VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are configured on switches by placing some interfaces into one broadcast domain and some interfaces into another. VLANs can be spread across multiple switches. Each VLAN is treated like its own subnet or broadcast domain, which means that frames broadcast onto the network are only switched between the ports within the same VLAN.
Here are the main reasons why you should use VLANs in your network:
- VLANs increase the number of broadcast domains while decreasing their size.
- VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood.
- you can keep hosts that hold sensitive data on a separate VLAN to improve security.
- you can create more flexible network designs that group users by department instead of by physical location.
- network changes are achieved with ease by just configuring a port into the appropriate VLAN.
To understand the benefits of using VLANs in a network, consider the following topology:
As you can see from the picture above, we have a network of two switches and six hosts. All hosts are in the same VLAN, namely VLAN 1. A broadcast sent from Host A will reach all devices on the network, creating unnecessary traffic and increasing security risk.
We can create VLANs on both switches and place the interfaces accordingly. This will ensure that broadcasts are received only be hosts inside the same VLAN: