This tutorial is a comprehensive guide to Virtual LAN, including its features, benefits, VLAN configuration, tagging, and how to set up a VLAN:
The concept of Computer Networks is not alien to anyone now. While discussing computer networks, it is impossible to miss its two main segments, namely Local Area Network (LAN) and Wide Area Network (WAN).
LAN refers to a network of devices like switches, hubs, bridges, and servers that share a connection, usually at a specific location. Local Area Networks are often also called broadcast domains.
In this article, we will discuss another emerging concept in the world of networking called VLAN. We will also understand how it counters problems posed by using routers for containing broadcast traffic. The article will also elucidate the configuration of Virtual LAN in the latter sections.
Let’s begin with gaining an insight into the emergence of the need for Virtual LAN.
Development of VLAN
As mentioned above, LAN is also referred to as a broadcast domain. This simply means in a situation when a user uses his/her LAN to broadcast any information, it will be sent to every user on LAN. To prevent broadcasts from leaving a LAN, routers are used.
This method has a limitation. The time taken by routers for processing incoming data is much higher compared to that taken by a bridge or a switch. This led to the development of a Virtual Local Area Network as a means of restricting a broadcast from leaving a LAN.
[image source]
Table of Contents:
What Is A VLAN
Let us begin with the definition.
Virtual Area Networks refers to a subnetwork that can group multiple devices which are on separate physical LAN.
VLANs allow the network administrators to create partitions in a network that has a single switch, allowing them to match the requirements in terms of functionality and security. This not only assists in better management of traffic but also reduces the need to make any additional alterations in the existing network infrastructure.
In simple words, it enables the segregation of the network without the need for any additional hardware. With a single physical switch, many different networks can be connected.
Here is an image that shows three VLANs thereby creating networks that are logically defined:
[image source]
It is important that we also understand the various types of Virtual LAN and their benefits to business before we discuss its setting up process.
Types Of Virtual LAN
VLAN differs in its types based on the purpose for which it is set up. Here we are discussing the most common types:
- Management VLAN: This type is advisable to be set up for the most sensitive management tasks, like monitoring, system logging, SNMP, etc. This not only provides the benefits of security but also provides bandwidth for these management tasks even in situations of higher traffic.
- Data VLAN: This type is also called user VLAN and caters exclusively to user-generated data. Depending on the structure of the organization, data Virtual LANs are grouped. It is highly recommended to deeply analyze how users can be grouped logically while looking at all possibilities of its setup. These groups can be department-wise or maybe work group-wise.
- Voice VLAN: This is recommended and suitable for organizations using Voice Over IP (VoIP). Setting up a different Virtual LAN provides bandwidth for additional applications and ensures optimum quality for VoIP.
- Default VLAN: It is the one to which all ports on a device are connected upon switching on. Most of the switches have Virtual LAN 1 as default. It is advisable to change it by considering security. It is also another way to address that Virtual LAN to which all ports are connected while not in use.
- Native VLAN: This has been explained separately.
What is a Native Virtual LAN?
To understand this, we first need to understand the basic concept of “Access port” and “Trunk Port”.
Access port, also called untagged port, refers to that switch port that carries traffic for a single VLAN while on a Trunk port, also called tagged port, traffic for many Virtual LANs is carried.
Native VLAN refers to one which crosses that Trunk port that does not have a VLAN tag. Whenever there is incoming traffic on the port without a VLAN tag, it gets linked to the Native VLAN. To summarize, it is a method of passing untagged traffic between multiple switches.
Apart from this, there are some other important types of Virtual LAN. These have been explained below.
Port-based: The purpose of a port-based VLAN is to connect a virtual local area network with a port. This means that manual configuration of the switch port to a member of VLAN can be done.
All devices associated with this port are also a part of the same broadcast domain due to similarity in VLAN number. It can sometimes be difficult to understand the appropriateness of all the ports w.r.t a particular VLAN in this type of network.
The below image shows configuration based on ports.
[image source]
Protocol-based: In this type, connection with ports depends on the protocol which has been used. This means that the traffic is processed based on protocols. Protocol-based Virtual LAN can be utilized for setting up criteria for those packets which are untagged. Various protocol groups can be established and then linked to a port. Here, the layer 3 protocol is used to identify Virtual LAN membership.
MAC-based: In this type, virtual LAN is assigned to those incoming packets, which are untagged. This helps to segregate traffic depending upon the source address of the packet. Membership is defined based on the MAC addresses. This enables establishing MAC- VLAN mapping for every interface. Multiple MAC-based VLAN groups can be created and every group can have a separate MAC address.
