4 vlan, 1 vlan overview – PLANET FGSW-1816HPS User Manual

User’s Manual of FGSW-1816HPS

46

4.4 VLAN

4.4.1 VLAN Overview

A Virtual Local Area Network (VLAN)

is a network topology configured according to a logical scheme rather than the physical

layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single

LAN. VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between

ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not necessarily.

VLAN can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.

A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate with

each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a VLAN can be

equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which the

broadcast was initiated.

Port-based VLAN

Port-based VLAN limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of

the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire

department.

On port-based VLAN, NICs do not need to be able to identify 802.1Q tags in packet headers. NICs send and receive

normal Ethernet packets. If the packet's destination lies on the same segment, communications take place using normal

Ethernet protocols. Even though this is always the case, when the destination for a packet lies on another switch port,

VLAN considerations come into play to decide if the packet is dropped by the Switch or delivered.