By default, a switch will forward both broadcasts and multicasts out every port but the originating port. However, a switch can be logically segmented into separate broadcast domains, using Virtual LANs (or VLANs).
Each VLAN represents a unique broadcast domain:
• Traffic between devices within the same VLAN is switched.
• Traffic between devices in different VLANs requires a Layer-3 device to communicate.
Broadcasts from one VLAN will not be forwarded to another VLAN. The logical separation provided by VLANs is not a Layer-3 function. VLAN tags are inserted into the Layer-2 header. Thus, a switch that supports VLANs is not necessarily a Layer-3 switch.However, a purely Layer-2 switch cannot route between VLANs.Remember, though VLANs provide separation for Layer-3 broadcast domains, they are still a Layer-2 function. A VLAN often has a direct relationship with an IP subnet, though this is not a requirement
If you have a 24 port Cisco switch and you plug a PC into each port of the Cisco switch, you have all 24 PCs on a single LAN via that Cisco switch. A VLAN is a Virtual LAN. Now if you still connect all 24 of those PCs to the same Cisco switch, but now you configure this managed Cisco switch to behave in a way in which it “virtually” breaks the switch into two separate switches…well, you have just created a VLAN. These two separate VLANs will each have their own subnet and will only broadcast to other PCs on the same VLAN. This way you get to use the Cisco switch to segment broadcast domain which until implementing this concept was only possible with a Cisco router which controlled or contained broadcasts to a particular subnet.
So a VLAN can be defined as a virtual broadcast domain. Instead of segmenting the broadcast domain with a router, you will segment it with a Cisco switch at layer 2. Each VLAN should have its own IP subnet.
VLAN Advantages
Broadcast Control: Broadcasts generated in one VLAN are not propagated to other VLANs. So now to pass traffic between VLANs on the same Cisco switch, you must use a Cisco router.Security: Control over each port and user which is not possible with hubs.
Flexibility and Scalability: Allow adding or removing users to broadcast domain regardless of their physical location
Two ways to assign VLANs:
Statically: The administrator assigns users to a VLAN. It works well on networks where users' movement is controlled. This is a commonly used method and most secure but has a lot of administrative overhead.
Dynamically: Determines a node's VLAN assignment automatically using software. Initial administration work required to build the database. Cisco's VLAN Management Policy Server (VMPS) is a MAC address-to-VLAN mapping database.
NOTE: Clients (PCs) on VLANs are unaware of their VLAN membership. Cisco routers, Cisco switches and servers can handle and recognize VLANs membership for each frame.VLAN Links
Access Link: Link that is part of one VLAN, called native VLAN. This is used to connect clients to their associated VLAN.
Trunk Link:
Used to propagate multiple VLANs traffic on the same link to other Cisco switches, Cisco routers and servers.Works only on 100 or lOOOMbps point-to-point links between two Cisco switches, Cisco switch and Cisco router, Cisco switch and server. It does not work on 10 Mbps links. A single trunk link can carry up to 1005 VLANs traffic.
If there is no trunk link configured between switches, only VLAN1 information will be exchanged between them.
By default, all VLANs traffic will pass on a trunk when it is created unless cleared by the administrator.
Frame Tagging
Uniquely assigns a VLAN ID to all passing frames to identify which frame belongs to which VLAN.Frames are tagged when they traverse a trunk link. VLAN tags are removed from the frame before exiting the trunk link.
Inter-Switch Link(ISL): Cisco proprietary.
Original frame is encapsulated in ISL frame with 26 byte ISL headers and 4 byte FCS trailers. The original frame is not altered.ISL enabled NICs are required to read ISL frames because ISL frame can be up to 1522 bytes while standard Ethernet frames are up to 1518 bytes.
IEEE 802.1q: It inserts a field into the frame for VLAN identification; original frame is altered, not encapsulated.
LAN Emulation (LANE): Sends VLAN information over ATM links.
802.10: Sends VLAN information over FDDI links.
