VLANs provide the following features:
Simpliﬁcation of end-station moves, adds, and changesWhen an end station is physically moved to a new location, its attributes can bereassignedfromanetworkmanagementstationthroughSimpleNetworkManagementProtocol (SNMP) or through the user interface menus. When an end station is movedwithinthesameVLAN,itretainsitspreviouslyassignedattributesinitsnewlocation.WhenanendstationismovedtoadifferentVLAN,theattributesofthenewVLANareapplied to the end station.You can assign the Internet Protocol (IP) address of a Catalyst 2820 or Catalyst 1900switchtoanyVLAN.AnetworkmanagementstationandworkstationsonanyCatalystseries switch VLAN then have direct access to other Catalyst 2820 andCatalyst 1900 switches on the same VLAN, without needing a router. Only one IPaddresscanbeassignedtoaCatalyst2820orCatalyst1900switch;iftheIPaddressisreassigned to a different VLAN, the previous IP address assignment to a VLAN isinvalid.
Controlled trafﬁc activityVLANs allow ports on the same or different switches to be grouped so that trafﬁc isconﬁned to members of only that group. This feature restricts broadcast, unicast, andmulticasttrafﬁc(ﬂooding)onlytoportsincludedinacertainVLAN.ThemanagementdomainisagroupofVLANsthataremanagedbyasingleadministrativeauthority.Youcan create VLANs for an entire management domain from a single Catalyst 2820 orCatalyst 1900 switch.
Workgroup and network securityYou can increase security by segmenting the network into distinct broadcast domains.Tothisend,VLANscanrestrictthenumberofusersinabroadcastdomain.Youcanalsocontrol the size and composition of the broadcast domain by controlling the size andcomposition of a VLAN.Table2-1shows the capabilities and defaults for the Catalyst 2820 and Catalyst 1900VLAN features.