network (VLAN)Has a single broadcast
domainHas multiple broadcast
domainsVirtual Local Area Networks (VLANs)
A switch can be logically segmented into multiple
broadcast domains by using virtual LANs (VLANs). That
is, if you have one switch, you can create multiple logical
switches. A VLAN is identified by a VLAN ID. The VLAN
ID is a usually a value between 0 and 4095. The default
VLAN on any network is VLAN 1. Every port on a switch
can be assigned a different VLAN, or a group of ports can
be assigned a particular VLAN ID. VLANs allow network
administrators to logically split a switch, allowing
multiple broadcast domains to coexist on the same
hardware but maintaining the isolation, security, and
performance benefits of using completely separate
switches.
There are several advantages to creating VLANS:
Network security: Creating VLANs within a switch also creates an
automatic logical level of protection. This kind of logical separation is
very useful when there is a need to create networks for various
departments in an enterprise. Figure 17-10 shows three VLANs—VLAN
10, VLAN 20, and VLAN 30—each assigned to a different department.