h1

VLANs

February 10, 2008

A Virtual LAN is a type of logical network that exists as a subset of a larger physical network. In smaller networks, the network can be divided into segments fairly easy, with little administrative overhead. Splitting the network into segments allows network data and broadcast data to remain on the local segment, without broadcasting data to the entire network as a whole. Segmentation of LANs also provides extra security because a user on one LAN won’t have access to another LAN without special permission.

Unfortunately, segmenting a larger network into smaller networks can be tedious and may involve the purchase of extra networking equipment, such as switches and routers, along with extra cabling to separate them. This is where a VLAN can help, because the network segmentation is performed through software, rather than hardware. VLANs have the capability to isolate network traffic on specific segments, and even provide crossover functionality to enable certain VLANs to overlap and allow access between them.

The capability to create VLANs is dependent on the capabilities of your network equipment. Most modern switches and routers support the use of VLANs, which can be enabled simply through changing the configuration of the network device.

Three basic types of VLANs exist:

Port-Based VLAN – The port-based VLAN uses the specific port of a network switch to configure VLANs. Each port is configured as part of a particular VLAN. To assign a client workstation to that VLAN, they need to be plugged into that port.

MAC Address-Based VLAN – The MAC address-based VLAN tracks clients and their respective VLAN memberships through the MAC address of the NIC card. The switches maintain a list of MAC addresses and VLAN membership, and they route the nettwork packets to their destination as appropriate. The advantage of MAC address-based VLANs is if their VLAN membership changes, they don’t need to be physically moved to another port. One drawback is that being part of multiple LANs can cause confusion with the switch’s MAC address tables. This model is recommended for single VLAN memberships.

Protocol-Based VLAN – A protocol-based VLAN is the most flexible and logical type of VLAN. It uses the addresses of the IP layer to assign VLAN settings, so an entire IP subnet can be assigned a certain VLAN membership.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: