Cisco Systems 3200 C

C-1

Cisco 3200 Series Router Hardware Reference

OL-5816-10

APPENDIX

The 10/100 Fast Ethernet ports on the Cisco 3200 Series router FESMIC default to Layer 2 switch ports.

The FESMIC is a “learning bridge,” as defined in 802.1D with the Virtual Local Area Network (VLAN)

capabilities of 802.1P/Q. The BCM5618 is fully capable of line-rate switching for all four 10/100 Fast

Ethernet ports.

VLANs provide the segmentation services traditionally provided by routers in LAN configurations, as

shown in Figure C-1. VLANs make it easy to move an network or to change a network design.

• Broadcast control—Just as switches physically isolate collision domains for attached hosts and only

forward traffic out a particular port, VLANs provide logical collision domains that confine

broadcast and multicast traffic to the bridging domain.VLANs solve the scalability problems of

large flat networks by breaking a single broadcast domain into several smaller broadcast domains.

• Security—VLANs improve security by isolating groups. High-security users can be grouped into a

VLAN, possibly on the same physical segment. If you do not include a router in a VLAN, no one

outside that VLAN can communicate with the users inside the VLAN and vice versa. This extreme

level of security can be highly desirable. Users outside that VLAN cannot penetrate into the VLAN

without an appropriate routing through secure Layer 3 routing services.

• Performance—Users that require high-performance networking can be assigned to their own VLAN.

You might, for example, assign an engineer who is testing a multicast application and the servers

that the engineer is using to a single VLAN. The engineer experiences improved network

performance by being on a “dedicated LAN.” The rest of the engineering group experiences

improved network performance, because the traffic generated by the network-intensive application

is isolated to another VLAN. This of course implies some areas of physical isolation of separate

VLANs or prioritized service by tagging support and prioritized queuing classes within the switches

and bridges of the 802.1Q VLAN.

• Network management—Software on the switch allows you to assign users to VLANs. Changing the

cabling to change connectivity is no longer necessary in the switched LAN environment because

network management tools allow you to reconfigure the LAN logically in seconds.