Ads by Google

What is a virtual LAN interface (VLAN)

In this article will be explained what is a virtual LAN interface (VLAN), and what are the benefits of using multiple VLAN interfaces.

A Virtual Local Area Network (virtual LAN or VLAN) divides a physical network into multiple logical networks. The standard is defined in IEEE 802.1q.

VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch. This can greatly simplify network design and deployment, because VLAN membership can be configured through software. Without VLANs, grouping hosts according to their resource needs necessitates the labor of relocating network nodes or rewiring data links.

Let’s examine the following example:

The network state before applying virtual LAN (VLAN) interfaces

In this example, there are two physical networks and three departments: Office (A), Sales (B), and Production (C). The physical networks are connected to switches, and the switches are connected to the router. This is the network state before applying the VLAN concept.

* Note that computers in the Sales department (B) aren’t in the same physical network (two computers are in the one physical network and the third computer is in the another physical network).

Now let’s examine how the network could look like if we create virtual LANs:  these two physical networks could be divided into three different VLANs:

The network state after applying VLAN (virtual LAN) concept

* Note that in this picture AB and C refer to switches, not the departments. Also note that if one switch (e.g. switch C) has enough connections for the entire network, the network does not need switches A and B (they can be removed from the network).

OK, so this is the state after we have applied a virtual LAN interface (VLAN) concept. Now we have three VLANs that match our three departments.  Now all the computers from the Sales department belong to the same virtual local area network (VLAN ID = 2).

Each VLAN is a separate network with separate IP addresses, subnet masks, and gateways. Each VLAN also has a unique identification number (ID). The ID is a 12-bit value that is stored in the MAC header. The VLANs are  connected to switches (or a single switch if C has enough connections), and the switches are connected to the router.

Traffic inside each VLAN is a layer-2 communication (data link layer, MAC addresses). It is handled by the switches. As a result, the new switch is required to handle traffic inside VLAN 2. Traffic is only broadcast inside each VLAN, not each physical network.

Traffic between VLANs (or between a VLAN and another type of network) is layer-3 communication (network layer, IP addresses). It is handled by the router.

This approach provides a few advantages:

  • Increased performance – in VLAN 2, the extra switch should route traffic inside the sales department faster than the router does. In addition, broadcasts are limited to smaller, more logical groups of users.
  • Higher security – if each computer has a separate physical connection to the switch, then broadcast traffic in each VLAN is never sent to computers in another VLAN.
  • Better manageability – you can align network policies more appropriately for users. For example, you can create different content filtering rules for each VLAN (each department in the example above), and you can set different bandwidth limits for each VLAN. These rules are also independent of the physical network, so you can change the physical network without changing policies.

If we have three switches, the new switch C handles the following types of traffic:

•  Inside VLAN 2.
•  Between the router and VLAN 1.
•  Between the router and VLAN 2.
•  Between the router and VLAN 3.

To subdivide a network into virtual LANs, one configures a network switch or router.

  1. Simpler network devices can only partition per physical port (if at all), in which case each VLAN is connected with a dedicated network cable (and VLAN connectivity is limited by the number of hardware ports available).
  2. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Since VLANs share bandwidth, a VLAN trunk might use link aggregation and/or quality of service prioritization to route data efficiently.

 

References:

  1. Wikipedia
  2. ZyXEL documentation

 

Summary
What is a virtual LAN interface (VLAN)
Article Name
What is a virtual LAN interface (VLAN)
Description
In this article will be explained what is a virtual LAN interface (VLAN), and what are the benefits of using multiple VLAN interfaces.
Author
www.CreativForm.com