Virtual Local Area Network (VLAN) Basics
Virtual LANs (VLANs) are a solution to allow you to separate users into individual network segments for security and other reasons. VLAN membership can be configured through software instead of physically relocating devices or connections
With the cost per port for switches following the same economies of scale as most other items in the world, it makes sense to purchase switches with the highest port count — so to save money, get one 48-port switch rather than two 24-port switches. But what about those four users who need to be isolated from everyone else?
If you have a standardized switch model used in your organization, you may be forced to get those users another 12-port or 24-port switch in the same series and, of course, wasting the additional ports. I would if I were not using a managed switch that supports VLAN technology.
By using VLANs, you can take four ports on one switch and associate them with a VLAN, which means you treat those four ports as their own separate switch. Doing so allows you to isolate them and save money on a new hardware purchase.
Even better, by being careful with VLAN and port assignments, those four ports do not need to be on the same switch or in the same wiring closet, because you can interconnect all the ports belonging to a single VLAN over inter-switch links that have been configured for Trunk mode.
A port configured for Trunk mode is also called a trunk port and, by default, it will pass traffic for all VLANs. You will hear about trunk ports throughout this chapter.
In short, VLANs allow you to break up devices on your network regardless of their location. The following illustration shows separating users’ computers and servers into functional groups. The servers are isolated in VLAN1; VLAN5 is a department with its own departmental server; and VLAN2, VLAN3, and VLAN4 separate users into functional groups, say sales, finance, and manufacturing.
Each device can operate on their own VLAN regardless of the location they are connecting on the network. In most cases, these devices are spread over the switches in some manner, but they could also reside all in one location (like the servers do).