
unicast packets and learn of other activities on the network. Then they can attempt to
access other resources on the network, whether or not they are authorized to do this.
Isolating broadcast domains is the solution for the above problems. The traditional way is to use
routers, which forward packets according to the destination IP address and does not forward
broadcast packets in the link layer. However, routers are expensive and provide few ports, so
they cannot split the network efficiently. Therefore, using routers to isolate broadcast domains
has many limitations.
The Virtual Local Area Network (VLAN) technology is developed for switches to control
broadcasts in LANs.
A VLAN can span multiple physical spaces. This enables hosts in a VLAN to be located in different
physical locations. By creating VLANs in a physical LAN, you can divide the LAN into multiple
logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN
communicate in the traditional Ethernet way. However, hosts in different VLANs cannot
communicate with each other directly but need the help of network layer devices, such as
routers and Layer 3 switches.
Advantages of VLANs
Compared with traditional Ethernet technology, VLAN technology delivers the following benefits:
 Confining broadcast traffic within individual VLANs. This saves bandwidth and improves
network performance.