vlana chap 3 2nd year

8/16/2019 VLANa Chap 3 2nd Year

1/20

Chapter 3

VLANs

Introduction

Chapter 2, “LAN Switching,” discusses problems inherent in a LAN and possiblesolutions to improve LAN performance. You learned about the advantages and

disadvantages of using bridges, switches, and routers for LAN segmentation andthe effects of switching, bridging, and routing on network throughput. Finally,you briefly learned about the benefits of Fast Ethernet and virtual local-area net-works (VLANs).

This chapter provides an introduction to VLANs and switched internetworking,compares traditional shared LAN configurations with switched LAN configura-tions, and discusses the benefits of using a switched VLAN architecture.

VLAN Overview

A VLAN is a logical grouping of devices or users, as shown in Figure 3-1. Thesedevices or users can be grouped by function, department, application, and so on,regardless of their physical segment location. VLAN configuration is done at theswitch via software.

Existing Shared LAN ConfigurationsA typical LAN is configured according to the physical infrastructure it is connect-ing. Users are grouped based on their location in relation to the hub they areplugged in to and how the cable is run to the wiring closet. The router intercon-necting each shared hub typically provides segmentation and can act as a broad-cast firewall, whereas the segments created by switches do not. Traditional LANsegmentation does not group users according to their workgroup association orneed for bandwidth. Therefore, they share the same segment and contend for the

same bandwidth, although the bandwidth requirements might vary greatly by toworkgroup or department.


2/20

74

Chapter 3 VLANs

Segmenting with Switching Architectures

LANs are increasingly being divided into workgroups connected via commonbackbones to form VLAN topologies. VLANs logically segment the physicalLAN infrastructure into different subnets (or broadcast domains, for Ether-net) so that broadcast frames are switched only between ports within the same

VLAN.

Initial VLAN implementations offered a port-mapping capability that estab-lished a broadcast domain between a default group of devices. Current net-work requirements demand VLAN functionality that covers the entirenetwork. This approach to VLANs allows you to group geographically sepa-rate users in networkwide virtual topologies. VLAN configurations groupusers by logical association rather than physical location.

FIGURE 3-1A VLAN is a

group of net-

work devices

or users that is

not restricted

to a physical

switch seg-

ment.

MOVIE 3.1

Broadcast Transmission

Source node to network.

Administration Engineering Marketing


3/20


75

The majority of the networks currently installed provides very limited logicalsegmentation. Users are commonly grouped based on connections to the

shared hub and the router ports between the hubs. This topology provides seg-mentation only between the hubs, which are typically located on separatefloors, and not between users connected to the same hub. This imposes physi-cal constraints on the network and limits how users can be grouped. A fewshared-hub architectures have some grouping capability, but they restrict howyou configure logically defined workgroups.

VLANs and Physical Boundaries

In a LAN that utilizes LAN switching devices, VLAN technology is a cost-effective and efficient way of grouping network users into virtual workgroupsregardless of their physical location on the network. Figure 3-2 shows the dif-ference between LAN and VLAN segmentation. Some of the main differencesare as follows:

VLANs work at Layer 2 and Layer 3 of the OSI reference model.

Communication between VLANs is provided by Layer 3 routing.

VLANs provide a method of controlling network broadcasts.

The network administrator assigns users to a VLAN. VLANs can increase network security by defining which network nodes

can communicate with each other.

FIGURE 3-2

Within a

switched net-

work, VLANsprovide seg-

mentation and

organizational

flexibility.

Sharedhub

Floor 1

Communication between VLANS

Router

LAN 1

Catalyst 3000

Catalyst 5000

Catalyst 3000

VLAN 1

VLAN 2

VLAN 3

Router

Sharedhub

Floor 2

LAN 2

Shared

hub

Floor 3

LAN 3

Traditional LAN segmentation VLAN segmentation


4/20

76

Chapter 3 VLANs

Using VLAN technology, you can group switch ports and their connected usersinto logically defined workgroups, such as the following:

Coworkers in the same department

A cross-functional product team

Diverse user groups sharing the same network application or software

You can group these ports and users into workgroups on a single switch or onconnected switches. By grouping ports and users together across multipleswitches, VLANs can span single-building infrastructures, interconnectedbuildings, or even wide-area networks (WANs), as shown in Figure 3-3.

