14-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter14 Configuring VLANs
Understanding VLANs
Understanding VLANs
A VLAN is a switched network that is logically segmented, by functions, project teams, or applications
rather than on a physical or geographical basis. For example, all workstations and servers used by a
particular workgroup team can be connected to the same VLAN, regardless of their physical connections
to the network or the fact that they might be intermingled with other teams. You use VLANs to
reconfigure the network through software rather than physically unplugging and moving devices or
wires.
A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. A VLAN
consists of a number of end systems, either hosts or network equipment (such as bridges and routers),
connected by a single bridging domain. The bridging domain is supported on various pieces of network
equipment such as LAN switches that operate bridging protocols between them with a separate group
for each VLAN.
VLANs provide the segmentation services traditionally provided by routers in LAN configurations.
VLANs address scalability, security, and network management. You should consider several key issues
when designing and building switched LAN networks:
LAN segmentation
Security
Broadcast control
Performance
Network management
Communication between VLANs
You extend VLANs into a wireless LAN by adding IEEE 802.1Q tag awareness to the access point.
Frames destined for different VLANs are transmitted by the access point wirelessly on different SSIDs.
Only the clients associated with that VLAN receive those packets. Conversely, packets coming from a
client associated to an SSID mapped to a certain VLAN are 802.1Q tagged before they are forwarded
onto the wired network.
Figure 14-1 shows the difference between traditional physical LAN segmentation and logical VLAN
segmentation with wireless devices connected.