Virtual LANs
This chapter describes virtual LAN (VLAN) features and functionality, the Virtual LANMenuoftheCatalyst2820andCatalyst1900switches,andproceduresforcreatingVLANsand assigning ports to VLANs.
VLAN Description
AVLANisaswitchednetworkthatislogicallysegmentedbyfunctions,projectteams,orapplications without regard to the physical location of users. For example, several endstations might be grouped as a department, such as engineering or accounting. When theend stations are physically located close to one another, you can group them into a LANsegment. If any of the end stations are in different buildings (not the same physical LANsegment), you can then group them into a VLAN.YoucanassigneachswitchporttoaVLAN.PortsinaVLANsharebroadcasttraffic.Portsthat do not belong to that VLAN do not share the broadcast traffic. Ports from multipleCatalyst2820andCatalyst1900switchescanbemembersofthesameVLAN.Figure2-1showsanexampleofVLANsthatspanmultipleswitchesandmultiplefloorsorabuilding.
Catalyst 2820 Series and Catalyst 1900 Series Enterprise Edition Software Configuration Guide
Figure2-1VLANs Spanning Multiple Switches and Multiple Floors
AllVLANfeaturesaredisabledifyouhaveconfiguredbridgegroupsontheswitch.For more information on bridge groups, see the“Bridge Groups” section inChapter3, Additional Features.
Floor 1Floor 2EngineeringVLANCisco routerFastEthernetCatalyst 2820Catalyst 2820Catalyst 2820Floor 3MarketingVLANAccountingVLAN
       S      6      6      0      7
Virtual LANs
VLANs provide the following features:
Simplification of end-station moves, adds, and changesWhen an end station is physically moved to a new location, its attributes can bereassignedfromanetworkmanagementstationthroughSimpleNetworkManagementProtocol (SNMP) or through the user interface menus. When an end station is movedwithinthesameVLAN,itretainsitspreviouslyassignedattributesinitsnewlocation.WhenanendstationismovedtoadifferentVLAN,theattributesofthenewVLANareapplied to the end station.You can assign the Internet Protocol (IP) address of a Catalyst 2820 or Catalyst 1900switchtoanyVLAN.AnetworkmanagementstationandworkstationsonanyCatalystseries switch VLAN then have direct access to other Catalyst 2820 andCatalyst 1900 switches on the same VLAN, without needing a router. Only one IPaddresscanbeassignedtoaCatalyst2820orCatalyst1900switch;iftheIPaddressisreassigned to a different VLAN, the previous IP address assignment to a VLAN isinvalid.
Controlled traffic activityVLANs allow ports on the same or different switches to be grouped so that traffic isconfined to members of only that group. This feature restricts broadcast, unicast, andmulticasttraffic(flooding)onlytoportsincludedinacertainVLAN.ThemanagementdomainisagroupofVLANsthataremanagedbyasingleadministrativeauthority.Youcan create VLANs for an entire management domain from a single Catalyst 2820 orCatalyst 1900 switch.
Workgroup and network securityYou can increase security by segmenting the network into distinct broadcast domains.Tothisend,VLANscanrestrictthenumberofusersinabroadcastdomain.Youcanalsocontrol the size and composition of the broadcast domain by controlling the size andcomposition of a VLAN.Table2-1shows the capabilities and defaults for the Catalyst 2820 and Catalyst 1900VLAN features.

