VLAN is a switch-only feature. It allows you to logically arrange and manage devices based on your requirement without changing their physical locations. You can use this feature on any Cisco switch.
Advantages of VLANs
The main advantages of VLANs are the following.
- Solve broadcast problem
- Reduce the size of broadcast domains
- Allow us to add an additional layer of security
- Make device management easier
- Allow us to implement the logical grouping of devices by function instead of location
Let us discuss the above advantages in detail.
Solve broadcast problem
A switch creates a separate collision domain for each port and a single broadcast domain for all ports. When it receives a broadcast frame, it forwards the broadcast frame from all other ports. The broadcast frame reaches all devices connected to the switch. If the broadcast frame is intended only for some devices, the remaining devices receive and process it unnecessarily. This default behavior decreases the network performance.
To solve this problem and improve network performance, you can use routers. A router creates per port broadcast domain. But here we have another problem. Routers are costly and have limited ports.
Because of this, administrators usually do not use routers to limit broadcast messages. Instead of routers, they use a switch feature known as VLAN.
Each VLAN has a separate broadcast domain. Switches assign a unique ID to each VLAN, known as VLAN ID. They use VLAN ID to make forwarding decisions for broadcast messages. They forward broadcast messages only from the ports that belong to the same VLAN ID.
The following image shows how a switch forwards a broadcast message with the default configuration.
The following image shows how a switch forwards broadcast messages when it has two VLANs.
Reduce the size of broadcast domains
VLAN increases the number of broadcast domains while reducing their size. Let us take an example. A network has 100 devices. With the default configuration, it has a single broadcast domain that contains 100 devices.
If we create 2 VLANs and assign 50 devices to each VLAN, we will have two broadcast domains with fifty devices in each. Thus more VLAN means more broadcast domains with fewer devices.
Allow us to add an additional layer of security
VLANs enhance network security. In a typical layer-2 network, all users can see all devices by default. Any user can see a network broadcast and responds to it. Users can access any network resources located on that specific network. Users could join a workgroup by attaching their systems to an existing switch. It could create security issues. Properly configured VLANs give us total control over each port and user. With VLANs, you can control the users from gaining unwanted access to the resources. You can put the group of users that need high-level security into their own VLAN so that users outside of VLAN can’t communicate with them.
Make device management easier
VLANs make device management easy. Since VLANs are a logical approach, a device can be located anywhere in the switched network and still belong to the same broadcast domain. We can move a user from one switch to another switch in the same network while keeping his original VLAN. For example, a company has a five-story building and a single-layer-2 network. In this scenario, VLAN allows us to move the users from one floor to another floor while keeping their original VLAN ID.
Allow us to implement the logical grouping of devices by function instead of location
VLANs allow us to group the users by their function instead of their physical locations. Switches maintain the integrity of your VLANs. Users will see only what they are supposed to see regardless of their physical location.
Disadvantages of VLANs
The main disadvantages of VLANs are the following.
- Increase network cost
- Add complexity to the network
Let us understand the above disadvantages in detail.
Increase network cost
Devices in different VLANs can not communicate directly. To connect different VLANs, you need a router. If your network does not have a router, you need to purchase and configure at least one router to connect different VLANs.
Add complexity to the network
VLAN configuration is complex. A small mistake in VLAN configuration can make all connected devices inaccessible to other devices. If your network has multiple switches, you have to configure VLANs on all switches.
This tutorial is a part of the tutorial series on VLAN, VTP, and DTP Concepts and Configurations on Cisco Routers. Other parts of this series are the following.
Chapter 01 VLAN Basic Concepts Explained with Examples
Chapter 02 Advantages and Disadvantages of VLANs
Chapter 03 Static and Dynamic VLAN Membership Explained
Chapter 04 Access Link and Trunk Link Explained
Chapter 05 VLAN Tagging Explained with DTP Protocol
Chapter 06 DTP Modes and Protocol Explained
Chapter 07 802.1Q Native VLAN concept Explained
Chapter 08 Cisco Inter-Switch Link (ISL) Explained
Chapter 09 Trunk Tagging and Frame Tagging Explained
Chapter 10 VTP Modes and VTP Protocol Explained
Chapter 11 VTP Pruning on switches Explained
Chapter 12 VLAN Practice Lab Setup in Packet Tracer
Chapter 13 Configure VTP Server and Client in Switch
Chapter 14 VLAN Configuration Commands Step by Step Explained
Chapter 15 Router on Stick Configuration Explained
