VLANs become important when you consider broadcasts. Broadcasts are frames sent to all devices on a switch, and in many cases, a normal and frequent function. A broadcast domain is the set of all devices that receive a broadcast. Small LANs are typically equivalent to a single broadcast domain.
Devices on a network generate significant broadcast traffic. Broadcasts normally occur when a device is trying to send data to another device, but doesn't know the MAC address of the destination device. A PC that knows the destination IP, but not the MAC associated with that IP, will send a broadcast. This type of broadcast is an ARP (Address Resolution Protocol) broadcast.
Devices, such as PCs, will build and maintain a listing of IP addresses to MAC addresses in what is known as the ARP cache. The ARP cache is temporary, can be overwritten, and is rebuilt every time the PC is powered on. In addition, entries expire after two minutes on Windows XP and 2000 PCs.
In a Windows PC, you can see the ARP cache by typing arp -a at the command line. In Figure 2, you can see the ARP cache of my PC, as learned from its network interface.
Figure 2: arp -a command showing ARP cache
Another example of broadcasts generated by PCs is DHCP (Dynamic Host Configuration Protocol) requests. PCs will send DHCP broadcast requests when they're turned on to acquire an IP address, unless their IP has been statically configured.
Another source of broadcasts are switches themselves. When a frame enters a switch destined for a MAC address that the switch hasn't learned—and that thus isn't in the switch's MAC table—the switch will broadcast that frame to all devices except the one that sent it, looking for a response.
The device with the desired MAC will respond to this broadcast. The switch will then update its MAC table with what it learned from the port on which the response frame was received. Like a PC, the MAC table of a switch is usually stored in temporary memory, and will be rebuilt every time the switch is powered on.
IP multicasts are yet another source of broadcasts. Video can be sent over IP multicasts, which can consume tremendous amounts of bandwidth. For this reason, IP multicasting is frequently disabled in large networks and in most consumer routers by default.
Broadcasts can eat up considerable bandwidth on your LAN and they also use processing power. Every device in the LAN receives broadcasts and must read and determine whether or not to respond to each broadcast. As the number of devices in your LAN grows, so will the volume of broadcast traffic.
This is where VLANs become valuable—to break up broadcast domains. Broadcasts are propagated within a VLAN, but not between VLANs. By segmenting a network into VLANs, you will increase usable network bandwidth, resources, and performance through the reduction of broadcast traffic.
Routers also break up broadcast domains. Routers operate at Layer 3, forwarding packets based on IP addresses, not MAC addresses. A router will receive a frame on its Ethernet interface, strip off the MAC address, and make a routing decision based on the originating and destination IP addresses.
Routing is an integral part of any network that contains multiple subnets and can play a key part in VLANs. VLANs can be configured on separate subnets, requiring a router to provide access to common services required by each VLAN.
For example, a network connected to the Internet usually employs a gateway router, which is probably also providing DHCP and NAT (Network Address Translation) services. If VLANs are created on different subnets, then the gateway, or another router will need to provide those services to each VLAN. In larger LANs, inter-subnet routing and VLAN segmentation is often handled by Layer 3 (sometimes called "multilayer") switches.
VLANs can also be configured to share a single subnet, yet isolate various LAN members from each other. I'm going with the single subnet approach here, using the SRW as my Layer 2 managed switch and a Linksys RV042 router (Figure 3) for Internet access, DHCP, and NAT.
Figure 3: The Linksys RV042 router
Related Items:How To Segment A Small LAN Using Tagged VLANs - Part 2
How To Segment A Small LAN Using Tagged VLANs
How To Use A Layer 3 Switch In A Small Network
Smart Switch How to - Part 2: Security
Slideshow: NETGEAR GS105E 5 Port ProSafe Plus Switch