Chapter 1 BayStack 380 Switch 37Using the BayStack 380 10/100/1000 SwitchVirtual Local Area Networks (VLANs)In a traditional shared-media network, traffic generated by a station is transmittedto all other stations on the local segment. Therefore, for any given station on theshared Ethernet, the local segment is the collision domain because traffic on thesegment has the potential to cause an Ethernet collision. The local segment is alsothe broadcast domain because any broadcast is sent to all stations on the localsegment. Although Ethernet switches and bridges divide a network into smallercollision domains, they do not affect the broadcast domain. In simple terms, avirtual local area network provides a mechanism to fine-tune broadcast domains.Your BayStack 380 Switch allows you to create port-based VLANs:• IEEE 802.1Q port-based VLANsA port-based VLAN is a VLAN in which the ports are explicitly configured tobe in the VLAN. When you create a port-based VLAN, you assign a PortVLAN Identifier (PVID) and specify which ports belong to the VLAN. ThePVID is used to coordinate VLANs across multiple switches.• Auto PVIDWhen Auto PVID is active, a port that is assigned to a numbered VLAN hasthe same number for its PVID. For example, if the VLAN is 2, the PVID is 2.SecurityThe BayStack 380 Switch security features provide two levels of security for yourlocal area network (LAN):• RADIUS-based security—limits administrative access to the switch throughuser authentication• MAC address-based security—limits access to the switch based on allowedsource MAC addressesFigure 5 shows a typical campus configuration using the BayStack 380 Switchsecurity features. This example assumes that the switch, the teachers’ offices andclassrooms, and the library are physically secured. The student dormitory may (ormay not be) physically secure.