Transporting VLANs Across Backbones

Important to any VLAN architecture is the ability to transport VLAN infor-

mation between interconnected switches and routers that reside on the corpo-rate backbone. These transport capabilities consist of the following:

Removing the physical boundaries between users

Increasing the configuration flexibility of a VLAN solution when usersmove

Providing mechanisms for interoperability between backbone systemcomponents.

FIGURE 3-3

VLANs remove

the physical

constraints of

workgroup

communica-

tions.

Catalyst 5000

AccountingVLAN

Floor 3

MarketingVLAN

EngineeringVLAN

Catalyst 5000

FastEthernet

Catalyst 5000

Floor 1

Floor 2


5/20


77

The backbone commonly acts as the collection point for large volumes of traf-fic. It also carries end-user VLAN information and identification between

switches, routers, and directly attached servers. Within the backbone, high-bandwidth, high-capacity links are typically chosen to carry the trafficthroughout the enterprise.

Routers in VLANs

The traditional role of the router is to provide firewalls, broadcast manage-ment, and route processing and distribution. While switches take on some ofthese tasks, routers still remain vital in VLAN architectures because they pro-

vide connected routes between different VLANs. They also connect to otherparts of the network that are either logically segmented with the more tradi-tional subnet approach or require access to remote sites across wide-area links.Layer 3 communication, either embedded in the switch or provided externally,is an integral part of any high-performance switching architecture.

You can cost-effectively integrate external routers into the switching architec-ture by using one or more high-speed backbone connections. These are typi-

cally Fast Ethernet or ATM connections, and they provide benefits by Increasing the throughput between switches and routers

Consolidating the overall number of physical router ports required forcommunication between VLANs

VLAN architecture not only provides logical segmentation, but with carefulplanning, it can greatly enhance the efficiency of a network.

Switched Networking Configuration

The problems associated with shared LANs and the emergence of switches arecausing traditional LAN configurations to be replaced with switched VLANnetworking configurations. Switched VLAN configurations vary from tradi-tional LAN configurations in the following ways:

Switches remove the physical constraints imposed by a shared-hub archi-tecture because they logically group users and ports across the enterprise.Switches replace hubs in the wiring closet. Switches are easily installed with

little or no cabling changes, and can completely replace a shared hub withper-port service to each user.

Switches can be used to create VLANs in order to provide the segmentationservices traditionally provided by routers in LAN configurations.

Switches are one of the core components of VLAN communications. As shownin Figure 3-4, they perform critical VLAN functions by acting as the entrypoint for end-station devices into the switched fabric and for communication

across the enterprise.


6/20

78

Chapter 3 VLANs

Each switch has the intelligence to make filtering and forwarding decisions byframe, based on VLAN metrics defined by network managers. The switch can

also communicate this information to other switches and routers within thenetwork.

The most common approaches for logically grouping users into distinctVLANs are frame filtering and frame identification. Both of these techniqueslook at the frame when it is either received or forwarded by the switch. Basedon the set of rules defined by the administrator, these techniques determinewhere the frame is to be sent, filtered, or broadcast. These control mechanisms

can be centrally administered (with network management software) and areeasily implemented throughout the network.

Frame filtering examines particular information about each frame. A filteringtable is developed for each switch; this provides a high level of administrativecontrol because it can examine many attributes of each frame. Depending onthe sophistication of the LAN switch, you can group users based on a station’s Media Access Control (MAC) addresses or network-layer protocol type. Theswitch compares the frames it filters with table entries, and it takes the appro-priate action based on the entries.

