Have you ever wondered what a Virtual LAN (VLAN) is or been unclear as to why you would want one? If so, I have been in your place at one time, too. Since then, I have learned a lot about what a VLAN is and how it can help me. In this article, I will share that knowledge with you.
What is a LAN?
Most of you already know what a LAN is, but let’s give it a definition to make sure. A LAN is a local area network and is defined as all devices in the same broadcast domain. If you remember, routers stop broadcasts, where switches forward them.
What is a VLAN?
A VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLANs, a switch can create the broadcast domain.This works by putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.
Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices that are not in their VLAN.
Are VLANs required?
It is important to point out that you don’t have to configure a VLAN until your network gets so large that you need one. Many times, people are simply using VLAN’s because their network is already using one.
With a Cisco switch, VLAN’s are enabled by default and all devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. By default, you can use all the ports on a switch and all devices will be able to talk to one another.
When do I need a VLAN?
You need to consider using VLANs in any of the following situations:
- You have more than 200 devices on your LAN
- You have a lot of broadcast traffic on your LAN
- Groups of users need more security or are being slowed down by too many broadcasts
- Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, but not with the regular users.
- You have a need to make a single switch into multiple virtual switches.
Why can't I subnet my network instead of using a VLAN?
A common question is why not just subnet the network instead of using VLANs? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations that are not going back to the same router can be on the same network.
The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.
With a VLAN, one device can be connected to one switch, another device can be connected to another switch, and those devices can still be on the same VLAN.
How can devices on different VLAN’s communicate?
Devices on different VLANs can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.
What is a trunk port?
When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port.
A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.
How do I create a VLAN?
Configuring VLANs can vary between different Cisco switch models. In addition to creating the new VLANs, you'll also need to put each port in the proper VLAN.
Let’s say we wanted to create VLANs 5 and 10. We want to put ports 2 and 3 in VLAN 5 and ports 4 and 5 in VLAN 10. The following image shows how you would do this on a Cisco 2950 switch:
At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 and 5 should be able to communicate. That is because each of these is in its own VLAN.
You'll need to configure a trunk port to a router so that it can strip the VLAN information, route the packet, and add the VLAN information back again so that the device on port 2 communicates properly with the device on port 4.
What are the benefits of VLANs?
VLANs offer higher performance for medium and large LANs because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLANs, you are containing broadcasts.
VLANs also provide security because you are essentially putting one group of devices, in one VLAN, on their own network.
Here is what we have learned:
- A VLAN is a broadcast domain formed by switches
- Administrators must create the VLANs, then assign what port goes in what VLAN, manually.
- VLANs provide better performance for medium and large LANs.
- All devices, by default, are in VLAN 1.
- A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN.
- You must use a router or Layer 3 switch for devices in different VLANs to communicate,.