Virtual Local Area Networks (VLAN) came about from the need to isolate broadcast domains with in a switch without using routers. Router do not forward broadcasts, but back in the 90’s they were not very fast compared to switches. Router Layer 3 functions were done in processor and switch Layer 2 functions done in application specific integrated circuits (ASIC). VLANs provided network operators flexible methods to modify configuration in software versus using hardware such as cables and different switches.
- Broadcast Domains are separated
- Security by separate devices
- Flexibility by using software to create separation
VLANs allow grouping of items to enhance communication within the VLAN/group, without hindering devices from seeing unwanted broadcast traffic. The isolation provides a semblance of security, but does not guarantee it as access lists (ACL) can. Finally, the ability to quickly configure separation versus having to cable greatly enabled adoption of VLANs.
In the example below, Switch A has two vlans created on it.
- Default VLAN 1 with ports 3 and 6.
- VLAN 2 in orange with ports 4 and 5.
Traffic is filtered between the ports by VLAN as defined in the switch and seen in the MAC address table. To accommodate VLANs, the mac address table requires an additional column to ensure that the MAC addresses are kept to their VLAN and filtered out from ports in other VLANs, as designated by the red X.