User Guide
39
4.3.1 VLAN
VLAN Overview
A Virtual Local Area Network (VLAN) is a network topology which allows to logically instead of physically
segment a LAN into several net segments. A VLAN combines a group of hosts with a common set of
requirements logically instead of physically relocating devices or connections. In 1999, IEEE released
802.1Q draft as a standardized VLAN implementation solution.
VLANs allow a network to be logically segmented into different broadcast domains. All members in a
VLAN are treated as in the same broadcast domain and communicate as if they were on the same net
segment, regardless of their physical locations. Logically, a VLAN can be equated to a broadcast domain,
because broadcast packets are forwarded to only members of the VLAN on which the broadcast was
initiated. Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be
achieved using a router or other layer 3 devices that are able to perform Layer 3 forwarding.
Compared with the traditional Ethernet, VLAN enjoys the following advantages:
(1) Better management and control of broadcast activity
VLANs conserve network resources by segmenting a large broadcast domain into several smaller
broadcast domains or VLAN groups and restrict all broadcast traffic to the VLAN on which the broadcast
was initiated.
(2) Reduced cost
The use of VLANs to create broadcast domains eliminates the need for routers to handle this function,
permitting operation at lower latencies and cost compared to routers under heavy load and at high cost.
(3) Ease of network administration
Members of a VLAN group can be geographically dispersed as they are logically related instead of
physically on the same VLAN. Thus network administrators do not need to re-config the network when a
VLAN member changes its location. For example, in order to better collaborate with staffs from home or
abroad on a special project a workgroup is indispensable. Using VLAN, all workstations and servers that
a particular workgroup uses can be assigned to the same VLAN. For example, in order to better
collaborate with staffs from home or abroad on a special project, a workgroup is indispensable. Using
VLAN, all workstations and servers that a particular workgroup uses can be assigned to the same VLAN.
(4) Tighter network security
Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be achieved
using a router or other layer 3 devices that are able to perform Layer 3 forwarding.
VLAN Mode
The switch provides 2 VLAN modes as below:
802.1Q VLAN Mode:
IEEE 802.1Q is the network standard that supports Virtual LANs (VLANs) on an Ethernet network. The
standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be
used by bridges and switches in handling such frames.
Port VLAN:
Port VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are
members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a
switch, or an entire department. Members of the same VLAN can intercommunicate. A user can belong to
multiple VLANs simultaneously. For example, if you want both user A and user B to communicate with
user C while user A and user B cannot intercommunicate, simply put user A and user C to a VLAN and