Controlling Broadcast Domains with VLANs

Network without VLANs

In the default configuration, when a switch receives a broadcast frame on the ingress ports of the switch it forwards the frame out all ports excluding the port where the broadcast frame was received. Because the whole network is configured in the same subnet and no VLANs are configured therefore all ports are working in the same broadcast domain.

As shown in the figure below, when the PC-1 sends out a broadcast frame, switch S-1 receives the broadcast frame and sends that broadcast frame out all of its ports except ingress port. Ultimately the whole network receives the broadcast for the reason that the network is one broadcast domain. When the frame from S-1 received to S-2, the S2 will also flood the frame to all ports.

Network with VLANs

Figure 2 illustrates the segmented network with VLANs; the network has been segmented using two VLAN, VLAN 10 and VLAN 20. The IT department has assigned VLAN 10 and the admin department has assigned VLAN 20. When a broadcast is sent from any computer of the IT department  (PC-2, PC-3, and PC-4) the switch (S1, S2) forwards that broadcast frame only to switch ports that are assigned to VLAN-10 and also to Trunk port. Same as when a computer from the admin department sent a broadcast frame; the switch forwards the frame to port that is configured for VLAN-20 and trunk port.

The ports that connect both switches S1 and S2 are trunks and have been configured to support all the VLANs in the network. When S1 and S2 receive the broadcast frames on a port from VLAN-10. The switch forwards that broadcast frame out of the only other port configured to support VLAN 10 including trunk port. When VLANs are configured on a switch, the transmission of unicast; multicast, and broadcast traffic from a host in a particular VLAN is limited to the devices that are in that VLAN. The VLAN create multiple broadcast domains in the switch so the broadcast can be controlled with creating multiple broadcast domains.