A VLAN or Virtual Local Area Network maps devices on a basis other than geographic location, for example, by department, type of user, or primary application, simplifying your network and increasing security and traffic management.
What is a VLAN:
A VLAN is a virtual local area network that maps devices on a basis other than geographic location, for example, by department, type of user, or primary application.
The purpose of a VLAN is:
- Improved security
- Traffic management
- Make a network simpler
VLANs are created to reduce the amount of hardware needed for a full network, while still maintaining the separation of various networks in a complete business network which reduces strain on the network and increases scalability, as well as lowering the cost.
VLANs exist on switches; network devices such as workstations, printers, or servers are plugged into switches so data can be transferred between them. A switch with devices plugged into it is essentially a LAN or Local Area Network, the devices connected to it can only transfer data between other devices in the same LAN which is why it’s local.
A router transfers data between networks, which allows one LAN to communicate with another LAN. A router is required to send data from one VLAN to another VLAN.
A VLAN is a port on a switch with a number assigned to it. For example, you could assign VLAN 1 to a port, VLAN 2 to another, and VLAN 3 to another, and devices connected to those ports can only communicate with devices connected to other ports assigned with each respective number (a PC connected to a VLAN 1 port can only communicate with a printer connected to a VLAN 1 port), unless there is a router present, in which case the traffic can go from VLAN 1 to VLAN 2 or VLAN 3 through the router just like it could do in a normal LAN.
This is important because it means you can set up several networks with a single switch, utilizing less hardware which saves money and allows for much more scalability since you can extend the same VLANs onto another switch.
In order for multiple switches to use the same VLAN, a trunk needs to be set up. Normally, a port can only belong to one VLAN, meaning that it can only transfer data from that VLAN to and from another port that belongs to the same VLAN. This is a problem because it essentially would mean that each switch would have to have a port dedicated to connecting to the other switch for each VLAN (in our case, Switch 1 would need 3 ports to connect to Switch 2, which would also need 3 ports, one port for VLAN 1, VLAN 2, and VLAN 3). However, a trunk is able to transfer data from any VLAN between switches or routers, which reduces the amount of needed ports to 1 on each switch instead of 3 on each switch in our case. Trunks are able to do this by assigning tags to each frame of data sent that tell the switch or router the traffic is going to what VLAN the frame belongs to.
The last important concept is Tagging. Frames of data that come from any non-network device (a pc or printer for example) come into the switch at an access point. When the switch receives the frame from the port it assigns it a tag based on the VLAN the port is associated with. For example, if a device connected to the switch on a VLAN 2 port sends data to the switch, the data frame gets a VLAN 2 tag added to it. This tag determines what devices can receive data from the starting device.
In summary, VLANs have a number of advantages including:
- VLANs let you easily segment your network. You can group users who communicate most frequently with each other in a common VLAN, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network.
- VLANS are easy to manage. You can quickly add or change network nodes and make other network changes through the switch web management interface rather than from the wiring closet.
- VLANs provide increased performance. VLANs free up bandwidth by limiting node-to-node and broadcast traffic throughout the network.
- VLANs enhance network security. VLANs create virtual boundaries that can be crossed only through a router. Therefore, you can use standard, router-based security measures to restrict access to a VLAN.