Help me understand VLAN Technology

Okay, here is my high level understanding of VLAN technology. Please tell me
if I a, wrong, and how. Also, please try to keep this high level so even I
can understand it. I'm not really trying to learn all the ins and outs of
the details of configuration. Only if my general understanding is right or
wrong.

I view the *function* of a VLAN as, basically, just separating networks (or
subnets, or segments, you choice of words). Small networks usually do this
by adding a router for each segment (or IP grouping of computers). VLANs, in
my mind, simply provide an easier management interface, although proprietary
to the switch vendor, to implement this same segmenting via a software
interface and hardware built into the switch (i.e. multiple virtual
"routers" built into the switch). Bottom line though, providing the same
functionality as segmenting use traditional means (multiple routers) but
more efficient in a larger organization where there may be 10s or 100s of
segments that need to remain separate and separately managed.

Okay... fire away. Can any clear this up for me if I misunderstand it?

-Frank

Routers are routers. There is no "virtual routers", but the interfaces can
be virtualized.

One traditional router can handle as many segments as it has interfaces to
plug them into, which includes virtual interfaces if it is VLAN capable.

Layer3 Switches are just a Switch & Router built into the same box
together,..no magic,..no voodoo. The only thing different is that they use
the VLAN concept to create a "virtual interface" for the router that you
then assign different switch ports to be a "member" of, and the membership
can be either static or dynamic. When done properly a switch port can be a
member of multple router interfaces which allow it to function on more than
one segment at a time.

There is no difference between VLANs and Physical LANs,...routing still
works the same way and the routers themselves still work the same. Most
modern multi-segment LANs are a blend of VLAN and Physical and they work
transparently together.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Frankster" <(E-Mail Removed)> wrote in message
news:Ut-(E-Mail Removed)...
> Okay, here is my high level understanding of VLAN technology. Please tell
me
> if I a, wrong, and how. Also, please try to keep this high level so even I
> can understand it. I'm not really trying to learn all the ins and outs of
> the details of configuration. Only if my general understanding is right or
> wrong.
>
> I view the *function* of a VLAN as, basically, just separating networks
(or
> subnets, or segments, you choice of words). Small networks usually do this
> by adding a router for each segment (or IP grouping of computers). VLANs,
in
> my mind, simply provide an easier management interface, although
proprietary
> to the switch vendor, to implement this same segmenting via a software
> interface and hardware built into the switch (i.e. multiple virtual
> "routers" built into the switch). Bottom line though, providing the same
> functionality as segmenting use traditional means (multiple routers) but
> more efficient in a larger organization where there may be 10s or 100s of
> segments that need to remain separate and separately managed.
>
> Okay... fire away. Can any clear this up for me if I misunderstand it?
>
> -Frank
>
>

"Frankster" <(E-Mail Removed)> wrote in message
news:Ut-(E-Mail Removed)...
> Okay, here is my high level understanding of VLAN technology. Please tell me
> if I a, wrong, and how. Also, please try to keep this high level so even I can
> understand it. I'm not really trying to learn all the ins and outs of the
> details of configuration. Only if my general understanding is right or wrong.
>
> I view the *function* of a VLAN as, basically, just separating networks (or
> subnets, or segments, you choice of words). Small networks usually do this by
> adding a router for each segment (or IP grouping of computers). VLANs, in my
> mind, simply provide an easier management interface, although proprietary to
> the switch vendor, to implement this same segmenting via a software interface
> and hardware built into the switch (i.e. multiple virtual "routers" built into
> the switch). Bottom line though, providing the same functionality as
> segmenting use traditional means (multiple routers) but more efficient in a
> larger organization where there may be 10s or 100s of segments that need to
> remain separate and separately managed.
>
> Okay... fire away. Can any clear this up for me if I misunderstand it?

Simply stated, VLANs break up broadcast domains and switches break up collision
domains. Routers do both, but they also route packets out various interfaces to
other routers/networks.

Details:
http://www.cisco.com/en/US/tech/tk38...800a7af3.shtml

More info on VLANs:
http://en.wikipedia.org/wiki/Vlan

> Layer3 Switches are just a Switch & Router built into the same box
> together,..no magic,..no voodoo. The only thing different is that they use
> the VLAN concept to create a "virtual interface" for the router that you
> then assign different switch ports to be a "member" of, and the membership
> can be either static or dynamic.

Ahh, gotcha. Yes, this is what I was thinking. But you said it so much
better.

So, instead of running around plugging and unplugging cables to put them in
the right "hole" to be on the segment you want, you just redefine the "hole"
using the VLAN software. :-)

Thanks,

-Frank

"Frankster" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> So, instead of running around plugging and unplugging cables to put them
> in the right "hole" to be on the segment you want, you just redefine the
> "hole" using the VLAN software. :-)

Yes,..but in reality you will probably always do a mixture of both. A port
on the switch being "dynamically" part of a VLAN depends on having a VLAN
capable device on the other end of the cable (to be able to acknowledge and
agree on the Frame Tags),...this is not always possible. So you end up with
Statically assigned ports,...which mean you have to plug the cable into the
right port.

With our system,...the VLANs exist only "inside" the Layer3 Switch with all
the ports being Statically assign to particular VLANs. Everything
"outside" the switch has no concept of the VLANs and "sees" everything
according the the Physical Topology. What few dynamic ports I do use have
VLAN capable switches on the other end of the cable, therefore the VLANs,
even in that case, exist only in the "Switch Fabric".

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------