Have you ever asked yourself questions like: What is a virtual LAN (or VLAN)? When and why do you need a VLAN? The following article will share with you basic knowledge about VLANs, helping you understand the concept of VLANs and its usefulness.
What is VLAN?
Surely most of you understand what a LAN is. However, we should still reiterate a bit, because if you do not understand what a LAN is, you will not be able to have the concept of VLAN. LAN is a local area network (short for Local Area Network), defined as all computers in the same broadcast domain. Remember that routers block broadcast messages, while switches only forward them.
VLAN stands for Virtual Local Area Network, also known as virtual LAN. A virtual LAN (VLAN) is a group of computers connected to the same network but not in close proximity to each other. Using VLANs allows for more efficient use of network resources and can be useful when there are too many devices for one network.
A VLAN is defined as a logical group of network devices and is established based on factors such as functions, departments, applications, etc. of the company. Technically, a VLAN is a broadcast domain created by switches. Normally, the router plays the role of creating a broadcast domain. For VLANs, the switch can create a broadcast domain.
This is done when you – the administrator – place some switch ports in VLANs other than VLAN 1 – the default VLAN. All ports in a single VLAN belong to a single broadcast domain.
Because the switches can communicate with each other, some ports on switch A may be in VLAN 10 and some ports on switch B may also be in VLAN 10. Broadcast messages between these computers will not be exposed on ports belonging to any VLAN except VLAN 10. However, all of these computers can communicate with each other because they belong to the same VLAN. Without additional configuration, they will not be able to communicate with other computers outside this VLAN.
VLAN classification
- Port – based VLAN: is a simple and popular way to configure VLAN. Each Switch port is associated with a specific VLAN (default is VLAN 1), so any host device attached to that port belongs to a certain VLAN.
- MAC address based VLAN: This configuration is rarely used due to many inconveniences in management. Each MAC address is marked with a specific VLAN.
- Protocol – based VLAN: This configuration is similar to MAC Address based, but uses a logical address or IP address instead of the MAC address. The configuration method is no longer common thanks to the use of DHCP protocol.
How do VLANs work?
VLANs are created by adding a tag or header to each Ethernet frame. This tag tells the network which VLAN the frame should be sent to. Devices in different VLANs cannot see each other’s traffic unless they are both connected to a router configured to allow this.
Are VLANs necessary?
Currently, VLAN plays a very important role in LAN technology. To clearly see the benefits of VLAN, let’s consider the following case:
Suppose a company has 3 departments: Engineering, Marketing, Accounting, each department is spread out on 3 floors. To connect computers in a department together, we can install a switch for each floor. That means each floor must use 3 switches for 3 departments, so to connect 3 floors in the company requires 9 switches. Obviously, the above method is very expensive and cannot take advantage of all the inherent ports of a switch. For that reason, the VLAN solution was born to solve the above problem in a simple way while still saving resources.
As we can see, each floor of the company only needs to use one switch, and this switch is divided into VLANs. Computers in the Engineering department will be assigned to VLAN Engineering, PCs in other departments will also be assigned to VLANs corresponding to Marketing and Accounting. The above method helps us to maximize the number of switches we have to use and at the same time take full advantage of the number of available ports (ports) of the switch.
Benefits of VLANs
- Save bandwidth of the network system: VLAN divides the LAN into many small segments, each segment is a broadcast domain. When there is a broadcast packet, it will be transmitted only in the corresponding VLAN. Therefore, dividing VLAN helps save network bandwidth.
- Increase security: Because devices in different VLANs cannot access each other (unless we use a router connecting the VLANs). As in the example above, computers in the Accounting VLAN can only communicate with each other. Computers in the accounting VLAN cannot connect to computers in the engineering VLAN.
- Easily add or remove computers to a VLAN: Adding a computer to a VLAN is very simple, just configure the port for that computer to the desired VLAN.
- Makes the network highly flexible: VLANs can easily move devices. Suppose in the above example, after a period of use, the company decides to put each department on a separate floor. With VLAN, we just need to reconfigure the switch ports and then place them into the required VLANs. VLANs can be configured statically or dynamically. In a static configuration, the network administrator must configure each port of each switch. Then, assign it to a certain VLAN. In dynamic configuration, each switch port can configure its own VLAN based on the MAC address of the connected device.
There is one important thing that I need to emphasize, which is that you do not need to configure a virtual LAN unless your computer network is very large and has a lot of traffic. Many times people use VLANs simply because the computer network they are working on already uses them.
Another important issue is that on Cisco switches, VLANs are enabled by default and all computers are in one VLAN. That VLAN is VLAN 1. Therefore, by default, you can use all ports on the switch and all computers are able to communicate with each other.
When do you need a VLAN?
You need to consider using VLANs in the following cases:
You have more than 200 computers on the LAN
Broadcast traffic on your LAN is too large
Workgroups need increased security or are slowed down by too many broadcast messages.
Workgroups need to be on the same broadcast domain because they are sharing applications. For example, a company uses VoIP phones. Some people who want to use the phone may be on a different VLAN, not the same as regular users.
Or just to convert a single switch into multiple virtual switches.
Why not split the subnet?
A common question is why not divide the subnet instead of using VLAN? Each VLAN should be in its own subnet. VLANs have an advantage over subnets in that computers in different physical locations (not returning to the same router) can be on the same network. The limitation of dividing a subnet with a router is that all computers on that subnet must be connected to the same switch and that switch must be connected to a port on the router.
With VLANs, one computer can be connected to one switch while another computer can be connected to the other switch while all computers remain on the common VLAN (broadcast domain).