VLAN: A basic understanding

VLAN: A basic understanding

VLAN stands for Virtual Local Area Network. This is a local area network where the computers, servers and other network devices are LOGICALLY connected regardless of their physical location. Vlan is capable of logically grouping these devices into separate segments. Its main purpose is to provide the following:

  1. Network security
  2. Network traffic management
  3. Simplification of Network

Let’s look at a simple implementation of a VLAN. Supposing you have a 3 storey building and each floor houses separate sensitive departments (Accounts, Shipping and Support) .
As a network administrator, if you were asked to isolate network traffic from all departments you have 2 options:
1. You will either create a separate network hardware for these system which might cost a lot of money or

2. Create a VLAN using a VLAN capable switch. This will create the separated logical network for you while you can easily create rules to preventing the logical network from communicating with each other.

You might want to create a separate VLAN segment for each floor like this:

  • Floor 1 (Accounts Dept): 192.168.101.1   – 254
  • Floor 2 (Shipping Dept): 192.168.102.1   – 254
  • Floor 3 (Support Dept): 192.168.103.1   – 254

Notice that the third segment in the IP address is what differentiates each floor. Each floor has an allocation of IP from 1 all the way to 254.

Advantage of VLAN

  1. Cost-effectiveness: A vlan can be created as we saw in our example where several systems shared the same network cabling and same switch.
  2. Single dashboard for unified monitoring and management: All network regardless of if they are isolated or not can be monitored or managed from a single source.

How is vlan implemented

It is achieved only on vlan capable switches. Examples are:

  1. HP ProCurve 1810G 24
  2. Mikrotik CRS125-24G-1S-RM
  3. TP-Link TL-SG2424
  4. NetGear GSM7224R
  5. ZyXEL GS1910-24
  6. All Cisco managed switches (eg 2960,3850,3560,3750,4500E‎)

So in our previous example, the vlan was created by designating specific ports on the switch and assigning those ports to a specific vlan.

Thus if we have a 12 port switch we could divide those ports and prepare them for VLANs. In my own scenario, I will give each department 4 ports and configure their Virtual Local Area Network in those ports.

Trafic management and simplification of network As a local area network grows, more network devices are added and the frequency of broadcast will also increase, thus heavily congesting the network. Vlans can alleviate network traffic by dividing the network into smaller broadcasting domains as can be seen below:

On a final note, it is also important to state that it can also be used to create separate segments in a network such as 

  1. Storage area network (SAN)
  2. Test area network
  3. Guest Internet access
  4. Demilitarised zone (DMZ)

Leave A Comment

No products in the cart.