What Is a VLAN?
With many definitions for VLAN floating around, what exactly is it? The answer to this question can be treated in two ways because there is a technical answer and a practical answer. Technically, as set forth by IEEE, VLANs define broadcast domains in a Layer 2 network. As demonstrated in Chapter 2, “Segmenting LANs,” a broadcast domain is the extent that a broadcast frame propagates through a network.
Legacy networks use router interfaces to define broadcast domain boundaries. The inherent behavior of routers prevents broadcasts from propagating through the routed interface. Hence routers automatically create broadcast domains. Layer 2 switches, on the other hand, create broadcast domains based upon the configuration of the switch. When you define the broadcast domain in the switch, you tell the switch how far it can propagate the broadcast. If the switch receives a broadcast on a port, what other ports are allowed to receive it? Should it flood the broadcast to all ports or to only some ports?
Unlike legacy network drawings, you cannot look at a switched network diagram and know where broadcast domains terminate. Figure 5-1 illustrates a legacy network where you can clearly determine the termination points for broadcast domains. They exist at each router interface. Two routers define three domains in this network. The bridge in the network extends Broadcast Domain 2, but does not create a new broadcast domain.
Figure 5-1. Broadcast Domains in a Legacy Network
In the switched network of Figure 5-2, you cannot determine the broadcast domains by simple examination. The stations might belong to the same or multiple broadcast domains. You must examine configuration files in a VLAN environment to determine where broadcast domains terminate. Without access to configuration files, you can determine the broadcast domain extent with network analysis equipment, but it is a tedious process. How to do this is left as a review question at the end of this chapter.
Figure 5-2. Broadcast Domains in a Switched Network
Even though you cannot easily see the broadcast domains in a switched network does not mean that they do not exist. They exist where you define and enable them. Chapter 2 presented a discussion on switches and compared them to bridges. A switch is a multi-port bridge that allows you to create multiple broadcast domains. Each broadcast domain is like a distinct virtual bridge within the switch. You can define one or many virtual bridges within the switch. Each virtual bridge you create in the switch defines a new broadcast domain (VLAN).
Traffic from one VLAN cannot pass directly to another VLAN (between broadcast domains) within the switch. Layer 3 internetworking devices must interconnect the VLANs. You should not interconnect the VLANs with a bridge. Using a bridge merges the two VLANs into one giant VLAN. Rather, you must use routers or Layer 3 switches to interconnect the VLANs. Each of the four switches belong to two VLANs. A total of three broadcast domains are distributed across the switches. Figure 5-3 shows a logical representation of a switched network.
Figure 5-3. A Switched Network with Virtual Bridges
Rather than representing VLANs by designating the membership of each port, each switch has an internal representation for each virtual bridge. This is not a common way of illustrating a VLAN network, but serves to exaggerate the internal configuration of a LAN switch where each bridge within the switch corresponds to a single VLAN.