What is VLAN and How It is Work and It's Benefits

What is VLAN and How It is Work and It's Benefits

What is VLAN?

A Virtual Local Area Network (VLAN) is a grouping of network nodes such as a computer, network devices and servers that are connected in a logical manner. VLAN allows computer and users to communicate in a simulated (virtual) environment as though they exist in the same physical LAN segment and share a single broadcast domain. VLAN provides scalability, ease of network management and security in a switch network. 

The goal of VLANs is to group users into separate VLANs so that their traffic stays inside the VLAN.


virtual local area network
VLAN

Acquiring knowledge about VLANs is very important for the system administrator of a department in an organization. It is important to possess a thorough awareness of the number of VLANs needed for each and every department. By assessing the requirement for a purpose in advance, a system administrator can easily resolve the problem of re-addressing and modifying VLAN configurations. This will save the team members a sufficient amount of time and also help reduce the number of changes.

Understanding VLAN

When a network grows larger and larger, network management, security and scalability always posses a challenge.

Example
Consider this scenario, Switches are the broadcast domain in a layer-2 network. In order to communicate in a switch network, every device should send the broadcast. When broadcast traffic increases, CPU usage of every device also increases. This in turn also increases the bandwidth usage, which affects the performance of the network. Hence, it becomes necessary to split the lager broadcast domain into smaller broadcast domains in a switch network.

A VLAN implementation will achieve this in a layer-2 switch network.

Tips: Virtual splits larger broadcast domain into multiple smaller broadcast domains regardless of the location.

Benefits of VLANs

The benefits of VLAN are as illustrated bellows

Broadcast domain

Using VLAN leads to effective network management and reduces broadcast traffic

Flexibility and scalability

Users can be added at any time to a VLAN regardless of their physical location. Additional VLANs can also be created when network growth consumes more bandwidth

Security

This provides security over a flat network

Performance

There is no improvement or reduction of performance by VLANs themselves, however, when large volumes of the broadcast are involved, the performance can be optimized by planning broadcast traffic to users within a working group performing similar functions.

Network Management

  • Guest user traffic can be separated from the company’s network assets in smaller companies using VLANs. Hence creating a safe guest network.
  • VLANs allow grouping of employees using the same kind of data/applications, such as voice-over-IP (VoIP) phones.
  • VLANs can be used to restrict access to highly sensitive data by separating teams from department such as financial and HR, from the rest of the network.

The interconnection of the VLAN is shown in the following figure

Virtual Local Area Network
Interconnection Of VLANs

Example

In the above diagram two VLANs created, namely, VLANs 2 which is for sales and VLAN 3 which is for HR. even though the devices and computers are in the same switch segment, they are virtually separated. Users from vlan2 can access or communicate to other users within the same VLAN. But they cannot have access to the user in VLAN 3. Here, one single broadcast is separated into smaller broadcasts.

VLAN Membership

VLAN membership is a tag which is identified the ports that belong to the respective VLANs. The total number of VLAN IDs range from 1 to 1005. By default, all the ports are present in VLAN 1. VLAN is ‘native’. For management purposes, the IP address can be configured in the VLAN 1 interface. We can create VLAN from 2nd ID to 1001 ID. However, 1002 to 1005 are reserved.
There are two types of VLAN membership, namely
  •   Static VLAN
  •   Dynamic VLAN

Static VLANs

Static VLANs are the usual method of creating VLANs. They are the most secure. The administrator assigns some switch ports to a particular VLAN statically which is also known as port-based VLAN membership. Computers and devices connected to that specific port would be considered a member of that VLAN.

Switches maintain a VLAN mapping table for the frame forwarding purpose based on VLAN configured.

Example:

Static VLAN Mapping

Port Number
 VLAN No./Name
Ethernet 0
Vlan1
Ethernet 1
Vlan2
Ethernet 2
Vlan3

Tips
 Multiple VLANs can be assigned to a different port in a single switch.




When a user moves from one place to another (change port). The administrator must reassign the VLAN membership for the new interface. If there are a lot of moves, then it can be administrative pain. To overcome this, dynamic VLANs membership is used.

Dynamic VLANs

By using VLANs, the switch automatically assigns the port to the VLAN using information like the MAC address from the user devices. The network administrator must configure the VLAN database
To establish a VLAN membership, the switch sends queries to the VLAN membership policy server (VMPS). This happens when a device is connected to the switch port.

When a host connects to a switch port which is configured to do dynamic memberships the switch check the MAC address of the host. It then retrieves information from the VMPS about the location of the MAC address in a specific VLAN. The switch then modifies the VLAN membership of that port dynamically.

When we move a device from one switch port in a switch to another switch, dynamically VLANs will automatically configure the membership of the VLAN. Hence, this membership always remains the same for the user even if there is a cache in the location
The switch maintains a VLAN mapping table for the frame forwarding purpose based on VLAN configured.

Host MAC Address
VLAN No./Name
01-aa-ca-03-e1
VLAN1
A1-ae-a0-03-de
VLAN1
E1-ba-da-03-32
VLAN2
F1-e1-01-03-32
VLAN2
ee-c9-21-03-c2
VLAN3
A1-98-6e-03-2e
VLAN3

Note
 Though it seems simple, it is difficult to crate the VMPS database. It is also difficult to maintain it, if your network is very large

Tips:
 Static VLAN is a very simple and easy method to assign a VLAN, while the dynamic VLAN:

Assume that a company has two floors. The floors are connected with each other via layer-2 switches. For redundancy purpose, each switch is connected is connected to with two links. The company has two departments HR and Sales. In each floor, we have two PCs for each department


Virtual Local Area Network
Configuring VLAN

Configurations used in this topology are as following


Device
IP Address
Subnet Mask
Gateway
VLAN
Connected With
PC0
192.168.10.2
255.255.255.0
192.168.10.1
VLAN2
Floor 1 switch on F0/1
PC1
192.168.10.3
255.255.255.0
192.168.10.1
VLAN3
Floor 1 switch on F0/2
PC2
192.168.10.4
255.255.255.0
192.168.10.1
VLAN3
Floor 1 switch on F0/3
PC3
192.168.10.5
255.255.255.0
192.168.10.1
VLAN2
Floor 1 switch on F0/1
PC4
192.168.10.6
255.255.255.0
192.168.10.1
VLAN3
Floor 1 switch on F0/2
PC5
192.168.10.7
255.255.255.0
192.168.10.1
VLAN3
Floor 1 switch on F0/3




Post a Comment

0 Comments