beautypg.com

4 virtual local area networks (vlans), 1 all ports should be vlan ports, Virtual local area networks (vlans) – Contemporary Control Systems Compact Managed Switches Software Manual for Web Browser User Manual

Page 21: All ports should be vlan ports, On 4.4.4)

background image

TD020851-0MG

21

4.4.4 Virtual Local Area Networks (VLANs)

A VLAN (Virtual Local Area Network) is comprised of devices grouped on some basis

other than geographic location (i.e., by work group, security level, user type, or

application). The devices logically behave as if tied to the same wire although they may

be physically located on very different LAN segments. VLANs are configured with

software, which offers much greater flexibility than hardware configuration.
A chief advantage of VLANs is that they block broadcasts and multicasts from non-

VLAN ports. Most switches tend to transmit unicast frames sent only to ports involved

in a conversation (directed messages) and cannot accommodate broadcast or multicast

frames. VLANs keep broadcasts and multicasts within a VLAN group.
Another advantage of VLANs is that despite being physically relocated, a device can

remain in the same VLAN — with no hardware reconfiguration needed. The VLAN

supervisor can change/add workstations and manage load-balancing (bandwidth) far

more easily than with a LAN modified only by hardware. Management software

maintains a virtual image of how the logical and physical networks compare.

Figure 17 — VLANs

4.4.4.1 All Ports Should Be VLAN Ports

When VLANs are enabled on the switch, all ports should be assigned to one or more

VLANs. Such ports are called VLAN ports. If a port is not assigned to a VLAN while

VLANs are enabled, that port

cannot receive messages from the switch. A frame

received from a VLAN port will only be forwarded to those ports with which it shares a

VLAN membership. If the destination belongs to another VLAN, the frame will be

discarded. This topology allows networks to share a common server or router, but use

different VLANs for security or performance reasons.