One of the more difficult tasks that people avoid in their computer networks is that of setting up virtual local area networks (VLANs). The concept of breaking a network into virtual segments that pass traffic separately while physically being connected within the same switch is a hard one to visualize and implement. In this article, we look at the concept of VLANs, the benefits of using VLANs, and the basics of VLAN setups.
First, let’s look at how technologists define a network construct. Networks are defined as the connection of computing devices on a broadcast domain. The broadcast domain is the entirety of computing devices that are physically and electrically connected, but that also pass signals between each other. Commonly, people visualize the network as a group of computers and printers attached to a switch and router that shares information and data.
Now let’s turn our attention to the virtual network construct. The VLAN is a logical construct, which means that computing devices are not simply grouped within the physical boundaries of traditional broadcast domains where network signals travel. Instead, the physical switches’ ports that connect computing devices (nodes) can be logically grouped together to form segmented virtual LANs on the same physical switch. VLANs require switches that have managed Layer 2 switching capabilities. Switches without management capabilities are usually not capable of implementing VLANs. So, we see that in order to implement a VLAN, there is a requirement of purchasing and operating managed Layer 2 switches.
What benefits offset the additional cost of these managed switches? A positive benefit of using VLANs is the ability to define broadcast domains without changing physical wiring in buildings and facilities. Another VLAN benefit is found in increased security by segmentation of computing nodes and their function within the organization. For example, perhaps accounting and administration share sensitive data on a server that should be invisible to other network computers. Another strong plus for VLANs is the segmentation of network traffic of different types. Video traffic from network cameras that monitor a facility could be placed on a VLAN along with its servers, which would keep that traffic from being broadcast across the primary computer data network, thus avoiding potential network congestion.
A follow up question that we should now answer is that of how virtual local area networks are setup. VLANs are defined by grouping physical ports on a switch and defining a name for that grouping of ports in the management software of the switch. Managed switches will already have a single default VLAN and when these switches are connected to each other, they form one large broadcast domain. You can think of this default VLAN as a universal broadcast domain with no restrictions on traffic passing on all switch ports.
A couple switches with 2 VLANs defines and truck cables
To segment a group of ports into their own VLAN, you can define a new VLAN with a name of V1 and define ports 1-6 as belonging to V1. Ports 7-12 on the same switch could be assigned to another new VLAN called V2. Ports do not need to be contiguous or sequential. VLANs like V1 and V2 can be extended to other physical switches by assigning their ports to V1 and V2. Then a trunk line cable can be plugged into ports on each switch that are part of the same VLAN.
This brings us to what happens when a particular network resource, say a server or router, needs to be accessible from two or more VLANs. For our example, let’s say V1 and V2 need access to an internal file server. In order to make this example work, the VLAN configuration needs to accommodate Inter-VLAN communications. In order to accommodate inter-VLAN communication, the switches in our network must have Layer 3 switching capabilities, which is called routing. If Layer 3 switching is not built into the switch, then an external router must be used to switch network traffic between VLANs.
In my next article, I will look at a mechanism and protocol on managed switches called VLAN tagging which can replace the routing hardware used in our inter-VLAN example. Modern managed switched have VLAN tagging protocols and they can assist in building VLANs.
Subscribe via RSS