Complexities of Virtual LANs
As in many other technologies, virtual LANs include a caveat; however, the VLAN caveat is also an advantage: While a VLAN allows hosts to be virtually separated at Layer 2, it doesn’t provide a mechanism for communicating between VLANs. To return to our earlier telephone system analogy, sometimes phones in an isolated part of an organization must communicate with other, non-isolated phones. Typically with phone systems this requirement means dialing a specific prefix to call “outside” that isolated part of the phone network; for example, we’re told “Dial 9 to get an outside line.”
With networks that use VLANs, the only way to communicate with other devices in different VLANs is to bring in a Layer 3 device (a router or Layer 3 switch); this device is configured to allow communications between the devices in different VLANs. This device’s Layer 3 (and above) features might be configured to limit the amount and types of traffic allowed between devices. This type of connection can be implemented in a few different ways: using a router that has an interface connected per VLAN on the switch, using a router along with switch trunking capabilities (IEEE 802.1Q), or using a Layer 3-capable switch for multi-layer switching (MLS). We’ll address these connection types in more detail in a future article.