Characteristics
- Each Virtual LAN is a separate LAN that enables sharing of traffic between VLANs, thereby reducing traffic load and congestion.
- It allows for the availability of workstations with optimum bandwidth for each port.
- It is easier to relocate terminals.
- Helps to eliminate latency in the network. This promotes the efficiency of the network.
Surely, by now, you must have gauged how beneficial Virtual LAN is.
Benefits
We have enumerated a few benefits below:
- It enables various networks to virtually perform as one LAN.
- The segmentation provided by Virtual LAN helps to counter problems related to security and network management. It is also extremely beneficial in controlling traffic patterns.
- With the help of Virtual LAN, Network Administrators can provide added security to the network.
- It is also beneficial in situations where a network or network devices have to be expanded or relocated.
- It reduces the limitation of different geographical locations and allows administrators to be flexible and operate in a centralized environment. This makes it possible to create logical groups even while users are physically spread out on the network.
- It also makes the process of identifying faults and troubleshooting easier and quicker because the groups of users are separated from each other.
- Using VLAN is surely cost-effective as well because there is no need for any additional hardware and cables.
Limitations
Like they say, “Every coin has two sides”, Virtual LAN also suffers from a few limitations. Let us look at a few limitations:
- A VLAN cannot pass the network traffic to other VLANs.
- In the case of large networks, controlling of workload requires added routers.
- There is a possibility of leakage of packets between VLANs.
- With an injected packet, the possibility of a cyber-attack is high.
- In case of a virus, or threat is detected in any of the systems, there is a high possibility of it spreading to the network.
While talking about Virtual LAN, some people confuse it with Subnet as both primarily deal with the partitioning of networks with a few similar features. Let us take a quick look at Subnet.
What Is Subnet
Subnet refers to a small network that has a group of IP addresses. A subnet is a part of a bigger network. All the IP addresses which fall within a particular Subnet can communicate with each other and there is no need for any routing device.
To communicate with any IP address outside the Subnet, a router or a Gigabit Ethernet Switch, which has the function of a router, is needed.
VLAN vs Subnet
We need to understand that Virtual LAN and Subnet are different. For the benefit of our readers, we have enumerated a few points of difference below:
Point of difference | VLAN | Subnet |
---|---|---|
VLAN is a logical network which primarily restricts broadcasts to only those hosts who belong to that VLAN. | Subnet refers to a small network which has a group of IP addresses | |
Scope | VLAN enables creation of separate logical physical networks. | IP Subnet enables creation of logical networks in the same physical network. |
Network-member control | Configuration is at Server/router side. | Subnet is decided by IP Address. |
OSI layer | Is layer 2 and MAC addresses work here | Is layer 3 and IP address works. |
Security | Known to provide more security and better control for the network. | Control is limited compared to VLAN. |
Flexibility | Is extremely flexible and enhances performance and efficiency | Subnet does not impacted even when there is a breakdown of other subnets. |
Terminology used | More software related terminology is used. | More hardware related terminology is used. |
How To Set Up A VLAN
Below is a step-by-step process of configuration:
Step1: Select a valid VLAN number.
Step2: Select a range for the private IP addresses for those devices which have to be mapped with this VLAN.
Step3: Next, the switch device needs to be set up with a careful selection of settings between dynamic and static.
- Static Settings: Each switch port has an associated VLAN number.
- Dynamic settings: The VLAN number has a series of MAC addresses (usernames) associated.
Step4: In the next step, we need to set up routing between VLANs. In case two or more Virtual LANs have to be set up and these will also communicate with each other, there will be a need for a VLAN aware-router or a layer 3 switch.
Let us consider an example of the setting up of VLAN based on protocol.
Just to reiterate, when we talk about protocol-based VLAN mapping, we are talking about connecting a protocol group with a single port. Before we look at the steps, it is important to familiarize ourselves with the devices and version of software used.
Devices:
- Sx250 Series
- Sx350 Series
- SG350X series
- Sx500 Series
- Sx550 Series
Software:
- 1.4.7.05- Sx500 Series
- 2.2.5.68 – Sx250 Series, Sx350 Series Sx550 Series
Now let’s look at the steps for configuration in this example:
Step1: Select and get logged in to the web-based utility.
Step2: Select Advanced from the drop-down shown in Display Mode. By using the Sx500 Series, you can directly move to step 3.
Step3: First, select VLAN Management and then select VLAN groups. Next, click on Protocol-based groups to VLAN. There could be a variation in the options available based on the switch used. For this particular example, the switch is SG350X.
Step4: Select Add on the dialogue box Mapping Group to VLAN Table. There is no need to enter the type of group, as this is auto-filled.
