In short, implementation of VLANs is in a way like breaking switches in more parts. When we take a normal switch, let’s say cisco one, it has all the ports configured in a way that every computer from one port can connect to any other computer connected to any other port on that switch. If we implement two VLANs on the switch, the computers connected to ports that are in the same VLANs will function normally and will be able to communicate without knowing that the VLANs are existing on the switch. But if we connect one computer to the port in VLAN 1 and some other computer to port in VLAN 90 these two computers will act like they are connected to different switches.
The Control of Broadcast
In every network where data is sent over to some node broadcasts take place, there are three things upon which the frequency of broadcast depends:
- Kind of protocol
- Type of the running functions and various applications on the internetwork
- The way these services are utilized.
The design of layer-2 switched network is somewhat like flat network. Each and every device on the newtork can see the transmission of every broadcast packet even if it does not need to receive the data.
The Structure of Flat Network
The routers permit the broadcasting within the originating network only but it does switch forward the broadcasts in each and every compartment or segment. It is called flat network not because of its flat design but due to the reason that it has a single broadcast domain. As shown in the figure the broadcasting by Host A is forwarded to all the ports on all switches leaving the port that received it in the beginning.
In the second figure you can see a switched network sending frame with Host A and Host D as its terminal/destination. You can notice that the frame has forwarded out only the port where the Host D is situated. This is a great advancement if you compare it with old hub networks but if you want one collision domain by default then you may not like it.
Isolating Traffic inside a VLAN Using Private VLANs
In the article VACL – VLAN Access Lists we mention one way how to provide security on switch device like Cisco Catalyst switch. In this article we will see the other way of providing security with use of private VLANs – PVLAN.
The whole idea is to make possible to group VLANs inside the VLANs. You see from the picture here on the right that this will give you the opportunity to make group od computers or servers inside main (primary) VLAN. It will be possible to have two servers in the VLAN 10 and both of them on the same subnet. Here it becomes little bit strange, then they can be separated into two Secondary VLANs, VLAN 4 and VLAN 5.
If you are interested in the PVLAN configuration: PVLAN configuration article