In their early days, VLANs were filter-based and they grouped users based on afiltering table. This model did not scale well because each frame had to be ref-erenced to a filtering table.

FIGURE 3-4

You can use

switches to

group users,

ports, or logical

addresses into

common com-

munities of

interest.

Layer 2MAC

address

Layer 3

network

DA SA IP


7/20

VLAN Implementations

79

Frame tagging uniquely assigns a VLAN ID to each frame. The VLAN IDs areassigned to each VLAN in the switch configuration by the switch administra-

tor. This technique was chosen by the Institute of Electrical and Electronic Engineers (IEEE) standards group because of its scalability. Frame tagging isgaining recognition as the standard trunking mechanism; in comparison toframe filtering, it can provide a more scalable solution to VLAN deploymentthat can be implemented campus-wide. IEEE 802.1q states that frame taggingis the way to implement VLANs.

VLAN frame tagging is an approach that has been specifically developed for

switched communications. Frame tagging places a unique identifier in theheader of each frame as it is forwarded throughout the network backbone.The identifier is understood and examined by each switch prior to any broad-casts or transmissions to other switches, routers, or end-station devices. Whenthe frame exits the network backbone, the switch removes the identifier beforethe frame is transmitted to the target end station. Layer 2 frame identificationrequires little processing or administrative overhead.

VLAN Implementations

A VLAN makes up a switched network that is logically segmented by func-tions, project teams, or applications, without regard to the physical location ofusers. Each switch port can be assigned to a VLAN. Ports assigned to the sameVLAN share broadcasts. Ports that do not belong to that VLAN do not sharethese broadcasts. This improves the overall performance of the network. The

following sections discuss three VLAN implementation methods that can beused to assign a switch port to a VLAN. They are

Port-centric VLANs

Static

Dynamic

Port-Centric VLANs

In port-centric VLANs, all the nodes connected to ports in the same VLAN areassigned the same VLAN ID. Figure 3-5 shows VLAN membership by routerport, which make an administrator’s job easier and the network more efficientbecause

Users are assigned by port.

VLANs are easily administered.

It provides increased security between VLANs.

Packets do not “leak” into other domains.


8/20

80

Chapter 3 VLANs

Static VLANs

Static VLANs are ports on a switch that you statically assign to a VLAN.

These ports maintain their assigned VLAN configurations until you changethem. Although static VLANs require the administrator to make changes, theyare secure, easy to configure, and straightforward to monitor. Static VLANswork well in networks in which moves are controlled and managed.

Dynamic VLANs

Dynamic VLANs are ports on a switch that can automatically determine theirVLAN assignments. Dynamic VLAN functions are based on MAC addresses,

SKILL BUILDER

Creating VLANsIn this lab, you work with Ethernet virtual local-area networks (VLANs). VLANscan separate groups of users based on function rather than physical location.

SKILL BUILDER

Switch Management VLANs

In this lab, you work with virtual local-area networks (VLANs). You console intothe switch and view the menu options available to manage VLANs and check thecurrent VLAN configuration.

FIGURE 3-5

In port-centricVLANs, mem-

bership is eas-

ily controlled

across the net-

work. Also, all

nodes attached

to the same

port must be in

the sameVLAN.

Routing function

interconnects VLANsNetwork layer

Data link layerbroadcastdomains

Physical layerLAN switch

Attachednodes

Floor 1 Floor 2 Floor 3

192.20.21.0 192.20.24.0 192.30.20.0

EngineeringVLAN

MarketingVLAN

SalesVLAN


9/20

Benefits of VLANs

81

logical addressing, or protocol type of the data packets. When a station is ini-tially connected to an unassigned switch port, the appropriate switch checks

the MAC address entry in the VLAN management database and dynamicallyconfigures the port with the corresponding VLAN configuration. The majorbenefits of this approach are less administration within the wiring closet whena user is added or moved and centralized notification when an unrecognizeduser is added to the network. Typically, more administration is required upfront to set up the database within the VLAN management software and tomaintain an accurate database of all network users.

