As LAN segments tend to increase and need to have logically separate entities within the same office environment, the requirement for VLANs picked up pace. Virtual LANs (VLANs) allow network administrators to divide a physical network into separate logical broadcast domains. By default, all hosts connected to a switch are members of the same broadcast domain. A VLAN represents a broadcast domain. VLANs are identified by a VLAN ID (a number upto 4096), with the default VLAN on any network being VLAN 1. Each port on a switch or router can be assigned to be a member of a VLAN (i.e. to allow receiving and sending traffic on that VLAN). VLANs are implemented to achieve scalability, security and ease of network management and can quickly adapt to change in network requirements and relocation of workstations and server nodes.
BELOW SCENARIO WILL HELP UNDERSTAND CONCEPT OF VLAN –
In 1st diagram, all the ports on switch are configured as part of common Vlan. This means that all the hosts i.e. PC1, PC2, PC3 and PC4 can communicate to each other directly and will be able to hear each other’s broadcast traffic.
In 2nd diagram, 1st 2 ports of Switch (SW1) are configured as part of Vlan 10 while next 2 ports configured as Vlan 20 members. So now, PC1 and PC2 will directly be able to communicate to each other and hear each other’s broadcast. Same is the case with PC3 and PC4 which are part of Vlan 20.However, nodes in Vlan 10 can’t hear Vlan 20 node’s broadcast. In case PC1 (Vlan 10) wants to communicate with PC3 (Vlan 20), the traffic will have to pass through a layer 3 device – In this case a Router (R1) will perform inter Vlan communication.
Vlan major benefits are listed below –
- Increased security – Separating systems having sensitive data from the rest of the network assets decreases the chances that people gaining access to confidential information.
- Increased Performance – Decreasing the latency and traffic load on the network and the network devices, offering increased performance.
- Improved manageability – flexibility for network administrators to be able to configure network switches remotely in a centralized environment while the devices might be located in different geographical locations.
- More scalability – Making expansion and relocation of a network or a network device easier
- Reduced Broadcast – VLAN based separation will limit the broadcast traffic local to the vlan and will not be heard by nodes that are not part of different VLAN, it automatically reduces broadcasts.