This tutorial explains the use of VLAN with an example.
An organization has three departments, finance, marketing and IT. Currently , all the departments belong to one network, 192.168.1.0/24. The computers belonging to different departments are connected to a switch, which is one large broadcast domain.
The following are the problems with the network design.
1. There is no department wise segregation.
2. All the computers share the broadcast domain. Due to this, broadcast traffic level would be higher.
3. Access restrictions based on departments would be difficult.
To solve the above problems, a VLAN is used. Every department is provided with a different network address. For ex: 192.168.1.0/24 for finance, 192.168.2.0/24 for IT etc. Once the computers belonging to different departments are configured with respective IP addresses, a VLAN is mapped with every department.
For ex: IT is mapped with VLAN 2, Finance is mapped with VLAN 3 etc. Once the mapping is created, the ports on the switch are configured to be members of the specific vlans. For ex:, if port 2 is used by a user belonging to the IT department, the port is made a member of vlan 2.
The following are the benefits of using vlans.
Department wise segregation is achieved
VLAN’s creates broadcast domains. For ex, ports belonging to vlan 2 use a broadcast domain, which is different from the broadcast domain used by vlan 3. This prevents unwanted broadcast traffic between departments.
Access restrictions based on departments can be setup with Access control lists.