Benefits of VLANs

VLANs provide the following benefits:

They reduce administration costs related to solving problems associatedwith moves, additions, and changes.

They provide controlled broadcast activity.

They provide workgroup and network security.

They save money by using existing hubs.Adding, Moving, or Changing User Locations

Companies are continuously reorganizing. On average, 20% to 40% of theworkforce physically moves every year. These moves, additions, and changes areone of a network manager’s biggest headaches and one of the largest expensesrelated to managing the network. Many moves require recabling, and almost allmoves require new station addressing and hub and router reconfigurations.

VLANs provide an effective mechanism for controlling these changes and reduc-ing much of the cost associated with hub and router reconfigurations. Users in aVLAN can share the same network address space (that is, the IP subnet), regard-less of their location. When users in a VLAN are moved from one location toanother, as long as they remain within the same VLAN and are connected to aswitch port, their network addresses do not change. A location change can be assimple as plugging a user in to a port on a VLAN-capable switch and configur-ing the port on the switch to that VLAN, as shown in Figure 3-6.

VLANs are a significant improvement over the typical LAN-based techniquesused in wiring closets because they require less rewiring, configuration, anddebugging. Router configuration is left intact; a simple move for a user fromone location to another does not create any configuration modifications in therouter if the user stays in the same VLAN.

Controlling Broadcast Activity

Broadcast traffic occurs in every network. Broadcast frequency depends on thetypes of applications, the types of servers, the amount of logical segmentation,


10/20

82

Chapter 3 VLANs

and how these network resources are used. Although applications have beenfine-tuned over the past few years to reduce the number of broadcasts they

send out, new multimedia applications are being developed that are broadcastand multicast intensive.

You need to take preventive measures to ensure against broadcast-related

problems. One of the most effective measures is to properly segment the net-work with protective firewalls that, as much as possible, prevent problems onone segment from damaging other parts of the network. Thus, although onesegment may have excessive broadcast conditions, the rest of the network isprotected with a firewall commonly provided by a router. Firewall segmenta-tion provides reliability and minimizes the overhead of broadcast traffic,allowing for greater throughput of application traffic.

When no routers are placed between the switches, broadcasts (Layer 2 trans-missions) are sent to every switched port. This is commonly referred to as aflat network, where there is one broadcast domain across the entire network.The advantage of a flat network is that it can provide both low-latency andhigh-throughput performance and it is easy to administer. The disadvantage isthat it increases vulnerability to broadcast traffic across all switches, ports,backbone links, and users.

FIGURE 3-6

VLAN-capable

switches

simplify the

rewiring,configuration,

moving of

users, and

debugging that

are required to

get a user back

online.

Catalyst 3000

Moved user

Sharedhub

Newlocation

Sameaddress

Floor 2

Floor 1

Router


11/20

Benefits of VLANs

83

VLANs are an effective mechanism for extending firewalls from the routersto the switch fabric and protecting the network against potentially dangerous

broadcast problems. Additionally, VLANs maintain all the performancebenefits of switching.

You create firewalls by assigning switch ports or users to specific VLANgroups both within single switches and across multiple connected switches.Broadcast traffic within one VLAN is not transmitted outside the VLAN, asshown in Figure 3-7. Conversely, adjacent ports do not receive any of thebroadcast traffic generated from other VLANs. This type of configuration sub-

stantially reduces the overall broadcast traffic, frees bandwidth for real usertraffic, and lowers the overall vulnerability of the network to broadcaststorms.

The smaller the VLAN group, the smaller the number of users affected bybroadcast traffic activity within the VLAN group. You can also assign VLANsbased on the application type and the number of applications broadcasts. Youcan place users sharing a broadcast-intensive application in the same VLAN

group and distribute the application across the campus.Providing Better Network Security

The use of LANs has increased at a very high rate over the past several years.As a result, LANs often have confidential, mission-critical data moving acrossthem. Confidential data requires security through access restriction. One prob-lem of shared LANs is that they are relatively easy to penetrate. By plugging into a live port, an intrusive user has access to all traffic within the segment. The

larger the group, the greater the potential access.

