5 configure 802.1q vlan, 1 all ports should be vlan ports, On 4.2.1.5) – Contemporary Control Systems Compact Managed Switches Software Manual for Console Access User Manual

TD020850-0MG

17

4.3.5 Configure 802.1Q VLAN

A VLAN (Virtual Local Area Network) is comprised of devices grouped on some

basis other than geographic location (i.e., by work group, security level, user type, or

application). The devices logically behave as if tied to the same wire although they

may be physically located on very different LAN segments. VLANs are configured

with software, which offers much greater flexibility than hardware configuration.
A chief advantage of VLANs is that they block broadcasts and multicasts from non-

VLAN ports. Most switches tend to transmit unicast frames sent only to ports

involved in a conversation (directed messages) and cannot accommodate broadcast

or multicast frames. VLANs keep broadcasts and multicasts within a VLAN group.
Another advantage of VLANs is that despite being physically relocated, a device can

remain in the same VLAN — with no hardware reconfiguration needed. The VLAN

supervisor can change/add workstations and manage load-balancing (bandwidth) far

more easily than with a LAN modified only by hardware. Management software

maintains a virtual image of how the logical and physical networks compare.

Figure 11 — VLANs

4.3.5.1 All Ports Should Be VLAN Ports

When VLANs are enabled on the switch, each port should be assigned to one or

more VLANs. Such ports are called VLAN ports. If a port is not assigned to a VLAN

while VLANs are enabled, that port

cannot receive messages from the switch. A

frame received from a VLAN port will only be forwarded to those ports with which it

shares a VLAN membership. If the destination belongs to another VLAN, the frame

will be discarded. This topology allows networks to share a common server or

router, but use different VLANs for security or performance reasons.