Scaling With Vlans; Vlan Boundaries - Cisco RJ-45-to-AUX Brochure

This setup allows for a more secure network. In addition, network administrators now have more control over
each port as well as the ability to deny the user based on the Layer 2 or Layer 3 address the user is using to
access the port. Users no longer have the ability to just plug their workstation into any network port in the
office and access network resources. The administrator controls each port and the resources the user may
access.
The best way to design a switched network and implement VLANs is to either assign VLANs to ports based
on the network resources a user requires or group them according to departments such as Engineering and
Accounting. Switches can also be configured to inform a network management station of any unauthorized
access to the network resources. If interVLAN communication needs to take place, a Layer 3 device such as a
router is required, but it allows for restrictions to be placed on ports based on the hardware addresses,
protocols, or applications.

Scaling with VLANs

A switch block consists of all the equipment found in the hierarchical network model. By taking multiple
blocks and connecting them, you can create larger and larger networks. By connecting more blocks, you can
create networks that are virtually unrestricted in how large they can become. The Access layer is the point in
the network that connects servers, workstations, and other nodes to the network and then connects to the
Distribution layer switches, which handle routing and security issues for VLAN distribution.
You need to understand many issues when configuring VLANs within a switch block. Let's look at the
concerns you need to address in determining how you should design and scale your VLAN infrastructure.
We've already discussed access to resources and group commonality; now let's take a look at the following:

VLAN boundaries

VLAN membership types
Traffic patterns flowing through the network
IP addressing used in the network
Cisco's VLAN recommendations
VLAN Boundaries
VLANs can be broken into two different types of boundaries: local and end−to−end. A local VLAN is
configured in one local geographical location. This type of VLAN is the most common and the least difficult
to maintain in corporations with centralized server and mainframe blocks.
Local VLANs are designed around the fact that the business or corporation is using centralized resources, like
a server farm. Users will spend most of their time utilizing these centralized resources, which are local to the
users and not located on the other side of the router that connects their network to the outside world or other
parts of the company.
Networks are becoming faster. Because this is the case, the Layer 3 devices in your network must be able to
keep up with the number of packets being switched through the local network and out to the rest of the world.
As the administrator, you must take into account the number of packets your network's Layer 3 devices must
handle or implement multiple Layer 3 devices to handle load balancing.
An end−to−end VLAN spans the entire switch fabric from one end of the network to the other. With this type
of VLAN boundary, all the switches in the network know about all the configured VLANs in the network.
End−to−end VLANs are configured to allow membership based on a project, a department, or many other
groupings.
One of the best features of end−to−end VLANs is that users can be placed in a VLAN regardless of their
physical location. The VLAN the port becomes a member of is defined by an administrator and assigned by a
92