Step5: Next, select either of the interface type radio buttons seen in the interface area and to which the Virtual LAN protocol type group has been assigned.
Step6: Select the required interface available in the drop-down list. Here, it is important to understand Unit and LAG.
- Unit: This refers to the Unit ID of a unit and includes active members or any standby along with the count of available expansion slots. For SG350X, a maximum of 4 units can be supported.
- LAG: Multiple ports of a switch are collected together into one single group called Link Aggregation Group (LAG). For SG350X, a maximum of 8 LAGs can be supported. We have selected the GE5 port from Unit 2 for this particular example.
Step7: Click on the Group ID drop-down list and select the required Virtual LAN group ID. Selecting the Group ID allows connecting VLAN protocol with specific groups. For this particular example, the Group ID is 5. Also, the Group ID needs to be pre-configured in Protocol-based groups.
Step8: Select the option Apply and then select the option Close.
Step9: Finally, on the top right corner, select the option Save, which saves these settings in the configuration file.
Hurray!! the configuration process is complete.
VLAN Tagging
In the simplest language, Virtual LAN tagging is the process of managing one or more VLANs at a port. This enables us to identify and associate packets with appropriate VLAN on the other side. To make this process of identification simple, each of the packets is tagged with a VLAN tag in the Ethernet frame.
This tagging helps to create accurate and logical systems which are independent. It is also called Frame Tagging.
How does VLAN tagging work?
The foremost step is the identification of the VLAN ID. This is done by entering the VLAN ID into a header that identifies the network to which it belongs. This is extremely helpful, as it gives clarity about that particular broadcast area where the packet needs to be sent.
As mentioned earlier, the switches also need to be pre-configured. This helps to create multiple domains from different broadcast systems.
When the packet reaches the end of the trunk link, the tag gets removed and the packet gets sent to the correct access link port (as per the switch table).
In a nutshell, the process begins with connecting switches and routers through Trunk links. This trunk link enables the packets from all the VLANs to pass through the entire network and reach the destination irrespective of the VLAN it belongs to.
The workstations are directly connected to the Access Links, which are ports with one VLAN membership. This provides access to the required resources to the members of VLAN.
Frequently Asked Questions
Q #1) Is VLAN tagging secure?
Answer: It is far safer and more secure as compared to traditional LANs.
VLANs are not only cost-effective but also provide the benefit of reducing traffic in the network. This is not all! it gives the advantage of additional security. With the separation of devices to different Virtual LANs, prevention of threats and infection spreading to other networks becomes easier. Therefore, it is safe and secure.
Q #2) What are VLAN IDs?
Answer: Virtual LANs have identification numbers ranging from 0 to 4095. VLAN 1 is the default VLAN on any network. For communication between VLANs, it is required to have layer 3 routing, as VLAN is a layer 2 protocol.
Q #3) What are the three types of VLAN?
Answer: The three types are:
- Layer 1 – In this type, VLAN membership is defined based on the ports that belong to VLAN.
- Layer 2 – In this type, the membership is based on the MAC address.
- Layer 2 – In this type, membership is based on Protocol type.
- Layer 3 – In this type, the membership is based on the IP Subnet address.
Note: We have discussed these in the article in detail.
Q #4) Does the home need VLAN?
Answer: It can be a good idea to set up Virtual LAN for home networks as well, especially for separating a few devices and improving the security of the network. The process of setup is not complicated. A network switch supporting VLAN tagging is needed.
Glossary of terms
- Port
- It is a communication endpoint.
- It identifies a type of network service.
- Has a port number.
- Helps to uniquely identify a transaction over a network.
- Bridge
- Bridges can connect two or more different LANs, which have similar protocols and help to provide communication between the devices (nodes) in them.
- Bridges help to multiply the network capacity of a single LAN by joining multiple LANs.
- A bridge helps to connect the different components of the network, such that they appear as a part of a single network.
- Switch
- Switches are one of the primary key building blocks for any network.
- Multiple devices can be connected, such as computers, printers, wireless access points, and servers, on the same network within a campus or building.
- It helps connected devices to talk to each other and share information between themselves.
- Packet
- Refers to the primary component of communication throughout a network.
- We can also consider it as a small segment of a larger message. So, the larger message is divided into packets, as it travels over the network.
- Every packet comprises a source, a destination, as well as the data content being transferred.
Conclusion
In this article, we have discussed how the development in the field of networking has led to the emergence of Virtual LAN.
The article discusses Virtual LAN and a step-wise explanation of setup. This article also explains the bundle of benefits offered.
We are hopeful that the article will provide useful insights on Virtual LAN to our readers. To conclude, VLAN shows to have a promising future in the field of networking if it is implemented carefully.