Salient points you need to know about Virtual LAN (VLAN)

What is a VLAN?

VLAN is the short form of Virtual LAN. They allow for logical segmentation of a LAN in to different broadcast domains. VLAN’s help create multiple physical LAN segments using the same network infrastructure.

For example, assume that you have a twenty four port switch and twenty users are connected to twenty ports in that switch. Out of those twenty, ten are from the accounts team and ten are from the marketing team. In this situation, you can create a separate VLAN for each group in order to restrict their broadcast domain as well as isolate them in to different physical networks for security reasons – More about this, below.

Why are VLAN’s required?

When an Computer or a Router wants to find the physical destination of an IP address, they generate an ARP (Address Resolution Protocol) request to all the nodes in their network. But only a particular node with the requested IP address replies back with its MAC (Physical) address, so that the data packets could be sent to it. Notice that communications was intended to be with only one node, but the request is addressed to all the nodes in that network, which is also broadcasted duly by the switch.

If the network is huge, these broadcast messages could fill up the network with little space for genuine packets to propagate. The processing cycles of various nodes are also wasted in processing these ARP request messages. So, VLAN’s primary objective is to divide the network in to multiple smaller networks so that the broadcast domain would decrease and hence the network efficiency would increase.

VLAN’s also provide security by physically separating a group of nodes from another group. This is useful when confidential financial data of an organization needs to be kept away from the other departments, and hence there is a separate VLAN for the finance department so that such sensitive information would not be exposed to everyone in the organization. Also, servers are usually kept in their own VLAN, so that they cannot be easily found out by intruders checking for live nodes in the general network.

What are the types of VLAN?

VLAN’s can be created by three ways:

Membership by port: This is the most common VLAN. In this, each port of a network switch is assigned with some VLAN ID so that the node connecting to that port can be put in to the corresponding VLAN.
Membership by MAC address: Well, if you don’t want to tie every port to a user, you could leave the ports aside and group the users according to their MAC (physical) address which is the permanent address of their NIC card. This way, where ever the user connects in the network, he still gets in to the VLAN designated to him.
IP Subnet address: While allocating the IP address of a node (Static), then you could set different subnets to each group so that the systems in one subnet cannot communicate with another.

However, there are differences between VLAN & Subnets.

Trunk Link: As multiple switches are used within every network, certain ports of switches (that connect to uplink switches) are configured as trunk ports and they enable the propagation of various VLAN’s throughout the network.

What is IEEE 802.1q tagging?

This is a VLAN tagging methodology and it is based on open standards. When an Ethernet frame traverses a trunk link of its source (origin) switch, a special VLAN tag is added to the frame and sent across the trunk link. When it arrives at the trunk link of its destination switch, the VLAN tag added above is removed and the frame is sent to the correct access port.

VLAN tagging makes it easier to identify which VLAN each frame belongs to, as the trunk lines are designed to pass frames from multiple VLAN’s in multiple switches.

A large scale network is also interconnected by the fiber modules in addition to Ethernet modules. So, VLAN frames need to be tagged and work through such Fiber Distributed Data Interface Networks (FDDI) too. So, with the use of 802.10 SAID field, a mapping between the Ethernet VLAN and 802.10 FDDI network is created, and as such, all Ethernet VLAN’s are able to run over FDDI networks.

Inter VLAN Routing:

In many organizations, the file servers and other servers are mostly kept in a separate VLAN for security purposes. So, when the nodes from a different VLAN want to communicate with such servers, and other resources of other VLAN’s, Inter VLAN Routing is used.

Inter VLAN Routing is enabled by placing a Layer 3 Switch at the Core. So, the members of one VLAN can be routed through this Layer 3 Switch to connect to other VLAN’s. The rules for such Inter VLAN routing needs to be written in the Layer 3 Switch.

What is VTP – Virtual Trunk Protocol?In a bigger network with many access switches, the VLAN configuration and the changes often needs to be done on each switch. But that can get time consuming on a large network. So, to simplify that we have VTP – Virtual Trunk Protocol.

This involves setting up at least one switch to be configured as a VTP Server and multiple switches as VTP clients. Any change in the VLAN database in the VTP server will trigger an update towards all VTP clients so that they could update their VLAN database. This simplifies the configuration in a big network.

How is QOS enabled in a VLAN?

IEEE 802.1D is the standard specifying the QOS parameters for a VLAN. VLAN ID and User Priority can be used to set up the QOS in a VLAN so that delay sensitive packets like voice, video and network control packets can be given a higher priority during transmission.

User priority can be in the range of 7 to 1 with Network Control, Voice and Video being 7, 6, and 5 respectively. This ensures that delay sensitive real time application packets are transmitted before the other normal packets in the LAN, improving the performance.

excITingIP.com