The increasing availability of inexpensive layer-2 switches enables the installation of much larger LANs than in the past. Until now, smaller parts of a network had been combined with hubs. These individual segments (collision domains) had been collected into larger sections by routers. A router always represents a border between two LANs, so several LANs with their own IP-address ranges arise from this structure.
By using switches, it is possible to combine many more stations into one large LAN. They specifically control the data flow on the individual ports, so the available bandwidth can be much better utilized than with hubs, and there is no need to configure and maintain routers within the network.
But even a network structure based on switches has its disadvantages:
- As with hubs, broadcasts are sent over the entire LAN, even if the data packets are only important for a certain segment of the LAN. A sufficient number of network stations thus leads to a clear reduction of the available bandwidth in the LAN.
- The entire data traffic on the physical LAN is "public". Even if individual segments use different IP address ranges, any station on the LAN can theoretically tap into data traffic from all of the logical networks on the Ethernet segment. Protecting individual LAN segments with firewalls or routers further increases the requirements of network administration.
One possibility to resolve these problems are virtual LANs (VLANs) as described in IEEE 802.1p/q. With this concept, several virtual LANs are defined on a single physical LAN. They do not obstruct one another and, what's more, they cannot receive or tap into the data traffic of the other VLANs on the physical Ethernet segment.