FIGURE 3-7

Restricting

both the num-

ber of switch

ports within a

VLAN and the

users residing

on these ports

can easily con-

trol the size of

a broadcast

domain.

Broadcast Domain 2

Broadcast Domain 1


12/20

84

Chapter 3 VLANs

One cost-effective and easy administrative technique to increase security is tosegment the network into multiple broadcast groups, as shown in Figure 3-8,

which allows the network manager to Restrict the number of users in a VLAN group

Disallow another user from joining without first receiving approval fromthe VLAN network management application

Configure all unused ports to a default low-service VLAN

Implementing this type of segmentation is relatively straightforward. Switchports are grouped together based on the type of applications and access privi-leges. Restricted applications and resources are commonly placed in a securedVLAN group. On the secured VLAN, the router restricts access into the groupas configured on both the switches and the routers. Restrictions can be placedbased on station addresses, application types, or protocol types.

You can add more security enhancements by using access control lists, whichwill be covered in Chapter 6, “ACLs.” These are especially useful when commu-

nicating between VLANs. On the secured VLAN, the router restricts access to theVLAN as configured on both switches and routers. You can place restrictions onstation addresses, application types, protocol types, or even by time of day.

Saving Money by Using Existing Hubs

Over the past several years, network administrators have installed a significantnumber of hubs. Many of these devices are being replaced with newer switch-ing technologies. Because network applications require more dedicated band-

width and performance directly to the desktop, these hubs still perform useful

FIGURE 3-8VLANs provide

security fire-

walls, restrict

individual user

access, and

flag any

unwanted

intrusion to

a network

manager.

SecuredVLAN


13/20

Benefits of VLANs

85

functions in many existing installations. Network managers save money byconnecting existing hubs to switches.

Each hub segment connected to a switch port can be assigned to only oneVLAN, as shown in Figure 3-9. Stations that share a hub segment are allassigned to the same VLAN group. If an individual station needs to be reas-signed to another VLAN, the station must be relocated to the correspondinghub. The interconnected switch fabric handles the communication between theswitching ports and automatically determines the appropriate receiving seg-ments. The more the shared hub can be broken into smaller groups, the greaterthe microsegmentation and the greater the VLAN flexibility for assigning indi-

vidual users to VLAN groups.By connecting hubs to switches, you can configure hubs as part of the VLANarchitecture. You can also share traffic and network resources directlyattached to switching ports with VLAN designations.

SKILL BUILDER

Switch Firm Ware Update/TFTP

In this lab, you learn to display information about current Switch Firmware, learnabout switch memory and update options, and how to use a TFTP Server to updatea switch to a new version of the Firmware software.

SKILL BUILDER

Multi-Switch VLANs

In this lab, you work with Ethernet virtual local-area networks (VLANs). VLANscan separate groups of users based on function rather than physical location. Nor-mally, all the ports on a switch are in the same default VLAN 1.

FIGURE 3-9

The connec-tions between

hubs and

switches pro-

vide opportuni-

ties for VLAN

segmentation.

HubHub

Hub

Hub

Hub

Hub

Hub

VLAN1 VLAN1

VLAN2VLAN2

VLAN3 VLAN3


14/20

86

Chapter 3 VLANs

Summary

An Ethernet switch is designed to physically segment a LAN into individualcollision domains.

A typical LAN is configured according to the physical infrastructure itconnects.

In a LAN that uses LAN switching devices, VLAN technology is acost-effective and efficient way of grouping network users into virtualworkgroups, regardless of their physical location on the network.

VLANs work at Layer 2 and Layer 3 of the OSI reference model. Important to any VLAN architecture is the ability to transport VLAN

information between interconnected switches and routers that reside on thecorporate backbone.

