This article will explain what a VLAN is, how it works, and a look into the different types, along with a guide on how to configure a VLAN.
Virtual Local Area Network (VLAN), is defined by the National Institute of Standards and Technology (NIST) as “a broadcast domain that is partitioned and isolated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN, as if they were attached to the same physical LAN.”
There are several purposes to using VLANs in a network, notably to enhance the performance of devices, improve on security, and reduce the administrative burden for teams.
There are a number of key differences between a LAN and VLAN, all of which affect factors such as cost, security, and setup complexity. Let’s take a look at these in detail:
LAN Key Characteristics
VLAN Key Characteristics
As we’ve seen above, there are several key benefits of using VLANs. Let’s take a look at these in more detail:
Improved network performance
Due to the segmentation of one physical network into several broadcast domains, specific endpoints experience less traffic, improving the overall flow of the network.
Increased security
Not only is there an extra layer of security due to segmentation, but only trusted devices have permission to communicate with each other.
Simpler network manageability and scalability
Expanding a LAN means more costs related to setup and having to add additional switches and routers. With a VLAN however, as no additional hardware is required, scaling is simple, and adding or removing devices is all done virtually.
A VLAN works by breaking down (or segmenting) one physical network into smaller ones. A company will typically group devices from different departments under different VLANs.
For example, all the devices from the HR department would be under one particular VLAN and so forth. As each VLAN has its own individual broadcast domain, any traffic passing through a particular LAN is not visible to other VLANs or the devices that are linked to them.
VLAN data tagging is the process in which network traffic is separated and identified. A network can then be isolated (segmented) into smaller ones that are isolated which provides the benefits mentioned above, i.e. enhanced security, increased network efficiency and scalability.
This process of tagging consists of inserting a VLAN ID (VID) into each Ethernet frame’s header. The VID is then used to match the VLAN to the correct frame.
The IEEE 802.1Q standard allows this network segmentation to occur, and individual switches and users use 802.1Q to tag and forward the traffic that is allocated to a particular VLAN.
There are five main types of VLAN:
Default VLAN
All switch ports become a member of the default VLAN upon powering on of the switch. They are named VLAN 1
Data VLAN
Also known as a user VLAN, this carries all user-generated data only.
Management VLAN
A management VLAN carries all network management traffic such as switch configuration and network monitoring.
Voice VLAN
This particular type of VLAN carries voice traffic, usually from VoIP telephones.
Native VLAN
A native VLAN deals with any traffic on trunk links in a network that is untagged. A trunk link is a connection between individual switches or a switch and a router.
Here’s a list of some of the common problems and how to troubleshoot them:
Solution: Check configurations on all switches and endpoints, and ensure the VLAN IDs are correct
Solution: Check all devices have power, all cables and connections are
Solution: Check trunk configurations and allowed VLANs on both link ends
Solution: Incorrectly configured VLANs can result in poor performance so check if any switches are congested or VLANs are overloaded.
Solution: Software issues and hardware malfunctions can directly cause VLAN problems. Upgrading and replacing any faulty hardware and updating any software can help resolve these issues.
Solution: If access ports are not assigned to the right VLAN or not enabled, it can result in connectivity problems. Ensure the correct access point is assigned to the corresponding VLAN, and the switches are selected to the “up” position.
A solid VLAN network setup can prove to be an invaluable asset, especially when we take into account the increased security, improved network performance, and scalable nature.
There are several types of VLAN, which serve a specific function. For example a data VLAN is associated with carrying user-generated data, whereas a voice VLAN carries all voice traffic.
A VLAN can be configured in as little as six, short steps, and our troubleshooting list can help get you back on track should any operational errors occur.
Our robust range of products at Comnet are the reliable partner that’s needed in any VLAN setup, and to find out more about our products and solutions, please e-mail us at comnetsales@acresecurity.com.