Virtual local area networks (vlans) – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 910
Virtual Local Area Networks
(VLANs)
A local area network (LAN) can generally be defined as a broadcast domain. Hubs,
bridges, or switches in the same physical segment or segments connect all end node
devices. End nodes can communicate with each other without the need for a router.
Routers connect LANs together, routing the traffic to the appropriate port.
A virtual LAN (VLAN) is a local area network with a definition that maps workstations on
some basis other than geographic location (for example, by department, type of user,
or primary application). To enable traffic to flow between VLANs, traffic must go through
a router, just as if the VLANs were on two separate LANs.
A VLAN is a group of computers, servers, and other network resources that behave as
if they were connected to a single network segment—even though they might not be.
For example, all marketing personnel might be spread throughout a building. Yet if
they are all assigned to a single VLAN, they can share resources and bandwidth as if
they were connected to the same segment. The resources of other departments can
be invisible to the marketing VLAN members, accessible to all, or accessible only to
specified individuals, depending on how the IT manager has set up the VLANs.
VLANs present a number of advantages:
•
It is easy to do network segmentation. Users that communicate most frequently with
each other can be grouped into common VLANs, regardless of physical location.
Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic
and improving the efficiency of the whole network.
•
They are easy to manage. The addition of nodes, as well as moves and other changes,
can be dealt with quickly and conveniently from a management interface rather than
from the wiring closet.
•
They provide increased performance. VLANs free up bandwidth by limiting
node-to-node and broadcast traffic throughout the network.
•
They ensure enhanced network security. VLANs create virtual boundaries that can
be crossed only through a router. So standard, router-based security measures can
be used to restrict access to each VLAN.
Packets received by the switch are treated in the following way:
•
When an untagged packet enters a port, it is automatically tagged with the port’s
default VLAN ID tag number. Each port supports a default VLAN ID setting that is
configurable (the default setting is 1). The default VLAN ID setting for each port can
Main User Manual
910
Configuration Examples
Fully Managed Switches M4350 Series Main User Manual