The problems associated with shared LANs and switches are causing tradi-tional LAN configurations to be replaced with switched VLAN networkingconfigurations.

The most common approaches for logically grouping users into distinctVLANs are frame filtering and frame identification (frame tagging).

There are three main types of VLANs: port-centric VLANs, static VLANs,and dynamic VLANs.

VLANs provide the following benefits:

— They reduce administration costs related to solving problemsassociated with moves, additions, and changes.

— They provide controlled broadcast activity.— They provide workgroup and network security.

— They save money by using existing hubs.


15/20

Check Your Understanding

87


Complete all the review questions to test your understanding of the topics andconcepts covered in this chapter. Answers are listed in Appendix B, “CheckYour Understanding Answer Key.”

1. Describe the benefits of VLANs.

2. What is the effect of VLANs on LAN broadcasts?

3. What are the three main VLAN implementations?

4. What is the purpose of VLAN frame tagging?

5. The phrase microsegmentation with scalability means which of thefollowing?

A. The ability to increase networks without creating collisions domains

B. The ability to put a huge number of hosts on one switch

C. The ability to broadcast to more nodes at once

D. All of the above

6. Switches, as the core element of VLANs, provide the intelligence to dowhich of the following?

A. They group users, ports, or logical addresses into a VLAN.

B. They make filtering and forwarding decisions.

C. They communicate with other switches and routers.D. All of the above.

7. Each _____ segment connected to a _____ port can be assigned to onlyone VLAN.

A. Switch; hub

B. Hub; router

C. Hub; switch

D. LAN; hub


16/20

88

Chapter 3 VLANs

8. Which of the following is not an advantage of using static VLANS?

A. They are secure.

B. They are easy to configure.

C. They are easy to monitor.

D. They automatically configure ports when new stations are added.

9. Which of the following is not a criterion on which VLANs can be based?

A. Port ID

B. Protocol

C. MAC address

D. All of the above are criteria on which VLANs can be based

10. Which of the following is a beneficial effect of adding a VLAN?

A. Switches do not need to be configured.

B. Broadcasts can be controlled.C. Confidential data can be protected.

D. Physical boundaries that prevent user groupings can be removed.

11. Which of the following statements pertaining to virtual LANs is false?

A. The most common approaches for logically grouping users into dis-tinct VLANs are frame filtering and frame identification.

B. VLAN benefits include tighter network securtiy with establishment ofsecure user groups.

C. Bridges form one of the core components of VLAN communications.

D. VLANs help in distributing traffic load.

12. What Layer 3 function on a switch allows you to easily manipulatedevices that reside in different IP subnets?

A. Transparent bridging

B. Segmentation

C. Reduction of collision domains

D. VLANs


17/20


89

13. What device is needed for a packet to be passed from one VLAN toanother?

A. Bridge

B. Router

C. Switch

D. Hub

14. Which layer of the OSI model does frame tagging occur?

A. Layer 1B. Layer 2

C. Layer 3

D. Layer 4

15. __________ allows switches to share address tables while __________assigns a user-defined VLAN ID to each frame.

A. Frame tagging; frame forwarding

B. Frame identification; frame removal

C. Frame filtering; frame tagging

D. Frame tagging; frame filtering

16. Which of the following is not a beneficial effect of adding a VLAN?

A. Switches do need configuring.B. Nodes within a VLAN which are physically moved do not change net-

work addresses.

