INFORMATION TECHNOLOGY

Information Technology



Information Technology

Allocation of VLAN to departments

VLANs represent one of the most important and fundamental concepts of LAN switching, so it is important that you have a firm grasp of how to implement them. Before configuring VLANs, you need to plan exactly how many VLANs you are going to create, the parameters associated with each, and the switch ports that are going to be assigned to each VLAN. After the correct planning, you can then configure your VLAN requirements. The planning and configuration of VLANs can be split into the following tasks:

Determine VLANs required

Determine VLAN parameters

Determine VLAN port assignments

Configuring VLANs

Determine VLANs Required

Before you configure VLANs, you must determine how many VLANs you need for your network. The number of VLANs required is normally driven by high-level policy that requires VLANs to facilitate specific requirements of the policy. VLANs are the vessel for implementing high-level network policy—for example, a company may require separation of the sales, marketing, and engineering department information. Users from different departments may be co-located and connected to the same switching infrastructure, but their workstation should not be permitted to communicate directly across functional lines.

To extend this requirement to the LAN, VLANs can be created—one for each department. Users from the same department belong to the same VLAN, which allows Layer 2 communications within the same department. Users from different departments belong to different VLANs, which means inter-departmental communications must be sent via a Layer 3 router or firewall, which allows for policy to be applied at a single point in the network to control inter-departmental communications. Even if a user from sales is connected to port 1 on a switch (port 1 belongs to the sales VLAN) and a user from marketing is connected to port 2 on the same switch (port 2 belongs to the marketing VLAN), there is no way in which these two users can communicate unless the packets are sent to a router that connects to both VLANs. Figure 1 shows the concept of using VLANs to separate groups of users in a network.

Figure 1: LAN Topology with Multiple VLANs

The requirement for VLANs can also be driven by other reasons, such as ensuring the network can perform appropriately by addressing existing network performance problems. A common issue with large VLANs is broadcasts; many network protocols use broadcasts periodically to maintain certain functions of the protocol. When a broadcast is sent, all hosts on the network must process the broadcast, even if the information contained within bears no importance to the host. An excessive number of broadcasts can degrade PC performance by expending CPU resources.

Certain guidelines exist as to the maximum number of devices per VLAN that should be used based upon the Layer 3 protocol used. Table 1 shows the recommended maximum devices per VLAN for Layer 3 protocols.

Table 1: Maximum Devices per VLAN

Layer 3 Protocol

Maximum Number of Devices

IP

500

IPX

300

AppleTalk

200

NetBIOS

200

Mixed

200

It is important to note that the numbers specified in Table 1 are guidelines only and were defined by Cisco several years ...