In this section, let us understand what is Virtual LAN and its Advantages over a LAN, Access ports and Trunk ports, and so on.
What is Virtual LAN (VLAN)
VLAN stands for Virtual Area Network. It is defined as the logical grouping of different devices such as workstations, servers, and network devices within the single broadcast domain, irrespective of the physical location. Generally, VLAN is implemented in a managed switch.
When we talk about a LAN, it uses multi-port Ethernet hubs and switches to interconnect different devices within the network. By default, these devices have a single broadcast domain, that means when a packet arrives in one port, it is broadcast to all the ports. However, the packet is only received by the destination port, whereas other ports discard them. This unnecessary broadcast of the packet consumes lots of bandwidth and creates traffic congestion. The problem will be more severe when there are large numbers of devices connected within a single network.
The security vulnerability is also the major concern with such a flat network because any intruder can connect the device like a PC or Laptop with any of the free ports of the devices and can monitor the flow of packet in and out of the network using the packet sniffer software like Wireshark etc.
Thus, to minimize the shortcomings of the flat network, the concept of VLAN evolved. VLAN breaks up a single broadcast domain into multiple broadcast domains. Hence, when multiple VLANs are created, the traffic of one VLAN can not be broadcast to other VLAN. This avoids unwanted traffic overflow and decreasing traffic congestion. Different devices that belong to the same VLAN membership can be connected together virtually, whatever may be their physical location.
Advantages of Virtual LANs
VLANs have multiple advantages over the lat network. Thy are enumerated as follows:
- VLAN creates a logical grouping of different devices with the same network, even they are distributed over different physical locations.
- It breaks up a single broadcast domain into multiple broadcast domains.
- Broadcast is restricted into single VLAN, thus avoiding unnecessary traffic flow and congestion.
- Management of devices becomes much easier.
- Network security is enhanced because different VLANs are virtually isolated from each other.
Types of Virtual LAN Connections
The access link is created between the switch port and the end devices. Access link carries the untagged frame or the traffic of the same VLAN. The port associated with the access link is called an access port.
The trunk link is established between the network devices such as switches and routers. The trunk link can carry tagged frames or the traffic of multiple VLANs. Trunk ports add the unique identifying tags with every VLAN frame. These tags may be either 802.1Q tags or Inter-Switch Link (ISL) tags. The port associated with the trunk link is called trunk port.
Types of VLAN
- Default VLAN : This VLAN is assigned to all switch interfaces that have not been specifically assigned to a VLAN. When the switch initially gets powered on, all the switch interfaces become the member of default VLAN. The default VLAN ID is always VLAN 1 and cannot be assigned to other VLAN.
- Port Based VLAN: In this type of VLAN, a group of switch ports are assigned to a designated VLAN.
- Tagged VLAN: In tagged VLAN, a VLAN ID is added to the Ethernet frame header so that the receiving device can distinguish between different VLANs.
- Community VLAN : In this VLAN, devices are allowed to communicate with other devices within the same VLAN, but not with devices in other VLANs.
- Voice VLAN : In this VLAN, network traffic VOiP is separated from all other network traffic, ensuring quality of service for voice communication.
- Data VLAN : This VLAN also known as a user VLAN. It divides the whole network into two groups- user group and the device group. The data VLAN is intended only for user-generated data. It does not carry management traffic or voice.
- Management VLAN : The management VLAN allows the network devices to have management access rights, providing security and control over network administration.
|Virtualization in Computer Networking
|Verify and Configure VLANs