VLAN'S: Definition, Function Advantages & Disadvantages (Brief Full Explanation About Vlan)


VLAN’S

A VLAN (virtual LAN) abstracts the idea of the local area network (LAN) by providing data link connectivity for a subnet. One or more network switches may support multiple, independent VLANs, creating Layer 2 (data link) implementations of subnets. A VLAN is associated with a broadcast domain. It is usually composed of one or more Ethernet switches,

Where by as networks have grown in size and complexity, many companies have turned to virtual local area networks (VLANs) to provide some way of structuring this growth logically. Basically, a VLAN is a collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location.
Vlan Diagram Connection


N/B: Network administrators often refer to static VLANs as “port-based VLANs.” A static VLAN requires an administrator to assign individual ports on the network switch to a virtual network. No matter what device plus into that port, it becomes a member of that same pre assigned virtual network.

Dynamic VLAN configuration allows an administrator to define network membership according to characteristics of the devices themselves rather than their switch port location. For example, a dynamic VLAN can be defined with a list of physical addresses (MAC addresses) or network account names.

Best practices of VLAN administration define several standard types of virtual networks:

Management VLAN: A best practice is to set up a separate VLAN for management traffic like monitoring, system logging, SNMP, and other potentially sensitive management tasks. In addition to the security benefits, this ensures that bandwidth for management will be available even when user traffic is high.

Data VLAN: Also known as a user VLAN, the data VLAN is designated only for user generated data. How you group your data VLANs (such as by department or workgroup, for example) will depend on your organization’s structure and business processes. Before you jump into configuring your data VLANs, look at your entire possible VLAN landscape and spend some time assessing the logic for how to best group your users.

Voice VLAN: If your organization uses voice over IP (VoIP), you’ll want to have a separate voice VLAN. This will preserve bandwidth for other applications and ensure VoIP quality.

Default VLAN: This can refer to one of two types. Typically, the default VLAN refers to the one that all of the ports on a device belong to when it is switched on. On most switches, this default is VLAN 1 and should be changed for security reasons. Some network managers may use the term “default VLAN” to refer to a VLAN to which all ports are assigned when they’re not being used.

Native VLAN: The native VLAN is the one into which untagged traffic will be put when it’s received on a trunk port. This makes it possible for your VLAN to support legacy devices or devices that don’t tag their traffic like some wireless access points and simply network attached devices.

Setting up a VLAN 

At a high level, network administrators set up new VLANs as follows:
  1. Choose a valid VLAN number.

  1. Choose a private IP address range for devices on that VLAN to use.

  1. Configure the switch device with either static or dynamic settings. Static configurations require the administrator to assign a VLAN number to each switch port while dynamic configurations require assigning a list of MAC addresses or usernames to a VLAN number.

  1. Configure routing between VLANs as needed. Configuring two or more VLANs to communicate with each other requires the use of either a VLAN-aware router or a Layer 3 Switch.

Here are some common reasons why a company might have VLANs:

  • Improved security: Using VLANs improves security by reducing both internal and external threats. Internally, separating users improves security and privacy by ensuring that users can only access the networks that apply to their responsibilities. External threats are also minimized. If an outside attacker is able to gain access to one VLAN, they’ll be contained to that network by the boundaries and controls you have in place to segment it from your others.


  • Projects/Special applications - Managing a project or working with a specialized application can be simplified by the use of a VLAN that brings all of the required nodes together.


  • Performance/Bandwidth - Careful monitoring of network use allows the network administrator to create VLANs that reduce the number of router Hops and increase the apparent bandwidth for network users.


  • Broadcasts/Traffic flow - Since a principle element of a VLAN is the fact that it does not pass broadcast traffic to nodes that are not part of the VLAN, it automatically reduces broadcasts. Access lists provide the network administrator with a way to control who sees what network traffic. An access list is a table the network administrator creates that lists which addresses have access to that network.


  • Departments/Specific job types - Companies may want VLANs set up for departments that are heavy network users (such as multimedia or engineering), or a VLAN across departments that is dedicated to specific types of employees (such as managers or sales people).


  • Easier fault management: Troubleshooting problems on the network can be simpler and faster when your different user groups are segmented and isolated from one another. If you know that complaints are only coming from a certain subset of users, you’ll be able to quickly narrow down where to look to find the issue.

  • Improved quality of service: VLANs manage traffic more efficiently so that your end users experience better performance. You’ll have fewer latency problems on your network and more reliability for critical applications. VLANs also make prioritizing traffic much easier, allowing you to make sure critical application data keeps flowing even when lower priority traffic like web browsing spikes.

What Are The Disadvantages Of Vlan?

Vlan’s also have some disadvantages and limitations as listed below

  1.  High risk of virus issues because one infected system can spread virus through the whole logical network ,
  2. Device limitations has been one of the most great weakness since in vlan network set up there are limits in the expansion of the network users,
  3. More effective at controlling latency than WAN but less efficient than LAN
  4. Equipment’s limitations in very large networks because additional routers might be needed to control the workload,                                                                                                                      
  5. Port Constraints; if a hub or switch is connected to one port, every port on that hub must belong to the same VLAN. Hubs do not have the capability to provide VLANX to individual ports, and VLANS cannot be extended beyond the device port even if a switch capable of supporting VLANS is attached.

Functions of VLAN

  1. Virtual LANs provide mechanisms for making logical groups of end devices, though they are on different networks. 
  2. VLANs increase the number of broadcast domains possible in a LAN by grouping various hosts with similar functions.
  3. Implementing VLANs reduces the security risks significantly, as the number of hosts connected on a broadcast domain decreases. This is done by configuring a separate VLAN for only the hosts with the sensitive information.
  4. VLAN offers flexible networking models which group’s different users based on their departments (jobs/function), rather than just physical locations of that network.
  5. Changing users/hosts on a VLAN is easy. All it needs is a new port level configuration. If a user wants to move from one VLAN to another, a new port needs to be configured on the desired VLAN.

Basic Implementation of VLAN


Let us understand VLAN and its implementation with a real world example.
  • An international company has two branches at two different physical locations (Branch A & B). Both the branches are connected to each other over a private LAN network.
  • Each branch has four individual departments namely Production, Research, Administration and the Human Resources (HR).
  • All these departments have their sub systems and are spread across both the branches as follows:
Branch A is dedicated to the Production department, so it has 2 systems for Production, 1 system for Research, 1 for HR, and 1 for Admin.
And similarly,
Branch B is dedicated to the Research department, so it has 2 systems for Research work and 1 system for Production, 1 for HR and 1 for Admin. 
Below is the data representation in tabular format for each branch and number of systems in them. 
Branch Name
Production Systems
Research Systems
Admin Systems
HR Systems
Branch A
2
1
1
1
Branch B
1
2
1
1





Powered by Blogger.