14
Chapter5: Configuration
5.1 VLAN
Figure 5-1-1
Introduction to VLAN
The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain and connected with
each other through hubs or switches. Hubs and switches, which are the basic network connection devices, have limited
forwarding functions.
l A hub is a physical layer device without the switching function, so it forwards the received packet to all ports except
the inbound port of the packet.
l A switch is a link layer device which can forward a packet according to the MAC address of the packet. A switch builds
a table of MAC addresses mapped to associated ports with that address and only sends a known MAC’s traffic to one
port. When the switch receives a broadcast packet or an unknown unicast packet whose MAC address is not included
in the MAC address table of the switch, it will forward the packet to all the ports except the inbound port of the
packet. The above scenarios could result in the following network problems.
l Large quantity of broadcast packets or unknown unicast packets may exist in a network, wasting network resources.
l A host in the network receives a lot of packets whose destination is not the host itself, causing potential serious
security problems.
l Related to the point above, someone on a network can monitor broadcast packets and unicast packets and learn of
other activities on the network. Then they can attempt to access other resources on the network, whether or not
they are authorized to do this.
Isolating broadcast domains is the solution for the above problems. The traditional way is to use routers, which forward
packets according to the destination IP address and does not forward broadcast packets in the link layer. However, routers
are expensive and provide few ports, so they cannot split the network efficiently. Therefore, using routers to isolate
broadcast domains has many limitations.
To Next Page
Loading...
