VLANs (Virtual Local Area Networks)
VLANs(Virtual Local Area Networks) are the virtual networks that you can seperate big networks into smaller networks. This can be done for reducing broadcast traffic, network performance improvement, security purpose or to seperate different departments each other and for network flexibility.
Collision and Broadcast Domains
Collision domain : A single physical line that a colision can occur. Example: Hubs have one collision domain and only one connected node can make a transfer at any time. Switches collision domain number is like their port number by default.
Broadcast domain : A logical division of networks that all nodes can reach eachother at data link layer(layer 2). Example: Switches are one broadcast domain. Because without any restriction, if one node sends something from one port, all other ports receive it. Routers’ each port is one broadcast domain.
VLANS: Networks in Network
Let’s return our main lesson again. VLANs (Virtual Local Area Networks) help you to build new child broadcast domains in one switch or in one broadcast domain. After configuring VLANs, each VLAN become a single broadcast domain and without routing, there is no communication between VLANs.
There are also collision domains in the VLANs again. Each VLAN has collision domain as the number of their assigned ports.
Here, VLANs (Virtual Local Area Networks) can be thinked like small switches in the main switch.
On Cisco switches, all the ports are the member of VLAN 1 by default. So if no VLAN configuration done, all the ports are in the same VLAN, VLAN 1. And they are in the same broadcast domain as mentioned above.
By default Native VLAN is VLAN 1. All untagged frames are member of this VLAN. This Native VLAN can be changed by a trunk port. For example, one trunk’s native VLAN can be VLAN 5. And all the untagged and VLAN 5 tagged frames are belong to that Native VLAN, VLAN 5. Here the important point is, each end of the connection must be configured with the same Native VLAN.
ISL trunks does not support the Native VLAN and untagged frames. But dot1.q trunks support Native VLAN and untagged frames.
Native VLAN is a security risk at the same time. To avoid this risk, Native VLAN can be assigned to an unused port or disabled port. You can also make the trunk ports to tag the Native VLAN.