Networks have become so complex that they have surpassed the capacity of a typical local area network (LAN). Initially, LANs connected network devices such as switches, hubs, bridges, workstations, etc., located in a common shared location through cables. Today, most LANs connect these devices using a combination of wireless internet and Ethernet cables. As networking needs change, organizations require networking solutions that enable growth in size, flexibility, and complexity.
Virtual local area networks (VLANs) bypass a LAN’s physical location limitation and allows organizations to scale their networks, increase security by segmenting them, and decrease network latency.
What is a VLAN?
Techopedia defines this technology as follows:
A virtual local area network (VLAN) is a logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security, and ease of network management and can quickly adapt to changes in network requirements and relocation of workstations and server nodes.
Higher-end switches allow the functionality and implementation of VLANs. The purpose of implementing a VLAN is to improve the performance of a network or apply appropriate security features.
Simply put: a VLAN is a group of network devices that interface with each other as if they made up a single LAN, while in reality, they are on one or several LAN segments. Each segment is separated from the rest of the LAN by a switch, router, or bridge. So, when a workstation broadcasts data packets, the upshot of this is that it communicates with all other workstations on the network, but none outside it.
Why is this important?
Let’s talk about LANs for a bit. One of the biggest potential hiccups with a LAN is collision. Here’s what this looks like: Two or more workstations send data packets simultaneously on a LAN connected via a hub; the data collide and, therefore, is not transmitted correctly. The collision spreads throughout the LAN, which busies itself resolving the problem. Users have to wait for the network to clear the issue before it is operational again—and then they have to resend the original data.
VLANs segment the LAN, reducing the number of collisions as well as the number of network devices involved should a crash occur. With a VLAN, workstations send data packets via a bridge or a switch, which do not forward collisions to the LAN at large. Instead, they contain any collision within the segment and are often referred to as “collision domains.”
However, an even more vital feature of a VLAN is its enhanced security. Even though it is a segment of the LAN as a whole, it behaves as though it is a single LAN in and of itself. In short: The broadcast domain of a VLAN is the VLAN itself. As they can be grouped by department, project team, etc., and are not limited to the physical location of the devices, data is contained and can only be accessed by specified users.
Static vs. Dynamic VLAN
These come in two different “flavors”—static and dynamic.
According to Hewlett Packard:
A static VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. That is, all ports carrying traffic for a particular subnet address would belong to the same VLAN. Using a VLAN, you can group users by logical function instead of physical location. This helps to control bandwidth usage by allowing you to group high-bandwidth users on low traffic segments and to organize users from different LAN segments according to their need for common resources.
Per OmniSecu.com Tutorials:
In a dynamic VLAN, the switch automatically assigns the port to a VLAN using information from the user device like MAC address, IP address, etc. When a device is connected to a switch port, the switch queries a database to establish VLAN membership. A network administrator must configure (the) VLAN database of a VLAN membership policy server (VMPS).
Dynamic VLANs support instant movability of end devices. When we move a device from a port on one switch to a port on another switch, the dynamic VLANs will automatically configure the membership of the VLAN.
The Institute of Electrical and Electronics Engineers (IEEE) 802.1Q (also commonly referred to as Dot1Q) lays down specifications for VLANs on an IEEE 802.3 Ethernet network.
Specification laid down in IEEE 802.1Q:
- IEEE 802.1Q standard outlines the methods by which VLAN tags can be added to Ethernet frames so that the frame can identify the VLAN to which it is destined.
- When a frame moves into a VLAN-enabled section of an Ethernet network, the tag is added to denote the VLAN Membership. A frame can be within only one VLAN at a time.
- IEEE 802.1Q also lays down the procedures that bridges and switches need to adopt to manage VLAN tagged Ethernet frames.
- Additionally, the standard can also define a quality-of-service (Qos) prioritization scheme as well as Generic Attribute Registration Protocol.
Powerful Reasons to Use a VLAN
There are five huge benefits when using a VLAN.
- Enable logical grouping of workstations even when their physical locations are dispersed: For example, when users move to a new place but continue performing the same job, there is no need for reconfiguration. Conversely, should a worker change their job function, they do not need to move their physical location; VLAN membership to a new team is simple.
- Reduce the need for routers: Routers will only be needed for sending data outside the VLAN. While routers have greater capabilities than switches, they are subject to bottlenecks. Because VLANs do not need to communicate with devices via a router, they can handle a more significant workload, and latency is reduced significantly.
- Reduce network traffic: Users only receive broadcasts that are intended for them. If a router is not connected between VLANs, members of different VLANs will be unable to communicate.
- Increase flexibility: VLANs can be configured and assigned based on various criteria such as port, protocol, or subnet. Network design can be changed easily. Furthermore, groups of workers who need to collaborate can do so even if they are on separate floors of an office building or in separate buildings altogether.
- Decreases the amount of time administrators spend on oversight of the network: VLANs automatically limit access to specified groups of workers. When workstations are moved, administrators do not have to reconfigure the network.
Planet Technology USA hopes you found this article helpful. As a major US-based distributor of network components, including switches, our aim is to provide the highest quality of service. For more information, click here.