The Traditional Switched Network
Today, almost every network has a switch that connects all the network nodes. This gives the nodes a quick and effective way to talk to each other. There is no question that switches are what hubs were a long time ago: the most common and important piece of equipment in our network.
Most of the time, switches work fine for small to medium-sized networks. But when it comes to medium to large networks, you can’t just plug a switch into the wall and hang a few PCs from it.
People who have read our part on “switches and bridges” already know that switches are layer 2 devices that make a flat network:
A switch that is connected to three workstations is depicted in the network diagram that can be found above. These workstations are able to connect with one another and are all part of the same broadcast domain. This means that if one of the workstations were to send a broadcast, the other workstations would receive it.
There is a possibility that many broadcasts may not be too much of an issue in a network that is relatively small. However, as the size of the network grows, the number of broadcasts will also increase, and eventually they will become a significant problem. This is because they will flood the network unecessarily and this will lead to consumption of valuable bandwidth.
You can get a visual understanding of the problem, as well as the concept of a huge flat network, by looking at the diagram that is provided below:
As we add more switches and workstations to the network, the issue becomes more apparent. The majority of workstations run Windows, which means that occasionally broadcasts will be delivered over the network cable—something we definitely want to avoid.
Security is another important issue. All devices are visible to all users on the network mentioned earlier. Because of this, crucial file servers, databases, and other sensitive information in a wider network would be more accessible to any and all users, increasing the likelihood of an attack.
To really keep these systems safe from your network, you would have to limit access at the network level by splitting up the current network or just putting a firewall in front of each critical system. However, most managers will probably think twice about doing this because it is expensive and hard to set up. Luckily, there is a way out…. which is mentioned below.
Introducing VLANs
Most of you already know that you need a layer 2 switch that allows VLANs in order to set them up and work with them.
Every VLAN that is set up on a switch is its own network. What this means is that a different broadcast domain is made for each VLAN. By default, network broadcasts are blocked from all switch ports that are not in the same VLAN. This is why VLANs are so popular in today’s large networks: they help separate different parts of the network.
Check out the following image to get a better idea of how VLANs are different from switches:
This is a simple network consisting of six workstations linked to a switch that can support virtual local area networks. Two virtual local area networks (VLANs)—VLAN 10 and VLAN 20—have been programmed into the switch, with three workstations allocated to each.