What is VLAN?

VLAN (Virtual Local Area Network) is an important factor in the efficiency of an organization. It is one of the technologies that contribute to improving network performance and allows the division of large broadcast domains into smaller domains.

In network topology, routers block broadcast traffic on an interface. However, routers usually have a limited number of LAN interfaces. The main function of a router is not to provide access to terminals to the network, but to transfer information between networks.

The function to provide access to a LAN is usually reserved for access layer switches. Similar to Layer 3 devices, a virtual local area network can be created in the Layer 2 switch to reduce the size of broadcast areas.

In general, VLANs are included in network design to facilitate a network to support the objectives of an organization. Although VLANs are primarily used in switched local area networks, modern virtual LAN applications allow them to propagate MAN and WAN networks.

What Does It Do?

It provides segmentation and enterprise flexibility in a switched network environment. It provides a way to group devices within a LAN. Devices in a group communicate as if they were connected to the same cable. VLANs are based on logical connections rather than physical connections.

VLANs allow an administrator to segment networks into segments based on factors such as function, project team, or application, regardless of the physical location of the user or device. Devices within a virtual LAN operate as if they were on their own independent network, even if they share the same infrastructure with others.

Any switch port can belong to a VLAN, and unicast, multicast packets are transmitted, and only packets are sent to the corresponding group. Each Virtual LAN is considered a separate logical network and packets for non-VLAN stations must be transmitted over a device that supports routing.

A Virtual LAN creates a logical broadcast area that can span several physical LAN segments. It improves network performance by dividing large broadcast areas into smaller ones. If a device sends a broadcast Ethernet frame, not all devices receive the frame, but devices from other VLANs do not receive it.

Enables access and security policies to be applied to specific user groups. Each switch port can be assigned to a single VLAN (except for a port connected to an IP phone or another switch).

VLAN Advantages

Users’ productivity and network adaptability are important to the growth and success of companies. VLAN networks make it easy to design a network to support an organization’s goals. The main benefits are:

Security: Groups with sensitive data are separated from the rest of the network, reducing the likelihood of infringing confidential information. As shown in the figure, faculty computers are located in VLAN 10 and are completely separated from the data traffic of students and guests.

Cost reduction: Cost savings are due to the low need for expensive network updates and more efficient use of existing connections and bandwidth.

Better performance: Dividing Layer 2 flat networks into several logical workgroups (broadcast areas) reduces unnecessary traffic on the network and improves performance.

Reduced broadcast areas: Dividing a network into VLAN networks reduces the number of devices in the broadcast area.

Higher efficiency of IT staff: VLANs simplify network management because users with similar network requirements share the same VLAN. When a new key is available, all policies and procedures preconfigured for a particular VLAN are applied when the ports are assigned. It is also easy for IT staff to define the function of a VLAN by giving it a name.

Simpler management of applications and projects: VLAN adds network devices and users to support geographic or business requirements. Having different features makes it easier to manage a project or work with a specific application; An example of this type of application is the electronic learning development platform for lecturers.

Each VLAN in a switched network corresponds to an IP network; therefore, when designing a VLAN, the implementation of a hierarchical network addressing program should be considered.

Hierarchical network addressing ensures that IP network numbers are applied sequentially to network segments or VLANs and the network is considered as a whole.

Types of VLAN

1. Data

A VLAN that is configured to move user-generated traffic. It is common practice to separate voice traffic and data traffic management. Data VLANs are used to divide the network into the user or device groups.

2. Default

All switch ports become part of the default VLAN after the initial initialization of a switch that loads the default configuration. The ports participating in the default VLAN are part of the same broadcast area. This supports any device connected to any switch port to communicate with other devices on other switch ports. The default virtual LAN for Cisco switches is Virtual LAN 1. Note that all ports are assigned to VLAN 1 by default.

VLAN 1 has all the features of any VLAN, but cannot be renamed or deleted. All Layer 2 control traffic is associated with this by default.

3. Native

An 802.1Q host port is assigned a local VLAN. Master link ports are connections between switches that support traffic transmission associated with multiple VLANs.

The 802.1Q main port supports inbound traffic (tagged traffic) and inbound traffic (unlabeled traffic). Labeled traffic refers to traffic with a 4-byte label placed in the original Ethernet frame header, indicating the VLAN to which the frame belongs. The 802.1Q main port places unlabeled traffic on the local VLAN, which is VLAN 1 by default.

Legacy VLANs are defined in the IEEE 802.1Q specification to maintain compatibility with unlabeled traffic from previous models common to legacy LAN situations. A local VLAN acts as a common identifier at opposite ends of a body link.

It is recommended that you configure this virtual network type as a type that is not used independently of VLAN 1 and others.

3. Management

Any VLAN configured to access the management features of a key. VLAN 1 is the management VLAN by default. To create this structure, an IP address and a subnet mask are assigned to the virtual switch interface (SVI) of the VLAN, which allows the switch to be managed using HTTP, Telnet, SSH or SNMP. Because VLAN 1 is set by default in the factory configuration of a Cisco switch, it is not an appropriate choice for management.

In the past, the management of Cisco Switch 2960 was the only active SVI. For Cisco IOS 15.x versions for Catalyst 2960 series switches, it is possible to have multiple active SVIs. With Cisco IOS 15.x, the specific active SVI assigned for remote management must be registered. In theory, a switch can have multiple management VLANs, while increasing exposure to network attacks.

   Related Articles

1. What is Packet Tracer
2. Packet Tracer Setup
3. What is GNS3
4. GNS3 Setup
5. GNS3 VM

 

tolgabagci

Tolga Bağcı

 
shares