Imagine a 'huge room' filled with lots of people, and they're all chatting. Pretty noisy right? Everyone's messages are broadcast in the entire room. What about security? You can overhear potential sensitive information. Now imagine taking all those people and grouping into their own respective 'rooms', within the 'huge room'. Now the chatter is contained within the room, improving security. Same people, but now in organised fashion. Now what if a message needed to be passed to another group in another room? No problem. A designated 'doorman' has the ability to pass messages between rooms. Each room is tagged so the door man knows which room is which. Take this analogy and apply it to understanding VLANs. The huge room is the switch. All users are physically connected to the same switch, and more importantly the same VLAN by default.. Now take those users and place them in their own VLAN's by grouping specific ports into VLANs. Now users traffic is contained within their own VLAN, defining this as a broadcast domain. Now traffic is more secure and if a packet needs to be sent to another VLAN, the router (analogous to the doorman) is able to communicate between VLAN's. VLAN traffic is tagged so the router knows which VLAN to send the traffic to. Apart from improving security, VLAN's allow for the creation of more flexible designs, and reduce the amount of work required on each device within a VLAN.
... View more
