Virtual LAN (VLAN) Explained.

Virtual Local Area Networks (VLANs) allow the virtual existence of two or more logical LANs to operate separately from each other as independent broadcast domains that all share the same cable infrastructure of a single vast physical network. Rather than routing a different set of cables for each LAN intended for a specific purpose, setting up subnetwork VLANs within a larger LAN keeps the whole process simple yet more flexible.

Advantages of using VLANs

A device can be in a separate room, floor, or building. Still, as long as it’s attached to the whole network with a cable, it can be logically grouped with other devices under the same VLAN even if their locations are scattered.

Since there’s no longer a need to reroute cables to group devices in a specific LAN, it dramatically reduces the time and resources needed, as well as expenses to set them up. It also allows corporations to scale their network to their growing needs. The number of routers in the entire network can be much fewer because simpler switching hubs can easily handle packet-switching duties. And because you can partition the larger physical LAN into smaller VLANs, it reduces network traffic significantly. The switches limits broadcast to the intended domain so that other VLANs won’t receive data packets that don’t belong to them. It results in less network latency and improves its efficiency.

With multiple broadcast domains, VLANs allow better security and for the network administrators to have more control over each user on each port. They can limit whatever resources a domain is allowed to use and can restrict sensitive data traffic to within an organization’s department. It would be impossible for a packet sniffer to obtain this compartmentalized data from anywhere else within the entire network.

Dynamic and Static VLANs

With static or port-based VLANs (untagged), a network administrator can select what switch ports belong to a specific VLAN. That way, whatever equipment or devices are plugged into those ports automatically become part of that VLAN.

The administrator can configure the VLAN’s purpose by deciding which devices connect to it and who is allowed to use them. However, a device’s placement will be confined near the location of the port it uses.

On the other hand, you can assign a device to a dynamic VLAN (also known as VLAN tagging) based on its MAC (Media Access Control) address and not by the port it plugs into. It allows greater flexibility because regardless of the location of the port a device uses, administrators can still assign it to any VLAN of their choice.

VLAN Tagging

Simply put, the VLAN 802.1q standard is the tagging protocol used by switches to identify which VLAN on the other end of the connection receives a data packet that travels through the 802.3  Ethernet network.

Each data packet has a structure that follows an Ethernet frame format. This frame has a number of fields, which contain aside from the data itself, the destination and source MAC addresses, the ether type, and other bits of useful information to ensure that the correct VLAN and device receives the data error-free.

How to Set Up a VLAN

You can create a VLAN by configuring a switch using the appropriate administrative tools. Not going into details, you’ll have to pick a valid number for the VLAN and select its exclusive IP range for the devices that will connect to it. You can configure it as a static VLAN where each of the switch ports is assigned a number. If it’s a dynamic VLAN, it will be assigned usernames or MAC addresses instead.