Appendix C: Virtual Local Area Network (Vlan) - NETGEAR FSM726S Installation Manual

APPENDIX C: Virtual Local Area Network (VLAN)

A Local Area Network (LAN) can generally be defined as a broadcast domain. Hubs, bridges or switches in the same physical segment or
segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs
together, routing the traffic to appropriate port.
A virtual LAN (VLAN) is a local-area network with a definition that maps workstations on some other basis than geographic location (for example,
by department, type of user, or primary application). To communicate between VLANs, traffic must go through a router, just as if they were on two
separate LANs.
A VLAN is a group of PCs, servers and other network resources that behave as if they were connected to a single, network segment — even
though they may not be. For example, all marketing personnel may be spread throughout a building. Yet if they are all assigned to a single VLAN,
they can share resources and bandwidth as if they were connected to the same segment. The resources of other departments can be invisible to
the marketing VLAN members, accessible to all, or accessible only to specified individuals, depending on how the IT manager has set up the
VLANs.
The Advantages of VLANs
Easy to do network segmentation
Users communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group's traffic is
largely contained within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network.
Easy to manage
The addition of nodes, as well as moves and other changes, can be dealt with quickly and conveniently from a management interface rather than
the wiring closet.
Increased performance
VLANs free up bandwidth by limiting node-to-node and broadcast traffic throughout the network.
Enhanced network security
VLANs create virtual boundaries that can only be crossed through a router. So standard, router-based security measures can be used to restrict
access to each VLAN
VLAN Behavior in the FSM726S and FSM750S Managed Stackable Switch
Packets received by the switch will be treated in the following way:
When an untagged packet enters a port, it will be automatically tagged with the port's default VLAN ID tag number. Each port has a
o
default VLAN ID setting that is user configurable (the default setting is 1). The default VLAN ID setting for each port can be changed in
that port's respective Port Configuration page.
When a tagged packet enters a port, the tag for that packet will be unaffected by the default VLAN ID Setting.
o
The packet will now proceed to the VLAN specified by its VLAN ID tag number.
o
If the port in which the packet entered does not have membership with the VLAN specified by the VLAN ID tag, the packet will be
o
dropped. Port VLAN membership settings are changed in the Primary VLAN page.
If the port has membership to the VLAN specified by the packet's VLAN ID, the packet will be able to be sent to other ports with the same
o
VLAN ID membership.
Packets leaving the switch will be either tagged or untagged depending on the setting for that port's VLAN membership properties.
o
•
A 'U' for a given port and VLAN will mean that packets leaving the switch from that port and VLAN will be Untagged. Inversely, a 'T'
for a given port and VLAN will mean that packets leaving the switch from that port and VLAN will be tagged with the respective
VLAN ID in which it participated in.
Page 107 of 121