BENEFITS OF VLAN
INTRODUCTION: In a switched network there is always a single broadcast domain which means every device that is attached to the switch will see the broadcast. A VLAN or virtual local area network removes the physical barrier and treats the host as if they were all part of the same subnet while logically separating networks within networks creating smaller broadcast domains. VLANS offer a number of advantages over traditional LANS.
SIMPLIFIED ADMINISTRATION: When a computer is physically moved to another location it can stay on the same VLAN without any hardware reconfiguration. Performance: Using VLANS it reduces the size of that broadcast domain therefore improving efficiency. For example, if we take three computers and we'll say that they are part of the manufacturing group. We want to prevent manufacturing employees from viewing YouTube videos. We can create a VLAN and isolate them from the internet. The VLAN does not allow internet access but then is trunked to the main network.
VLAN Security: Can be used to restrict access. Security also provides setup authentication for VLAN Trunking Protocol and we can implement wireless constraints by ensuring a user assigned to a specific VLAN will always connect to that VLAN regardless of their location. This isolation gives the bonus of additional security. VLAN tags can also be maintained between switches. Special ports called trunks are configured on interfaces, carrying VLAN-tagged frames between switches. This allows administrators to segregate traffic, not just within a single switch, but also amongst the entire enterprise. VLANs also enable a practice called Router on a stick. A single physical router interface connects to a switch. The router port is configured with many virtual subinterfaces that run on different VLANs.
LAN Segmentation: Virtual local area networks are used to logically separate Layer 2 switch networks. Users on different VLANs can't communicate directly, just as they would if they were on physically separate networks. It's a great way to segment a network, and improve security. Cost: Segmenting a large VLAN against a relatively smaller VLANs is economical against creating a routed network with routers because normally routers costlier than switches. Physical Layer Transparency: VLANs are transparent on the physical topology and medium over which the network is connected. This is an efficient way to connect a low port count router to multiple subnets. VLANs are an integral part of every enterprise network, giving flexibility and security.
Establishing VLAN memberships
Most frequent used approaches are discussed below: ď‚„ Static
VLANs or port-based VLANs.
Static VLAN assignments can be created by allocating ports to a VLAN. As a device enters the network, the device automatically assumes the VLAN of the port. If one changes ports and seeks access to the same VLAN, the network administrator must manually make a port-to-VLAN assignment for the new connection.
Dynamic VLANs: Dynamic VLANs are created using software. With a VLAN Management Policy Server (VMPS), an administrator can allocate switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device. As a device enters the network, the switch queries a database for the VLAN membership of the port that device is connected to.
Protocol-based
VLANs: For switch which supports protocol-based VLANs, traffic will be managed on the basis of its protocol. This will segregate the traffic from a port based on the particular protocol of defined traffic.
For example, If
a host generated traffic type ARP on a port A
A
network with IPX traffic to port B
A
router forwarding IP traffic to port C
If
a protocol-based VLAN is created that supports IP and contains all three ports, this prevents IPX traffic from being forwarded to ports A and C, and ARP traffic from being forwarded to ports B and C, while still allowing IP traffic to be forwarded on all three ports.