Cisco Knowledge Suite Cisco SystemsCisco Press

Cutting Edge
Core Reference
Guided Learning
Networking Architecture
Internet Protocols (IP)
Network Protocols
Transport and Application Protocols
Desktop Protocols
Security and Troubleshooting
Network Resources and Management
Integrated Services

RoutingBetweenVirtualLANs Overview


< Back Contents Next >

RoutingBetweenVirtualLANs Overview



What Is a Virtual LAN?



VLAN Colors



Why Implement VLANs?



Communicating Between VLANs

Save to MyCKS

Cisco IOS 12.0 Switching Services

From: Cisco IOS 12.0 Switching Services
Author: Technologies Riva; Systems Cisco
Publisher: Cisco Press (53)
More Information

17. RoutingBetweenVirtualLANs Overview

This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information about designingVLANs.

What Is a Virtual LAN?

A VLAN is a switched network that is logically segmented on an organizational basis, by functions, project teams, or applications rather than on a physical or geographical basis. For example, all workstations and servers used by a particular workgroup team can be connected to the same VLAN, regardless of their physical connections to the network or the fact that they might be intermingled with other teams. Reconfiguration of the network can be done through software rather than by physically unplugging and moving devices or wires.

A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. A consists of a number of end systems, either hosts or network equipment (such as bridges and routers), connected by a single bridging domain. The bridging domain is supported on various pieces of network equipment; for example, LAN switches that operate bridging protocols between them with a separate bridge group for each VLAN.

VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations. address scalability, security, and network management. Routers in topologies provide broadcast filtering, security, address summarization, and traffic flow management. None of the switches within the defined group bridge any frames, not even broadcast frames, between two . Several key issues need to be considered when designing and building switched LAN internetworks.

  • LAN segmentation

  • Security

  • Broadcast control

  • Performance

  • Network management

  • Communication between VLANs

LAN Segmentation

VLANs allow logical network topologies to overlay the physical, switched infrastructure such that any arbitrary collection of LAN ports can be combined into an autonomous user group or community of interest. The technology logically segments the network into separate Layer 2 broadcast domains whereby packets are switched between ports designated to be within the same VLAN. By containing traffic originating on a particular LAN sent only to other LANs in the same , switched virtual networks avoid wasting bandwidth—a drawback inherent to traditional bridged and switched networks in which packets are often forwarded to LANs with no need for them. Implementation of VLANs also improves scalability, particularly in LAN environments that support broadcast- or multicast-intensive protocols and applications that flood packets throughout the network.

Figure 17-1 illustrates the difference between traditional physical LAN segmentation and logical VLAN segmentation.

Figure 17-1. LAN Segmentation and VLAN Segmentation


VLANs also improve security by isolating groups. High-security users can be grouped into a , possibly on the same physical segment, and no users outside that VLAN can communicate withthem.

Broadcast Control

Just as switches isolate collision domains for attached hosts and forward appropriate traffic through a particular port, VLANs provide complete isolation between VLANs. A VLAN is a bridging domain and all broadcast and multicast traffic is contained within it.


The logical grouping of users allows an accounting group to make intensive use of a networked accounting system assigned to a VLAN that contains just that accounting group and its servers. That group's work does not affect other users. The VLAN configuration improves general network performance by not slowing down other users sharing the network.

Network Management

The logical grouping of users allows easier network management. It is not necessary to pull cables to move a user from one network to another. Adds, moves, and changes are achieved by configuring a port into the appropriate VLAN.

Communication Between

Communication between VLANs is accomplished through routing, and the traditional security and filtering functions of the router can be used. CiscoIOS software provides network services such as security filtering, QoS, and accounting on a per-VLAN basis. As switched networks evolve to distributed VLANs, CiscoIOS provides key inter-VLAN communications and allows each network to scale.


< Back Contents Next >

Save to MyCKS


Breaking News

One of the primary architects of OpenCable, Michael Adams, explains the key concepts of this initiative in his book OpenCable Architecture.

Expert Advice

Ralph Droms, Ph.D., author of The DHCP Handbook and chair of the IETF Dynamic Host Configuration Working Group, guides you to his top picks for reliable DHCP-related information.

Just Published

Residential Broadband, Second Edition
by George Abe

Introduces the topics surrounding high-speed networks to the home. It is written for anyone seeking a broad-based familiarity with the issues of residential broadband (RBB) including product developers, engineers, network designers, business people, professionals in legal and regulatory positions, and industry analysts.


From the Brains at InformIT


Contact Us


Copyright, Terms & Conditions


Privacy Policy


© Copyright 2000 InformIT. All rights reserved.