Why use VLAN?

wuitsung

I know the basic of VLAN. It's a virtual lan in its broadcast domain created by switch. Normally it's the router creating the broadcast domain.

My question is why don't just use router?? so we don't have the hassle of configuring VLAN...

tiersten

So you don't need to buy a switch for each one? Trunking as well.

astorrs

Like tiersten said, to save money on switches.

wuitsung

the only reason is to save money??

tiersten

Saving money isn't a good enough reason?

You can survive without VLANs but you'll end up with more hardware. More NICs in your servers if they need to be on multiple LANS. More switches since you'll have more LANs. More cabling since you'll need to connect all this extra hardware together.

It will let you change what LAN a port is connected to via software means. You don't have to dig around trying to find the cable.

CCIEWANNABE

vlans are tagged with their vlan # when moving across the switch and across trunks. the purpose is to create logical groupings of devices based on vlan. the need for a router is to route traffic between vlans, except for in the case of a layer 3 switch (where any port can be programmed as a layer 3 port). in general, switches are faster than routers and can forward traffic to their destinations faster. another point is smaller routers generally don't have many ports on them because switches are used to connect end devices to the network. it makes no sense to deploy routers to your access layer model of your network, where your end devices are.

cisco_trooper

msteinhilber

We use them so we can break apart our network as needed without having to go and move cables around, if we used different switches for each group then we would have many more switches and much more cabling in place to support them.

And that's a lot of constipated looking smilies cisco_trooper!

Yossarian

wuitsung wrote:

I know the basic of VLAN. It's a virtual lan in its broadcast domain created by switch. Normally it's the router creating the broadcast domain.

My question is why don't just use router?? so we don't have the hassle of configuring VLAN...

We use vlans to separate our data and voice.

wuitsung

Thank you everyone.
So can I totally replace the use of routers and use a layer-3 switch (or layer-2 switch + a router) and implement VLANS in my network? So can I also say VLAN is a alternative of router and it's better and faster?

And in what situation a router cannot be replaced by vlan (if I have a layer-3 switch)?

gojericho0

you wouldn't be able to replace the router with a layer 3 switch for most WAN links since they mostly use technology other L1/L2 technology and not ethernet

jbaello

Not sure if someone has mentioned it yet, but one of the benefits is also to limit broadcast domains cause VLAN don't communicate with each other without using a layer 3 device.

dynamik

Increased security.

Met44

As dynamik said, the primary reason for implementing VLANs is to increase security on the network. By using multiple VLANs (each a separate subnet), traffic going between two VLANs must be routed; because of this, you can implement traffic/security policies and monitor traffic throughout your organization much more easily.

How you implement this type of security (simply using VLANs vs loads of router ports connecting to different subnets) will impact the efficiency of your design (saving or costing you money). While you could potentially connect a bunch of switches to a router and get the same security of an environment with VLANs by spending a lot more money, it would be a very poor choice given the option of simply configuring VLANs.

wuitsung

Thank you. So the conclusion is "To save money" while comparing using VLAN vs Ruters right?

Just to make sure I understand. Creating VLANs is the same as using routers. VLAN acts like a logical router (on the aspect of the ability to create subnets). Except for VLAN I need a trunk port to route traffic if I want different diffrent subnets (vlan) to talk to each other or same vlan id in different switch.

Correct?

skrpune

wuitsung wrote:

Thank you. So the conclusion is "To save money" while comparing using VLAN vs Ruters right?

Just to make sure I understand. Creating VLANs is the same as using routers. VLAN acts like a logical router (on the aspect of the ability to create subnets). Except for VLAN I need a trunk port to route traffic if I want different diffrent subnets (vlan) to talk to each other or same vlan id in different switch.

Correct?

Saving money is a really big added benefit, but VLAN's are primarily for increased security & flexibility without having to make any physical changes to your network. The fact that you can make these changes virtually & add security are the biggest draws for creating VLANs. You can rearrange networks virtually without having to move anything around, which is great for adapting your network to changing needs over time.

You're right about needing routers or other layer three devices to get different VLANs to talk to each other - switches are at layer 2 and you need a higher layer device to get the different VLANs to talk.

dynamik

wuitsung wrote:

Creating VLANs is the same as using routers. VLAN acts like a logical router (on the aspect of the ability to create subnets).

No. You'd need a layer-3 switch or router if you wanted to route traffic between VLANs. On my 2950 switches, I can create VLANs, but there is no inherent way to route traffic between them.

This might help you with the basics: http://en.wikipedia.org/wiki/VLAN

wuitsung

Ishouldn't use the term router... so except the ability to route VLAN has all as a router can do right?

skrpune

wuitsung wrote:

Ishouldn't use the term router... so except the ability to route VLAN has all as a router can do right?

They're on separate layers and have different purposes, so you're not going to be able to draw parallels between them quite so neatly. Normally on a switch, you can have 'broadcast storms' - broadcasts are transmitted from one segment to another. VLANs can create virtual broadcast domains within a switch and reduce the scope of broadcast domains to a specific area that you specificy; routers create a separate broadcast domain per port. Routers can talk to other routers; VLAN's use trunking to connect switches & allow for communication between computers that are physically separated by switches but which are on the same logical VLAN. (You still however need a router for separate VLANs to communicate with each other.)

tiersten

wuitsung wrote:

Ishouldn't use the term router... so except the ability to route VLAN has all as a router can do right?

No. Do you have any CCNA books? If so, you should reread the parts about VLANs.

dynamik

If you want to draw a rough parallel to another concept you may be familiar with, it would probably be a subnet.