A virtual local area network, abbreviated as VLAN, is a collection of devices that are grouped together from different physical LANs and are configured in a way as if they are attached to the same wire. VLAN permits a network of computers and users to communicate in a simulated environment as if they are in a single LAN, sharing a single broadcast and multicast domain.
It helps in establishing security, scalability, eased network management and quick adaptation to changes in network requirements or relocation of workstations and server nodes.
VLANs are flexible because they are based on logical connections instead of physical ones.
VLANs allow multiple networks to work virtually as one LAN despite of their association with different IP subnetworks.
VLANs help in improving network performance by removing latency.
However, high chances of virus attacks persist as an infected system can spread the virus via the logical network to devices connected across multiple networks.
In this article, we will see why we use VLAN, how to set it up, its types as well as disadvantages. Let’s begin with why we use them.
Why do we use VLANs?
VLANs have many advantages over traditional LANs. All these benefits lead users to set up VLANs.
They help in administration, reducing broadcast traffic, enforcing security policies as well as confinement of broadcast domains.
Lets see what they are.
Careful observation of network usage lets the network administrator create VLANs that decrease the number of router hops and augment the apparent bandwidth for network users.
A fact about VLAN is that it does not pass broadcast traffic to the nodes which are not a part of it, and thus, it automatically reduces broadcasts.
Access lists (tables, created by network administrators, listing which addresses have access to that network) offers the network administrator with a method to manage and control who sees what network traffic.
2. Logical grouping of end-stations
VLANs help to logically group many end-stations which are physically scattered on a network.
When users on a VLAN go to a new physical place but carry on the same job function, the concerned end-stations need not be reconfigured.
Likewise, if users change their job functions, then they do not need to change location physically. They simply need to change the VLAN membership of the end-stations to that of the new team.
This makes the end-stations of the users local to the resources of the new group.
In the same network, outsiders may access sensitive data when its broadcasted. By setting up VLAN, one can restrict access as well as set up firewalls and control broadcast domain.
In this way, VLANs bolster network security.
4. Cost Reduction
VLAN aids in creating broadcast domains.
Also, VLAN decreases the requirement of routers deployed on a network to contain broadcast traffic. Thus, the concerned costs are reduced to some extent.
One can add or remove any number of hosts as per one’s choice. Even, virtual groups can be formed based on department or job role rather than based on physical locations of offices.
Also, some organizations may like to set up VLANs for departments, especially for the ones having heavy network users (for example, multimedia, engineering, etc).
They may even want a VLAN across the departments concerning particular kinds of employees (like managers or salespersons).
6. Confinement of broadcast domains
Confining broadcast domains averts end-stations from listening to or receiving broadcasts not meant for them. So, doing this on a network greatly reduces the traffic.
Also, end-stations of one VLAN cannot interact with the same of other VLANs if a router is not connected between them.
How does a VLAN work?
Including VLAN support in a Layer 2 switch offers advantages of both routing and bridging.
A layer 2 switch is a kind of network switch or device working on the data link layer (OSI Layer 2) and uses MAC Address to figure out the path through where the frames are to be sent.
Layer 2 switch uses hardware-based switching methods to connect and transmit data in a local area network (LAN).
A VLAN switch, like a bridge, quickly forwards traffic based on the Layer 2 header. Like a router, it divides the network into logical segments, which offer better administration, security, and management of multicast traffic.
In a network, every VLAN has a VLAN ID associated with it, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN.
An end station may remove the tag, or the VLAN part of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID.
A given port can deal with traffic for more than one VLAN, but it can support one default VLAN ID only.
The Private Edge VLAN characteristic allows you to set protection between ports located on the switch.
That is, a protected port cannot forward traffic to another protected port on the same switch. However, this feature does not protect ports located on different switches.
How to set up VLAN?
The following steps tell how network administrators set up new VLANs at a high level.
- Select a valid VLAN number.
- Select a private IP address range for the systems on that VLAN.
- Set up the switch device with either static or dynamic settings.
Static configurations need the administrator to allocate a VLAN number to each switch port while dynamic configurations require allotting a list of MAC addresses or usernames to a VLAN number.
- Configure the routing between the VLANs as required. A VLAN-aware router or a Layer 3 switch is necessary for configuring two or more VLANs to communicate with each other.
How to configure VLAN routing on a smart switch?
Following are the steps for creating VLAN interfaces:
- Determine the IP addresses which you want to allot to the VLAN interfaces on the switch. The VLAN interfaces should have IP addresses for the switch to route between VLANs.
When the switch gets a packet destined for a VLAN or subnet, it forwards the packet to the destination VLAN interface, concerning the information in the routing table.
Then, the destination VLAN interface transmits it to the port attached to the end device.
- Open the web browser.
- Enter the IP address of the smart switch in the browser address field. The default IP address is 192.168.0.239, and the default subnet mask is 255.255.255.0.
- You should be prompted to enter a password.
- Enter the password in the Password The default password is password. They are case-sensitive.
- Click the Login button, and the System information screen will be displayed after authentication.
- Select Routing → IP → IP Configuration.
- Select the Enable radio button beside Routing mode.
- Click Apply to enable Routing.
- Choose Switching → VLAN → Basic → VLAN Configuration.
- Create a static VLAN by mentioning a VLAN ID and VLAN name, and from the VLAN Type menu, select Static.
- Click Add to add the new VLAN to the configuration.
- Select Routing → VLAN → VLAN Routing.
- Enable routing on the VLAN just created and assign an IP address and subnet mask. From the VLAN menu, choose the VLAN just created. In the IP address field, enter the IP address you want to assign to the VLAN routing interface.
In the Subnet Mask field, provide the subnet mask you want to assign to the VLAN routing interface. In the IP MTU field, enter 1500 (1500 is the default MTU size).
- On clicking the Add button, the VLAN routing interface is added to the configuration and becomes active.
- Repeat steps 9—14 for all VLANs you wish to designate as VLAN routing interfaces.
What are static and dynamic VLANs?
The network administrator creates a VLAN in the static VLAN, and then assigns switch ports to it. Static VLANs are also known as port-based VLANs.
The association with the VLAN does not change until the administrator modifies the port assignment. End-user devices become the members of VLAN, depending on the physical switch port to which they are connected.
The ports on a single switch can be allotted with multiple VLANs. Although two devices are connected to different ports on the same switch, traffic will not pass between them if the connected ports are on different VLANs.
A Layer 3 device (a router) is required to enable communication between two VLANs.
In a dynamic VLAN, the switch allots the port to a VLAN automatically using information from the user device like mac address, IP address, etc.
When a device is linked to a switch port, the switch queries a database to establish VLAN membership.
A network administrator must configure the VLAN database of a VLAN Membership Policy Server (VMPS).
When a device is moved from a port on one switch to that on another, the dynamic VLANs will automatically configure the membership of the VLAN.
Dynamic VLANs facilitate instant movability of end devices.
What are the disadvantages of VLAN?
Though VLANs help in improving the network performance, they have certain disadvantages as well.
- There are high chances of virus attacks on the systems because if one device is infected, it can spread the infection to other systems through the logical network.
- There are equipment limitations for larger networks as extra routers may be required to control the workload.
- When compared to WAN, VLAN may be more effective in controlling latency, but it is less efficient than LAN.
VLAN is a logical group of devices, workstations, and servers which behave to be on the same LAN whereas they all have different geographical distribution in reality.
VLAN improves the performance of the network as well as can control traffic patterns. It removes latency, thus saving network resources as well as augmenting network efficiency. It aids in issues like security, network management, and scalability.