VLAN Principles

VLAN also refers to a LAN port grouping within a single switch. VLANs improve security by isolating
groups. A VLAN is a bridging domain and all broadcast and multicast traffic is contained within it.
As local networks expand, traffic increases and broadcasts become more common. There are no real
boundaries within such an expanding network, causing interrupts and growing traffic utilization to
occur.

Traditionally, the alternative option was to implement a layer three device within the local network to
generate broadcast domains, however in doing so additional expense was incurred and the forwarding
behavior of such devices did not provide as efficient throughput as found with switches, leading to
bottlenecks at transit points between broadcast domains.

 A VLAN enables logical isolation of traffic at the data link layer.

 VLAN technology has the added advantage of traffic isolation without the limitation of physical
boundaries.
 Users can be physically dispersed but still be associated as part of a single broadcast domain,
logically isolating users from other user groups at the data link layer.

Link Types
VLAN links can be classified into two types:
- Access link type: refers to the link between an end system and a switch device participating in
VLAN tagging, the link between host terminals and switches are all access links.
- A trunk link type: refers to the link over which VLAN tagged frames are likely to be carried. The
links between switches are generally understood to be trunk links. All VLANs must be permitted
before being carried over a trunk.

VLAN Configuration
Use the topology diagram above to configure VLAN as shown