UMN:CLI User ManualV58082608 System Main Functions8.1 Virtual Local Area Network (VLAN)The first step in setting up your bridging network is to define VLAN on your switch. VLANis a bridged network that is logically segmented by customer or function. Each VLANcontains a group of ports called VLAN members. On the VLAN network, packets receivedon a port are forwarded only to the ports that belong to the same VLAN as the receivingport. Network devices in different VLANs cannot communicate with one another without aLayer 3 switching device to route traffic between the VLANs. VLAN reduces the amountof broadcast traffic so that flow control could be realized. It also has security benefits bycompletely separating traffics between different VLANs.Enlarged Network BandwidthUsers belonged in each different VLAN can use more enlarged bandwidth than no VLANcomposition because they do not receive unnecessary Broadcast information. A properlyimplemented VLAN will restrict multicast and unknown unicast traffic to only those linksnecessary to only those links necessary to reach members of the VLAN associated withthat multicast (or unknown unicast) traffic.Cost-Effective WayWhen you use VLAN to prevent unnecessary traffic loading because of broadcast, youcan get cost-effective network composition since switch is not needed.Enhanced SecurityWhen using a shared-bandwidth LAN, there is no inherent protection provided againstunwanted eavesdropping. In addition to eavesdropping, a malicious user on a sharedLAN can also induce problems by sending lots of traffic to specific targeted users ornetwork as a whole. The only cure is to physically isolate the offending user. By creatinglogical partitions with VLAN technology, we further enhance the protections against bothunwanted eavesdropping and spurious transmissions. As depicted in Figure, a properlyimplemented port-based VLAN allows free communication among the members of agiven VLAN, but does not forward traffic among switch ports associated with members ofdifferent VLANs. That is, a VLAN configuration restricts traffic flow to a proper subnetcomprising exactly those links connecting members of the VLAN. Users can eavesdroponly on the multicast and unknown unicast traffic within their own VLAN: presumably theconfigured VLAN comprises a set of logically related users.User MobilityBy defining a VLAN based on the addresses of the member stations, we can define aworkgroup independent of the physical location of its members. Unicast and multicasttraffic (including server advertisements) will propagate to all members of the VLAN so thatthey can communicate freely among themselves.