From your Network+ exam studies, you know that switches forward broadcasts, and that sounds great, but that's not always a good thing. A switch can have anywhere from 12 ports to 80 or more, and by default all hosts connected to that switch are going to be in the same broadcast domain. Let's say we have an 80- port switch. If one host connected to that switch sends a broadcast, by default, all of the other 79 hosts are going to receive the broadcast. That will unnecessarily take up our network's available bandwidth.
It gets worse. For some network services and protocols, a broadcast received by a host results in that receiving host transmitting a broadcast of its own. Then when all the hosts receive that broadcast, they all end up transmitting even more broadcasts. Pretty soon, all these broadcasts have snowballed into a broadcast storm, which can take up most of a network's bandwidth and make normal network operations almost impossible.
Most likely, only a few hosts on each switch really need to communicate with each other. Let's take a eight-port switch for example, where three of the hosts are in the Security department, another three in the Accounting department, and the other two in the Publishing department.
If any of these PCs sends a broadcast, every other host attached to that switch is going to receive it, and may well generate a broadcast of its own in response. That's what we want to guard against, and we can do so through the creation of Virtual LANs, or VLANs.
Physically, these hosts all reside on the same Local Area Network, but we can configure the switch to place them in different logical (virtual) LANs. When a switch is configured with VLANs, the switch will forward a broadcast only to those hosts in the same VLAN as the host that originated it. By creating three VLANs on this switch, we now have three smaller broadcast domains, which helps to limit the scope of a broadcast.
After placing the Security hosts in their own VLAN, and then doing the same for the Accounting and Publishing hosts, broadcasts are now limited to being forwarded throughout their own VLAN. If a host in the Security department sends a broadcast, only other hosts in that same VLAN will receive it.
Now, here's another one of those good news / bad news scenarios we've discussed. (Better get used to those - in networking, almost everything we do has a good side and a bad side!)
Good news: Broadcasts will not be forwarded (propagated), between VLANs. A broadcast sent by one host in a VLAN will be forwarded only to other hosts in that same VLAN.
Bad news: No other traffic is going to be able to go from one VLAN to another, either. By default, there will be no inter-VLAN traffic on the switch. For traffic to go between VLANs, a Layer Three device must be involved, and that L3 device will most likely be a router.
Notice I said "most likely".
Most books for exams such as Network+ and CCNA say that a switch is a Layer Two device, and a router is a Layer Three device, and that's it. In today's networking, though, that's not the case, and I don't want you to be confused when you hear the term "layer three switch" in the real world. (Or worse, I don't want you to be confused in a job interview if someone mentions this term.)
There are switches available today that are also capable of routing, and these L3 switches are becoming more and more popular as the price goes down. Having an L3 switch eliminates the need for routers in some small networks, so you need to know about them. For your Network+ and CCNA exams, if the term mentioned is simply "switch", they're talking about a classic "layer 2 switch" that doesn't perform routing.
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, Ultimate Network+ Study Package, and Ultimate CCNP Study Packages.
Learn more at amazon.com