a best practice to keep the Layer 2 broadcast domain as
small as possible. Going back to the university campus
example, imagine the thousands of devices connected to
the network as being part of the same broadcast domain.
In addition, because there is no Time to Live (TTL) field
in the Ethernet frames, and redundant connections are
required between switches, broadcast storms might
bring down the network and make it unusable. Creating
VLANs and assigning the devices to specific VLANs
limits the broadcast domain, reduces the chance of a
broadcast storm, and logically groups the devices for
easier troubleshooting. For each VLAN, a dedicated
Layer 3 IP subnet is usually allocated. It is much easier to
enforce security policies and limit access between VLANs
at a Layer 3 device than it is to accomplish the same on a
port-by-port basis on a switch. No matter the physical
location in the network, devices can be part of the same
VLAN (see Figure 16-8).
Figure 16-8 Virtual Local-Area Networks (VLANs)
VLANs provide network segmentation by reducing the
broadcast domains and organizational flexibility by
combining devices on a network, based on the needs of
the organization.
Switching
Switching is the process through which a data frame is
forwarded from its source toward its destination by a
Layer 2 device called a switch. In a typical LAN, all