Virtual Local Area Network (VLAN)


A Virtual Local Area Network (VLAN) may be defined as a group of LANs that have different physical connections, but which communicate as if they are connected on a single network segment. VLANs were created because IT administrators realised that there was a need for a network segmenting solution, since network traffic increases with network size.


VLANs increase overall network performance by grouping users and resources that communicate most frequently with each other. This means that the use of unicast or broadcast data transmission is limited, and traffic is reduced. It is a software based solution and allows IT administrators to adapt to networking changes.


Advantages of VLANs

VLANs provide the following advantages:

* Ease of administration

VLANs enable logical grouping of end-stations that are physically dispersed on a network. When users on a VLAN move to a new physical location but continue to perform the same job function, the end-stations of those users do not need to be reconfigured. Similarly, if users change their job function, they need not physically move: changing the VLAN membership of the end-stations to that of the new team makes the users' end-stations local to the resources of the new team.

* Confinement of broadcast domains

VLANs reduce the need to have routers deployed on a network to contain broadcast traffic. Flooding of a packet is limited to the switch ports that belong to a VLAN.

* Reduction in network traffic

As a result of confinement of broadcast domains on a network, traffic on the network is significantly reduced.

* Enforcement of security policies

By confining the broadcast domains, end-stations on a VLAN can be isolated from listening to or receiving broadcasts not intended for them. Moreover, if a router is not connected between the VLANs, the end-stations of a VLAN cannot communicate with the end-stations of the other VLANs.


Requirements to set up VLANs

The following requirements must be satisfied before setting up VLANs in a network:

* The switches deployed in the network either must comply with IEEE 802.1Q standards or must have a vendor-specific implementation of VLANs.

* For an end-station to support multiple VLANs, it must be able to dynamically register or must be statically configured to belong to a VLAN.

If an end-station cannot register or cannot be configured to belong to a VLAN, the end-station can belong only to one VLAN. This VLAN is configured on the switch port to which the end-station connects.


Communication in a VLAN explained

When a computer on a VLAN sends packets, they are only flooded to the members of the VLAN. If there is communication between VLANs, then the packets will need to go through a router. The diagram on the next page illustrates how communication occurs between geographically dispersed VLAN members. Here, VLAN 10 (Engineering), VLAN 20 (Marketing), and VLAN 30 (Finance) span three floors of a building. If a member of VLAN 10 on Floor 1 wants to communicate with a member of VLAN 10 on Floor 3, the communication occurs without going through the router, and packet flooding is limited to port 1 of Switch 2 and Switch 3 even if the destination MAC address to Switch 2 and Switch 3 is not known.