background image
Introduction to VLANs
325
F I G U R E 6 . 3
Physical LANs connected to a router
Here you can see that each network was attached with a hub port to the
router (each segment also had its own logical network number, though this is
not obvious from the figure). Each node attached to a particular physical net-
work had to match that network number in order to be able to communicate
on the internetwork. Notice that each department had its own LAN, so if you
needed to add new users to Sales, for example, you would just plug them into
the Sales LAN and they would automatically be part of the Sales collision and
broadcast domain. This design really did work well for many years.
But there was one major flaw: what happens if the hub for Sales is full
and you need to add another user to the Sales LAN? Or, what do we do
if there's no more physical space in the location where the Sales team is
located for this new employee? Well, let's say there just happens to be
plenty of room in the Finance section of the building. That new Sales team
member will just have to sit on the same side of the building as the Finance
people, and we'll just plug the poor soul into the hub for Finance.
Doing this obviously makes that the new user part of the Finance LAN,
which is bad for many reasons. First and foremost, we now have a security
issue, because this new user is a member of the Finance broadcast domain
and can therefore see all the same servers and network services that all of the
Finance folks can. Secondly, for this user to access the Sales network services
they need to get the job done, they would need to go through the router to
login to the Sales server--not exactly efficient!
Now let's look at what a switch accomplishes. Figure 6.4 demonstrates
how switches remove the physical boundary to solve our problem.
Finance
Management
Engineering
Sales
Marketing
Shipping
Hubs
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com