314ten devam arsiv tamamlaniyor

Understanding VLANs

Understanding VLANs
At the Ethernet layer, you can partition your network using VLANs. These VLANs limit the
scope of broadcast traffic on your network because each VLAN represents an individual
broadcast domain. By dividing your switched network using VLANs, you improve the
security of your network by limiting the scope of broadcast traffic that is vital for the
operation of your network, such as Address Resolution Protocol (ARP) traffic and Dynamic
Host Configuration Protocol (DHCP) traffic.

Ethernet VLAN Tagging

Ethernet VLAN Tagging
To pass traffic between the different VLANs on your switched network, Ethernet packets can
be tagged with a VLAN identifier that indicates the VLAN to which the traffic belongs.
Ethernet tagging enables you to pass traffic for different VLANs across the same Layer 2
interface. The following sections explain how to use Ethernet VLAN tagging with your Cisco
Security Appliance.

General Routing Principles

General Routing Principles
Although your Cisco Security Appliance is not a router, it does need to provide certain
routing and switching functionality. Whenever your Security Appliance processes valid
traffic, it must determine which interface provides the correct path for the destination
network. It may also have to tag the traffic for the appropriate Virtual LAN (VLAN). Not
only can your Security Appliance route valid traffic, you can also configure it to forward
multicast traffic. Sending multicast traffic to a multicast broadcast address enables multiple
systems to receive a data stream that otherwise would have to be sent to each individual
system.
This chapter focuses on the following three features that enable your Cisco Security
Appliance to effectively route and switch traffic:
■ Ethernet VLAN tagging
■ IP routing
■ Multicast routing