Virtual LAN (VLAN)
Virtual LAN (VLAN) is a concept in which we can divide the devices logically on layer 2 (data link layer). Generally, layer 3 devices divide the broadcast domain but the broadcast domain can be divided by switches using the concept of VLAN.
A broadcast domain is a network segment in which if a device broadcast a packet then all the devices in the same broadcast domain will receive it. The devices in the same broadcast domain will receive all the broadcast packets but it is limited to switches only as routers don’t forward out the broadcast packet. To forward out the packets to different VLAN (from one VLAN to another) or broadcast domains, inter Vlan routing is needed. Through VLAN, different small-size sub-networks are created which are comparatively easy to handle.
- VLAN 0, 4095: These are reserved VLAN which cannot be seen or used.
- VLAN 1: It is the default VLAN of switches. By default, all switch ports are in VLAN. This VLAN can’t be deleted or edit but can be used.
- VLAN 2-1001: This is a normal VLAN range. We can create, edit and delete these VLAN.
- VLAN 1002-1005: These are CISCO defaults for fddi and token rings. These VLAN can’t be deleted.
- Vlan 1006-4094: This is the extended range of Vlan.
We can simply create VLANs by simply assigning the vlan-id and Vlan name.
#switch1(config)#vlan 2 #switch1(config-vlan)#vlan accounts
Here, 2 is the Vlan I’d and accounts is the Vlan name. Now, we assign Vlan to the switch ports.e.g-
Switch(config)#int fa0/0 Switch(config-if)#switchport mode access Switch(config-if)#switchport access Vlan 2
Also, switchport range can be assigned to required vlans.
Switch(config)#int range fa0/0-2 Switch(config-if)#switchport mode access Switch(config-if) #switchport access Vlan 2
By this, switchport fa0/0, fa0/1, fa0-2 will be assigned Vlan 2.
Assigning IP address 192.168.1.1/24, 192.168.1.2/24 and 192.168.2.1/24 to the PC’s. Now, we will create Vlan 2 and 3 on switch.
Switch(config)#vlan 2 Switch(config)#vlan 3
We have made VLANs but the most important part is to assign switch ports to the VLANs.
Switch(config)#int fa0/0 Switch(config-if)#switchport mode access Switch(config-if) #switchport access Vlan 2 Switch(config)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if) #switchport access Vlan 3 Switch(config)#int fa0/2 Switch(config-if)#switchport mode access Switch(config-if) #switchport access Vlan 2
As seen, we have assigned Vlan 2 to fa0/0, fa0/2, and Vlan 3 to fa0/1.
VLANs offer several features and benefits, including:
- Improved network security: VLANs can be used to separate network traffic and limit access to specific network resources. This improves security by preventing unauthorized access to sensitive data and network resources.
- Better network performance: By segregating network traffic into smaller logical networks, VLANs can reduce the amount of broadcast traffic and improve network performance.
- Simplified network management: VLANs allow network administrators to group devices together logically, rather than physically, which can simplify network management tasks such as configuration, troubleshooting, and maintenance.
- Flexibility: VLANs can be configured dynamically, allowing network administrators to quickly and easily adjust network configurations as needed.
- Cost savings: VLANs can help reduce hardware costs by allowing multiple virtual networks to share a single physical network infrastructure.
- Scalability: VLANs can be used to segment a network into smaller, more manageable groups as the network grows in size and complexity.
Some of the key features of VLANs include:
- VLAN tagging: VLAN tagging is a way to identify and distinguish VLAN traffic from other network traffic. This is typically done by adding a VLAN tag to the Ethernet frame header.
- VLAN membership: VLAN membership determines which devices are assigned to which VLANs. Devices can be assigned to VLANs based on port, MAC address, or other criteria.
- VLAN trunking: VLAN trunking allows multiple VLANs to be carried over a single physical link. This is typically done using a protocol such as IEEE 802.1Q.
- VLAN management: VLAN management involves configuring and managing VLANs, including assigning devices to VLANs, configuring VLAN tags, and configuring VLAN trunking.
Types of connections in VLAN –
There are three ways to connect devices on a VLAN, the type of connections are based on the connected devices i.e. whether they are VLAN-aware(A device that understands VLAN formats and VLAN membership) or VLAN-unaware(A device that doesn’t understand VLAN format and VLAN membership).
- Trunk Link –
All connected devices to a trunk link must be VLAN-aware. All frames on this should have a special header attached to it called tagged frames.
- Access link –
It connects VLAN-unaware devices to a VLAN-aware bridge. All frames on the access link must be untagged.
- Hybrid link –
It is a combination of the Trunk link and Access link. Here both VLAN-unaware and VLAN-aware devices are attached and it can have both tagged and untagged frames.
- Performance –
The network traffic is full of broadcast and multicast. VLAN reduces the need to send such traffic to unnecessary destinations. e.g.-If the traffic is intended for 2 users but as 10 devices are present in the same broadcast domain, therefore, all will receive the traffic i.e. wastage of bandwidth but if we make VLANs, then the broadcast or multicast packet will go to the intended users only.
- Formation of virtual groups –
As there are different departments in every organization namely sales, finance etc., VLANs can be very useful in order to group the devices logically according to their departments.
- Security –
In the same network, sensitive data can be broadcast which can be accessed by the outsider but by creating VLAN, we can control broadcast domains, set up firewalls, restrict access. Also, VLANs can be used to inform the network manager of an intrusion. Hence, VLANs greatly enhance network security.
- Flexibility –
VLAN provide flexibility to add, remove the number of host we want.
- Cost reduction –
VLANs can be used to create broadcast domains which eliminate the need for expensive routers.
By using Vlan, the number of small size broadcast domain can be increased which are easy to handle as compared to a bigger broadcast domain.
Disadvantages of VLAN
- Complexity: VLANs can be complex to configure and manage, particularly in large or dynamic cloud computing environments.
- Limited scalability: VLANs are limited by the number of available VLAN IDs, which can be a constraint in larger cloud computing environments.
- Limited security: VLANs do not provide complete security and can be compromised by malicious actors who are able to gain access to the network.
- Limited interoperability: VLANs may not be fully compatible with all types of network devices and protocols, which can limit their usefulness in cloud computing environments.
- Limited mobility: VLANs may not support the movement of devices or users between different network segments, which can limit their usefulness in mobile or remote cloud computing environments.
- Cost: Implementing and maintaining VLANs can be costly, especially if specialized hardware or software is required.
- Limited visibility: VLANs can make it more difficult to monitor and troubleshoot network issues, as traffic is isolated in different segments.
Real-Time Applications of VLAN
Virtual LANs (VLANs) are widely used in cloud computing environments to improve network performance and security. Here are a few examples of real-time applications of VLANs:
- Voice over IP (VoIP) : VLANs can be used to isolate voice traffic from data traffic, which improves the quality of VoIP calls and reduces the risk of network congestion.
- Video Conferencing : VLANs can be used to prioritize video traffic and ensure that it receives the bandwidth and resources it needs for high-quality video conferencing.
- Remote Access : VLANs can be used to provide secure remote access to cloud-based applications and resources, by isolating remote users from the rest of the network.
- Cloud Backup and Recovery : VLANs can be used to isolate backup and recovery traffic, which reduces the risk of network congestion and improves the performance of backup and recovery operations.
- Gaming : VLANs can be used to prioritize gaming traffic, which ensures that gamers receive the bandwidth and resources they need for a smooth gaming experience.
- IoT : VLANs can be used to isolate Internet of Things (IoT) devices from the rest of the network, which improves security and reduces the risk of network congestion.
Please Login to comment...