C. Confidential data can be protected.

D. Physical boundaries which prevent user grouppings can be removed.

17. True or False: VLANs are more flexible in handling moves and additions

of ports than routers.A. True

B. False


18/20

90

Chapter 3 VLANs

18. Which of the following is not a benefit of VLANs?

A. Multicast control

B. Broadcast control

C. Reduce router interfaces required

D. None of the above

19. Why create VLANs?

A. Moves, adds, and changes are made simpler.

B. There is less administrative overhead.

C. The router can switch faster.

D. Both A and B.

Key Terms

access control list (ACL) A list kept by a Cisco router to control access to orfrom the router for a number of services (for example, to prevent packets witha certain IP address from leaving a particular interface on the router).

broadcast A data packet that is sent to all nodes on a network. Broadcastsare identified by a broadcast address.

broadcast domain The set of all devices that will receive broadcast framesoriginating from any device within the set. Broadcast domains are typically

bounded by routers because routers do not forward broadcast frames.

broadcast storm An undesirable network event in which many broadcastsare sent simultaneously across all network segments. A broadcast storm usessubstantial network bandwidth and, typically, causes network time-outs.

collision domain In Ethernet, the network area within which frames thathave collided are propagated. Repeaters and hubs propagate collisions; LANswitches, bridges, and routers do not.

dynamic VLAN A VLAN that is based on the MAC addresses, the logicaladdresses, or the protocol type of the data packets.

firewall A router or an access server, or several routers or access servers,designated as a buffer between any connected public networks and a privatenetwork. A firewall router uses access control lists and other methods toensure the security of the private network.


19/20

Key Terms

91

flat network A network in which there are no routers placed between theswitches, broadcasts and Layer 2 transmissions are sent to every switched

port, and there is one broadcast domain across the entire network.frame A logical grouping of information sent as a data link–layer unit over atransmission medium. Often refers to the header and trailer, used for synchro-nization and error control, that surround the user data contained in the unit.The terms datagram, message, packet , and segment are also used to describelogical information groupings at various layers of the OSI reference model andin various technology circles.

hub A hardware or software device that contains multiple independent butconnected modules of network and internetwork equipment. Hubs can beactive (where they repeat signals sent through them) or passive (where they donot repeat, but merely split, signals sent through them).

Institute of Electrical and Electronic Engineers (IEEE) A professional orga-nization whose activities include the development of communications and net-work standards. IEEE LAN standards are the predominant LAN standards

today. LAN switch A high-speed switch that forwards packets between data-linksegments. Most LAN switches forward traffic based on MAC addresses. LANswitches are often categorized according to the method they use to forwardtraffic: cut-through packet switching or store-and-forward packet switching.An example of a LAN switch is the Cisco Catalyst 5000.

Media Access Control (MAC) address A standardized data link layer

address that is required for every port or device that connects to a LAN. Otherdevices in the network use these addresses to locate specific ports in the net-work and to create and update routing tables and data structures. A MACaddress is 6 bytes long. MAC addresses are controlled by the IEEE and arealso known as hardware addresses, MAC-layer addresses, and physicaladdresses.

microsegmentation The division of a network into smaller segments, usuallywith the intention of increasing aggregate bandwidth to network devices.

multicast Single packets copied by a network and sent out to a set of net-work addresses. These addresses are specified in the destination address field.

port An interface on an internetworking device (such as a router).

port-centric VLAN A VLAN in which all the nodes in the same VLAN areattached to the same switch port.


20/20

92

Chapter 3 VLANs

protocol A formal description of a set of rules and conventions that governhow devices on a network exchange information.

router A network-layer device that uses one or more metrics to determine theoptimal path along which network traffic should be forwarded. Routers for-ward packets from one network to another based on network-layer informa-tion. Occasionally called a gateway (although this definition of gateway isbecoming increasingly outdated).

scalability The ability of a network to grow without any major changes tothe overall design.

segment A section of a network that is bounded by bridges, routers, orswitches.

static VLAN A VLAN in which the ports on a switch are statically assigned.

switch A network device that filters, forwards, and floods frames based onthe destination address of each frame. The switch operates at the data linklayer of the OSI reference model.

VLAN (virtual LAN) A group of devices on a LAN that are configured (usingmanagement software) so that they can communicate as if they were attachedto the same wire, when, in fact, they are located on a number of different LANsegments. Because VLANs are based on logical instead of physical connec-tions, they are extremely flexible.

vlana chap 3 2nd year

Documents