Figure 17-10 Using a VLAN for Network Security
Broadcast traffic distribution: Segmenting a large LAN into
smaller VLANs can reduce broadcast traffic because each broadcast
packet is sent only to the relevant VLAN. For example, in Figure 17-10,
which shows three VLANs—one for each of the domains—broadcast
traffic will go to only the devices in the appropriate VLAN.
Performance increase: Creating multiple broadcast domains
reduces the broadcast traffic on the entire network tremendously,
which in turn boosts the overall performance of the network.Say that you have a single switch. By default, all of the
ports on this switch are in one VLAN, such as VLAN 1.
Any port can be configured to be an access port or a
trunk port:
Access port: An access port is essentially a port that can be assigned
to only one VLAN. You can change the port membership by specifying
the new VLAN ID.
Trunk port: A trunk port can essentially have two or more VLANs
configured. It has the ability to transport traffic for several VLANs
simultaneously.Figure 17-11 shows how trunk ports connect various
VLANs across switches.