Chapter 5 virtual lans – NETGEAR 7000 Series Managed Switch User Manual

5-1

v1.0, May 2008

Chapter 5

Virtual LANs

Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header,
which is fast, and like a router, it partitions the network into logical segments, which provides
better administration, security and management of multicast traffic.

A VLAN is a set of end stations and the switch ports that connect them. You may have many
reasons for the logical division, such as department or project membership. The only physical
requirement is that the end station and the port to which it is connected both belong to the same
VLAN.

Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in
the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the
VLAN portion of the tag, in which case the first switch port to receive the packet may either reject
it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one
VLAN, but it can only support one default VLAN ID.

The Private Edge VLAN feature lets you set protection between ports located on the switch. This
means that a protected port cannot forward traffic to another protected port on the same switch.

The feature does not provide protection between ports located on different switches.