Sunday, 7 February 2021

Virtual LAN

What is Virtual LAN?

Most advanced switches allow you to create Virtual LAN (VLAN), a VLAN is a virtual local area network that runs on top of your actual physical network. VLANs work at layer 2 of the OSI model, which means that they’re related MAC addresses, not IP addresses. That said, there is usually a direct correlation between VLANs and IP subnets. If (or when) your network grows large enough that you want to set up two or more subnets to better manage it, you’ll probably also want to set up two or more VLANs, one for each of your subnets.

A VLAN can divide a single switch into two virtual switches that behave exactly as if they were separate switches. This means the followings are

  • If a port on one VLAN receives a packet intended for a destination on the same VLAN, the switch forwards the packet to the destination port, the same as if VLANs were not in use.
  • When a port on one VLAN receives a packet intended for a destination on the same VLAN that the switch has not yet learned, the switch will flood only those ports that are on the destination VLAN — not all the ports on the switch. Thus, VLANs can reduce traffic caused by flooding.
  • When a broadcast packet is received, the switch will forward the packet only to those ports that are on the same VLAN. In other words, VLANs can break up broadcast domains in the same way that a router can.
  • If a port on one VLAN receives a packet intended for a different VLAN, a router is required to link the networks. That’s because separate VLANs are, for all intents and purposes, separate networks. That being said, most switches that support VLANs also support trunk ports, which can switch traffic between VLANs. A trunk port is a port that can handle traffic for two or more VLANs.
  • To use VLANs, you must manually configure each port of your switches to operate on the appropriate VLAN. By default, all switches regardless of the manufacturer are configured out of the box so that all ports operate on VLAN named VLAN1. To create a new VLAN, you simply create a name for the new VLAN, then configure the ports that will talk on the new VLAN. In VLAN terminology, a port that is configured to operate on a single VLAN is called an access port. Ports that are configured to work on more than one VLAN is called trunk ports. By default, all switch ports are configured as access ports on VLAN1.

Note: If you have more than one switch in your network, you can configure VLANs to work across the switches. For example, you can create a VLAN for your company’s accounting department — let’s call it VLAN-Acct. Then you can configure ports on any of your switches as access ports on VLAN-Acct. In this way, your entire accounting staff can operate on the accounting VLAN.

Also learn about Virtual Private Network (VPN)


Post a Comment