The administrator create LANs and also assign switch ports to every VLAN. This type of VLAN is referred to as static VLAN . If the administrator is ready to put little more effort then he can assign hardware addresses to all the host devices in a database, in order to assign VLANs vitally the switches can be configured every time a host is connected/plugged into a switch.
You must have got some idea that the layer-2 switches have nothing to do with Network layer protocol but it only read frames for filtering. It forwards all the broadcasts, by default. In order to build and execute VLANs, you necessarily need to build smaller broadcast domains at layer-2 switches. In other words, the broadcasts sent in one VLAN from one node won’t be passed on to ports that are configured to be in some other VLAN. So, the users or switch ports can be easily assigned to groups of VLAN (known as a switch fabric ), you can flexibly add into that broadcast domain the users of your choice no matter where they physically exist.
In short, implementation of VLANs is in a way like breaking switches in more parts. When we take a normal switch, let’s say cisco one, it has all the ports configured in a way that every computer from one port can connect to any other computer connected to any other port on that switch. If we implement two VLANs on the switch, the computers connected to ports that are in the same VLANs will function normally and will be able to communicate without knowing that the VLANs are existing on the switch. But if we connect one computer to the port in VLAN 1 and some other computer to port in VLAN 90 these two computers will act like they are connected to different switches.
In every network where data is sent over to some node broadcasts take place, there are three things upon which the frequency of broadcast depends:
The design of layer-2 switched network is somewhat like flat network. Each and every device on the newtork can see the transmission of every broadcast packet even if it does not need to receive the data.
The routers permit the broadcasting within the originating network only but it does switch forward the broadcasts in each and every compartment or segment. It is called flat network not because of its flat design but due to the reason that it has a single broadcast domain. As shown in the figure the broadcasting by Host A is forwarded to all the ports on all switches leaving the port that received it in the beginning.
In the second figure you can see a switched network sending frame with Host A and Host D as its terminal/destination. You can notice that the frame has forwarded out only the port where the Host D is situated. This is a great advancement if you compare it with old hub networks but if you want one collision domain by default then you may not like it.
IPSec is basically a way to secure the data transfer between computers. IPSec is making data traffic between two nodes secure by making these things:
Circuit-level firewalls are ok but if you want to make your network more secure these firewalls will not be enough for you. Better line of defense is to use new kind of firewall that are making deeper packet analyze, application layer firewalls. Application layer firewalls, also called application gateways or proxy firewalls. These firewalls are filtering traffic at 3, 4, 5, 7 OSI layer.