VLANs-what are the good for

[toshiba3020]

I am in a CCNA class now and this weeks test was over VLANs. I passed with a 100 so I know what they are, but I cannot see one practicle use for them. I have a teacher who doesnt teach or know what he is doing, so that resourse was no help. Anyone know why you would chose to use them?

Thanks
Garrett.

 

[spidey07]

so you don't have a 50,000 node network on a single broadcast domain, which wouldn't move an ounce of real data.

really for cutting down on broadcasts

 

[toshiba3020]

But you can use subnetting to do that. And with 50,000 you would have to have a few routers in there somewhere wouldnt you?

 

[TheOmegaCode]

IP's are getting scarce these days. Couple hundred computers on one ip, now I don't mean on one network, I mean on one host. That is one plus... But that is with NAT, and I don't know if that is what you are asking about.

 

[ScottMac]

As a given, assume the "best" speed and efficiency for a network is to have the server on the same segment as the client.
As a second given, assume that limiting broadcast traffic to a reasonable level (determined by the network application) is also a good thing (as mentioned by Spidey).

By putting the clients into a VLAN, and trunking the collection of VLANs to one or more servers (using an 802.1q-capable NIC, for example), you are allowed to keep all the servers in one physical location (like the glass palace), but make them logically look like they are local to the workgroup. An alternative is to break-out the VLANs on the switch most local to the server farm, and feed 'em one VLAN per NIC.

Now, as far as broadcasts go, VLANS won't reduce the overall bandwidth consumed. What VLANs WILL do is reduce the number of stations/hosts that see the broadcast (any station that sees the broadcast must pass the data up the stack for evaluation, killing cycles unnecessarily). VLANs are not necessarily a bandwidth-saving thing as much as a tool to allow you to engineer your networks for physical security, data segregation, convienience, and (usually) more efficient utilization of the LAN and host resources.

FWIW

Scott

 

[toshiba3020]

So basically they are only used to control broudcasts. I understood that buy why is that a better method than subnetting. I do see what you are saying scottmac.

 

[ScottMac]

Administrative segmentation by function, by server, by protocol, application is a good thing too. You can keep all the Macs on their own segment, or IPX, or Metaphor, or,or,or....

Segmentation to limit Internet access with a VLAN means you don't have to add another Access-List rule to your (Cisco)router or firewall.

Some of the subnetting stuff would work as well as VLANs, but administration of a jillion subnets can be a real headache, and it adds additional load to the router(s) (maintaining route tables, etc). Since most (not all) VLANs are gonna have their own IP subnet, it's not advisable to have a jillion VLANs either (for the same reason). As mentioned before, it's an available tool that, in many circumstances, offers options to improve the design of the network.

Xylan (now Alcatel) was up to placing a user on a VLAN according to their login...I don't know if they ever got it off the ground. They had, by far, the most complete set of rules for VLAN association...maybe they still do. There was a time, a few years ago, when there was a big drive to "flatten" networks and reduce or eliminate the use of routers, the concept of VLANs really grew up around that time.

Done well, in the design stage, VLANs can be a big help. Done poorly they can become a massive headache for Network Administrators and infrastructure upgrades.

FWIW

Scott

 

[toshiba3020]

Ok that all makes more sence now. Thanks for your help.

Btw..love the quote "You can keep all the Macs on their own segment"


Now a question for you(or anyone who may know). How often is this used? Would you see it in say 25% of the networks you see, 50%, 60%?

Thanks
Garrett.

 

[usmc666]

Subnetting does not break up broadcast at the data-link layer! ie the switch/hub.

 

[toshiba3020]

But dosent a switch need layer3 capabilites to make vlans?

 

[Windogg]

People that piss me off at work end up on their own VLAN for a few hours.

BTW, I hate the Portege 3020s. Damn keys are too small.

Windogg

 

[spidey07]

<< Done well, in the design stage, VLANs can be a big help. Done poorly they can become a massive headache for Network Administrators and infrastructure upgrades. >>


bwahahahhaahha - yep.

Any network of decent size will use VLANs. You have to with the layer3 switching around now adays. This is really a design choice/recommendation - the flat networks scottmac described would trunk everything back to the datacenter for a totally flat network (this is where broadcasts can consume considerable amounts of bandwidth. imagine 20 VLANS of 200 computers each all trunked to a single datacenter back when "trunks" were the superfast technology of 100 Base-T. not pretty, don't forget every single port of the switches is a bridge and hence every port multicasts spanning tree every two seconds!!!!!!!!!!) but in todays design methodology you put each closet in it's own VLAN and use a L3 switch (router) to route towards the core of the network. that way broadcasts are kept local to the segment, you eliminate the headaches of spanning-tree and have total control over traffic/routing because you're using a router. all the goodie-goodie load balancing/redundancy features of routing protocols are yours to do with as you please. lots more control.

hope this helps.

 

[toshiba3020]

lol at your comment windogg.


I love the keyboard on my 3020ct. Anyways, this is a tad off topic but you should goto shoptoshiba.com. I just bought 2 new batteries for it for $29 each. They are the small ones too. I get about 1.5 hours off each one. A question for you too, you ever found a good case your toshiba?


Garrett.

 

[toshiba3020]

Thanks spidey that does help.